Bugtraq

• Date Index

---

• MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021], Tom Yu
• [USN-1024-1] OpenJDK vulnerability, Marc Deslauriers
• VMSA-2010-0017 VMware ESX third party update for Service Console kernel, VMware Security Team
• [ MDVSA-2010:244 ] phpmyadmin, security
• [SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues, dann frazier
• 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313), Mark Stanislav
• [eVuln.com] Multiple SQL injections in Wernhart Guestbook, bt
• [eVuln.com] Multiple XSS inj in Wernhart Guestbook, bt
• Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities, Juan Galiana Lara
• [CVE-2010-3449] Apache Archiva CSRF Vulnerability, Deng Ching
• FreeBSD Security Advisory FreeBSD-SA-10:10.openssl, FreeBSD Security Advisories
• [ MDVSA-2010:243 ] libxml2, security
• n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface, security
• Vulnerabilities in Joomla, MustLive
• [ MDVSA-2010:242 ] wireshark, security
• [SECURITY] [DSA-2127-1] New wireshark packages fix denial of service, Stefan Fritsch
• SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X, u6q
• Google Desktop Insecure Library Loading Vulnerability, apa-iutcert
• AOL Instant Messenger Insecure Library Loading Vulnerability, apa-iutcert
• jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload, underground stockholm
• Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(, Dan Rosenberg
• [eVuln.com] URL XSS in Easy Banner Free, bt
• [eVuln.com] SQL injection Auth Bypass in Easy Banner Free, bt
• XSRF (CSRF) in Wolf CMS, advisory
• [Suspected Spam]Vulnerabilities in Register Plus for WordPress, MustLive
• NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI), 0kn0ck
  • <Possible follow-ups>
  • Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI), g . maone
• Re: [DCA-00015] YOPS Web Server Remote Command Execution, zed
• CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp, 0kn0ck
• XSS vulnerability in Frog CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Frog CMS, advisory
  • XSS vulnerability in Frog CMS, advisory
• XSRF (CSRF) in Frog CMS, advisory
• XSS vulnerability in Wolf CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Wolf CMS, advisory
  • XSS vulnerability in Wolf CMS, advisory
• [eVuln.com] SQL injections in FreeTicket, bt
• [security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized, security-alert
• [USN-1021-1] Apache vulnerabilities, Marc Deslauriers
• TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption, Advisories Toucan-System
• [ MDVSA-2010:241 ] gnucash, security
• [USN-1022-1] APR-util vulnerability, Marc Deslauriers
• [ MDVSA-2010:240 ] mono, security
• [eVuln.com] email XSS in SimpLISTic, bt
• [eVuln.com] Multiple XSS in MCG GuestBook, bt
• Mozilla Firefox 3.6.12 Denial of Service Vulnerability, info
  • Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability, Michal Zalewski
• The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness, ACROS Security Lists
• [SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow, Stefan Fritsch
• ZyXEL P-660R-T1 V2 XSS, Usman Saeed
• [eVuln.com] sitename XSS in Hot Links Lite, bt
• Microsoft Visual Studio vulnerability, jabea
• Juniper VPN client rdesktop clickhack, niekt0
• ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162, Security_Alert
• [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability, Mark Thomas
• NGS00015 Patch Notification: ImageIO Memory Corruption, Research@NGSSecure
• [eVuln.com] url XSS in Hot Links Lite, bt
• [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version), bt
• H2HC Cancun - Free Entrance!, Rodrigo Rubira Branco (BSDaemon)
• 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298), Mark Stanislav
• Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability, Amit Klein
• vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization, advisories
• New vulnerabilities in CMS SiteLogic, MustLive
• [USN-1018-1] OpenSSL vulnerability, Steve Beattie
• [eVuln.com] Cookie Auth Bypass in Hot Links SQL, bt
• Vtiger CRM 5.2.0 Multiple Vulnerabilities, ascii
• VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245), VUPEN Security Research
• [eVuln.com] URL and Title XSS in AxsLinks, bt
• H2CSO (Hackers to CSO) debate second edition - Free Live Streaming, Rodrigo Rubira Branco (BSDaemon)
• VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246), VUPEN Security Research
• [ MDVSA-2010:239 ] php, security
• [HITB-Announce] HITB2011AMS -- Call For Papers now Open, Hafez Kamal
• Multiple vulnerabilities in chCounter <= 3.1.3, Soporte CERT
• XSS in CompactCMS, advisory
  • <Possible follow-ups>
  • XSS in CompactCMS, advisory
• [ MDVSA-2010:238 ] openssl, security
• AWCM v2.2 Auth Bypass Vulnerabilities, eidelweiss
• nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November, nullcon
• SQL injection in IceBB, advisory
• SQL injection in CompactCMS, advisory
• SQL Injection in CLANSPHERE, advisory
• Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products, Cisco Systems Product Security Incident Response Team
• XSS in CLANSPHERE, advisory
• Path disclosure in CLANSPHERE, advisory
• BBcode XSS in CLANSPHERE, advisory
• Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038, Florent Daigniere
• Path disclosure in IceBB, advisory
• Information disclosure in IceBB, advisory
  • <Possible follow-ups>
  • Information disclosure in IceBB, advisory
• [ MDVSA-2010:232 ] cups, security
• [ MDVSA-2010:237 ] perl-CGI, security
• [ MDVSA-2010:233 ] cups, security
• [ MDVSA-2010:236 ] freetype2, security
• [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities, Tobias Heinlein
• Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer, Amit Klein
• [ MDVSA-2010:234 ] cups, security
• LFI and XSS vulnerability in openEngine, SecPod Research
• [security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files, security-alert
• [ MDVSA-2010:235 ] freetype2, security
• VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components, VMware Security team
• Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
• Packet Storm - New Site, bugtraq
• Saved XSS vulnerability in Internet Explorer, MustLive
  • RE: Saved XSS vulnerability in Internet Explorer, Hans Wolters
    • Re: Saved XSS vulnerability in Internet Explorer, MustLive
  • <Possible follow-ups>
  • Re: Saved XSS vulnerability in Internet Explorer, ecco
• TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera, Trustwave Advisories
• vBulletin 4.0.8 - Persistent XSS via Profile Customization, advisories
• [SECURITY] [DSA 2038-3] New pidgin packages fix regression, Thijs Kinkhorst
• [ MDVSA-2010:231 ] poppler, security
• [ MDVSA-2010:230 ] poppler, security
• [ MDVSA-2010:228 ] xpdf, security
• [ MDVSA-2010:229 ] kdegraphics, security
• [ MDVSA-2010:227 ] proftpd, security
• [HITB-Announce] HITB Magazine #5 Call for Articles, Hafez Kamal
• iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability, labs-no-reply
• [TEHTRI-Security] CVE-2010-1752: Update your MacOSX, Laurent OUDOT at TEHTRI-Security
• Additional information on the Microsoft Office 2010 binary planting bugs, ACROS Security Lists
• [USN-1017-1] MySQL vulnerabilities, Marc Deslauriers
• FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs, FreeBSD Security Advisories
• CORE-2010-1018 - Landesk OS command injection, CORE Security Technologies Advisories
• Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability, Secunia Research
• [USN-1016-1] libxml2 vulnerability, Jamie Strandboge
• Apple Directory Services Memory Corruption - CVE-2010-1840, Rodrigo Branco
• Vulnerability in Google AJAX Search, MustLive
• eBlog 1.7 Multiple SQL Injection Vulnerabilities, Salvatore Fresta aka Drosophila
• [ MDVSA-2010:226 ] dhcp, security
• Babylon Cross-Application Scripting Code Execution, Roee Hay
• [USN-1015-1] libvpx vulnerability, Jamie Strandboge
• ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010, ACROS Security Lists
• Kernel 0-day, Dan Rosenberg
  • Re: Kernel 0-day, James Lay
    • Re: Kernel 0-day, Felipe Martins
      • Re: Kernel 0-day, Dan Rosenberg
• ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010, ACROS Security Lists
• [ MDVSA-2010:225-1 ] libmbfl, security
• [ MDVSA-2010:224 ] php, security
• ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010, ACROS Security Lists
• iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability, labs-no-reply
• [ MDVSA-2010:225 ] libmbfl, security
• Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability, Secunia Research
• [ MDVSA-2010:222 ] mysql, security
• [ MDVSA-2010:223 ] mysql, security
• Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability, Secunia Research
• [USN-1008-4] libvirt regression, Jamie Strandboge
• IBM OmniFind - several vulnerabilities, Fatih Kilic
• JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability, Salvatore Fresta aka Drosophila
• D-Link DIR-300 authentication bypass, Karol Celiński
  • Re: D-Link DIR-300 authentication bypass, Karol Celiński
  • Re: D-Link DIR-300 authentication bypass, asmo
    • Re: D-Link DIR-300 authentication bypass, Karol Celiński
  • <Possible follow-ups>
  • Re: D-Link DIR-300 authentication bypass, mfardiles
• [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch, CORE Security Technologies Advisories
• Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP, Philippe Langlois
• DIMVA 2011 Call for Workshops Proposals, Lorenzo Cavallaro
• [ MDVSA-2010:155-1 ] mysql, security
• Malware Collections and Feed Exchange, Rodrigo Rubira Branco (BSDaemon)
• Seo Panel 2.1.0 - Critical File Disclosure, advisories
  • Re: Seo Panel 2.1.0 - Critical File Disclosure, Zach C
• Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978, Rodrigo Branco
• some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability), Michal Zalewski
• Vulnerabilities in PHPShop, MustLive
• CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment, Konrad Rieck
• [ MDVSA-2010:221 ] openoffice.org, security
• nSense-2010-003: Cisco Unified Communications Manager, Henri Lindberg
• Wargame Qualifications - Win a car !!!, Ivan Buetler
• Angel LMS Exploit, Wesley Kerfoot
• [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability, xpzhang
• Common consumer routers password disclosure, danieljcrteixeira
• ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player, ACROS Security Lists
• [USN-1014-1] Pidgin vulnerabilities, Marc Deslauriers
• [USN-1013-1] FreeType vulnerabilities, Marc Deslauriers
• [USN-1012-1] CUPS vulnerability, Marc Deslauriers
• [ MDVSA-2010:220 ] pam, security
• BBcode XSS in eoCMS, advisory
• SQL injection in eoCMS, advisory
• Path disclosure in eoCMS, advisory
• LFI in eoCMS, advisory
  • <Possible follow-ups>
  • LFI in eoCMS, advisory
• XSS in Textpattern CMS, advisory
• SQL injection in MiniBB, advisory
• Reset admin password in SweetRice CMS, advisory
• XSS in SweetRice CMS, advisory
• Shell create & command execution in JAF CMS, advisory
• RFI in JAF CMS, advisory
• SQL injection in SweetRice CMS, advisory
• BBcode XSS in MiniBB, advisory
• Adsoft Remote Sql Injection Vulnerability, md . r00t . defacer
• Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3, Max Kanat-Alexander
• Zen Cart 1.3.9h Local File Inclusion Vulnerability, Salvatore Fresta aka Drosophila
• Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer, neza0x
  • Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer, Arturo 'Buanzo' Busleiman
• CVE-2010-3863: Apache Shiro information disclosure vulnerability, Les Hazlewood
• [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access, Onapsis Research Labs
• [ MDVSA-2010:202-1 ] krb5, security
• [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution, Onapsis Research Labs
• [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation, Onapsis Research Labs
• XSS vulnerability in MemHT Portal, advisory
  • <Possible follow-ups>
  • XSS vulnerability in MemHT Portal, advisory
• Stored XSS vulnerability in Webmedia Explorer, advisory
• Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal, advisory
• Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability, Nick Freeman
• XSS vulnerability in Kandidat CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Kandidat CMS, advisory
  • XSS vulnerability in Kandidat CMS, advisory
• [SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities, Florian Weimer
• [SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses, Florian Weimer
• Call for Papers: The International Conference on Cyber Conflict, Estonia, k g
• Call for Papers -YSTS V - Security Conference, Brazil, Luiz Eduardo
• Joomla 1.5.21 | Potential SQL Injection Flaws, YGN Ethical Hacker Group
  • Message not available
    • Message not available
      • Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws, YGN Ethical Hacker Group
• 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006), Mark Stanislav
• XSS and SQL Injection vulnerabilities in CMS WebManager-Pro, MustLive
• [ MDVSA-2010:217 ] dovecot, security
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089, Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087, Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088, Rodrigo Branco
• cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977, Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086, Rodrigo Branco
• [ MDVSA-2010:216 ] python, security
• [ MDVSA-2010:215 ] python, security
• [ MDVSA-2010:214 ] kernel, security
• Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability, Salvatore Fresta aka Drosophila
• [DEMO] Sample videos about IDS/IPS evasions..., Nelson Brito
• H2HC 2010 - Final Speakers List Available, Rodrigo Rubira Branco (BSDaemon)
• [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF), security-alert
• [ MDVSA-2010:219 ] mozilla-thunderbird, security
• Audacity <= 1.3 Beta Multiple Local Vulnerabilities, Salvatore Fresta aka Drosophila
• [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access, security-alert
• [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF), security-alert
• [ MDVSA-2010:218 ] php, security
• Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow, Secunia Research
• Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability, Secunia Research
• Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability, Secunia Research
• [USN-1011-3] Xulrunner vulnerability, Jamie Strandboge

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2010-11