Bugtraq

Date Index

[ MDVSA-2009:184 ] apache-mod_security, security
[ MDVSA-2009:183 ] apache-mod_security, security
[ MDVSA-2009:182 ] firefox, security
XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005, Lists
EC2ND 2009 CFP - 5th European Conference on Computer Network Defence, Maggi Federico
[SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression, Stefan Fritsch
wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability, Cru3l.b0y
- Re: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability, Francesco Laurita
  - Re: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability, YGN Ethical Hacker Group (http://yehg.net)
EPSON Status Monitor 3 local privilege escalation vulnerability, nospam
rPSA-2009-0113-1 bind bind-utils, rPath Update Announcements
Re: THISISNOTMYEXPLOIT, Kingcope
- <Possible follow-ups>
- Re: THISISNOTMYEXPLOIT, Kingcope
[security bulletin] HPSBUX02421 SSRT090047 rev.1 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[ MDVSA-2009:181 ] bind, security
[ MDVSA-2009:180 ] compface, security
[ MDVSA-2009:179 ] mysql, security
[ MDVSA-2009:178 ] squid, security
[ MDVSA-2009:177 ] ruby, security
[ MDVSA-2009:176 ] git, security
[ MDVSA-2009:175 ] pango, security
[ MDVSA-2009:174 ] perl-Compress-Raw-Zlib, security
[SECURITY] [DSA 1847-1] New bind9 packages fix denial of service, Florian Weimer
[ MDVSA-2009:172 ] dhcp, security
Pre-Beta Invite , New (Free) Anti-Virus Software, Andrew Mcphee
Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities, Cisco Systems Product Security Incident Response Team
[USN-808-1] Bind vulnerability, Kees Cook
[SECURITY] [DSA 1846-1] New kvm packages fix denial of service, dann frazier
[SECURITY] [DSA 1845-1] New Linux 2.6.26 packages fix several vulnerabilities, dann frazier
[SECURITY] [DSA 1844-1] New Linux 2.6.24 packages fix several vulnerabilities, dann frazier
[ MDVSA-2009:173 ] pidgin, security
FreeBSD Security Advisory FreeBSD-SA-09:12.bind, FreeBSD Security Advisories
[ MDVSA-2009:170 ] initscripts, security
[ MDVSA-2009:171 ] pulseaudio, security
[ MDVSA-2009:169 ] libtiff, security
[ MDVSA-2009:168 ] apache, security
[ MDVSA-2009:166 ] c-client, security
[security bulletin] HPSBMA02438 SSRT090092 rev.1 - HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i, Remote Denial of Service (DoS), security-alert
[ MDVSA-2009:167 ] php, security
[ MDVSA-2009:165 ] ghostscript, security
[RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability, RISE Security
[ MDVSA-2009:164 ] jasper, security
[RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability, RISE Security
Cisco Security Advisory: Active Template Library (ATL) Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2009:163 ] tomcat5, security
CORE-2009-0707: Firebird SQL op_connect_request main listener shutdown vulnerability, CORE Security Technologies Advisories
[ MDVSA-2009:162 ] java-1.6.0-openjdk, security
[SECURITY] [DSA 1843-1] New squid3 packages fix denial of service, Nico Golde
Fwd: Google Chrome About:blank Spoof, Lostmon lords
[ MDVSA-2009:160 ] ruby, security
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDVSA-2009:161 ] squid, security
cross site scripting the browser google "chrome", biko linux
- Fwd: cross site scripting the browser google "chrome", Karn Ganeshen
computer crime statistics, Choon Ming
- RE: computer crime statistics, McDonnell, Michael
  - Re: computer crime statistics, Scotty
    - RE: computer crime statistics, Michael Theroux
    - RE: computer crime statistics, Paul Petersen
NcFTPd <= 2.8.5 remote jail breakout, Kingcope
- Re: NcFTPd <= 2.8.5 remote jail breakout, Kingcope
[DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow., tixxDZ
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers, Cisco Systems Product Security Incident Response Team
[ MDVSA-2009:159 ] mysql, security
[Tool] sqlmap 0.7 released, Bernardo Damele A. G.
DoS vulnerabilities in Internet Explorer, MustLive
[SECURITY] [DSA 1841-1] New git-core packages fix denial of service, Nico Golde
IXXO Cart! Standalone and Joomla Component SQL Injection, SmOk3
rPSA-2009-0111-1 kernel, rPath Update Announcements
Remote File Inclusion in aiocp, hadikiamarsi
PHP filesystem attack vectors - Take Two, ascii
Cisco WLC 4402 Denial-of-Service vulnerability, SySS security advisories -- Christoph Bott
Oracle CPUjul2009, Dennis Yurichev
URL spoofing bug involving Firefox's error pages and document.write, jplopezy
- Message not available
  - Message not available
    - Re: URL spoofing bug involving Firefox's error pages and document.write, xu shaopei
    - Re: URL spoofing bug involving Firefox's error pages and document.write, YGN Ethical Hacker Group (http://yehg.net)
- <Possible follow-ups>
- Re: URL spoofing bug involving Firefox's error pages and document.write, security
  - Re: URL spoofing bug involving Firefox's error pages and document.write, Michael Wood
[ MDVA-2009:158 ] pango, security
Re: Asante FM2008 10/100 Ethernet switch backdoor login, secfocus2
[ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple Full Path Disclosure vulnerabilities, ISecAuditors Security Advisories
[USN-806-1] Python vulnerabilities, Marc Deslauriers
Stored XSS on Commu***te Pro 5.2.14 and prior versions, Andrea Purificato - bunker
LifeType 1.2.8 Remote File Inclusion Vulnerability, Cru3l.b0y
- Re: LifeType 1.2.8 Remote File Inclusion Vulnerability, GulfTech Security Research
Ocean CMS 0.0.2 Remote File Inclusion Vulnerability, Cru3l.b0y
wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability, Cru3l.b0y
- Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability, g30rg3_x
- <Possible follow-ups>
- Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability, MustLive
[GSEC-TZO-45-2009] iPhone remote code execution, Thierry Zoller
[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities, Steffen Joeris
Akamai Technologies Security Advisory 2009-0001 (Download Manager), Akamai Security Team
Phorum : Permanent Cross-Site Scripting Vulnerabilities, crashfr
[USN-798-1] Firefox and Xulrunner vulnerabilities, Jamie Strandboge
Need information, for MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow CVE-2008-5616, Rajendra Prasad . Palnaty
[security bulletin] HPSBUX02437 SSRT090038 rev.1 - HP-UX Running XNTP, Remote Execution of Arbitrary Code, security-alert
RainbowCrack 1.4 is released - The Time-Memory Tradeoff Hash Cracker, shuanglei
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit, Jeremy Brown
ZDI-09-046: Novell Privileged User Manager Remote DLL Injection Vulnerability, ZDI Disclosures
Re: Re: [Full-disclosure] [ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking, admin
mChek 3.4 Information Disclosure, gursev . kalra
[INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s), infocus
Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., Thierry Zoller
- Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3...., Michal Zalewski
  - Re[2]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3...., Thierry Zoller
  - Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3...., Andrew Farmer
[ GLSA 200907-16 ] Python: Integer overflows, Robert Buchholz
[ MDVSA-2009:153 ] dhcp, security
[SECURITY] [DSA 1837-1] New dbus packages fix denial of service, Steffen Joeris
[ MDVSA-2009:157 ] perl-Compress-Raw-Zlib, security
[ MDVSA-2009:154 ] dhcp, security
[SECURITY] [DSA 1839-1] New gst-plugins-good0.10 packages fix arbitrary code execution, Steffen Joeris
DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome, MustLive
- RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome, Jeremiah Gowdy
- <Possible follow-ups>
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome, MustLive
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome, MustLive
[USN-805-1] Ruby vulnerabilities, Marc Deslauriers
[ MDVSA-2009:155 ] git, security
Re: PHP-Revista Multiple vulnerabilities, security curmudgeon
Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges, nospam
Hacking CSRF Tokens using CSS History Hack, Inferno
[ MDVSA-2009:156 ] net-snmp, security
[ GLSA 200907-15 ] Nagios: Execution of arbitrary code, Robert Buchholz
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation, Florian Weimer
CORE-2009-0227: Real Helix DNA RTSP and SETUP request handler vulnerabilities, CORE Security Technologies Advisories
[ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking, ISecAuditors Security Advisories
- Re: [Full-disclosure] [ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking, cevans
  - Re: [Full-disclosure] [ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking, Vicente Aguilera
PulseAudio local race condition privilege escalation vulnerability, Akita Software Security
[ MDVSA-2009:152 ] pulseaudio, security
COMRaider Idefense Labs CreateFolder() and Copy() Insecure Method (Hard Disk Filler Exploit), irancrash
[ GLSA 200907-14 ] Rasterbar libtorrent: Directory traversal, Robert Buchholz
[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution, Moritz Muehlenhoff
[USN-804-1] PulseAudio vulnerability, Kees Cook
[oCERT-2009-011] Android improper camera and audio permission verification, Andrea Barisani
[DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked ХSS vulnerability, DSecRG
[ GLSA 200907-13 ] PulseAudio: Local privilege escalation, Robert Buchholz
[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability, DSecRG
FRHACK List of Talks and Speakers released, Jerome Athias
Vulnerable DLLs distributed with Terratec HomeCinema 6.3, Stefan Kanthak
[ MDVSA-2009:151 ] dhcp, security
Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details), Thierry Zoller
- Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details), Vladimir '3APA3A' Dubrovin
  - Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details), Thierry Zoller
iDefense Security Advisory 07.15.09: Microsoft Office Publisher 2007 Arbitrary Pointer Dereference Vulnerability, iDefense Labs
[SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities, Moritz Muehlenhoff
Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome, MustLive
- Re: Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome, Michal Zalewski
  - Re: Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome, MustLive
- <Possible follow-ups>
- Re: Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome, advisories
  - Re: Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome, MustLive
Mobile Rediff Username and Password Disclosure, gursev . kalra
[SECURITY] [DSA 1834-1] New apache2 packages fix denial of service, Stefan Fritsch
[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., Thierry Zoller
- Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., R Dicaire
  - Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., Thierry Zoller
- <Possible follow-ups>
- Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., Thierry Zoller
- Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3...., MustLive
iDefense Security Advisory 07.15.09: Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability, iDefense Labs
Cisco Security Advisory: Vulnerabilities in Unified Contact Center Express Administration Pages, Cisco Systems Product Security Incident Response Team
MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->, y3nh4ck3r
Admin News Tools 2.5 Remote File Download Vulnerability, info
[USN-803-1] dhcp vulnerability, Jamie Strandboge
[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution, Florian Weimer
TPTI-09-05: Microsoft DirectShow QuickTime Atom Parsing Memory Corruption Vulnerability, dvlabs
ZDI-09-045: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability, ZDI Disclosures
[ GLSA 200907-12 ] ISC DHCP: dhcpclient Remote execution of arbitrary code, Alex Legler
[SECURITY] [DSA 1829-2] New sork-passwd-h3 packages fix regression, Steffen Joeris
FortiGuard Advisory: Microsoft Office Web Components Remote Memory Corruption Vulnerability, noreply-secresearch@xxxxxxxxxxxx
Virtualmin Multiple Vulnerabilities, Filip Palian
Secunia Research: Novell eDirectory iMonitor "Accept-Language" Buffer Overflow, Secunia Research
[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection, Andrea Barisani
[SECURITY] [DSA 1831-1] New djbdns packages fix privilege escalation, Thijs Kinkhorst
[SECURITY] [DSA 1832-1] New camlimages packages fix arbitrary code execution, Thijs Kinkhorst
[ MDVSA-2009:150 ] libtiff, security
[USN-802-1] Apache vulnerabilities, Marc Deslauriers
[USN-801-1] tiff vulnerability, Marc Deslauriers
[USN-799-1] D-Bus vulnerability, Marc Deslauriers
[USN-800-1] irssi vulnerability, Jamie Strandboge
[security bulletin] HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS), security-alert
[oCERT-2009-012] libtiff tools integer overflows, Andrea Barisani
[ GLSA 200907-11 ] GStreamer plug-ins: User-assisted execution of arbitrary code, Robert Buchholz
[ GLSA 200907-10 ] Syslog-ng: Chroot escape, Robert Buchholz
[ GLSA 200907-09 ] Cyrus-SASL: Execution of arbitrary code, Robert Buchholz
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass, ddivulnalert
[ GLSA 200907-08 ] Multiple Ralink wireless drivers: Execution of arbitrary code, Robert Buchholz
[ GLSA 200907-07 ] ModPlug: User-assisted execution of arbitrary code, Robert Buchholz
[ GLSA 200907-06 ] Adobe Reader: User-assisted execution of arbitrary code, Robert Buchholz
[ GLSA 200907-05 ] git: git-daemon Denial of Service, Robert Buchholz
[ GLSA 200907-04 ] Apache: Multiple vulnerabilities, Alex Legler
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities, Steffen Joeris
[SECURITY] [DSA 1753-2] End-of-life announcement for icedove in oldstable, Steffen Joeris
VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl, VMware Security team
[SECURITY] [DSA 1829-1] New sork-passwd-h3 packages fix cross-site scripting, Steffen Joeris
Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG), Thierry Zoller
- <Possible follow-ups>
- Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG), Neil Dickey
  - Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG), Nick Boyce
    - Re[2]: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG), Thierry Zoller
    - Re: Re[2]: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG), Nick Boyce
Atlantic SimpleCaddy Shopping Cart Price Manipulation, domingos . bruges
HTC / Windows Mobile OBEX FTP Service Directory Traversal, alberto . morenot
[ MDVSA-2009:149 ] apache, security
- <Possible follow-ups>
- [ MDVSA-2009:149 ] apache, security
Update: [TZO-27-2009] Firefox Denial of Service (Keygen), Thierry Zoller
Pwnie Awards 2009, Alexander Sotirov
MySQL <= 5.0.45 post auth format string vulnerability, Kingcope
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information, Core Security Technologies Advisories
[ MDVSA-2009:124-1 ] apache, security
Re: Back door trojan in acajoom-3.2.6 for joomla, Jan van Niekerk
- <Possible follow-ups>
- Re: Re: Back door trojan in acajoom-3.2.6 for joomla, chris . boergermann
  - Re: Re: Back door trojan in acajoom-3.2.6 for joomla, Jeffrey Walton
[ MDVSA-2009:148 ] kernel, security
[SECURITY] [DSA 1828-1] New ocsinventory-agent packages fix arbitrary code execution, Nico Golde
Citrix XenCenterWeb Multiple Vulnerabilities, Claudio Criscione
- <Possible follow-ups>
- Re: Citrix XenCenterWeb Multiple Vulnerabilities, bill . carovano
CFP - Security Byte / OWASP Asia 2009, cfp
SEC Consult SA-20090707-0 :: Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities, Bernhard Mueller
RE: Decompilation Injection, Maty Siman
[USN-797-1] tiff vulnerability, Marc Deslauriers
[USN-796-1] Pidgin vulnerability, Marc Deslauriers
Pwning Nokia phones (and other Symbian based smartphones), Bernhard Mueller
Medium security hole in TekRADIUS, Tim Brown
High security hole in NullLogic Groupware, Tim Brown
[SECURITY] [DSA 1827-1] New ipplan packages fix cross-site scripting, Steffen Joeris
[Bkis-10-2009] Photo DVD Maker Professional Buffer Overflow Vulnerability, Bkis
Avax Vector ActiveX 1.3 (avPreview.ocx) Denial of Service Exploit, Satan_hackers
[ GLSA 200907-03 ] APR Utility Library: Multiple vulnerabilities, Alex Legler
[SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities, Steffen Joeris
[security bulletin] HPSBPI02398 SSRT080166 rev.4 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files, security-alert
[oCERT-2009-008] Dillo integer overflow, Andrea Barisani
[oCERT-2009-007] FCKeditor input sanitization errors, Andrea Barisani
[SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution, Nico Golde
Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome, MustLive
- Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome, Michal Zalewski
  - Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome, Liu Die Yu
One Click Ownage [White Paper and Scripts], Ferruh Mavituna
Multiple Flaws in Axesstel MV 410R, filip . palian
[ GLSA 200907-02 ] ModSecurity: Denial of Service, Alex Legler
[ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code, Alex Legler
[USN-795-1] Nagios vulnerability, Marc Deslauriers
[USN-794-1] Perl vulnerability, Marc Deslauriers
[ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers, ISecAuditors Security Advisories
[oCERT-2009-009] CamlImages integer overflows, Andrea Barisani
eAccelerator encoder files backup Vulnerability, linuxrootkit2008
Sourcefire 3D Sensor and DC, privilege escalation vulnerability, c3rb3r
[security bulletin] HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[security bulletin] HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFS/ONCplus, Local Denial of Service (DoS), security-alert
Re: XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability, Vladimir '3APA3A' Dubrovin
VMSA-2009-0008 ESX Service Console update for krb5, VMware Security Team
radware AppWall Web Application Firewall: Source code disclosure on management interface, Kirchner Michael
phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution, Kirchner Michael
Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service, Kirchner Michael
REMINDER : HITBSecConf2009 - Malaysia: Call for Papers, Praburaajan