Bugtraq
- rPSA-2007-0227-1 cups,
rPath Update Announcements
- (tool announcement) bunny the fuzzer,
Michal Zalewski
- [security bulletin] HPSBMA02238 SSRT061260 rev.2 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBMA02237 SSRT061260 rev.2 - HP OpenView Performance Agent (OVPA) Running Shared Trace Service, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBMA02236 SSRT061260 rev.2 - HP OpenView Performance Manager (OVPM) Running Shared Trace Service on HP-UX, Solaris, and Windows, Remote Arbitrary Code Execution,
security-alert
- iDefense Security Advisory 10.31.07: Symantec Altiris Deployment Solution TFTP/MTFTP Service Directory Traversal Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.31.07: Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability,
iDefense Labs
- SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability,
Bernhard Mueller
- Secunia Research: McAfee E-Business Server Auth Packet Handling Buffer Overflow,
Secunia Research
- Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability,
Secunia Research
- In Memoriam: Jun-ichiro Hagino,
Dragos Ruiu
- [ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code,
Pierre-Yves Rofes
- ILIAS <= 3.8.3 Cross Site Scripting,
L4teral
- [ GLSA 200710-31 ] Opera: Multiple vulnerabilities,
Raphael Marichez
- iDefense Security Advisory 10.30.07: IBM AIX bellmail Stack Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.30.07: IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.30.07: IBM AIX lquerypv Stack Buffer Overflow Vulnerability,
iDefense Labs
- Firefox / IE6 crash on javascript nested loops,
thabob
- iDefense Security Advisory 10.30.07: IBM AIX lqueryvg Stack Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.30.07: IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.30.07: IBM AIX 5.2 crontab BSS Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability,
iDefense Labs
- DeepSec 2007 Registration: hurry up, seats are filling fast,
Stefano Zanero
- Django 0.96 (stable) Admin Panel CSRF,
J. Carlos Nieto
- Secunia Research: IPSwitch IMail Server IMail Client Buffer Overflow,
Secunia Research
- Siebel Security Basics,
Jonathan Katz
- RFIDIOt release - version 0.1q,
Adam Laurie
- Airkiosk/formlib application is XSS vuln,
skienlab
- Memory overwrites in JVM via malformed TrueType font,
NGSSoftware Insight Security Research
- Untrusted Java applet can connect to localhost,
NGSSoftware Insight Security Research
- Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096),
Stefan Kanthak
- Heap overflow in RealPlayer ID3 tag parser,
NGSSoftware Insight Security Research
- Comments re ISC's announcement on bind9 security,
Network Protocol Security
- rPSA-2007-0225-2 firefox thunderbird,
rPath Update Announcements
- [SECURITY] [DSA 1388-3] New dhcp packages fix arbitrary code execution,
Noah Meyerhans
- SAXON version 5.4 SQL Injection Vulnerability,
securityresearch
- SAXON version 5.4 Multiple Path Disclosure Vulnerabilities,
securityresearch
- Security Briefings,
angelo
- Omnistar Live Software Cross-Site Scripting Vulrnability,
DoZ
- Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion,
Secunia Research
- FLEA-2007-0062-1 firefox,
Foresight Linux Essential Announcement Service
- FLEA-2007-0061-1 sun-jre sun-jdk,
Foresight Linux Essential Announcement Service
- How to subvert Oracle Database Vault,
Joxean Koret
- Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO,
Team SHATTER
- Final Call for Papers for Security Track at ApacheCon Europe 2008,
Lars Eilebrecht
- SAXON version 5.4 XSS Attack Vulnerability,
securityresearch
- AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit,
Guns
- Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM,
Team SHATTER
- Webroot Desktop Firewall <=5.5.10.20 DNS recursion,
komarov
- Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability,
Stefan Esser
- [waraxe-2007-SA#059] - XSS in WordPress 2.3,
come2waraxe
- teatro 1.6 ( basePath ) Remote File Include Vulnerability,
alkomandoz-hacker
- Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability,
DoZ
- [SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
- rPSA-2007-0225-1 firefox,
rPath Update Announcements
- FLEA-2007-0060-1 initscripts,
Foresight Linux Essential Announcement Service
- Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability,
Guns
- RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption,
Piotr Bania
- RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption,
Piotr Bania
- [USN-538-1] libpng vulnerabilities,
Kees Cook
- [ GLSA 200710-28 ] Qt: Buffer overflow,
Raphael Marichez
- [Trick] VigileCMS All Versions DataMining Remote Hash Disclosure,
kingoftheworld92
- Multi Host Forum Pro phpbb & ipb Multiple Sql Injection,
kingoftheworld92
- [ GLSA 200710-29 ] Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code,
Raphael Marichez
- TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion,
L4teral
- IRM Discover More Vulnerabilities in Cisco IOS,
Andy Davis
- Directory traversal flaw in shttp,
digineo Advisories
- usd250 helpdesk XSS vulnerabily.,
Joseph . giron13
- iDefense Security Advisory 10.25.07: Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability,
iDefense Labs
- [PoC] DNS Recursion bandwidth amplification,
Shadow
- i-Gallery 3.4 bug crack password!,
hackerbinhphuoc
- First ever ModSecurity public training at OWASP/WASC conf in SJ,
Ofer Shezaf
- rPSA-2007-0221-1 php php-mysql php-pgsql,
rPath Update Announcements
- [SECURITY] [DSA 1395-1] New xen-utils packages fix file truncation,
Steve Kemp
- HPSBMA02133 SSRT061201 rev.6 - HP Oracle for OpenView (OfO) Critical Patch Update,
security-alert
- Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation,
kingoftheworld92
- [SECURITY] [DSA 1389-2] New zoph packages fix SQL injection,
Thijs Kinkhorst
- [ GLSA 200710-27 ] ImageMagick: Multiple vulnerabilities,
Raphael Marichez
- [ GLSA 200710-26 ] HPLIP: Privilege escalation,
Raphael Marichez
- [ GLSA 200710-25 ] MLDonkey: Privilege escalation,
Raphael Marichez
- iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability,
iDefense Labs
- OSI CODES - PHP Live! Remote File Inclusion,
[ NO REPLY ]
- Bosdev Multiple vulnerabilities,
Joseph . giron13
- Novell OpenSUSE SWAMP multiple XSS,
morin . josh
- [GS07-02] RSA Keon Multiple Cross-Site Scripting Vulnerabilities,
Fatih Ozavci
- rPSA-2007-0222-1 cpio tar,
rPath Update Announcements
- HPSBMA02279 SSRT071298 rev.1 - HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data,
security-alert
- [Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection,
[ NO REPLY ]
- Aria-Security.Net [Web based alpha tabbed address book SQL Injection],
[ NO REPLY ]
- Aleris Software Systems Web Publisher Calendar SQL injection,
Joseph . giron13
- [SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass,
Thijs Kinkhorst
- [USN-537-1] gnome-screensaver vulnerability,
Kees Cook
- [USN-536-1] Thunderbird vulnerabilities,
Kees Cook
- [USN-531-2] dhcp vulnerability,
Kees Cook
- [SECURITY] [DSA 1372-2] New ktorrent packages fix directory traversal,
Steve Kemp
- 3proxy 0.5.3j released (bugfix),
3APA3A
- [SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution,
Steve Kemp
- SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability,
research
- Korean GHBoard Multiple Vulnerabilities by Xcross87,
pete . houston . 17187
- [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar,
pete . houston . 17187
- [ MDKSA-2007:202 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- [Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87,
pete . houston . 17187
- [Vulz] eLouai's Download Script Remote File Download Vulnerability,
pete . houston . 17187
- [Vulz] Japanese PHP Gallery Hosting File Upload Vulz,
pete . houston . 17187
- [Vulz] Seeblick 1.0 Beta File Upload Vulz,
pete . houston . 17187
- SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service,
research
- [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities,
vulnpost-remove
- Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection,
Seth Fogie
- [ GLSA 200710-24 ] OpenOffice.org: Heap-based buffer overflow,
Raphael Marichez
- CFP for HITBSecConf2008 - Dubai now open,
Praburaajan
- [USN-535-1] Firefox vulnerabilities,
Kees Cook
- [ MDKSA-2007:201 ] - Updated hplip packages fix vulnerabilities,
security
- [USN-501-2] Ghostscript vulnerability,
Kees Cook
- Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue,
advisories
- [ GLSA 200710-23 ] Star: Directory traversal vulnerability,
Raphael Marichez
- Camino release 1.5.2 fixes several vulnerabilities,
Juha-Matti Laurio
- Hackish XSS in shoutbox/blocco.php,
deme
- [TOOL] w3af - Web Application Attack and Audit Framework,
Andres Riancho
- Jeebles Directory Local File Inclusion,
hack2prison
- simple dns rebinding protection with dnsmasq,
Collin R. Mulliner
- [USN-531-1] dhcp vulnerability,
Kees Cook
- Folder Access bypass,
hack2prison
- [USN-533-1] util-linux vulnerability,
Kees Cook
- [USN-534-1] OpenSSL vulnerability,
Kees Cook
- [USN-532-1] nagios-plugins vulnerability,
Kees Cook
- Cracking the iPhone (5 article series),
H D Moore
- Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities,
gmdarkfig
- [ELEYTT] Public Advisory 20-10-2007,
Michal Bucko
- [Aria-Security.Net] dmcms.0.7.0 SQL Injection,
[No Reply]
- PacSec 2007 Agenda (Tokyo 11-29/30),
Dragos Ruiu
- [ GLSA 200710-22 ] TRAMP: Insecure temporary file creation,
Raphael Marichez
- [ GLSA 200710-21 ] TikiWiki: Arbitrary command execution,
Raphael Marichez
- ReloadCMS Vulnerable,
sekuru
- Simple Machines Forum multiple sql injection flaws with exploit code.,
th3 . r00k . spammenot
- [SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [Aria-Security.Net] SearchSimon Lite Cross-Site Scripting Vuln.,
[ NO REPLY ]
- [SECURITY] [DSA 1391-1] New icedove packages fix several vulnerabilities,
Moritz Muehlenhoff
- [CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability,
Williams, James K
- A-Cart SQL Injection And Cross-Site Scripting,
[ NO REPLY ]
- [SECURITY] [DSA 1390-1] New t1lib packages fix arbitrary code execution,
Noah Meyerhans
- rPSA-2007-0220-1 ImageMagick,
rPath Update Announcements
- [ GLSA 200710-20 ] PDFKit, ImageKits: Buffer overflow,
Raphael Marichez
- [ MDKSA-2007:200 ] - Updated tk packages fix vulnerabilities,
security
- S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting,
S21sec Labs
- [ GLSA 200710-19 ] The Sleuth Kit: Integer underflow,
Raphael Marichez
- Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096),
Stefan Kanthak
- [ GLSA 200710-18 ] util-linux: Local privilege escalation,
Raphael Marichez
- Serious holes affecting SiteBar 3.3.8,
Tim Brown
- Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07),
Stefan Kanthak
- Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096),
Stefan Kanthak
- [SECURITY] [DSA 1389-1] New zoph packages fix SQL injection,
Moritz Muehlenhoff
- rPSA-2007-0219-1 libpng,
rPath Update Announcements
- Re[2]: [Full-disclosure] The Death of Defence in Depth ? - An invitation to Hack.lu,
Thierry Zoller
- CFP C H A S E - 2 0 0 7 Lahore Pakistan,
chase
- [security bulletin] HPSBMA02274 SSRT071445 rev.2 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBUX02273 SSRT071476 rev.2 - HP-UX Running Apache, Remote Unauthorized Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 1388-1] New dhcp packages fix arbitrary code execution,
Steve Kemp
- [CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day),
Reversemode
- Nortel Telephony Server Denial of Service,
daniel . stirnimann
- Latest web hacking incidents,
Ofer Shezaf
- Nortel IP Phone forced re-authentication,
daniel . stirnimann
- Nortel IP Phone Flooding Denial of Service,
daniel . stirniman
- Nortel IP Phone Surveillance Mode,
daniel . stirnimann
- Nortel UNIStim IP Softphone Buffer-Overflow,
daniel . stirnimann
- Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day),
Reversemode
- SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue,
research
- [ MDKSA-2007:199 ] - Updated phpMyAdmin packages fix multiple vulnerabilities,
security
- SQL Injection Flaw in Oracle Workspace Manager,
David Litchfield
- Re: Netgear FVG318 is vunerable to DOS attack,
NetGear
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability,
Cisco Systems Product Security Incident Response Team
- Oracle audit issue with XMLDB ftp service,
NGSSoftware Insight Security Research
- AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql,
Asterisk Security Team
- Oracle TNS Listener DoS and/or remote memory inspection,
NGSSoftware Insight Security Research
- Oracle RDBMS TNS Data packet DoS,
NGSSoftware Insight Security Research
- Multiple SQL Injection Flaws in Oracle CTX_DOC package,
NGSSoftware Insight Security Research
- Multiple CSRF in SimplePHPBlog,
deme
- [ GLSA 200710-17 ] Balsa: Buffer overflow,
Raphael Marichez
- [ MDKSA-2007:195 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- [security bulletin] HPSBUX02277 SSRT071453 rev.1 - HP-UX Running OpenSSL, Local Denial of Service (DoS),
security-alert
- [security bulletin] HPSBTU02276 SSRT071472 rev.1 - HP Tru64 UNIX Running Apache Tomcat, Remote Unauthorized Access, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBST02280 SSRT071480 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-055 to MS07-060,
security-alert
- [ MDKSA-2007:197 ] - Updated tar packages prevent buffer overflow,
security
- [ MDKSA-2007:196 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- [security bulletin] HPSBMA02230 SSRT071436 rev.2 - HP Select Identity, Remote Unauthorized Access,
security-alert
- SSH attacks - anyone else seen these?,
Tim
- Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability,
Secunia Research
- [ MDKSA-2007:198 ] - Updated util-linux packages fix vulnerability,
security
- WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities,
jose luis góngora fernández
- FW: [Dailydave] Canada's Response to Black Hat - SecTor 2007,
Taylor, Gord
- IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX,
Andy Davis
- about phpMyAdmin setup.php XSS vulnerability,
Marc Delisle
- CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability,
bugtraq
- HTML Injection Vuln in nssboard,
kcghost
- [ GLSA 200710-15 ] KDM: Local privilege escalation,
Pierre-Yves Rofes
- eXtremail(ly easy) remote roots,
mu-b
- [SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution,
Florian Weimer
- Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability,
jose luis góngora fernández
- Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability,
jose luis góngora fernández
- InnovaShop?® (mgs.jps) Cross Siting Scripting,
jose luis góngora fernández
- SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation,
research
- [ GLSA 200710-16 ] X.Org X server: Composite local privilege escalation,
Pierre-Yves Rofes
- [SECURITY] [DSA 1386-1] New wesnoth packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service,
Martin Schulze
- Clients buffer-overflow in Live for Speed 0.5X10,
Luigi Auriemma
- [ GLSA 200710-12 ] T1Lib: Buffer overflow,
Pierre-Yves Rofes
- playing for fun with <=IE7,
laurent . gaffie
- VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote,
saw_xyz
- [ GLSA 200710-14 ] DenyHosts: Denial of Service,
Pierre-Yves Rofes
- [SECURITY] [DSA 1381-2] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- [ GLSA 200710-13 ] Ampache: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200710-11 ] X Font Server: Multiple Vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200710-10 ] SKK Tools: Insecure temporary file creation,
Raphael Marichez
- [USN-530-1] hplip vulnerability,
Kees Cook
- SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS,
Bernhard Mueller
- OpenSSL Security Advisory,
Ben Laurie
- Tikiwiki 1.9.8 exploit ITW,
Moritz Naumann
- rPSA-2007-0214-1 initscripts,
rPath Update Announcements
- [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities,
Williams, James K
- S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service,
S21sec Labs
- [USN-529-1] Tk vulnerability,
Kees Cook
- [security bulletin] HPSBMA02230 SSRT071436 rev.1 - HP Select Identity, Remote Unauthorized Access,
security-alert
- iDefense Security Advisory 10.11.07: Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities,
iDefense Labs
- EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference,
eEye Advisories
- [USN-528-1] MySQL vulnerabilities,
Kees Cook
- CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability,
hfli
- [security bulletin] HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS),
security-alert
- Joomla! swMenuFree 4.6 Component Remote File Include,
Guns
- M$ will fix URI?,
Memisyazici, Aras
- October Microsoft Tuesday,
Todd Manning
- [ MDKSA-2007:194 ] - Updated libvorbis packages fix vulnerabilities,
security
- CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSD’s DHCP server,
Core Security Technologies Advisories
- URI handling as the harbinger of interaction errors,
Steven M. Christey
- IRM Advisory: Cisco IOS LPD Remote Stack Overflow,
Andy Davis
- ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability,
zdi-disclosures
- TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability,
TSRT
- ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities,
zdi-disclosures
- ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability,
zdi-disclosures
- [ELEYTT] 10PAZDZIERNIK2007,
Michal Bucko
- iDefense Security Advisory 10.10.07: Kaspersky Web Scanner ActiveX Format String Vulnerability,
iDefense Labs
- Vulnerabilities digest,
3APA3A
- [SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution,
Noah Meyerhans
- AST-2007-022: Buffer overflows in voicemail when using IMAP storage,
The Asterisk Development Team
- Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password,
Cisco Systems Product Security Incident Response Team
- 0day: Hacking secured CITRIX from outside,
pdp (architect)
- Several vulnerabilities in CMS Made Simple 1.1.3.1,
Omid
- wmtrssreader joomla component 1.0 Remote File Include Vulnerability,
cyber-crime
- Remote Desktop Command Fixation Attacks,
pdp (architect)
3Com WIFI router remote administration vulnerability.,
Guy Mizrahi
Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques,
Damir Rajnovic
Regarding vulnerability in ViArt Shop,
support
[ GLSA 200710-08 ] KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow,
Pierre-Yves Rofes
[ GLSA 200710-09 ] NX 2.1: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
The Death of Defence in Depth ? - An invitation to Hack.lu,
Thierry Zoller
iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow,
iDefense Labs
NULL pointer crash in World in Conflict 1.000,
Luigi Auriemma
[USN-527-1] xen-3.0 vulnerability,
Kees Cook
RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Brett Moore
Research: Cybercrime and the Electoral System,
Oliver Friedrichs
LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues,
Chris Travers
Vulnerabilities,
xoxland
DNewsWeb Softwares Cross Site Scripting Vulrnability,
DoZ
rPSA-2007-0212-1 util-linux,
rPath Update Announcements
Viart Shopping Cart Directory Transversal Vuln,
[ NO REPLY ]
Black Hat Tokyo + DC and Europe CfPs now open.,
Jeff Moss
[security bulletin] HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
[security bulletin] HPSBMA02274 SSRT071445 rev.1 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS),
security-alert
[security bulletin] HPSBUX02181 SSRT061289 rev.3 - HP-UX Running IPFilter, Remote Denial of Service (DoS),
security-alert
BT Home Flub: Pwnin the BT Home Hub,
Adrian P
[security bulletin] HPSBUX01137 SSRT5954 rev.11 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS),
security-alert
rPSA-2007-0210-1 xen,
rPath Update Announcements
TorrentTrader Classic Mutiple Remote vulnerabilities,
security
[ GLSA 200710-06 ] OpenSSL: Multiple vulnerabilities,
Pierre-Yves Rofes
new vuln in snewscms.net.ru in lang file,
info
[ GLSA 200710-05 ] QGit: Insecure temporary file creation,
Pierre-Yves Rofes
[ GLSA 200710-03 ] libvorbis: Multiple vulnerabilities,
Raphael Marichez
[ GLSA 200710-07 ] Tk: Buffer overflow,
Raphael Marichez
[ GLSA 200710-04 ] libsndfile: Buffer overflow,
Raphael Marichez
[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow,
Steve Kemp
[ GLSA 200710-02 ] PHP: Multiple vulnerabilities,
Raphael Marichez
Else If cms Multiple Remote vulnerabilities,
security
idmos-phoenix cms Remote File inclusion,
security
SSHatter 0.6,
Tim Brown
CMS Creamotion - Remote File inclusion,
security
[SECURITY] [DSA 1384-1] New xen-utils packages fix several vulnerabilities,
Steve Kemp
Format string in The Dawn of Time 1.69s beta4,
Luigi Auriemma
Re: Re: file upload vulnerability in joomla media component,
vinodsharma . mimit
Reporting Vulnerable Public Web mail,
ivan . sanchez
Multiple vulnerabilities in Dropteam 1.3.3,
Luigi Auriemma
rPSA-2007-0209-1 elinks,
rPath Update Announcements
[SECURITY] [DSA 1383-1] New gforge packages fix cross-site scripting,
Thijs Kinkhorst
[ MDKSA-2007:193 ] - Updated openssl packages fix vulnerabilities,
security
URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Juergen Schmidt
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Roger A. Grimes
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Thierry Zoller
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Geo.
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Thierry Zoller
- Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Kurt Dillard
- Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Glynn Clements
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Geo.
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
KJK::Hyperion
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
KJK::Hyperion
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Thierry Zoller
- Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
3APA3A
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Geo.
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Thierry Zoller
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Geo.
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Valdis . Kletnieks
- Message not available
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
gjgowey
- Message not available
- Fwd: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
merigoth
- Message not available
- Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available,
KJK::Hyperion
- Re: Third-party patch for CVE-2007-3896, UPDATE NOW,
KJK::Hyperion
Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype,
Thierry Zoller
RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Roger A. Grimes
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Andreas Lindenblatt
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Andreas Lindenblatt
<Possible follow-ups>
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Juergen Schmidt
Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Thierry Zoller
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype,
Jim Slora
[USN-526-1] debian-goodies vulnerability,
Kees Cook
[USN-525-1] libsndfile vulnerability,
Kees Cook
[USN-524-1] OpenOffice.org vulnerability,
Kees Cook
[ GLSA 200710-01 ] RPCSEC_GSS library: Buffer overflow,
Pierre-Yves Rofes
DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow,
vulnerabilityresearch
[Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN,
[ NO REPLY ]
FLEA-2007-0059-1 qt qt-tools,
Foresight Linux Essential Announcement Service
[USN-523-1] ImageMagick vulnerabilities,
Kees Cook
Re: Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9[EXPLOIT],
weak
[RISE-2007002] Borland InterBase Multiple Buffer Overflow Vulnerabilities,
RISE Security
Cart32 Arbitrary File Download Vulnerability,
Paul Craig
[RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities,
RISE Security
FLEA-2007-0058-1 openssl openssl-scripts,
Foresight Linux Essential Announcement Service
FreeBSD Security Advisory FreeBSD-SA-07:08.openssl,
FreeBSD Security Advisories
Content Builder 0.7.5 RFI Bug,
mehrad1989
rPSA-2007-0206-1 openssl openssl-scripts,
rPath Update Announcements
rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
rPSA-2007-0204-1 qt-x11-free,
rPath Update Announcements
DRBGuestbook Remote XSS Vulnerability,
gokhankaya
Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer),
sathyakrishnadas
Re: Ruby Net::HTTPS library does not validate server certificate CN,
Thomas
International Hacking & Security Conference "POC200",
poc2007
0day: mIRC pwns Windows,
jinc4fareijj
iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability,
iDefense Labs
[SECURITY] [DSA 1381-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
[SECURITY] [DSA 1379-1] New quagga packages fix denial of service,
Steve Kemp
FLEA-2007-0057-1 pidgin,
Foresight Linux Essential Announcement Service
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure,
Steve Kemp
rPSA-2007-0203-1 rmake rmake-proxy rmake-repos,
rPath Update Announcements
iDefense Security Advisory 10.02.07: Multiple Vendor X Font Server Multiple Vulnerabilities,
iDefense Labs
TPTI-07-17: CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities,
TSRT
TPTI-07-16: CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities,
TSRT
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution,
Noah Meyerhans
Re: dvddb-0.6 media sql-inj. vuln.,
james
Original Photo Gallery Remote Command Execution,
ascii
[SECURITY] [DSA 1365-3] New id3lib3.8.3 packages fix denial of service,
dann frazier
WifiZoo v1.2 release,
Hernan Ochoa
[ MDKSA-2007:192 ] - Updated mplayer packages fix vulnerability,
security
Format string in F.E.A.R. 1.08 through PB,
Luigi Auriemma
[ MDKSA-2007:191 ] - Updated libsndfile packages fix vulnerability,
security
Immunity Debugger v1.2 Release,
Nicolas Waisman
ClubHack - CFP closing by 15th October 2007,
`ClubHack `
Format string in the Doom 3 engine through PB,
Luigi Auriemma
Unexploitable buffer-overflow in America's Army 2.8.2 through PB,
Luigi Auriemma
Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9,
Luigi Auriemma
smbftpd 0.96 format string vulnerability,
Jerry Illikainen
New Advisory: X-script GuestBook,
m2x
ASP-CMS version 1 default password location.,
joseph . giron13
CheckPoint Secure Platform Multiple Buffer Overflows,
hvazquez
Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow,
snagg
phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion,
h3llcode
eGov Content Manager Cross Site Scripting Vulrnability,
DoZ
[ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities,
Raphael Marichez
ASP Product catalog SQL injection vulnerability,
joseph . giron13
RE: feedreader3 has XSS vulnerability,
avivra
Affiliate Network Pro Multiple Input Validation and Local file inclusion,
hack2prison
