Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

July 31, 2008

[Full-disclosure] [ GLSA 200807-16 ] Python: Multiple vulnerabilities, Robert Buchholz, 19:57
[Full-disclosure] [ GLSA 200807-15 ] Pan: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 15:12
[Full-disclosure] [ GLSA 200807-14 ] Linux Audit: Buffer overflow, Pierre-Yves Rofes, 15:01
[Full-disclosure] [ GLSA 200807-13 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes, 14:50
[Full-disclosure] iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability, iDefense Labs, 14:29
[Full-disclosure] Assurent VR - CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow, VR-Subscription-noreply, 13:26
[~] Greetz : Me93fg & Mr.SaFa7, Ghost hacker, 13:05
Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows, Secunia Research, 12:43
Pligg <= 9.9.0 Multiple Vulnerabilities, GulfTech Security Research, 12:22
[security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access, security-alert, 11:59
[oCERT-2008-009] libxslt heap overflow, Andrea Barisani, 11:48
Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow, Secunia Research, 11:48
[ MDVSA-2008:159 ] licq, security, 11:38
[Full-disclosure] rPSA-2008-0241-1 openssl openssl-scripts, rPath Update Announcements, 06:35

July 30, 2008

Citrix MetaFrame Privilege Escalation, Wendel Guglielmetti Henrique, 17:18
DEV WMS Multiple Vulnerabilities, irancrash, 17:08
[ MDVSA-2008:158 ] silc-toolkit, security, 16:04
[Full-disclosure] Cisco IOS shellcode explanation - additional, Andy Davis, 14:26
Tool: PorkBind Nameserver Security Scanner, super, 13:32
MJGuest 6.8 GT Cross Site Scripting Vulnerability, irancrash, 12:17
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability, Ghost hacker, 11:54
HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability, Ghost hacker, 11:44
RE: Remote Cisco IOS FTP exploit, Paul Oxman (poxman), 11:43
HIOX Star Rating System 1.0 Remote File Inclusion Vulnerability, Ghost hacker, 11:32
shoutbox Remote Database Dawnload Exploit, Ghost hacker, 11:21
[Full-disclosure] Advisories, advisories, 08:22
[Full-disclosure] Cisco IOS shellcode explanation, Andy Davis, 07:51

July 29, 2008

[Full-disclosure] RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability, cocoruder, 23:29
[Full-disclosure] NULL pointer in Unreal Tournament 2004 v3369, Luigi Auriemma, 19:40
[Full-disclosure] Memory corruption and NULL pointer in Unreal Tournament III 1.2, Luigi Auriemma, 19:30
[ MDVSA-2008:157 ] - ffmpeg, security, 17:55
Re: E-Mail header Injection in HiFriend, Adrian Pastor, 17:12
Remote Cisco IOS FTP exploit, Andy Davis, 13:52
Gregarius <= 0.5.4 SQL Injection, GulfTech Security Research, 12:57
[DSECRG-08-034] Local File Include Vulnerability in Minishowcase v09b136, Digital Security Research Group [DSecRG], 12:46
plugin Rss Remote File Inclusion Vulnerability, Ghost hacker, 12:35
PhpJobScheduler 3.1 Remote File Inclusion Vulnerability, Ghost hacker, 12:03
[ MDVSA-2008:156 ] - Updated libpng packages fix vulnerability, security, 11:52
[Full-disclosure] n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote), security, 07:21
[Full-disclosure] rPSA-2008-0238-1 firefox, rPath Update Announcements, 06:18
[Full-disclosure] rPSA-2008-0235-1 fetchmail fetchmailconf, rPath Update Announcements, 06:18
[Full-disclosure] rPSA-2008-0237-1 tshark wireshark, rPath Update Announcements, 06:18
[Full-disclosure] rPSA-2008-0236-1 httpd mod_ssl, rPath Update Announcements, 06:18

July 28, 2008

[Full-disclosure] VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix, VMware Security team, 22:18
[Full-disclosure] [USN-626-1] Firefox and xulrunner vulnerabilities, Jamie Strandboge, 20:55
[Full-disclosure] iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability, iDefense Labs, 20:24
[Full-disclosure] [USN-631-1] poppler vulnerability, Kees Cook, 19:22
[Full-disclosure] [USN-630-1] ffmpeg vulnerability, Kees Cook, 19:22
Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100, Fabian Fingerle, 18:09
ViArt <= 3.5 SQL Injection, GulfTech Security Research, 15:42
Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02, supportrup, 14:16
RE: Windows Vista Power Management & Local Security Policy, Greg, 14:16
JamRoom <= 3.3.8 Authentication Bypass, GulfTech Security Research, 14:15
[security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS), security-alert, 14:05
Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations, [ISR] - Infobyte Security Research, 14:05
[DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1, Digital Security Research Group [DSecRG], 13:54
Security Bypass Vulnerabilities AXESSTEL, Bboyhacks, 13:54
[ MDVSA-2008:155-1 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 13:43
how to request a cve id?, xpzhang, 13:32

July 27, 2008

Re: [Full-disclosure] how to request a cve id?, Steven M. Christey, 11:39

July 26, 2008

[ MDVSA-2008:155 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 11:41
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Jan MinÃÅ, 09:05

July 25, 2008

[Full-disclosure] http://www.zerodayinitiative.com/advisories/ZDI-08-046, zdi-disclosures, 18:23
[Full-disclosure] ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability, zdi-disclosures, 18:13
[Full-disclosure] ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability, zdi-disclosures, 18:02
Re: [bugtraq] Re: [Full-disclosure] CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning, Tuc at T-B-O-H.NET, 16:59
Re: [Full-disclosure] how to request a cve id?, Fredrick Diggle, 16:49
SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability, advisories, 15:54
[Full-disclosure] Re : CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit, tixxDZ, 15:44
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Steven M. Christey, 15:43
ezContents CMS Renote File inclusion, security, 15:23
XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities, azzcoder, 15:23
Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow, Secunia Research, 12:03
[Full-disclosure] Flashblock Bypass, Sowhat, 10:37
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Robert Buchholz, 06:45
Re: [Full-disclosure] CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit, Ganbold, 01:41
[Full-disclosure] how to request a cve id?, xpzhang, 00:39

July 24, 2008

[Full-disclosure] [USN-629-1] Thunderbird vulnerabilities, Jamie Strandboge, 23:57
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Jan MinÃÅ, 22:44
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Robert Buchholz, 21:52
[ MDVSA-2008:154 ] - Updated xemacs packages fix vulnerability, security, 12:00
[Full-disclosure] CAU-EX-2008-0003: Kaminsky DNS Cache Poisoning Flaw Exploit for Domains, I)ruid, 00:47

July 23, 2008

[Full-disclosure] CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit, I)ruid, 20:30
[Full-disclosure] [tool] SDT Cleaner 1.0, Nahuel C. Riva, 19:28
[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability, security, 18:36
Re: Wordpress Malicious File Execution Vulnerability, otto, 17:43
[Full-disclosure] [USN-628-1] PHP vulnerabilities, Jamie Strandboge, 16:19
[SECURITY] [DSA 1540-3] New lighttpd packages fix regression, Thijs Kinkhorst, 16:08
[Full-disclosure] Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim, Jan MinÃÅ, 15:04
RE: Windows Vista Power Management & Local Security Policy, Good Securitypractice, 14:54
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion, Asterisk Security Team, 11:20
RE: Windows Vista Power Management & Local Security Policy, Abe Getchell, 10:58
AST-2008-011: Traffic amplification in IAX2 firmware provisioning system, Asterisk Security Team, 10:58
[ MDVSA-2008:152 ] - Updated wireshark packages fix denial of service vulnerability, security, 10:47

July 22, 2008

RE: Windows Vista Power Management & Local Security Policy, Jim Harrison, 16:33
RE: Windows Vista Power Management & Local Security Policy, James C. Slora Jr., 16:12
Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities, jplopezy, 16:01
[DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities, Digital Security Research Group [DSecRG], 15:38
[Full-disclosure] PR08-15: Several Webroot Disclosures on Moodle, ProCheckUp Research, 14:57
[Full-disclosure] PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title, ProCheckUp Research, 14:57
[Full-disclosure] PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page, ProCheckUp Research, 14:56
[Full-disclosure] [USN-627-1] Dnsmasq vulnerability, Jamie Strandboge, 13:13
[security bulletin] HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access, security-alert, 11:37
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities, Devin Carraway, 11:37
Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw, Tim Loshak, 11:26
FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability, zhliu, 11:15
[ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability, security, 10:53
Re: [ GLSA 200807-10 ] Bacula: Information disclosure, dan, 10:41

July 21, 2008

[Full-disclosure] NULL pointer in ZDaemon 1.08.07, Luigi Auriemma, 19:05
[Full-disclosure] [ GLSA 200807-12 ] BitchX: Multiple vulnerabilities, Pierre-Yves Rofes, 18:34
[Full-disclosure] [ GLSA 200807-11 ] PeerCast: Buffer overflow, Pierre-Yves Rofes, 16:18
E-Mail header Injection in HiFriend, Peter Wiesen, 15:44
[Full-disclosure] [ GLSA 200807-10 ] Bacula: Information disclosure, Pierre-Yves Rofes, 15:00
EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability, Ghost hacker, 14:49
Re: [Full-disclosure] Pwnie Awards 2008, Kingcope Kingcope, 14:16
[White Paper] Abusing HTML 5 Structured Client-side Storage, Alberto Trivero, 13:31
Re: SchoolCenter URL Handling Cross Site Scripting Vulnerability, Tester, 13:31
Flip V3.0 final, Cru3l . b0y, 13:21
[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1, Digital Security Research Group [DSecRG], 13:20
Vim: Improper Implementation of shellescape()/Arbitrary Code Execution, Jan MinÃÅ, 12:58
RE: Windows Vista Power Management & Local Security Policy, Abe Getchell, 12:58
[Full-disclosure] FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability, zhliu, 12:57
[Full-disclosure] FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability, zhliu, 12:57
RE: Windows Vista Power Management & Local Security Policy, Jim Harrison, 12:46
Re: [Full-disclosure] Oracle Database Local Untrusted Library Path Vulnerability, jmpascual, 12:46
RE: Windows Vista Power Management & Local Security Policy, Abe Getchell, 12:46
MyBlog <=0.9.8 Multiple Vulnerabilities, admin, 12:35
Maran PHP Blog Xss By Khashayar Fereidani, irancrash, 12:24
Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ), irancrash, 12:13
Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system, Julien Thomas, 12:13
FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability, zhliu, 12:03
EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability, zhliu, 11:52
[ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities, security, 11:41
Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani, irancrash, 11:41
RE: Windows Vista Power Management & Local Security Policy, Thor (Hammer of God), 11:31
EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ), irancrash, 11:31
Re: [Full-disclosure] Pwnie Awards 2008, David Litchfield, 11:31
Re: Oracle Database Local Untrusted Library Path Vulnerability, jmpascual, 11:30
[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities, security, 11:30
Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani, irancrash, 11:20

July 19, 2008

RE: Windows Vista Power Management & Local Security Policy, Jim Harrison, 13:36
RE: Windows Vista Power Management & Local Security Policy, Abe Getchell, 13:36
RE: Lateral SQL Injection Revisited - No Special Privs Required, David Litchfield, 13:25
[security bulletin] HPSBUX02351 SSRT080058 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert, 13:15
[Full-disclosure] rPSA-2008-0231-1 bind bind-utils, rPath Update Announcements, 12:02
[Full-disclosure] Oracle Database Local Untrusted Library Path Vulnerability, Joxean Koret, 11:41

July 18, 2008

[Full-disclosure] rPSA-2008-0230-1 bind bind-utils, rPath Update Announcements, 19:29
Re: Lateral SQL Injection Revisited - No Special Privs Required, a . polyakov, 14:59
Windows Vista Power Management & Local Security Policy, Abe Getchell, 12:44
[DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:33
[ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution, ISecAuditors Security Advisories, 12:23
[ MDVSA-2008:148 ] - Updated Firefox packages fix vulnerabilities, security, 12:22
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities, tan_prathan, 12:12
Security Vacation Guide, Pete Herzog, 12:00
[Full-disclosure] Lateral SQL Injection Revisited - No Special Privs Required, David Litchfield, 10:57
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Nikolai Weibull, 08:52

July 17, 2008

[Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Jan MinÃÅ, 19:26
communitycms-0.1 Remote File Includion, n3tr00t3r, 16:48
[Full-disclosure] ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow, zdi-disclosures, 16:27
[Full-disclosure] ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability, zdi-disclosures, 16:16
[Full-disclosure] ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability, zdi-disclosures, 16:16
[Full-disclosure] [USN-623-1] Firefox vulnerabilities, Jamie Strandboge, 12:21
HPSBMA02346 SSRT080097 rev.2 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access, security-alert, 11:59
[DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5, Digital Security Research Group, 11:48
ekoparty security trainings (2008) announcement, ekoparty, 11:48
[security bulletin] HPSBUX02351 SSRT080058 rev.1 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert, 11:37

July 16, 2008

[Full-disclosure] Oracle Portal XSS fixed by CPU July 2008, Andrea Purificato, 19:47
[SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation, Thijs Kinkhorst, 18:01
rPSA-2008-0035-1 httpd mod_ssl, rPath Update Announcements, 17:51
openPro 1.3.1 (LIBPATH) Remote RFI Vulnerability, Ghost hacker, 17:51
n.runs-SA-2008.002 - F-Prot Out-of-Bound Memory Access DoS (remote), security, 16:47
[DSECRG-08-028] File read in Velocity web-server, Alexandr Polyakov, 16:36
[Full-disclosure] IETF Internet-Draft on TCP Port randomization, Fernando Gont, 16:05
[Full-disclosure] n.runs-SA-2008.003 - Quicktime - Arbitrary Code Execution (remote), security, 13:05
[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability, adv, 12:54
[security bulletin] HPSBMA02133 SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 12:33
Re: Re: Microsoft DNS patch KB951748 incompatible with Zonealarm, dwg5901, 12:23
[security bulletin] HPSBMA02346 SSRT080097 rev.1 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access, security-alert, 12:12
[ MDVSA-2008:146 ] - Updated poppler packages fix arbitrary code execution vulnerability, security, 12:12
[ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability, security, 11:40
[Full-disclosure] n.runs-SA-2008.002 - F-Prot Out-of-Bound Memory Access DoS (remote), security, 09:13
[Full-disclosure] Arbitrary code execution in Netrw version 127, Vim 7.2b, Jan MinÃÅ, 08:32
[Full-disclosure] Vim: Improper Implementation of shellescape()/Arbitrary Code Execution, Jan MinÃÅ, 08:32
[Full-disclosure] [USN-625-1] Linux kernel vulnerabilities, Kees Cook, 06:38

July 15, 2008

[Full-disclosure] iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability, iDefense Labs, 19:10
[Full-disclosure] iDefense Security Advisory 07.15.08: Oracle Database Local Untrusted Library Path Vulnerability, iDefense Labs, 19:10
[Full-disclosure] iDefense Security Advisory 07.15.08: Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability, iDefense Labs, 19:10
[Full-disclosure] [ GLSA 200807-09 ] Mercurial: Directory traversal, Tobias Heinlein, 19:10
[Full-disclosure] Oracle Application Server PLSQL injection flaw, David Litchfield, 17:25
[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues, Steve Kemp, 14:35
HPSBST02350 SSRT080102 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040, security-alert, 10:03
[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability, security, 10:03
CFP now open for ClubHack2008 - India, ClubHack, 09:41

July 14, 2008

[Full-disclosure] [USN-624-1] PCRE vulnerability, Kees Cook, 23:08
Yuhhu Pubs Black Cat Remote SQL Injection Exploit, RM-x, 13:43
Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method, ProCheckUp Research, 12:18
DeepSec 2008 - Last call for submissions, DeepSec Conference Vienna, 12:18
FreeBSD Security Advisory FreeBSD-SA-08:06.bind, FreeBSD Security Advisories, 12:08
Pluck Local File inclusion, admin, 12:08
Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit, Rotem-BugSec, 12:07
Re: Re: Microsoft DNS patch KB951748 incompatible with Zonealarm, nelsrob, 11:57

July 12, 2008

Re: New Paper: More than 600 million users surf at high risk, Rob Thompson, 18:26
Re: Microsoft DNS patch KB951748 incompatible with Zonealarm, Steve Shockley, 15:50
Re: Microsoft DNS patch KB951748 incompatible with Zonealarm, jgable, 11:52
[ MDVSA-2008:144 ] - Updated openldap packages fix slapd DoS vulnerability, security, 11:41
[ MDVSA-2008:138-1 ] - Updated OpenOffice.org packages fix vulnerability, security, 11:41

July 11, 2008

RE: New Paper: More than 600 million users surf at high risk, Jeff Martin, 17:21
[Full-disclosure] [NETRAGARD SECURITY ADVISORY][Apple Core Image Fun House <= 2.0 OS X -- Arbitrary Code Execution][NETRAGARD-20080711], Netragard Security Advisories, 15:26
[Full-disclosure] [ GLSA 200807-08 ] BIND: Cache poisoning, Matthias Geerdsen, 14:44
[ MDVSA-2008:143 ] - Updated pidgin packages fix MSN protocol handler vulnerability, security, 09:47
Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method, mcalautt, 09:47
[Full-disclosure] IBM MRO MAXIMO INFORMATION DISCLOSURE AND XSS VULNERABILITIES, Deniz Cevik, 04:34

July 10, 2008

[ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities, security, 15:45
[Full-disclosure] iDefense Security Advisory 07.09.08: Novell eDirectory LDAP Search Request Heap Corruption Vulnerability, iDefense Labs, 14:42
[ MDVSA-2008:141 ] - Updated ruby packages fix vulnerabilities, security, 14:41
phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability, Ghost hacker, 14:09
gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability, Ghost hacker, 13:58
Re: Microsoft DNS patch KB951748 incompatible with Zonealarm FIXED, davee1, 13:58
[Full-disclosure] ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability, zdi-disclosures, 13:58
[ MDVSA-2008:142 ] - Updated ruby packages fix vulnerabilities, security, 13:48
Nessus plugins for recent MS Bulletins, Chandrashekhar B, 13:48
Context IS Advisory - MS08-39 OWA XSS, Context IS - Disclosure, 13:47
[ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability, security, 12:34
[Full-disclosure] London DEFCON July meet - DC4420 - Thursday 10th July (today!), alien, 04:43

July 09, 2008

[Full-disclosure] rPSA-2008-0223-1 poppler, rPath Update Announcements, 20:04
[Full-disclosure] [ GLSA 200807-06 ] Apache: Denial of Service, Robert Buchholz, 18:41
[Full-disclosure] [ GLSA 200807-07 ] NX: User-assisted execution of arbitrary code, Robert Buchholz, 18:41
[Full-disclosure] [ GLSA 200807-05 ] OpenOffice.org: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 17:17
Microsoft DNS patch KB951748 incompatible with Zonealarm, Pages-Web.com - Services internet, 15:21
Insomnia : ISVA-080709.1 - Microsoft SQL Server - Corrupt Backup File Heap Overflow, Brett Moore, 13:55
Local information disclosure in WeFi Client v3.3.3.0, XiaShing, 13:55
Re: Unauthorized reading confirmation from Outlook, Alexander Klink, 13:44
[ MDVSA-2008:138 ] - Updated OpenOffice.org packages fix vulnerability, security, 13:44
[ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs, security, 10:56
[Full-disclosure] rPSA-2008-0218-1 ruby, rPath Update Announcements, 06:36
[Full-disclosure] rPSA-2008-0217-1 vsftpd, rPath Update Announcements, 06:36
[Full-disclosure] rPSA-2008-0216-1 firefox, rPath Update Announcements, 06:35
[Full-disclosure] Assurent VR - Adobe RoboHelp Server SQL Injection Vulnerability, VR-Subscription-noreply, 06:24

July 08, 2008

Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability, Cesar, 20:08
[ MDVSA-2008:136 ] - Updated Firefox packages fix vulnerabilities, security, 18:33
[USN-622-1] Bind vulnerability, Kees Cook, 18:21
iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability, iDefense Labs, 18:21
Re: [Full-disclosure] Minneapolis DC612 Meeting July 10th, 2008@6pm, infolookup, 17:28
[Full-disclosure] Minneapolis DC612 Meeting July 10th, 2008@6pm, David Bryan, 16:14
[Full-disclosure] [ GLSA 200807-04 ] Poppler: User-assisted execution of arbitrary code, Matthias Geerdsen, 15:22
[SECURITY] [DSA 1603-1] New bind9 packages fix cache poisoning, Florian Weimer, 13:38
[security bulletin] HPSBMA02349 SSRT080043 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data, security-alert, 13:37
[Full-disclosure] XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower, Jessica Hope, 13:37
[security bulletin] HPSBMA02348 SSRT080033 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert, 13:27
Re: Local vulnerability in WeFi Client v3.2.1.4.1(Update), galia, 11:09
Pwnie Awards 2008, Alexander Sotirov, 10:59
Call for Papers for the MEITSEC 2008 is now open., Meitsec2008 Conference, 10:59

July 07, 2008

PHP-NUKE SQL Module's Name 4ndvddb, lovebug, 17:51
[Full-disclosure] [ GLSA 200807-03 ] PCRE: Buffer overflow, Robert Buchholz, 17:18
Re: Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version, Juha-Matti Laurio, 11:51
[oCERT-2008-007] libpoppler uninitialized pointer, Andrea Barisani, 11:30

July 05, 2008

[ MDVSA-2008:135 ] - Updated gnome-screensaver packages fix authentication vulnerability, security, 13:18
[ MDVSA-2008:134 ] - Updated squid packages fix DoS vulnerability, security, 13:17
[ MDVSA-2008:133 ] - Updated sympa packages fix DoS vulnerability, security, 13:07
[ MDVSA-2008:132 ] - Updated gnome-screensaver packages fix authentication vulnerability, security, 13:07

July 04, 2008

[ MDVSA-2008:131 ] - Updated phpMyAdmin packages fix multiple vulnerabilities, security, 17:53
Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow, [ISR] - Infobyte Security Research, 13:34
[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC, Digital Security Research Group [DSecRG], 13:24
F5 FirePass 1200 SNMP daemon DoS, nnposter, 12:30
[ MDVSA-2008:129 ] - Updated PHP packages fix multiple vulnerabilities, security, 12:19
[ MDVSA-2008:130 ] - Updated PHP packages fix multiple vulnerabilities, security, 12:08
Unauthorized reading confirmation from Outlook, Augusto Paes de Barros, 11:58
Local vulnerability in WeFi Client v3.2.1.4.1(Update), XiaShing, 11:58
[ MDVSA-2008:128 ] - Updated PHP packages fix multiple vulnerabilities, security, 11:37
[SECURITY] [DSA 1601-1] New wordpress packages fix several vulnerabilities, Thijs Kinkhorst, 11:37
[ MDVSA-2008:127 ] - Updated PHP packages fix multiple vulnerabilities, security, 11:26
[ MDVSA-2008:126 ] - Updated PHP packages fix multiple vulnerabilities, security, 11:16
[ MDVSA-2008:125 ] - Updated PHP packages fix multiple vulnerabilities, security, 10:54
[Full-disclosure] zonedit.com e dns zone transfer, NetExpress, 09:52

July 03, 2008

rPSA-2008-0212-1 tshark wireshark, rPath Update Announcements, 11:18
rPSA-2008-0211-1 mercurial mercurial-hgk, rPath Update Announcements, 10:45

July 02, 2008

Re: New Paper: More than 600 million users surf at high risk, Rob Thompson, 16:08
Re: New Paper: More than 600 million users surf at high risk, Rainer Duffner, 15:57
Release of Pass-The-Hash Toolkit v1.4, Hernan Ochoa, 15:57
Secunia Research: VLC Media Player WAV Processing Integer Overflow, Secunia Research, 12:04
ISEC 2008(Information Security Conference) Guide, isec, 11:53
RE: New Paper: More than 600 million users surf at high risk, Nick FitzGerald, 11:32
[Full-disclosure] [USN-619-1] Firefox vulnerabilities, Jamie Strandboge, 09:24

July 01, 2008

[Full-disclosure] [tool] ratproxy - passive web application security assessment tool, Michal Zalewski, 21:07
RE: New Paper: More than 600 million users surf at high risk, Paul Schmehl, 17:20
Deepsec Talks 2007 are online - registration for 2008 is open, DeepSec 2008, 16:27
RE: New Paper: More than 600 million users surf at high risk, Larry Seltzer, 16:27
Re: [Full-disclosure] Collection of Vulnerabilities in Fully Patched Vim 7.1, Jan MinÃÅ, 16:16
RE: New Paper: More than 600 million users surf at high risk, Larry Seltzer, 16:16
Vuln name: Ruby rb_ary_fill() DOS, snagg, 15:54
New Paper: More than 600 million users surf at high risk, Stefan Frei, 12:46
[security bulletin] HPSBMA02345 SSRT080039 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), security-alert, 12:04
CFP 25C3 - The 25th Chaos Communication Congress 2008, fukami, 11:32
Re: Rhythmbox Vulnerability, wargame89, 10:49
[Full-disclosure] [ GLSA 200807-02 ] Motion: Execution of arbitrary code, Tobias Heinlein, 08:35
[Full-disclosure] [ GLSA 200807-01 ] Python: Multiple integer overflows, Tobias Heinlein, 08:24
[Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability, Scanit Labs, 07:22
[Full-disclosure] [SCANIT-2008-003] Wordtrans-web Remote Command Execution Vulnerability, Scanit Labs, 07:22
[Full-disclosure] [SCANIT-2008-002] Wordtrans-web Remote Command Execution Vulnerability, Scanit Labs, 07:12