Vulnerability Development (thread)

[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities, Thijs Kinkhorst, 2008/04/24
HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code, security-alert, 2008/04/24
[Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection, David Litchfield, 2008/04/24
Trillian 3.1 basic nick crash, jplopezy, 2008/04/24
DDIVRT-2008-11 BadBlue uninst.exe DoS, vulnerabilityresearch, 2008/04/24
[Full-disclosure] [ GLSA 200804-28 ] JRockit: Multiple vulnerabilities, Tobias Heinlein, 2008/04/24
[Full-disclosure] [ GLSA 200804-27 ] SILC: Multiple vulnerabilities, Tobias Heinlein, 2008/04/24
xine-lib NES Sound Format Demuxer Buffer Overflow, laurent . gaffie, 2008/04/23
- Re: xine-lib NES Sound Format Demuxer Buffer Overflow, Guido Landi, 2008/04/24
[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation, vulns, 2008/04/23
PR07-44: XSS on RSA Authentication Agent login page, ProCheckUp Research, 2008/04/23
PR07-43: Cross-domain redirect on RSA Authentication Agent, ProCheckUp Research, 2008/04/23
[SECURITY] [DSA 1555-1] New iceweasel packages fix arbitrary code execution, Moritz Muehlenhoff, 2008/04/23
[Full-disclosure] [ GLSA 200804-26 ] Openfire: Denial of Service, Robert Buchholz, 2008/04/23
[Full-disclosure] [ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code, Robert Buchholz, 2008/04/23
Zune software - arbitrary file overwrite, info, 2008/04/23
NetClassifieds Sql Injection, noreply, 2008/04/23
- Re: NetClassifieds Sql Injection, laurent . gaffie, 2008/04/23
LayerOne 2008 - Final Pre-Con Update, Layer One, 2008/04/23
Horde Webmail XSS [Aria-Security], noreply, 2008/04/23
AST-2008-006 - 3-way handshake in IAX2 incomplete, Security Officer, 2008/04/23
Default key algorithm in Thomson and BT Home Hub routers, Adrian Pastor, 2008/04/22
- Re: Default key algorithm in Thomson and BT Home Hub routers, ap, 2008/04/23
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability, Noah Meyerhans, 2008/04/22
Firefox 3.0 beta 5 crash, jplopezy, 2008/04/22
- Re: Firefox 3.0 beta 5 crash, Gianluca Borello, 2008/04/22
Safari 3.1.1 Multiple Vulnerabilities for windows, jplopezy, 2008/04/22
[Full-disclosure] IMF 2008 - 2nd Call for Papers, Oliver Goebel, 2008/04/21
[Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387), Hanno BÃck, 2008/04/21
- [Full-disclosure] Correcting CVEs (was Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)), Hanno BÃck, 2008/04/21
[Full-disclosure] [USN-602-1] Firefox vulnerabilities, Jamie Strandboge, 2008/04/21
- [Full-disclosure] [USN-602-1] Firefox vulnerabilities, Jamie Strandboge, 2008/04/21
[Full-disclosure] [USN-604-1] Gnumeric vulnerability, Kees Cook, 2008/04/21
Sea-Surfing on the Motorola Surfboard, th3 . r00k . nospam, 2008/04/21
Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it, crazy_kinq, 2008/04/21
ANNOUNCE: Security Implications of Windows Access Tokens Whitepaper, luke . jennings, 2008/04/21
Re: Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, douchbag, 2008/04/21
Powered by gCards v1.46 SQL, turkish-warriorr, 2008/04/21
- Re: Powered by gCards v1.46 SQL, packet, 2008/04/21
IRM Security Advisory : RedDot CMS SQL injection vulnerability, Mark Crowther, 2008/04/21
[Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Mark Crowther, 2008/04/21
Acidcat CMS Multiple Vulnerabilities, admin, 2008/04/21
[ MDVSA-2008:090 ] - Updated OpenOffice.org packages fix vulnerabilities, security, 2008/04/21
Deciphering the PHP-Nuke Capthca, Michael . Brooks . SPAM, 2008/04/21
SyScan'08 Singapore - Call for Paper, organiser@syscan.org, 2008/04/21
Deciphering the Simple Machines Forum audio Captcha, Michael . Brooks . SPAM, 2008/04/21
[Full-disclosure] Token Kidnapping (Microsoft Security Advisory 951306) presentation available, Cesar, 2008/04/19
[Full-disclosure] [ GLSA 200804-24 ] DBmail: Data disclosure, Matthias Geerdsen, 2008/04/18
[Full-disclosure] [ GLSA 200804-23 ] CUPS: Integer overflow vulnerability, Matthias Geerdsen, 2008/04/18
[Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Alexander Konovalenko, 2008/04/18
- Re: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Nick FitzGerald, 2008/04/19
Wikepage Wiki v.2007-2 Cross-Site Scripting, darkz . gsa, 2008/04/18
LightNEasy v.1.2.2 flat Multiple Vulnerabilities, darkz . gsa, 2008/04/18
5th avenue Shopping Cart SQL Injection, noreply, 2008/04/18
BitTorrent Clients and CSRF, th3 . r00k . nospam, 2008/04/18
[ MDVSA-2008:089 ] - Updated poppler packages fix vulnerability, security, 2008/04/18
[ MDVSA-2008:088 ] - Updated clamav packages fix multiple vulnerabilities, security, 2008/04/18
[Full-disclosure] ANNOUNCE: RFIDIOt-0.1s release (now available for Windows), Adam Laurie, 2008/04/18
[Full-disclosure] Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures, Team SHATTER, 2008/04/18
[Full-disclosure] Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure, Team SHATTER, 2008/04/18
[Full-disclosure] Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures, Team SHATTER, 2008/04/18
[Full-disclosure] [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning, Robert Buchholz, 2008/04/17
[Full-disclosure] [ GLSA 200804-21 ] Adobe Flash Player: Multiple vulnerabilities, Robert Buchholz, 2008/04/17
[Full-disclosure] [ GLSA 200804-20 ] Sun JDK/JRE: Multiple vulnerabilities, Robert Buchholz, 2008/04/17
[Full-disclosure] [ GLSA 200804-19 ] PHP Toolkit: Data disclosure and Denial of Service, Robert Buchholz, 2008/04/17
[Full-disclosure] iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability, iDefense Labs, 2008/04/17
[Full-disclosure] iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities, iDefense Labs, 2008/04/17
[Full-disclosure] iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability, iDefense Labs, 2008/04/17
[Full-disclosure] iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability, iDefense Labs, 2008/04/17
[Full-disclosure] [USN-603-2] KOffice vulnerability, Kees Cook, 2008/04/17
[Full-disclosure] [USN-603-1] poppler vulnerability, Kees Cook, 2008/04/17
[SECURITY] [DSA 1548-1] New xpdf packages fix arbitrary code exitution, Devin Carraway, 2008/04/17
Announcement - DeepSec Conference 2008, Nov 11-14 2008, DeepSec Conference, 2008/04/17
Microsoft Works 7 WkImgSrv.dll crash POC, wsn1983, 2008/04/17
[security bulletin] HPSBMA02328 SSRT071293 rev.2 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code, security-alert, 2008/04/17
[security bulletin] HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025, security-alert, 2008/04/17
[security bulletin] HPSBMA02133 SSRT061201 rev.8 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 2008/04/17
[oCERT-2008-004] multiple speex implementations insufficient boundary checks, Andrea Barisani, 2008/04/17
[ MDVSA-2008:087 ] - Updated policykit package fixes format string vulnerability, security, 2008/04/17
FreeBSD Security Advisory FreeBSD-SA-08:05.openssh, FreeBSD Security Advisories, 2008/04/17
[Full-disclosure] [ GLSA 200804-17 ] Speex: User-assisted execution of arbitrary code, Robert Buchholz, 2008/04/16
[Full-disclosure] [ GLSA 200804-18 ] Poppler: User-assisted execution of arbitrary code, Robert Buchholz, 2008/04/16
[Full-disclosure] [ GLSA 200804-16 ] rsync: Execution of arbitrary code, Robert Buchholz, 2008/04/16
[Full-disclosure] ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability, zdi-disclosures, 2008/04/16
Classifieds Caffe (index.php cat_id) Remote SQL Injection, sys-project, 2008/04/16
Re: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability, contact, 2008/04/16
[Full-disclosure] iDefense Security Advisory 04.15.08: Oracle Application Express Privilege Escalation Vulnerability, iDefense Labs, 2008/04/16
CA DSM gui_cm_ctrls ActiveX Control Vulnerability, Williams, James K, 2008/04/16
Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13], ak, 2008/04/16
[INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability, infocus, 2008/04/16
Oracle - SQL Injection Vulnerability in SDO_UTIL [DB05], ak, 2008/04/16
Oracle - SQL Injection in package SDO_IDX [DB07], ak, 2008/04/16
BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day), admin, 2008/04/16
- Re: BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day), m . memelli, 2008/04/17
Carbon Communities forum Multiple Vulnerabilities., admin, 2008/04/16
Oracle - SQL Injection in package SDO_GEOM [DB06], ak, 2008/04/16
[Full-disclosure] [INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability, infocus, 2008/04/15
[Full-disclosure] VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus, VMware Security team, 2008/04/15
[Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability, iDefense Labs, 2008/04/15
[Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database Administration Server File Creation Vulnerability, iDefense Labs, 2008/04/15
DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT ), securfrog, 2008/04/15
remote file include, win32 . exe, 2008/04/15
- remote file include, win32 . exe, 2008/04/15
Koobi Pro 6.25 poll Remote SQL Injection Vulnerability, Sabun, 2008/04/15
WordPress 2.5 - Salt cracking vulnerability, J. Carlos Nieto, 2008/04/15
Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities, sys-project, 2008/04/15
[Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability, iDefense Labs, 2008/04/15
[Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PeSpin Heap Overflow Vulnerability, iDefense Labs, 2008/04/15
[ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability, security, 2008/04/15
- [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability, security, 2008/04/15
BosNews 2002-2006 Remote add user admin, houssamix, 2008/04/15
BosNews v4.0 Remote add user admin, houssamix, 2008/04/15
[ MDVSA-2008:085 ] - Updated python packages fix arbitrary code execution vulnerability, security, 2008/04/15
Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability, Morgan ARMAND, 2008/04/15
KwsPHP (Upload) Remote Code Execution Exploit, ajax, 2008/04/15
Troopers08 Security Conference, April 23/24 (Munich/Germany), Enno Rey, 2008/04/15
Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows, Luigi Auriemma, 2008/04/15
- Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows, Erik Harrison, 2008/04/15
- Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows, Juha-Matti Laurio, 2008/04/17
[Full-disclosure] clamav: Endless loop / hang with crafter arj, CVE-2008-1387, Hanno BÃck, 2008/04/14
[Full-disclosure] [ GLSA 200804-15 ] libpng: Execution of arbitrary code, Robert Buchholz, 2008/04/14
[Full-disclosure] [ GLSA 200804-14 ] Opera: Multiple vulnerabilities, Robert Buchholz, 2008/04/14
[Full-disclosure] [ GLSA 200804-13 ] Asterisk: Multiple vulnerabilities, Robert Buchholz, 2008/04/14
[Full-disclosure] [USN-601-1] Squid vulnerability, Jamie Strandboge, 2008/04/14
Fones Clinic Mart SQL, turkish-warriorr, 2008/04/14
S21SEC-041-en:Cezanne SW Cross-Site Scripting, S21sec labs, 2008/04/14
[Full-disclosure] S21SEC-043-en:Cezanne SW Blind SQL Injection, S21sec labs, 2008/04/14
[Full-disclosure] S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required), S21sec labs, 2008/04/14
- [Full-disclosure] S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required), David Barroso, 2008/04/14
Secunia Research: Internet Explorer Data Stream Handling Vulnerability, Secunia Research, 2008/04/14
[Full-disclosure] Cyberflexing: A response to Mark Seiden, n3td3v, 2008/04/14
Secunia Research: activePDF DocConverter Applix Graphics Parsing Vulnerabilities, Secunia Research, 2008/04/14
Secunia Research: Autonomy Keyview Applix Graphics Parsing Vulnerabilities, Secunia Research, 2008/04/14
Secunia Research: Lotus Notes EML Reader Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: Symantec Mail Security Applix Graphics Parsing Vulnerabilities, Secunia Research, 2008/04/14
Secunia Research: Autonomy Keyview EML Reader Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: HP OpenView Network Node Manager OpenView5.exe Directory Traversal, Secunia Research, 2008/04/14
Secunia Research: Autonomy Keyview Folio Flat File Parsing Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: Lotus Notes Applix Graphics Parsing Vulnerabilities, Secunia Research, 2008/04/14
Secunia Research: Symantec Mail Security Folio Flat File Parsing Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: Lotus Notes htmsr.dll Buffer Overflows, Secunia Research, 2008/04/14
Secunia Research: Adobe Flash Player "Declare Function (V7)" Heap Overflow, Secunia Research, 2008/04/14
Secunia Research: activePDF DocConverter Folio Flat File Parsing Buffer Overflows, Secunia Research, 2008/04/14
OneSecurityDay 2008 - Web application auditing challenge, bugtraq, 2008/04/14
Secunia Research: Lotus Notes kvdocve.dll Path Processing Buffer Overflow, Secunia Research, 2008/04/14
[oCERT-2008-003] libpng zero-length chunks incorrect handling, Andrea Barisani, 2008/04/14
project announcement - oCERT - Open Source CERT, Andrea Barisani, 2008/04/14
[Full-disclosure] Observing the observer in VoIP communications, michele dallachiesa, 2008/04/13
[Full-disclosure] DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2, Sebastien gioria, 2008/04/13
Re: WoltLab(R) Community Framework WCF 1.0.6, marc . deroche, 2008/04/12
DEF CON 16 Retro Announcement! Back to Bang!, The Dark Tangent, 2008/04/12
- DEF CON 16 Retro Announcement! Back to Bang!, The Dark Tangent, 2008/04/14
[ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability, security, 2008/04/12
IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows, Justin Ferguson, 2008/04/11
Trillian 3.1.9.0 DTD File Buffer Overflow, david130490, 2008/04/11
[Full-disclosure] Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53, Luigi Auriemma, 2008/04/11
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities, ascii, 2008/04/11
[Full-disclosure] [ GLSA 200804-12 ] gnome-screensaver: Privilege escalation, Raphael Marichez, 2008/04/11
[Full-disclosure] [ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation, Robert Buchholz, 2008/04/11
Borland InterBase 2007 "ibserver.exe" Buffer Overflow Vulnerability POC, Liu Zhen Hua, 2008/04/11
w2b.ru multiple products SQL Injection, noreply, 2008/04/11
[Full-disclosure] Borland InterBase 2007 "ibserver.exe" Buffer Overflow Vulnerability POC, alau, 2008/04/10
[Full-disclosure] [USN-600-1] rsync vulnerability, Kees Cook, 2008/04/10
[Full-disclosure] iDefense Security Advisory 04.09.08: EMC DiskXtender MediaStor Format String Vulnerability, iDefense Labs, 2008/04/10
[Full-disclosure] iDefense Security Advisory 04.09.08: EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability, iDefense Labs, 2008/04/10
[Full-disclosure] iDefense Security Advisory 04.09.08: EMC DiskXtender Authentication Bypass Vulnerability, iDefense Labs, 2008/04/10
EUSecWest CFP Closes April 14th (conf May 21/22 2008), Dragos Ruiu, 2008/04/10
[Full-disclosure] [ GLSA 200804-09 ] am-utils: Insecure temporary file creation, Pierre-Yves Rofes, 2008/04/10
[Full-disclosure] [ GLSA 200804-10 ] Tomcat: Multiple vulnerabilities, Pierre-Yves Rofes, 2008/04/10
[Full-disclosure] [ GLSA 200804-08 ] lighttpd: Multiple vulnerabilities, Tobias Heinlein, 2008/04/10
[ MDVSA-2008:083 ] - Updated audit packages fix vulnerability, security, 2008/04/10
paFileDB 3.1 Remote SQL Injection, noreply, 2008/04/10
IOActive Security Advisory: Buffer overflow in Python zlib extension module, Justin Ferguson, 2008/04/09
[ MDVSA-2008:082 ] - Updated php-apc packages fix vulnerability, security, 2008/04/09
[Full-disclosure] [USN-599-1] Ghostscript vulnerability, Jamie Strandboge, 2008/04/09
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities, Devin Carraway, 2008/04/09
[CVE-2007-5301] alsaplayer PoC - exploit, Albert Sellarès, 2008/04/09
[SECURITY] [DSA 1542-1] New libcairo packages fix arbitrary code execution, Devin Carraway, 2008/04/09
SAP Netweaver 6.40-7.0 Cross-Site-Scripting, jaime . blasco, 2008/04/09
Pu Arcade component for Joomla - SQL injection, netmantis . com, 2008/04/09
[Full-disclosure] [ GLSA 200804-07 ] PECL APC: Buffer Overflow, Robert Buchholz, 2008/04/08
[Full-disclosure] CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS, I)ruid, 2008/04/08
[Full-disclosure] ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability, zdi-disclosures, 2008/04/08
[Full-disclosure] iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability, iDefense Labs, 2008/04/08
[Full-disclosure] iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability, iDefense Labs, 2008/04/08
[Full-disclosure] iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability, iDefense Labs, 2008/04/08
Re: [Full-disclosure] Multiple vulnerabilities in HP OpenView NNM 7.53, Luigi Auriemma, 2008/04/08
[Full-disclosure] ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability, zdi-disclosures, 2008/04/08
[security bulletin] HPSBMA02242 SSRT061260 rev.3 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution, security-alert, 2008/04/08
[security bulletin] [security bulletin] HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data, security-alert, 2008/04/08
Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020), Amit Klein, 2008/04/08
New tool released : Syslog Fuzzer, jaime . blasco, 2008/04/08
[security bulletin] HPSBMA02327 SSRT071455 rev.1 - HP Integrity Servers iLO-2 Management Processors (iLO-2 MP), Denial of Service (DoS), security-alert, 2008/04/08
licq remote DoS?, Milen Rangelov, 2008/04/08
- Re: licq remote DoS?, 3APA3A, 2008/04/10
- Re: Re: licq remote DoS?, mrangelov, 2008/04/10
Wayport Public Access PC Authentication Bypass Weakness, Pascal Cretain, 2008/04/08
Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities, brad . antoniewicz, 2008/04/08
[Full-disclosure] WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability, Jessica Hope, 2008/04/07
Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility, virangar_nml, 2008/04/07
- Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility, yeppy, 2008/04/08
Attack Technique: File Download Injection, Jeff Williams, 2008/04/07
[Full-disclosure] Multiple vulnerabilities in HP OpenView NNM 7.53, Luigi Auriemma, 2008/04/07
CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities, Simon Ryeo, 2008/04/07
Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow, Patrick Webster, 2008/04/07
openMosix userspace library stack-based buffer overflow, jose, 2008/04/07
- Re: openMosix userspace library stack-based buffer overflow, nixpanic, 2008/04/10
[Full-disclosure] [ GLSA 200804-06 ] UnZip: User-assisted execution of arbitrary code, Robert Buchholz, 2008/04/06
[Full-disclosure] [ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code, Robert Buchholz, 2008/04/05
[Full-disclosure] [ GLSA 200804-04 ] MySQL: Multiple vulnerabilities, Robert Buchholz, 2008/04/05
Blogator-script 0.95 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 2008/04/05
Alkacon OpenCms sessions.jsp searchfilter XSS, nnposter, 2008/04/05
- Re: Alkacon OpenCms sessions.jsp searchfilter XSS, a . westtermann, 2008/04/10
Blogator-script 0.95 Change User Password Vulnerbility, hadihadi_zedehal_2006, 2008/04/05
TheGreenBowVPN, Login Credentials Disclosure, evilcry, 2008/04/05
F5 BIG-IP Management Interface Perl Injection, nnposter, 2008/04/04
[Full-disclosure] [ GLSA 200804-03 ] OpenSSH: Privilege escalation, Robert Buchholz, 2008/04/04
rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements, 2008/04/04
rPSA-2008-0138-1 tshark wireshark, rPath Update Announcements, 2008/04/04
rPSA-2008-0136-1 cups, rPath Update Announcements, 2008/04/04
[SECURITY] [DSA 1538-1] New alsaplayer packages fix arbitrary code execution, Devin Carraway, 2008/04/04
[SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities, Devin Carraway, 2008/04/04
[Full-disclosure] iDefense Security Advisory 04.03.08: Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities, iDefense Labs, 2008/04/04
[security bulletin] HPSBMA02323 SSRT080032 rev.1 - HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection, security-alert, 2008/04/04
Re: [Full-disclosure] ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, Brian Livingstone, 2008/04/04
KwsPHP Module ConcoursPhoto XSS, hsx, 2008/04/04
CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities, Williams, James K, 2008/04/04
CA Alert Notification Server Multiple Vulnerabilities, Williams, James K, 2008/04/04
Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron, Tim Brown, 2008/04/04
[Full-disclosure] iDefense Security Advisory 04.02.08: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability, iDefense Labs, 2008/04/03
[Full-disclosure] iDefense Security Advisory 04.02.08: Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability, iDefense Labs, 2008/04/03
[Full-disclosure] iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability, iDefense Labs, 2008/04/03
[Full-disclosure] ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, zdi-disclosures, 2008/04/03
- Re: [Full-disclosure] ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, Ureleet, 2008/04/03
  - Re: [Full-disclosure] ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, n3td3v, 2008/04/04
    - Re: [Full-disclosure] ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, Ureleet, 2008/04/04
[Full-disclosure] ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities, zdi-disclosures, 2008/04/03
[Full-disclosure] ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability, zdi-disclosures, 2008/04/03
[Full-disclosure] ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability, zdi-disclosures, 2008/04/03
[Full-disclosure] ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability, zdi-disclosures, 2008/04/03
[Full-disclosure] iDefense Security Advisory 04.02.08: Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability, iDefense Labs, 2008/04/03
[Full-disclosure] ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability, zdi-disclosures, 2008/04/03
[Full-disclosure] CORE-2008-0314 - Orbit Downloader "Download failed" buffer overflow, CORE Security Technologies Advisories, 2008/04/03
POC2008 call for papers, pocadm, 2008/04/03
Recon 2008 CFP last call, early registration open, Recon Conference, 2008/04/03
Parallels virtuozzo's VZPP multiple csrf vulnerabilities, poplix, 2008/04/02
Joomla Component com_lms SQL Injection, no-reply, 2008/04/02
Vulnerabilities in kses-based HTML filters, lpilorz, 2008/04/02
Webwasher Denial of Service Vulnerability, security, 2008/04/02
[SECURITY] [DSA 1537-1] New xpdf packages fix multiple vulnerabilities, Devin Carraway, 2008/04/02
[Full-disclosure] [USN-598-1] CUPS vulnerabilities, Jamie Strandboge, 2008/04/02
[Full-disclosure] [ GLSA 200804-02 ] bzip2: Denial of Service, Pierre-Yves Rofes, 2008/04/02
[Full-disclosure] [USN-588-2] MySQL regression, Jamie Strandboge, 2008/04/02
[ MDVSA-2008:081 ] - Updated CUPS packages fix multiple vulnerabilities, security, 2008/04/02
[Full-disclosure] Directory traversal in LANDesk Management Suite 8.80.1.1, Luigi Auriemma, 2008/04/02
[Full-disclosure] ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59, Adam Laurie, 2008/04/02
HPSBTU02325 SSRT080006 rev.1 - HP Internet Express for Tru64 UNIX running PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of Service (DoS), security-alert, 2008/04/02
HPSBMA02317 SSRT080026 rev.1 - HP Select Identity Software, Gain Unauthorized Access, security-alert, 2008/04/01
Datalife Engine 6.7 XSRF, irancrash, 2008/04/01
Writers Block SQL Injection Vulnerabilities, nebelfrost23, 2008/04/01
[Full-disclosure] [USN-597-1] OpenSSH vulnerability, Kees Cook, 2008/04/01
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door RaceCondition, Garrett M. Groff, 2008/04/01
Re: Hamachi Password Disclosure Vulnerability, anonymous, 2008/04/01
Re: Re: Internet explorer 7.0 spoofing, w0lfd33m, 2008/04/01
- Re: Internet explorer 7.0 spoofing, Razi Shaban, 2008/04/01
- RE: Internet explorer 7.0 spoofing, Darth Jedi, 2008/04/01
- Re: Re: Re: Internet explorer 7.0 spoofing, jplopezy, 2008/04/01
- RE: Internet explorer 7.0 spoofing, Mike Diaz, 2008/04/02
[Full-disclosure] [ GLSA 200804-01 ] CUPS: Multiple vulnerabilities, Robert Buchholz, 2008/04/01
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, I)ruid, 2008/04/01
TCP/IP security vulnerability disclosed, J. Oquendo, 2008/04/01
[SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities, Devin Carraway, 2008/04/01
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, David Weston, 2008/04/01
cevado technologies real estate CMS SQL injection, joseph . giron13, 2008/04/01
Terracotta Personal Edition Multiple vulnerabilities, joseph . giron13, 2008/04/01