Bekijk Volledige Versie : Bugtraq mailing lijst
- [ MDVSA-2008:195 ] apache
- Baidu Hi IM client software DoS bug, div zero make client crash
- Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS
- Critical Vulnerability in Apple =?UTF-8?B?UXVpY2t0aW1l4oCZcyBJbmQ=?==?UTF-8?B?ZW8gQ29kZWM=?=
- TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow
- [ MDVSA-2008:196 ] mplayer
- [ MDVSA-2008:182-1 ] wordnet
- [ MDVSA-2008:197 ] koffice
- Team SHATTER Security Advisory: Security Vulnerability in CLR storedprocedure deployment from IBM Database Add-Ins for Visual Studio
- Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERYand XMLEXISTS
- [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure
- [ MDVSA-2008:198 ] R-base
- [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 MultipleVulnerabilities
- [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting
- [NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting
- [ MDVSA-2008:197-1 ] koffice
- Skype IM Client Password Disclosure Vulnerability.
- Miranda IM Client Password Disclosure Vulnerability.
- Pidgin IM Client Password Disclosure Vulnerability.
- [AJECT] SurgeMail IMAP 3.9e vulnerability
- Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
- ShmooCon 2009 CFP
- [security bulletin] HPSBMA02369 SSRT080115 rev.1 - HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS)
- rPSA-2008-0278-1 tshark wireshark
- rPSA-2008-0276-1 mercurial mercurial-hgk
- [ MDVSA-2008:189-1 ] clamav
- [security bulletin] HPSBOV02364 SSRT080078 rev.2 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access
- Hi Two Points to consider
- menalto gallery: Session hijacking vulnerability, CVE-2008-3662
- Sama XSS Bug
- cyask 3.x Local File Inclusion Vulnerability
- RE: Pidgin IM Client Password Disclosure Vulnerability.
- vi can run arbitrary commands via 'tags' file
- LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities
- PHP pro bid v 6.04 SQL injection
- VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address criticalsecurity issue in openwsman
- [USN-646-1] rdesktop vulnerabilities
- Annutel - Annuaire Téléphonique v1.0 Sensetive Files (MDP)
- [ GLSA 200809-09 ] Postfix: Denial of Service
- [ MDVSA-2008:199 ] wireshark
- Advanced Electron Forum <= 1.0.6 Remote Code Execution
- MyFWB 1.0 Remote SQL Injection
- drupal: Session hijacking vulnerability, CVE-2008-3661
- MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection
- Blue Coat xss
- [security bulletin] HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS)
- =?iso-8859-1?Q?=22Exploit_creation_-_The_random_approach=22_or_=22Playing?==?iso-8859-1?Q?_with_random_to_build_exploits=22?=
- [ GLSA 200809-10 ] Mantis: Multiple vulnerabilities
- [ GLSA 200809-11 ] HAVP: Denial of Service
- [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scriptingand Session Fixation Issues
- [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scriptingand Session Fixation Issues
- Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms)>=3.02, CVE-2008-3098
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross SiteScripting and Session Fixation Issues
- [ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrarycode
- [ GLSA 200809-13 ] R: Insecure temporary file creation
- [ MDVSA-2008:200 ] ed
- [ MDVSA-2008:201 ] pan
- Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
- Aruba Mobility Controller Shared Default Certificate
- Xss In Datalife Engine CMS 7.2
- [ MDVSA-2008:202 ] phpMyAdmin
- [ MDVSA-2008:203 ] awstats
- menalto gallery: Session hijacking vulnerability, CVE-2008-3102
- Re: Aruba Mobility Controller Shared Default Certificate - Responsefrom Aruba Networks
- [ GLSA 200809-14 ] BitlBee: Security bypass
- [ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code
- Advisory : Google Chrome Carriage Return Null Object Memory ExhaustionRemote Dos.
- [USN-645-1] Firefox and xulrunner vulnerabilities
- [USN-645-2] Firefox vulnerabilities
- Internet Information Service remote set password
- IAS Helper COM Component (iashlpr.dll) activex remote DOS
- Internet Information Service (adsiis.dll) activex remote DOS
- Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
- Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet
- Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability
- Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability
- Cisco Security Advisory: Cisco IOS Software Firewall Application Inspection Control Vulnerability
- Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
- Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability
- Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information
- Drupal Brilliant Gallery module SQL injection vulnerability
- Drupal Ajax Checklist Module SQL Injection Vulnerability
- [ MDVSA-2008:204 ] blender
- [security bulletin] HPSBOV02364 SSRT080078 rev.3 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access
- php create_function commond injection vulnerability
- Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities
- [security bulletin] HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055
- Re: php create_function commond injection vulnerability
- Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804,CVE-2008-4120
- adnforum <= 1.0b / Insecure Cookie Handling Vulnerability
- Fwd: Returned post for bugtraq@securityfocus.com
- [USN-645-3] Firefox and xulrunner regression
- SQL Injection in EasyRealtorPRO 2008
- [ GLSA 200809-16 ] Git: User-assisted execution of arbitrary code
- [ GLSA 200809-17 ] Wireshark: Multiple Denials of Service
- [ GLSA 200809-18 ] ClamAV: Multiple Denials of Service
- [ MDVSA-2008:205 ] mozilla-firefox
- Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
- [USN-647-1] Thunderbird vulnerabilities
- Estonian Cyber Security Strategy document -- now available online
- DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit
- The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability
- Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability
- RPG.Board <= 0.0.8Beta2 Remote SQL Injection
- multiple vendor ftpd - Cross-site request forgery
- Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)
- FtitzBox
- [ MDVSA-2008:206 ] mozilla-thunderbird
- xss in hackmeeting.org
- Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC
- ASP News Remote Password Disclouse Vulnerability
- csphonebook 1.02 Remote XSS Vulnerabilitiy
- PHP Calendar Script Remote XSS (Permanent) Vulnerabilities
- ParsaWeb CMS SQL Injection
- Verizon FIOS (and DSL?) wireless access point insecure default WEP key
- [oCERT-2008-013] MPlayer Real demuxer heap overflow
- Advisory: Mozilla Firefox User Interface Null Pointer DereferenceDispatcher Crash and Remote Denial of Service.
- Advisory : Opera Window Object Suppressing Remote Denial of Service
- Re: php create_function commond injection vulnerability
- [security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files
- Re: Sun M-class hardware denial of service
- Re: Sun M-class hardware denial of service
- Re: Sun M-class hardware denial of service
- [ MDVSA-2008:207 ] openafs
- Re: Sun M-class hardware denial of service
- Re: Sun M-class hardware denial of service
- MS Internet Explorer 7 Denial Of Service Exploit
- Advisory: Google Chrome Window Object Suppressing Remote Denial ofService.
- [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSSand SessionFixation Issues
- White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x
- rPSA-2008-0286-1 mono
- [ MDVSA-2008:208 ] pam_mount
- Autodesk DWF Viewer Control / LiveUpdate Module remote codeexecution exploit
- MySQL command-line client HTML injection vulnerability
- Remote File Inclusion Vulnerability
- International Hacking & Security Conference "POC2008"
- WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
- Re: Advisory: Google Chrome Window Object Suppressing RemoteDenial of Service.
- [USN-648-1] nasm vulnerability
- Printlog <= 0.4: Remote File Edition Vulnerability
- Oracle Password Cracker written in PL/SQL
- Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
- phpMyID can act as a redirector and as headers injector
- [USN-649-1] OpenSSH vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-08:10.nd6
- Adobe Flash Player plug-in null pointer dereference and browser crash
- XSS vulnerability in phpMyID
- Layered Defense Research Advisory: Juniper Netscreen FirewallCross-Site-Scripting (XSS) event log injection
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross SiteScripting and Session Fixation Issues
- HostAdmin Cross-Site Scripting Vulnerabilities
- [USN-650-1] cpio vulnerability
- Re: RE: MySQL command-line client HTML injection vulnerability
- Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability
- VERIFY YOUR E-MAIL ACCOUNT
- CMME Multiple Information disclosure vulnerabilities
- VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)
- [ENABLESECURITY] Apple's Mail.app stores your S/MIME encryptedemails in clear text
- MetaGauge 1.0.0.17 Directory Traversal
- [ MDVSA-2008:209 ] pam_krb5
- [ MDVSA-2008:210 ] mono
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit
- VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 andpatches for ESX and ESXi resolve multiple security issues
- PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability
- AyeView v2.20 (malformed gif image) DoS Exploit
- iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
- FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
- FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities
- OpenNMS Multiple Vulnerabilities
- Motorola Timbuktu's Internet Locator Service real-time data exposedto public.
- Firefox Privacy Broken If Used to Open Web Page File
- HostAdmin 3.* Remote File Include Vulnerabilities
- Yerba SACphp <= 6.3 / Local File Inclusion Exploit
- [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
- [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability
- [ GLSA 200810-01 ] WordNet: Execution of arbitrary code
- Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote FileDisclosure Vulnerability
- Re: Motorola Timbuktu's Internet Locator Service real-time dataexposed to public.
- ANNOUNCE - RFIDIOt version 0.1t released
- Re: HostAdmin 3.* Remote File Include Vulnerabilities
- [W02-1008] GearSoftware Powered Products Local Privilege Escalation(Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)
- Cisco Security Advisory: Authentication Bypass in Cisco Unity
- Windows Mobile 6 insecure password handling and too short WLAN-password
- Advisory: Graphviz Buffer Overflow Code Execution
- Re: Motorola Timbuktu's Internet Locator Service real-time dataexposed to public.
- Token Kidnapping Windows 2003 PoC exploit
- FC2 BLOG Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code
- News Manager Remote SQL Injection Vulnerability
- PR07-31: Unauthenticated SQL Injection, XSS on Login Page and UsernameEnumeration on DPSnet Case Progress
- [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
- Re: Token Kidnapping Windows 2003 PoC exploit
- [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
- Re: Motorola Timbuktu's Internet Locator Service real-time dataexposed to public.
- [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
- [USN-651-1] Ruby vulnerabilities
- [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability
- iSEC Partners Security Advisory - 2008-002-lenovornr - LenovoRescue and Recovery 4.20
- [ MDVSA-2008:211 ] cups
- [ MDVSA-2008:210-1 ] mono
- NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability
- CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability
- Uninformed Journal Release Announcement: Volume 10
- Marvell Driver Malformed Association Request Vulnerability
- CREATE ANY DIRECTORY to SYSDBA
- İltaweb Alışveriş Sistemi (tr) Sql inj
- Re: Re: Token Kidnapping Windows 2003 PoC exploit
- [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path()Buffer Overflow Vulnerability
- WP Comment Remix 1.4.3 Multiple Vulnerabilities
- Telecom Italia Alice Pirelli routers backdoor discoverd toactivate telnet/ftp/tftp from internal LAN/WLAN.
- [USN-653-1] D-Bus vulnerabilities
- Webscene eCommerce (level) Remote Sql Injection
- [SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
- [USN-652-1] LittleCMS vulnerability
- iDefense Security Advisory 10.14.08: Microsoft Host Integration Server2006 Command Execution Vulnerability
- How Search Engines Find Sites
- CORE-2008-1010: VLC media player XSPF Memory Corruption
- TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflowand Memory Disclosure Vulnerability
- iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications- Multiple Vulnerabilities
- [USN-654-1] libexif vulnerabilities
- iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTPResource Handling Heap-Based Buffer Overflow
- [USN-655-1] exiv2 vulnerabilities
- Vivid Ads Shopping Cart (cid) Remote SQL Injection
- MS OWA 2003 Redirection Vulnerability
- Exploit for MS08-066 - AFD.sys kernel memory overwrite.
- Paper: Adventures with a certain Xen vulnerability
- Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution
- [ MDVSA-2008:212 ] libxml2
- Multiple Flash Authoring Heap Overflows - Malformed SWF Files
- [USN-656-1] CUPS vulnerabilities
- [ MDVSA-2008:213 ] dbus
- SEC Consult SA-20081016-0 :: Remote command execution in InstantExpert Analysis
- HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and CookieManipulation
- rPSA-2008-0295-1 rails
- rPSA-2008-0294-1 postfix
- [ MDVSA-2008:214 ] mon
- Re: Re: MS OWA 2003 Redirection Vulnerability
- [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
- Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File InclusionVulnerability POC posted on milworm
- flashchat severe bug
- Re: Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm
- Application-level OS fingerprinting research - pre-release hashes
- HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct
- [ MDVSA-2008:208-1 ] pam_mount
- CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability
- CVE-2008-4000: Oracle PeopleTools – Authentication Weakness
- Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce,CVE-2008-4121
- FireGPG Passphrase And Cleartext Vulnerability