Bugtraq
- [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities,
Thijs Kinkhorst
- HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc,
ipsdix
- Path disclousure in Nibbleblog,
advisory
- Path disclosure in LightNEasy,
advisory
- LFI in LightNEasy,
advisory
- Information disclosure in LightNEasy,
advisory
- Path disclousure in ocPortal,
advisory
- Path disclousure in OpenCart,
advisory
- [ MDVSA-2010:260 ] libxml2,
security
- CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc,
ipsdix
- CSRF (Cross-Site Request Forgery) in Open blog,
advisory
- SQL Injection in LightNEasy,
advisory
- OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS,
Attilla de Groot
- [SECURITY] [DSA 2138-1] Security update for wordpress,
Giuseppe Iuculano
- Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc,
ipsdix
- Pre Jobo .NET "Password" SQL Injection Vulnerability,
non customers
- Fedora 14 - Format string attack in allegro-tools package,
rafaldworaczek
- Path disclosure in KaiBB,
advisory
- SQL injection in KaiBB,
advisory
- BBcode XSS in KaiBB,
advisory
- [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10,
come2waraxe
- YEKTAWEB CMS XSS Vulnerability,
faghani
- HotWeb Rentals "PageId" SQL Injection Vulnerability,
non customers
- [security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- [ MDVSA-2010:251-1 ] firefox,
security
- Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability,
MyDoom2009
- Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc,
ipsdix
- [IMF 2011] 2nd Call - Deadline Extended,
Oliver Goebel
- Security Advisory - FlexVision Listener Vulnerability,
Victor Ribeiro Hora
- [ MDVSA-2010:259 ] pidgin,
security
- Pligg XSS and SQL Injection,
mike
- Django admin list filter data extraction / leakage,
Adam Baldwin
- MyBB 1.6 <= SQL Injection Vulnerability,
YGN Ethical Hacker Group
- [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0,
come2waraxe
- Asan Portal (IdehPardaz) Multiple Vulnerabilities,
info
- [SECURITY] [DSA 2137-1] Security update for libxml2,
Moritz Muehlenhoff
- Multiple Vulnerabilities in OpenClassifieds 1.7.0.3,
mike
- Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability,
Secunia Research
- [ MDVSA-2010:251-2 ] firefox,
security
- [security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- Sigma Portal Denial of Service Vulnerability,
info
- www.eVuln.com : HTTP Response Splitting in Social Share,
bt
- [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities,
Moritz Muehlenhoff
- VSR Advisories: Citrix Access Gateway Command Injection Vulnerability,
VSR Advisories
- VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw,
VMware Security Team
- [SECURITY] [DSA-2136-1] New tor packages fix potential code execution,
Raphael Geissert
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04,
research
- Path disclosure in HTML-EDIT CMS,
advisory
- Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability,
Secunia Research
- Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows,
Secunia Research
- [ MDVSA-2010:258 ] mozilla-thunderbird,
security
- PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing),
research
- LFI in Hycus CMS,
advisory
- [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34,
come2waraxe
- [security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- www.eVuln.com : Authentication Bypass by SQL Injection in Social Share,
bt
- XSS vulnerability in ImpressCMS,
advisory
- nSense-2010-004: Sybase Afaria,
Henri Lindberg
- XSS vulnerability in Injader CMS,
advisory
- XSS in HTML-EDIT CMS,
advisory
- Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability,
Secunia Research
- nSense-2010-005: Winamp,
Henri Lindberg
- Path disclosure in Habari,
advisory
- Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows,
Secunia Research
- SQL Injection in HTML-EDIT CMS,
advisory
- XSS vulnerability in Habari,
advisory
- Path disclosure in GetSimple CMS,
advisory
- SQL injection in Injader CMS,
advisory
- SQL injection in Hycus CMS,
advisory
- Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow,
Secunia Research
- Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability,
Secunia Research
- Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow,
Secunia Research
- OpenBSD CARP Hash Vulnerability,
Sam Banks
- Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004,
Sense of Security
- www.eVuln.com : "postid" SQL Injection in Social Share,
bt
- Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability,
Secunia Research
- Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability,
Secunia Research
- Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability,
Secunia Research
- MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
- [SECURITY] [DSA 2134-1] Upcoming changes in advisory format,
Moritz Muehlenhoff
- Default SSL Keys in Multiple Routers,
cheffner
- Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277,
Rodrigo Branco
- Apple Quicktime Memory Corruption - CVE-2010-3801,
Rodrigo Branco
- [USN-1033-1] Eucalyptus vulnerability,
Kees Cook
- Making Security Suck Less,
Pete Herzog
- Alt-N WebAdmin Source Code Disclosure,
wsn1983
- [ GLSA 201012-01 ] Chromium: Multiple vulnerabilities,
Tobias Heinlein
- Re: XSS vulnerability in Expression CMS,
security curmudgeon
- www.eVuln.com : "link" and "linkdescription" XSS in Social Share,
bt
- Re: XSS vulnerability in Lantern CMS,
security curmudgeon
- www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share,
bt
- [ MDVSA-2010:257 ] kernel,
security
- cross site scripting vulnerability in BLOG:CMS,
advisory
- 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332),
Mark Stanislav
- PR10-06: Cross-domain redirect on PGP Universal Web Messenger,
research
- XSRF (CSRF) in BLOG:CMS,
advisory
- Stored Cross Site Scripting vulnerability in BEdita,
advisory
- Updated online binary planting exposure test continues operation,
ACROS Security Lists
- XSRF (CSRF) in BEdita,
advisory
- XSS vulnerability in BEdita,
advisory
- XSS vulnerability in BLOG:CMS,
advisory
- 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333),
Mark Stanislav
- [security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
- Call for Paper @ Swiss Cyber Storm 3,
Ivan Buetler
- VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206),
VUPEN Security Research
- www.eVuln.com : "error" Non-persistent XSS in slickMsg,
bt
- [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- [ MDVSA-2010:256 ] git,
security
- VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201),
VUPEN Security Research
- [security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS),
security-alert
- VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200),
VUPEN Security Research
- [security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code,
security-alert
- Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project,
Solar Designer
- VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041),
VUPEN Security Research
- [security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure,
security-alert
- OpenBSD Paradox,
musnt live
- [ MDVSA-2010:255 ] php-intl,
security
- [ MDVSA-2010:254 ] php,
security
- www.eVuln.com : BBCode CSS XSS in slickMsg,
bt
- OpenBSD's IPSEC is Backdoored,
musnt live
- [USN-1024-2] OpenJDK regression,
Kees Cook
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability,
labs-no-reply
- [security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access,
security-alert
- Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root,
Kryptos Logic Secure
- Microsoft Internet Explorer Denial of Service Vulnerability,
info
- ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book,
ACROS Security Lists
- minor browser UI nitpicking,
Michal Zalewski
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability,
labs-no-reply
- OSSTMM 3 Now Available!,
Pete Herzog
- www.eVuln.com : "post" - Non-persistent XSS in slickMsg,
www.eVuln.com Advisories
- USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb,
xpo xpo
- [ MDVSA-2010:253 ] bind,
security
- Honggfuzz,
Robert Święcki
- VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31),
VUPEN Security Research
- VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30),
VUPEN Security Research
- VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005),
VUPEN Security Research
- VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003),
VUPEN Security Research
- VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004),
VUPEN Security Research
- [ MDVSA-2010:252 ] perl-CGI-Simple,
security
- [SECURITY] [DSA-2133-1] New collectd packages fix denial of service,
Raphael Geissert
- www.eVuln.com : "url" BBCode XSS in slickMsg,
bt
- hidden admin user on every HP MSA2000 G3,
hpdisclosure
- [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service,
Core Security Technologies Advisories
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ ExploitDevelopment
- Call for Papers -- BADGERS 2011,
Federico Maggi
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability,
labs-no-reply
- [SECURITY] [DSA-2130-1] New BIND packages fix denial of service,
Florian Weimer
- iwconfig and recent patches?,
Jeffrey Walton
- Exim security issue in historical release,
nigel
- [security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
- TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities,
Trustwave Advisories
- [USN-1032-1] Exim vulnerability,
Kees Cook
- [SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability,
labs-no-reply
- LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD,
HI-TECH .
- Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability,
robkraus
- [SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution,
Stefan Fritsch
- ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability,
robkraus
- ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities,
robkraus
- PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow,
cxib
- www.eVuln.com : Non-persistent XSS in slickMsg,
bt
- [ MDVSA-2010:251 ] firefox,
security
- [USN-1031-1] ClamAV vulnerabilities,
Steve Beattie
- Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ www.ExploitDevelopment.com
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Stefan Kanthak
- RE: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
George Carlson
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Thor (Hammer of God)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Andrea Lee
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Thor (Hammer of God)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Kurt Dillard
- Re: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ www.ExploitDevelopment.com
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Ansgar Wiechers
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
Stefan Kanthak
- RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002),
David Gillett
- Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002),
Michael Bauer
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
jcoyle
[USN-1020-1] Thunderbird vulnerabilities,
Jamie Strandboge
[USN-1019-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
www.eVuln.com : Non-persistent XSS in BizDir,
bt
CA20101209-01: Security Notice for CA XOsoft,
Kotas, Kevin J
Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774),
Michal Zalewski
XSS vulnerability in Diferior,
advisory
[ MDVSA-2010:250 ] perl-CGI-Simple,
security
Follow-up on HTTP Parameter Pollution,
embyte
www.eVuln.com : Non-persistent XSS in WWWThreads (perl version),
bt
[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS),
security-alert
[USN-1030-1] Kerberos vulnerabilities,
Marc Deslauriers
XSRF (CSRF) in CMScout,
advisory
Cross Site Scripting vulnerability in Diferior,
advisory
Google Website Optimizer security issue reportedly fixed,
Juha-Matti Laurio
[USN-1029-1] OpenSSL vulnerabilities,
Steve Beattie
[security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS),
security-alert
iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability,
labs-no-reply
Re: [Full-disclosure] Linux kernel exploit,
Kai
Re: [Full-disclosure] Linux kernel exploit,
Ryan Sears
Linux kernel exploit,
Dan Rosenberg
RE: [Full-disclosure] Linux kernel exploit,
John Jacobs
Re: Linux kernel exploit,
Wolf
[USN-1028-1] ImageMagick vulnerability,
Marc Deslauriers
[USN-1027-1] Quagga vulnerabilities,
Marc Deslauriers
[USN-1026-1] Python Paste vulnerability,
Marc Deslauriers
Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability,
Secunia Research
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version),
bt
[security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code,
security-alert
[ MDVSA-2010:249 ] clamav,
security
Multiple XSS in Solarwinds Orion NPM 10.1,
John Blakley
Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser,
Kryptos Logic Secure
[ MDVSA-2010:248 ] openssl,
security
LFI in Exponent CMS,
advisory
XSS vulnerability in Zimplit CMS,
advisory
www.eVuln.com : XSS vulnerability in WWWThreads (php version),
bt
VMSA-2010-0019 VMware ESX third party updates for Service Console,
VMware Security Team
Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET),
Christopher Kruegel
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330),
Mark Stanislav
[www.eVuln.com] SQL Injection vulnerability in Alguest,
bt
DIMVA 2011 Call for Workshops Proposals,
Lorenzo Cavallaro
OWASP Zed Attack Proxy version 1.1.0,
psiinon
rPSA-2010-0076-1 gnupg,
rPath Update Announcements
[ MDVSA-2010:247 ] kernel,
security
Vulnerabilities in Register Plus Redux for WordPress,
MustLive
[security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
[eVuln.com] Cookie authentication bypass in Alguest,
bt
[eVuln.com] PHP Code Execution in Alguest,
bt
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues,
VMware Security team
[security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)",
Amit Klein
Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001),
Steno Plasma
NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration,
Research@NGSSecure
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution,
Giuseppe Iuculano
[SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness,
Stefan Fritsch
[USN-1025-1] Bind vulnerabilities,
Marc Deslauriers
Vulnerabilities in Fabrica Engine,
MustLive
Re: D-Link DIR-300 authentication bypass,
Karol Celiński
[eVuln.com] Multiple XSS in Alguest,
bt
Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow,
Secunia Research
Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt,
eidelweiss
[ MDVSA-2010:245 ] krb5,
security
[ MDVSA-2010:246 ] krb5,
security
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net,
CORE Security Technologies Advisories
