Bugtraq
- Final notification about "POC2008" Conference,
pocadm
- [ MDVSA-2008:121-1 ] freetype2,
security
- Typo <= 5.1.3 Multiple Vulnerabilities,
L4teral
- [Paper] Reflective Dll Injection,
stephen_fewer
- iDefense Security Advisory 10.31.08: Oracle WebLogic Apache Connector,
iDefense Labs
- iDefense Security Advisory 10.31.08: OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities,
iDefense Labs
- Secunia Research: Interact SQL Injection and Cross-Site Request Forgery,
Secunia Research
- Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani,
irancrash
- VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff,
VMware Security Team
- U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability,
WSN1983
- phpWebSite links.php Sql Injection,
bee***l1986
- spitfirephoto Pro pages.php Sql Injection,
bee***l1986
- Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day,
Adrian P
- 2008 OpenVAS Contest,
The OpenVAS Team
- iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow,
iDefense Labs
- [ GLSA 200810-03 ] libspf2: DNS response buffer overflow,
Robert Buchholz
- [USN-661-1] Linux kernel regression,
Jamie Strandboge
- iDefense Security Advisory 10.30.08: Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability,
labs-no-reply@xxxxxxxxxxxx
- ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability,
zdi-disclosures
- ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability,
zdi-disclosures
- harlandscripts Mypage.php Sql Injection,
bee***l1986
- DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference,
crimson . loyd
- PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability,
Ehsan_Hp200
- rPSA-2008-0308-1 samba samba-client samba-server samba-swat,
rPath Update Announcements
- [ MDVSA-2008:222 ] Eterm,
security
- PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability,
Ehsan_Hp200
- IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability,
Ehsan_Hp200
- Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd),
Juha-Matti Laurio
- Tool update: VoIPER v0.07,
nnp
- [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd),
Gadi Evron
- [ MDVSA-2008:219 ] mplayer,
security
- rPSA-2008-0307-1 nfs-client nfs-server nfs-utils,
rPath Update Announcements
- [ MDVSA-2008:220 ] kernel,
security
- rPSA-2008-0309-1 lighttpd,
rPath Update Announcements
- PHP-Nuke Module BookCatalog (category&catid) Remote SQL injection Vulnerability,
Ehsan_Hp200
- [ MDVSA-2008:221 ] aterm,
security
- Advanced application-level OS fingerprinting,
dan . crowley
- [SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities,
Martin Schulze
- KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.,
fabio
- Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows,
Secunia Research
- Quassel IRC: connection hijacking,
Wouter Coekaerts
- Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE],
The-0utl4w
- [ MDVSA-2008:218 ] lynx,
security
- [ MDVSA-2008:217 ] lynx,
security
- A video can crash ANY iphone/ipod and a few libraries.,
zibree
- PHP-Nuke Module League (team&tid) XSS Vulnerability,
Ehsan_Hp200
- [ MDVSA-2008:216 ] emacs,
security
- rPSA-2008-0306-1 libxslt,
rPath Update Announcements
- Blaze Media Pro 8.02 SE vulnerability,
ipsdix
- [ MDVSA-2008:215 ] wireshark,
security
- rPSA-2008-0305-1 pcre,
rPath Update Announcements
- Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6,
Amit Klein
- n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution,
security@xxxxxxxxx
- MSF eXploit Builder v2 Alpha Sources Released,
Jerome Athias
- MyBB 1.4.2: Multiple Vulnerabilties,
Micheal Cottingham
- ClubHack2008 [India] - CFP Closing Soon,
ClubHack
- Windows RPC MS08-067 FAQ document updated,
Juha-Matti Laurio
- XSS in phpMyadmin,
hadikiamarsi
- [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files,
security-alert
- bcoos 1.0.13 Remote File Include Vulnerability,
Cru3l.b0y
- BotNet on the Rise,
faghani
- [SECURITY] [DSA 1660-1] New clamav packages fix denial of service,
Florian Weimer
- Windows RPC MS08-067 FAQ document released,
Juha-Matti Laurio
- Java Web start vulnerability,
varun . srivastav
- HTTPBruteForcer released,
Jerome Athias
- iPei cross site scripting Vulnerablity,
Ghost hacker
- MS08-067 - Where can I find an exploit for this?,
Chip Panarchy
- [USN-658-1] Moodle vulnerability,
Kees Cook
- [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution,
Florian Weimer
- [security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066,
security-alert
- txtshop - beta 1.0 / Local File Inclusion Vulnerability,
Pepelux
- Re: MJGuest 6.8 GT Cross Site Scripting Vulnerability,
alighieri_m
- SiteEngine 5.x Multiple Remote Vulnerabilities,
xuanmumu
- freeSSHd (stf - rename) Buffer Overflow Vulnerability,
writ3r
- GoodTech SSH Remote Buffer Overflow Exploit,
writ3r
- vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability,
Pepelux
- phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :),
Pepelux
- [SECURITY] [DSA 1658-1] New dbus packages fix denial of service,
Thijs Kinkhorst
- SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded Devices,
ProCheckUp Research
- SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability,
Security Objectives Corporation
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA,
Cisco Systems Product Security Incident Response Team
- Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow,
Secunia Research
- Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows,
Secunia Research
- FGA-2008-23:EMC NetWorker Denial of Service Vulnerability,
noreply-secresearch
- Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges,
Pete Fin***n
- Secunia Research: HP OpenView Products Shared Trace Service Denial of Service,
Secunia Research
- Opera Stored Cross Site Scripting Vulnerability,
Roberto Suggi
- [tool] crapto1 released,
blapost
- n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution,
security@xxxxxxxxx
- SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability,
Security Objectives Corporation
- Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.,
Aditya K Sood
- [USN-657-1] Amarok vulnerability,
Jamie Strandboge
- Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation,
Brett Moore
- [SECURITY] [DSA 1657-1] New qemu packages fix denial of service,
Steve Kemp
- [Off-Topic] How I was busted. Story of a poor lonesome hacker,
Jerome Athias
- Last Call for DeepSec IDSC 2008 in Vienna,
DeepSec Conference Vienna
- [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability,
Tobias Klein
- London DEFCON meet - DC4420 - Thursday October 23rd,
Major Malfunction
- [SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities,
Moritz Muehlenhoff
- [Tool] sqlmap 0.6.1 released,
Bernardo Damele A. G.
- Lee has posted more detailed response to Fyodor's TCP/IP DoS post,
Juha-Matti Laurio
- Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability,
Secunia Research
- FireGPG Passphrase And Cleartext Vulnerability,
Mike Benham
- Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121,
Fabian Fingerle
- CVE-2008-4000: Oracle PeopleTools – Authentication Weakness,
shulman
- CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability,
shulman
- [ MDVSA-2008:208-1 ] pam_mount,
security
- HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct,
Praburaajan
- Application-level OS fingerprinting research - pre-release hashes,
dan . crowley
- flashchat severe bug,
ch0p83
- Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm,
vinodsharma . mimit
- [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities,
dann frazier
- [ MDVSA-2008:214 ] mon,
security
- rPSA-2008-0294-1 postfix,
rPath Update Announcements
- rPSA-2008-0295-1 rails,
rPath Update Announcements
- HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation,
office
- SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis,
Bernhard Mueller
- Paper: Adventures with a certain Xen vulnerability,
Joanna Rutkowska
- [ MDVSA-2008:213 ] dbus,
security
- [USN-656-1] CUPS vulnerabilities,
Jamie Strandboge
- Multiple Flash Authoring Heap Overflows - Malformed SWF Files,
Paul Craig
- [security bulletin] HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data,
security-alert
- [ MDVSA-2008:212 ] libxml2,
security
- Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution,
Ivan Fratric
- Exploit for MS08-066 - AFD.sys kernel memory overwrite.,
Reversemode
- MS OWA 2003 Redirection Vulnerability,
Martin Suess
- Vivid Ads Shopping Cart (cid) Remote SQL Injection,
djmomo
- [USN-655-1] exiv2 vulnerabilities,
Kees Cook
- iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow,
labs-no-reply@xxxxxxxxxxxx
- [USN-654-1] libexif vulnerabilities,
Kees Cook
- iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities,
labs-no-reply@xxxxxxxxxxxx
- TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability,
dvlabs
- ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability,
zdi-disclosures
- ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability,
zdi-disclosures
- CORE-2008-1010: VLC media player XSPF Memory Corruption,
CORE Security Technologies Advisories
- iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability,
iDefense Labs
- [USN-652-1] LittleCMS vulnerability,
Kees Cook
- [SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code,
Steve Kemp
- [USN-653-1] D-Bus vulnerabilities,
Kees Cook
- Webscene eCommerce (level) Remote Sql Injection,
angel
- Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.,
drpepppperone
- WP Comment Remix 1.4.3 Multiple Vulnerabilities,
g30rg3_x
- [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability,
RISE Security
- [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- [SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service,
Moritz Muehlenhoff
- CREATE ANY DIRECTORY to SYSDBA,
paul . wright
- [SECURITY] [DSA 1646-2] New squid packages fix array bounds check,
Devin Carraway
- Marvell Driver Malformed Association Request Vulnerability,
Laurent Butti
- Uninformed Journal Release Announcement: Volume 10,
sflist
- NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability,
Pepelux
- [ MDVSA-2008:210-1 ] mono,
security
- CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability,
cocoruder
- [ MDVSA-2008:211 ] cups,
security
- İltaweb Alışveriş Sistemi (tr) Sql inj,
ozdemirtravel
- iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20,
Chris Clark
- [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability,
luca . carettoni
- [USN-651-1] Ruby vulnerabilities,
Jamie Strandboge
- ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability,
zdi-disclosures
- [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure,
Mark Thomas
- CA ARCserve Backup Multiple Vulnerabilities,
Williams, James K
- [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability,
Robert Buchholz
- News Manager Remote SQL Injection Vulnerability,
Ghost hacker
- [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code,
security-alert
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection,
ProCheckUp Research
- [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- FC2 BLOG Cross-Site Scripting Vulnerabilities,
xsp
- [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress,
ProCheckUp Research
- ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability,
zdi-disclosures
- Token Kidnapping Windows 2003 PoC exploit,
Cesar
- ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability,
zdi-disclosures
- ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability,
zdi-disclosures
- ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability,
zdi-disclosures
- [SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files,
Thijs Kinkhorst
- Advisory: Graphviz Buffer Overflow Code Execution,
roeeh
- Windows Mobile 6 insecure password handling and too short WLAN-password,
MC Iglo
- Cisco Security Advisory: Authentication Bypass in Cisco Unity,
Cisco Systems Product Security Incident Response Team
- [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow),
vulns
- ANNOUNCE - RFIDIOt version 0.1t released,
Adam Laurie
- [ GLSA 200810-01 ] WordNet: Execution of arbitrary code,
Tobias Heinlein
- [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability,
Matteo Beccati
- [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS),
security-alert
- Re: Verizon FIOS (and DSL?) wireless access point insecure default WEP key,
Michael Scheidell
- Yerba SACphp <= 6.3 / Local File Inclusion Exploit,
Pepelux
- HostAdmin 3.* Remote File Include Vulnerabilities,
admin
- [SECURITY] [DSA-1646-1] New squid packages fix array bounds check,
Devin Carraway
- Firefox Privacy Broken If Used to Open Web Page File,
Liu Die Yu
- [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities,
Thijs Kinkhorst
- Motorola Timbuktu's Internet Locator Service real-time data exposed to public.,
vulns
- [SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows,
Devin Carraway
- OpenNMS Multiple Vulnerabilities,
Trancer
- [SECURITY] [DSA 1643-1] New feta packages fix denial of service,
Moritz Muehlenhoff
- FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities,
Pepelux
- FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability,
Pepelux
- PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability,
Pepelux
- VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues,
VMware Security team
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit,
crimson . loyd
- [ MDVSA-2008:209 ] pam_krb5,
security
- [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text,
publists
- [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems,
Steve Kemp
- VMware Emulation Flaw x64 Guest Privilege Escalation (1/2),
ds . adv . pub
- AyeView v2.20 (malformed gif image) DoS Exploit,
crimson . loyd
- [ MDVSA-2008:210 ] mono,
security
- MetaGauge 1.0.0.17 Directory Traversal,
brad . antoniewicz
- iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability,
Pepelux
- CMME Multiple Information disclosure vulnerabilities,
admin
- Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability,
Secunia Research
- Website Directory - XSS Exploit,
Ghost hacker
- [USN-650-1] cpio vulnerability,
Jamie Strandboge
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits",
Nelson Brito
- Re: Blue Coat xss,
Tom Kelly
- Re: White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x,
Vladimir '3APA3A' Dubrovin
- HostAdmin Cross-Site Scripting Vulnerabilities,
admin
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues,
admin
- Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection,
dh
- XSS vulnerability in phpMyID,
Raphael Geissert
- Adobe Flash Player plug-in null pointer dereference and browser crash,
Matthew Dempsky
- FreeBSD Security Advisory FreeBSD-SA-08:10.nd6,
FreeBSD Security Advisories
- [USN-649-1] OpenSSH vulnerabilities,
Kees Cook
- Re: MS Internet Explorer 7 Denial Of Service Exploit,
Pruett, Mike
- phpMyID can act as a redirector and as headers injector,
atomo64
- Remote and Local File Inclusion Vulnerability <= 1.1 Rportal,
kadfrox
- Oracle Password Cracker written in PL/SQL,
pete
- Printlog <= 0.4: Remote File Edition Vulnerability,
Pepelux
- RE: MySQL command-line client HTML injection vulnerability,
Quark IT - Hilton Travis
- [USN-648-1] nasm vulnerability,
Kees Cook
