Bugtraq
- POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability
- On the implementation of TCP urgent data (IETF Internet Draft)
- [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service
- HTC Touch vCard over IP Denial of Service PoC Code
- From: Mobile Security Lab
- Drupal Local File Inclusion Vulnerability (Windows)
- djbdns misformats some long response packets; patch and example attack
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Hex Workshop <= v6 (.hex) File Local Code
- Re: BitDefender Internet Security XSS
- VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed
- From: VMware Security team
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- [ MDVSA-2009:058 ] wireshark
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Re: New site about security conferences : www.security-briefings.com
- ANNOUNCE: RFIDIOt-0.1x release - February 2009
- [ MDVSA-2009:056 ] net-snmp
- BitDefender Internet Security XSS
- [USN-724-1] Squid vulnerability
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- [ MDVSA-2009:026-1 ] phpMyAdmin
- [ MDVSA-2009:048-2 ] epiphany
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Digital Security Research Group
- [security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code
- [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability
- [ MDVSA-2009:056 ] net-snmp
- [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
- Golabi CMS Remote File Inclusion Vulnerability
- [ MDVSA-2009:057 ] valgrind
- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
- Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability
- From: security . assurance
- [ MDVSA-2009:055 ] audacity
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service
- Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows
- [DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability
- From: Digital Security Research Group
- Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability
- [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1
- Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow
- [security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS)
- Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow
- Re: HP Quality Center vulnerability
- [ MDVSA-2009:053 ] squirrelmail
- [ MDVSA-2009:054 ] nagios
- pPIM Multiple Vulnerabilities
- From: Justin C. Klein Keane
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [ MDVSA-2009:052 ] php-smarty
- iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability
- [ MDVSA-2009:047-1 ] vim
- [ MDVSA-2009:047-1 ] vim
- [ MDVSA-2009:048-1 ] epiphany
- VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27
- From: VMware Security team
- [ MDVSA-2009:049-1 ] pycrypto
- [ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites
- [ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities
- [ MDVSA-2009:051 ] libpng
- [ MDVSA-2009:050-1 ] python-pycrypto
- [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
- HP Quality Center vulnerability
- gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection
- From: Salvatore \"drosophila\" Fresta
- XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
- gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection
- From: Salvatore \"drosophila\" Fresta
- gigCalendar Joomla Component 1.0 SQL Injection
- From: Salvatore \"drosophila\" Fresta
- [ MDVSA-2009:050 ] python-pycrypto
- [ MDVSA-2009:049 ] pycrypto
- [ MDVSA-2009:048 ] epiphany
- [ MDVSA-2009:045 ] php
- [ MDVSA-2009:047 ] vim
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- PHCDownload 1.1.0 Vulnerabilities
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ MDVSA-2009:044 ] firefox
- [ MDVSA-2009:046 ] dia
- [ MDVSA-2009:043 ] gnumeric
- Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- From: security curmudgeon
- [ MDVA-2009:027 ] kernel
- Re: Apache directory traversal on shared hosting environment.
- Re: Apache directory traversal on shared hosting environment.
- Re: SEPKILL /im SMC.EXE /f
- Apache directory traversal on shared hosting environment.
- Weekly Web Hacking Incidents update for Feb 19th
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
- [USN-723-1] Git vulnerabilities
- [ MDVSA-2009:042 ] samba
- Re: LFI in Drupal CMS
- RE: hello bug in windows live messenger
- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
- [USN-722-1] sudo vulnerability
- [USN-721-1] fglrx-installer vulnerability
- [ MDVSA-2009:041 ] jhead
- [security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data
- Re: RFI Bug
- [ MDVSA-2009:040 ] dia
- FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd
- From: FreeBSD Security Advisories
- [ MDVSA-2009:039 ] gedit
- [ MDVSA-2009:038 ] blender
- RFI Bug
- [ MDVSA-2009:037 ] bind
- [SECURITY] [DSA 1725-1] New websvn packages fix information leak
- [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues
- From: Ubuntu Privacy Remix Team
- Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)
- [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
- [security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- Re: SEP(Symantec) Bug
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian
- RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker
- Re: Local vulnerability in suexec + FastCGI + PHP configurations
- ACM CCS '09: Call for Workshop Proposals
- From: Christopher Kruegel
- RE: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- RE: SEP(Symantec) Bug
- Re: SEPKILL /im SMC.EXE /f
- SEPKILL /im SMC.EXE /f
- Cross-site scripting in Samizdat 0.6.1
- Re: SEP(Symantec) Bug
- Security Assessment of the Transmission Control Protocol (TCP)
- Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- Nokia N95 browser "setAttributeNode" method crash
- [security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- Re: RE: SEP(Symantec) Bug
- [ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ GLSA 200902-02 ] OpenSSL: Certificate validation error
- [ GLSA 200902-03 ] Valgrind: Untrusted search path
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [USN-720-1] PHP vulnerabilities
- [USN-719-1] pam-krb5 vulnerabilities
- [ MDVSA-2009:036 ] python
- RE: SEP(Symantec) Bug
- Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- Re: LFI in Drupal CMS
- SEP(Symantec) Bug
- Full Path Disclosure In Photolibrary 1.009(Update)
- BackTrack 4 Beta Released
- Re: pam-krb5 security advisory (3.12 and earlier)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- From: Edward Bjarte Fjellskål
- pam-krb5 security advisory (3.12 and earlier)
- [SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation
- [SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation
- Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)
- Web Hacking Incidents update for Feb 10th (Links corrected)
- [security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges
- [USN-717-2] Firefox vulnerabilities
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [USN-717-3] Firefox vulnerabilities
- [ MDVSA-2009:035 ] gstreamer0.10-plugins-good
- Full Path Disclosure In Photolibrary 1.009
- Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- ProFTPd with mod_mysql Authentication Bypass Exploit
- Local vulnerability in suexec + FastCGI + PHP configurations
- [USN-717-1] Firefox and Xulrunner vulnerabilities
- ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
- ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities
- Nokia Phoenix Service Software 2008.04.007.32837 overflow POC
- Re: PHP filesystem attack vectors
- [ MDVSA-2009:034 ] squid
- [Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
- Web Hacking Incidents update for Feb 10th
- Craft Silicon Banking@Home SQL Injection
- From: Francesco Bianchino
- Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
- Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)
- Re: Nokia N95-8 JPG crash
- From: Dmitry Yu. Bolkhovityanov
- [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
- London DEFCON DC4420 - February 2009 Meet - Thursday 12th
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- ZeroShell <= 1.0beta11 Remote Code Execution
- 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass
- Trend micro - IWSVA/IWSS - Authorization module password leak
- LFI in Drupal CMS
- Nokia N95-8 JPG crash
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- [BMSA-2009-02] XML injection in PyBlosxom
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- From: Roman Medina-Heigl Hernandez
- [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass
- Re: [Full-disclosure] PHP filesystem attack vectors
- PHP filesystem attack vectors
- rooting your own phone: android security
- [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding
- [ GLSA 200902-01 ] sudo: Privilege escalation
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities
- CamFrog Password Disclosure Vulnerability
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities
- Vulnerable: Ilch CMS
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS)
- [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities
- From: noreply-secresearch@xxxxxxxxxxxx
- Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil
- From: uCon Security Conference
- Re: Nokia N95-8 browser denial of service
- dBpowerAMP Audio Player local buffer overflow exploit
- From: maroc-anti-connexion
- C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities
- Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability
- [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow
- Nokia N95-8 browser denial of service
- Cisco IOS XSS/CSRF Vulnerability
- Re: DMXReady Blog Manager (SQL/XSS)
- [Tool] sqlmap 0.6.4 released
- From: Bernardo Damele A. G.
- Microsoft SDL meets CWE/SANS Top25
- metabbs 0.11 Change admin password vulnerability
- flatnux Flatnux-2009-01-27 Remote File Include
- phpslash <= 0.8.1.1 Remote Code Execution Exploit
- rgboard v4 (07.07.27) Multiple Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- LCPlayer (.qt file) EOP change PoC (app crash)
- DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal
- From: vulnerabilityresearch
- QIP 2005 Denial of Service Vulnerability
- [ MDVSA-2009:033 ] sudo
- [security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- Squid Proxy Cache Denial of Service in request handling
- Euphonics Audio Player v1.0 (.pls) Local BOF POC
- Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)
- CORE-2008-1009 - VNC Multiple Integer Overflows
- From: CORE Security Technologies Advisories
- Call for papers and trainers - note extended deadline - SeacureIT 2009
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit
- [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access
- NaviCopa webserver 3.01 Multiple Vulnerabilities
- SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- Web Hacking Incidents update for Feb 3rd
- Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2
- Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC
- ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
- [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation
- [ MDVSA-2009:032 ] kernel
- Secunia Research: Free Download Manager Remote Control Server Buffer Overflow
- Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows
- BruCON call for papers
- [SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages
- From: VMware Security Team
- [ MDVSA-2009:031 ] avahi
