Bugtraq: by author

Previous period

Next period

298 messages starting Jan 05 09 and ending Jan 22 09
Date index | Thread index | Author index

a

Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ a (Jan 05)

ACROS Security

ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1) ACROS Security (Jan 27)

Adam Laurie

ANNOUNCE: RFIDIOt ver 01.v released - Jan 2009 Adam Laurie (Jan 05)
ANNOUNCE - RFIDIOt 0.1w released - January 2009 Adam Laurie (Jan 30)
ANNOUNCE: apache_1.3.41+ssl_1.60 released Adam Laurie (Jan 15)

Aditya K Sood

Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability Aditya K Sood (Jan 19)
Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. Aditya K Sood (Jan 28)
Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability. Aditya K Sood (Jan 05)

admin

OpenX 2.6.3 - Local File Inclusion admin (Jan 27)
phpList <= 2.10.8 Local File inclusion admin (Jan 14)
NewsCMSlite Insecure Cookie Handling admin (Jan 27)

ajannhwt

Comersus Shopping Cart <= v6 Remote User Pass Exploit ajannhwt (Jan 12)

alberto . morenot

Microsoft Bluetooth Stack OBEX Directory Traversal alberto . morenot (Jan 20)

Alexandr Polyakov

Oracle CPU Jan 2009 Advisories. Alexandr Polyakov (Jan 14)

alphanix00

Nokia Multimedia Player (.AVI File) Null Dereference Pointer Exploit alphanix00 (Jan 26)
Sagem router f@st 2404 remote reset poc alphanix00 (Jan 16)
JetAudio Basic 7.0.3 BufferOverFlow PoC alphanix00 (Jan 27)
MediaMonkey 3.0.6 (.m3u file) Local Buffer Overflow PoC alphanix00 (Jan 26)
EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit alphanix00 (Jan 26)
VUPLAYER BufferOver flow POC alphanix00 (Jan 06)
dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit alphanix00 (Jan 29)
Browse3d (.sfs file) Local Stack Overflow Exploit alphanix00 (Jan 26)
Excel Viewer OCX 3.1/3.2 Denial of Service PoC alphanix00 (Jan 16)

Amon Ott

Announce: RSBAC 1.4.0 released Amon Ott (Jan 16)

Andrzej Targosz

CONFidence 2009, Final CfP Andrzej Targosz (Jan 28)

arashps0

BBSxp Xss vulnerability arashps0 (Jan 23)

arash . setayeshi

LDF Sql injection vulnerability arash . setayeshi (Jan 26)
Oblog XSS valnerability arash . setayeshi (Jan 23)
Lootan(kedor) Sql Injection vulnerability arash . setayeshi (Jan 26)

Asterisk Security Team

AST-2009-001: Information leak in IAX2 authentication Asterisk Security Team (Jan 08)

b4DchiLd

PollPro 3.0 XSRF VuLn. b4DchiLd (Jan 05)

Brian Dowling

WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible Brian Dowling (Jan 14)

Chris Evans

Problems with syscall filtering technologies on Linux Chris Evans (Jan 26)

Christopher Kruegel

CfP: 16th ACM Conference on Computer and Communications Security (CCS) 2009 Christopher Kruegel (Jan 21)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Unified Communications Manager CAPF Denial of Service Vulnerability` Cisco Systems Product Security Incident Response Team (Jan 21)
Cisco Security Advisory: Cisco Security Manager Vulnerability Cisco Systems Product Security Incident Response Team (Jan 21)
Cisco Security Advisory: Cisco ONS Platform Crafted Packet Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 14)
Cisco Security Advisory: Cisco Global Site Selector Appliances DNS Vulnerability Cisco Systems Product Security Incident Response Team (Jan 07)
Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 14)

come2waraxe

Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC come2waraxe (Jan 30)
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1 come2waraxe (Jan 15)

Core Security Technologies Advisories

CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities Core Security Technologies Advisories (Jan 28)
CORE-2008-1128: Openfire multiple vulnerabilities CORE Security Technologies Advisories (Jan 08)

crimson . loyd

OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit crimson . loyd (Jan 14)
Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit crimson . loyd (Jan 05)

dan . crowley

Re: Oblog XSS valnerability dan . crowley (Jan 26)

Dave English

Re: DoS attacks on MIME-capable software via complex MIME emails Dave English (Jan 28)

David Litchfield

Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2 David Litchfield (Jan 14)

Devin Carraway

[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising Devin Carraway (Jan 29)

Digital Security Research Group

[DSECRG-09-004] AXIS 70U Network Document Server - Privilege Escalation and XSS Digital Security Research Group (Jan 21)
Digital Security opens a site of its research center DSec Research Group Digital Security Research Group (Jan 21)

DoZ

Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) DoZ (Jan 29)
Oracle Application Server 10g Cross Site Scripting Vulnerability DoZ (Jan 29)

Eduardo Vela

Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server Eduardo Vela (Jan 20)

Ehsan_Hp200

SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability Ehsan_Hp200 (Jan 05)

erik

[IBM Datapower XS40] Denial of Service erik (Jan 08)

Eugene Teo

Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit Eugene Teo (Jan 05)

ew1zz

PHP Buffer Overflow(popen) ew1zz (Jan 12)

fakeperson7

PDFBuilderX 2.2 Arbitrary File Overwrite fakeperson7 (Jan 13)

faze0r

Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ faze0r (Jan 05)

Fernando Gont

[Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF Fernando Gont (Jan 06)

Florian Weimer

[SECURITY] [DSA 1708-1] New Git packages fix remote code execution Florian Weimer (Jan 19)
[SECURITY] [DSA 1702-1] New ntp packages fix cryptographic weakness Florian Weimer (Jan 12)
[SECURITY] [DSA 1695-1] New Ruby packages fix denial of service Florian Weimer (Jan 03)
[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness Florian Weimer (Jan 12)
[SECURITY] [DSA 1694-2] New xterm packages fix regression Florian Weimer (Jan 06)
[SECURITY] [DSA 1699-1] New zaptel packages fix privilege escalation Florian Weimer (Jan 12)
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness Florian Weimer (Jan 12)
[SECURITY] [DSA 1694-1] New xterm packages fix remote code execution Florian Weimer (Jan 03)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-09:02.openssl FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-09:04.bind FreeBSD Security Advisories (Jan 14)

Heart

53KF Web IM 2009 Cross-Site Scripting Vulnerabilities Heart (Jan 19)

i9p

Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit i9p (Jan 01)

iDefense Labs

iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability iDefense Labs (Jan 13)
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability iDefense Labs (Jan 14)
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability iDefense Labs (Jan 14)
iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability iDefense Labs (Jan 13)
iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability iDefense Labs (Jan 14)
iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability iDefense Labs (Jan 13)

Integrigy Alerts

RE: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (Oracle CPU April 2008 DB11) Integrigy Alerts (Jan 12)

irancrash

PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability irancrash (Jan 08)

Jamie Strandboge

[USN-701-2] Thunderbird vulnerabilities Jamie Strandboge (Jan 07)
[USN-706-1] Bind vulnerability Jamie Strandboge (Jan 09)
[USN-709-1] tar vulnerability Jamie Strandboge (Jan 15)
[USN-716-1] MoinMoin vulnerabilities Jamie Strandboge (Jan 30)
[USN-704-1] OpenSSL vulnerability Jamie Strandboge (Jan 08)
[USN-701-1] Thunderbird vulnerabilities Jamie Strandboge (Jan 07)
[USN-705-1] NTP vulnerability Jamie Strandboge (Jan 08)

Jerome Athias

MSFXDC Metasploit eXploits Development Contest Jerome Athias (Jan 05)
Re: [Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF Jerome Athias (Jan 08)

joris

Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit joris (Jan 03)

joseph . giron13

Visuplay CMS SQL injection vulnerability joseph . giron13 (Jan 12)

Joxean Koret

Oracle TimesTen Remote Format String Joxean Koret (Jan 14)
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) Joxean Koret (Jan 10)
Oracle Secure Backup 10g Remote Code Execution Joxean Koret (Jan 14)

jplopezy

Re: Internet explorer 7.0 stack overflow jplopezy (Jan 29)
Internet explorer 7.0 stack overflow jplopezy (Jan 28)

Juha-Matti Laurio

Re: [Full-disclosure] ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability Juha-Matti Laurio (Jan 26)

Jukka Zitting

[ANNOUNCE] Apache Jackrabbit 1.5.2 released Jukka Zitting (Jan 20)

Kees Cook

[USN-703-1] xterm vulnerability Kees Cook (Jan 06)
[USN-700-2] Perl regression Kees Cook (Jan 15)
[USN-715-1] Linux kernel vulnerabilities Kees Cook (Jan 30)
[USN-713-1] openjdk-6 vulnerabilities Kees Cook (Jan 28)

kgconference

Call for Papers: Cyber Warfare kgconference (Jan 14)

l1un

php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ l1un (Jan 05)

Laurent Butti

Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability Laurent Butti (Jan 14)

LayerOne Call For Papers

LayerOne 2009 Call for Papers LayerOne Call For Papers (Jan 08)

mad-vaittes

Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point mad-vaittes (Jan 09)

Major Malfunction

ANNOUNCE: DEFCON London - DC4420 - January meet - Thursday 15th Jan 2009 Major Malfunction (Jan 13)

Marc Deslauriers

[USN-710-1] xine-lib vulnerabilities Marc Deslauriers (Jan 26)
[USN-702-1] Samba vulnerability Marc Deslauriers (Jan 05)
[USN-708-1] HPLIP vulnerability Marc Deslauriers (Jan 13)
[USN-711-1] KTorrent vulnerabilities Marc Deslauriers (Jan 26)
[USN-712-1] Vim vulnerabilities Marc Deslauriers (Jan 27)
[USN-707-1] CUPS vulnerabilities Marc Deslauriers (Jan 12)

Mark Thomas

Re: [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server Mark Thomas (Jan 21)

maroc-anti-connexion

VUPlayer 2.49 .ASX local universal BOF exploit maroc-anti-connexion (Jan 22)
Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c) maroc-anti-connexion (Jan 26)
Total video player 1.3.7 local buffer overflow universal exploit maroc-anti-connexion (Jan 27)

Martin Suess

SAP NetWeaver XSS Vulnerability Martin Suess (Jan 27)

Matteo Beccati

[OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities Matteo Beccati (Jan 30)

Matteo Ignaccolo

Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)
Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)

Memisyazici, Aras

A tool to identify the MD5 certs on FF Memisyazici, Aras (Jan 02)

Michal Zalewski

Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. Michal Zalewski (Jan 29)

Mobile Security Lab

SonyEricsson WAP Push Denial of Service Mobile Security Lab (Jan 26)

Moritz Muehlenhoff

[SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1706-1] New amarok packages fix arbitrary code execution Moritz Muehlenhoff (Jan 15)
[SECURITY] [DSA 1700-1] New lasso packages fix validation bypass Moritz Muehlenhoff (Jan 12)

m . rajeshpawar

Re: XSS vulnerabilty in ASP.Net [with details] m . rajeshpawar (Jan 29)

ms5ote

Re: apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit‎ ms5ote (Jan 01)

Nam Nguyen

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below Nam Nguyen (Jan 12)

Nico Golde

[SECURITY] [DSA 1705-1] New netatalk packages fix arbitrary code execution Nico Golde (Jan 15)
[SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution Nico Golde (Jan 26)
[SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service Nico Golde (Jan 29)

noreply-secresearch () fortinet com

Oracle Secure Backup Multiple Denial Of Service vulnerabilities noreply-secresearch () fortinet com (Jan 15)
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability noreply-secresearch () fortinet com (Jan 15)
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability noreply-secresearch () fortinet com (Jan 15)

Ofer Shezaf

New WHID web hacking incidents Ofer Shezaf (Jan 06)
Web Hacking Incidents update for Jan 19th Ofer Shezaf (Jan 19)
Web Hacking Incidents update for Jan 28th Ofer Shezaf (Jan 28)

office

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS office (Jan 26)

Oliver Goebel

[IMF 2009] Call for Papers Oliver Goebel (Jan 21)

organiser () syscan org

SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei organiser () syscan org (Jan 12)

Patrice CLEMENTE

CFP: COLSEC 2009 Patrice CLEMENTE (Jan 07)

Paul Oxman (poxman)

RE: DoS code for Cisco VLAN Trunking Protocol Vulnerability Paul Oxman (poxman) (Jan 14)

Paul Szabo

/bin/login DoS remains after DSA-1709 Paul Szabo (Jan 26)

Perforin

PerlSoft Guestbook v1.7b Bruteforcer + RCE! Perforin (Jan 29)

Pete Herzog

Top 5-ish Threats to Watch for in 2009 Pete Herzog (Jan 05)

Pierre-Yves Rofes

[ GLSA 200901-11 ] Avahi: Denial of Service Pierre-Yves Rofes (Jan 15)
[ GLSA 200901-13 ] Pidgin: Multiple vulnerabilities Pierre-Yves Rofes (Jan 20)
[ GLSA 200901-14 ] Scilab: Insecure temporary file usage Pierre-Yves Rofes (Jan 21)
[ GLSA 200901-12 ] noip-updater: Execution of arbitrary code Pierre-Yves Rofes (Jan 19)
[ GLSA 200901-10 ] GnuTLS: Certificate validation error Pierre-Yves Rofes (Jan 15)
[ GLSA 200901-06 ] Tremulous: User-assisted execution of arbitrary code Pierre-Yves Rofes (Jan 12)
[ GLSA 200901-15 ] Net-SNMP: Denial of Service Pierre-Yves Rofes (Jan 22)
[ GLSA 200901-05 ] Streamripper: Multiple vulnerabilities Pierre-Yves Rofes (Jan 12)
[ GLSA 200901-08 ] Online-Bookmarks: Multiple vulnerabilities Pierre-Yves Rofes (Jan 13)

pouya . s3rver

DMXReady Blog Manager (SQL/XSS) pouya . s3rver (Jan 16)
Active Bids pouya . s3rver (Jan 16)

Praburaajan

Videos from HITBSecConf2008 - Malaysia released! Praburaajan (Jan 20)

ProCheckUp Research

PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks ProCheckUp Research (Jan 30)
PR08-22: Persistent XSS on Novell GroupWise WebAccess ProCheckUp Research (Jan 30)
PR08-23: XSS on Novell GroupWise WebAccess ProCheckUp Research (Jan 30)
PR08-19: XSS on Cisco IOS HTTP Server ProCheckUp Research (Jan 14)

r3d . w0rm

Asp-project Cookie Handling r3d . w0rm (Jan 22)
PHP-Fusion Mod Members Bewerb Sql Injection r3d . w0rm (Jan 07)
Bugs Online v2.14 Sql Injection r3d . w0rm (Jan 30)
PHP-Nuke 8.0 Downloads Blind Sql Injection r3d . w0rm (Jan 23)
PHP-Fusion Mod E-Cart Sql Injection r3d . w0rm (Jan 07)

riklaunim

Re: FUD Forum < 2.7.1 PHP code injection vurnelability riklaunim (Jan 27)

Robert Buchholz

[ GLSA 200901-01 ] NDISwrapper: Arbitrary remote code execution Robert Buchholz (Jan 12)
[ GLSA 200901-02 ] JHead: Multiple vulnerabilities Robert Buchholz (Jan 12)
[ GLSA 200901-03 ] pdnsd: Denial of Service and cache poisoning Robert Buchholz (Jan 12)
[ GLSA 200901-04 ] D-Bus: Denial of Service Robert Buchholz (Jan 12)
[ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code Robert Buchholz (Jan 13)

rPath Update Announcements

rPSA-2009-0007-1 pam_krb5 rPath Update Announcements (Jan 13)
rPSA-2009-0008-1 openssl rPath Update Announcements (Jan 20)
rPSA-2009-0021-1 sudo rPath Update Announcements (Jan 29)
rPSA-2009-0009-1 bind bind-utils rPath Update Announcements (Jan 20)
rPSA-2009-0010-1 ntp ntp-utils rPath Update Announcements (Jan 20)
rPSA-2009-0011-1 perl rPath Update Announcements (Jan 20)
rPSA-2009-0005-1 git gitweb rPath Update Announcements (Jan 13)
rPSA-2009-0006-1 samba samba-client samba-server samba-swat rPath Update Announcements (Jan 13)
rPSA-2009-0014-1 hplip rPath Update Announcements (Jan 20)

Russell L. Smoak

Re: Remote Cisco IOS FTP exploit Russell L. Smoak (Jan 20)

Salvatore "drosophila" Fresta

Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability Salvatore "drosophila" Fresta (Jan 27)
Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass Salvatore "drosophila" Fresta (Jan 28)
Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability Salvatore "drosophila" Fresta (Jan 27)

Sam Johnston

CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities Sam Johnston (Jan 30)

scott . switzer

Re: Secunia Research: OpenX Multiple Vulnerabilities scott . switzer (Jan 29)

Secunia Research

Secunia Research: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities Secunia Research (Jan 13)
Secunia Research: OpenX Multiple Vulnerabilities Secunia Research (Jan 27)
Secunia Research: EasyHDR Pro Radiance RGBE Buffer Overflow Secunia Research (Jan 20)
Secunia Research: Trend Micro Network Security Component Vulnerabilities Secunia Research (Jan 20)
Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow Secunia Research (Jan 07)
Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities Secunia Research (Jan 07)
Secunia Research: OpenSG Radiance RGBE Buffer Overflow Vulnerability Secunia Research (Jan 20)
Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow Secunia Research (Jan 23)

security

[ MDVSA-2009:002 ] bind security (Jan 10)
[ MDVSA-2009:023 ] php security (Jan 22)
[ MDVSA-2009:013 ] mplayer security (Jan 16)
[ MDVSA-2009:025 ] pidgin security (Jan 23)
[ MDVSA-2009:012 ] mozilla-thunderbird security (Jan 15)
[ MDVSA-2009:030 ] amarok security (Jan 27)
[ MDVSA-2009:005 ] xterm security (Jan 12)
[ MDVSA-2009:016 ] xen security (Jan 16)
[ MDVSA-2009:011 ] virtualbox security (Jan 15)
[ MDVSA-2009:008 ] qemu security (Jan 14)
[ MDVSA-2009:009 ] kvm security (Jan 14)
[ MDVSA-2009:007 ] ntp security (Jan 14)
[ MDVSA-2009:003 ] python security (Jan 10)
[ MDVSA-2009:014 ] mplayer security (Jan 16)
[ MDVSA-2009:022 ] php security (Jan 22)
[ MDVSA-2009:004 ] pam_mount security (Jan 10)
[ MDVSA-2009:010 ] qemu security (Jan 14)
[ MDVSA-2009:021 ] php security (Jan 22)
[ MDVSA-2009:019 ] imlib2 security (Jan 19)
[ MDVSA-2009:020 ] xine-lib security (Jan 22)
[ MDVSA-2009:018 ] tomcat5 security (Jan 17)
[ MDVSA-2009:027 ] cups security (Jan 26)
[ MDVSA-2009:017 ] kdebase security (Jan 16)
[ MDVSA-2009:006 ] openoffice.org security (Jan 13)
[ MDVSA-2009:024 ] php4 security (Jan 22)
[ MDVSA-2009:026 ] phpMyAdmin security (Jan 23)
Cybershade CMS Remote File include vulnerability security (Jan 20)
[ MDVSA-2009:015 ] ffmpeg security (Jan 16)
WB News v2.0.X Remote File include .. security (Jan 26)

security-alert

[security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 20)
[security bulletin] HPSBMP02404 SSRT090014 rev.1 - MPE/iX Running BIND/iX, Remote DNS Cache Poisoning security-alert (Jan 29)
[security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Jan 29)
[security bulletin] HPSBMA02392 SSRT071481 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert (Jan 12)

security curmudgeon

Re: iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability security curmudgeon (Jan 15)
Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow security curmudgeon (Jan 15)
Re: Remote Cisco IOS FTP exploit security curmudgeon (Jan 20)
Re: munky-bliki lfi security curmudgeon (Jan 26)
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) security curmudgeon (Jan 10)
Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability security curmudgeon (Jan 26)

Shakacon

ShakaCon 2009 Call for Papers and Trainers Shakacon (Jan 09)

Shaochun Wang

Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit Shaochun Wang (Jan 09)

showrun . lee

DoS code for Cisco VLAN Trunking Protocol Vulnerability showrun . lee (Jan 14)

Simon Richter

Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)
Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)

Slack Traq

Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ Slack Traq (Jan 06)

SmoKe

Hack Aethra SV 1042 Adsl/Voip Router SmoKe (Jan 12)

sohrab_behroozian

FBI XSS Vulnerability sohrab_behroozian (Jan 17)

springsec

Ralinktech wireless cards drivers vulnerability springsec (Jan 19)

Stefano Zanero

Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting Stefano Zanero (Jan 09)
Call for papers and trainers - SeacureIT 2009 Stefano Zanero (Jan 05)

Steffen Joeris

[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities Steffen Joeris (Jan 14)
[SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution Steffen Joeris (Jan 26)
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities Steffen Joeris (Jan 07)
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities Steffen Joeris (Jan 07)
[SECURITY] [DSA 1707-1] New iceweasel packages fix several vulnerabilities Steffen Joeris (Jan 15)

Steve Shockley

Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Steve Shockley (Jan 09)

storms0uth

VUplayer (.wax file) local buffer overflow crash exploit storms0uth (Jan 26)

swhite

MoinMoin Wiki Engine XSS Vulnerability swhite (Jan 20)

terrordactylspam

Re: [IBM Datapower XS40] Denial of Service terrordactylspam (Jan 08)

thadeum

Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 thadeum (Jan 26)

Thierry Zoller

Errata: [TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference Thierry Zoller (Jan 15)
[TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference Thierry Zoller (Jan 14)
[TZO-2009-2] Avira Antivir - Priviledge escalation Thierry Zoller (Jan 15)

Thijs Kinkhorst

[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection Thijs Kinkhorst (Jan 09)
[SECURITY] [DSA 1709-1] New shadow packages fix privilege escalation Thijs Kinkhorst (Jan 21)
[SECURITY] [DSA 1693-2] New phppgadmin packages fix regression Thijs Kinkhorst (Jan 21)

Tobias Heinlein

[ GLSA 200901-07 ] MPlayer: Multiple vulnerabilities Tobias Heinlein (Jan 12)

Tobias Klein

[TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities Tobias Klein (Jan 22)
[TKADV2009-001] Sun Solaris aio_suspend() Kernel Integer Overflow Vulnerability Tobias Klein (Jan 12)
[TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities Tobias Klein (Jan 12)
[TKADV2009-004] FFmpeg Type Conversion Vulnerability Tobias Klein (Jan 28)

usman

Motorola Wimax Modem CPEi300 Multiple Vulnerabilities usman (Jan 29)

vds_s

Joomla component beamospetition 1.0.12 Sql Injection vds_s (Jan 21)

Vladimir '3APA3A' Dubrovin

Re[2]: Internet explorer 7.0 stack overflow Vladimir '3APA3A' Dubrovin (Jan 30)

vuln_research

Windows NTP Time Server Syslog Monitor 1.0.000 Denial of Service Vulnerability vuln_research (Jan 15)
Syslserve 1.058 Denial of Service Vulnerability vuln_research (Jan 16)
TFTPUtil GUI TFTP Server Denial of Service Vulnerability vuln_research (Jan 15)
Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal vuln_research (Jan 05)
TFTPUtil GUI TFTP Directory Traversal vuln_research (Jan 15)

vulns

[Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow. vulns (Jan 19)

Will Drewry

[oCERT-2008-016] Multiple OpenSSL signature verification API misuses Will Drewry (Jan 07)

William A. Rowe, Jr.

Java Runtime UTF-8 Decoder Smuggling Vector William A. Rowe, Jr. (Jan 09)

Williams, James K

CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities Williams, James K (Jan 26)
CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities Williams, James K (Jan 27)
CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability Williams, James K (Jan 07)
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) Williams, James K (Jan 27)

zdi-disclosures

ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability zdi-disclosures (Jan 13)
ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability zdi-disclosures (Jan 14)
ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability zdi-disclosures (Jan 22)
ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability zdi-disclosures (Jan 23)
ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability zdi-disclosures (Jan 13)
ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability zdi-disclosures (Jan 22)
ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability zdi-disclosures (Jan 22)
ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability zdi-disclosures (Jan 14)
ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability zdi-disclosures (Jan 22)

Previous period

Next period