Vulnerability Wathcer Newsletter (thread)

[Full-disclosure] iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability, iDefense Labs, 2007/04/30
AFFLIB(TM): Multiple Shell Metacharacter Injections, VSR Advisories, 2007/04/27
AFFLIB(TM): Multiple Format String Injections, VSR Advisories, 2007/04/27
AFFLIB(TM): Time-of-Check-Time-of-Use File Race, VSR Advisories, 2007/04/27
- Re: [VulnWatch] AFFLIB(TM): Time-of-Check-Time-of-Use File Race, VSR Advisories, 2007/04/30
AFFLIB(TM): Multiple Buffer Overflows, VSR Advisories, 2007/04/27
[Full-disclosure] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability, iDefense Labs, 2007/04/27
[Full-disclosure] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability, iDefense Labs, 2007/04/27
[Full-disclosure] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs, 2007/04/26
[VulnWatch] Syhunt: Flixster Cross-Site Scripting Vulnerabilities, Alec Storm, 2007/04/24
[VulnWatch] Syhunt: Google Talk (gTalk) HTML Injection Technique, Alec Storm, 2007/04/24
[VulnWatch] Syhunt: MyCyberTwin Multiple Cross-Site Scripting Vulnerabilities, Alec Storm, 2007/04/24
[Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz, 2007/04/24
- Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Richard Moore, 2007/04/24
[Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability, Michal Majchrowicz, 2007/04/23
[Full-disclosure] iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability, iDefense Labs, 2007/04/20
Re: [Full-disclosure] [VulnWatch] Cross Domain XMLHttpRequest, anurag . agarwal, 2007/04/20
[Full-disclosure] Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL, Team SHATTER, 2007/04/18
[Full-disclosure] iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability, iDefense Labs, 2007/04/17
[Full-disclosure] iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow, iDefense Labs, 2007/04/17
[Full-disclosure] iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability, iDefense Labs, 2007/04/16
[Full-disclosure] iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability, iDefense Labs, 2007/04/16
[Full-disclosure] Cross Domain XMLHttpRequest, Michal Majchrowicz, 2007/04/15
- Re: [Full-disclosure] Cross Domain XMLHttpRequest, ascii, 2007/04/15
[Full-disclosure] iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability, iDefense Labs, 2007/04/12
[Full-disclosure] Cross site scripting in mephisto 0.7.3, Hanno BÃck, 2007/04/12
[Full-disclosure] CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3, Hanno BÃck, 2007/04/12
[Full-disclosure] CVE-2007-1871: Cross site scripting in chcounter 3.1.3, Hanno BÃck, 2007/04/12
[Full-disclosure] iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities, iDefense Labs, 2007/04/11
[Full-disclosure] Cosign SSO Authentication Bypass, Jon Oberheide, 2007/04/11
[VulnWatch] EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation, eEye Advisories, 2007/04/10
[VulnWatch] EEYE: Windows VDM Zero Page Race Condition Privilege Escalation, eEye Advisories, 2007/04/10
[Full-disclosure] iDefense Security Advisory 04.10.07: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability, iDefense Labs, 2007/04/10
[Full-disclosure] iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability, iDefense Labs, 2007/04/09
Re: [VulnWatch] Latinchat Denial Of Service, d4rksoft, 2007/04/08
[Full-disclosure] iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability, iDefense Labs, 2007/04/05
[Full-disclosure] iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability, iDefense Labs, 2007/04/05
[Full-disclosure] iDefense Security Advisory 04.04.07: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability, iDefense Labs, 2007/04/05
High Risk Vulnerability in OpenOffice, NGSSoftware Insight Security Research, 2007/04/04
[Full-disclosure] Mozilla Firefox Insecure Element Stealth Injection Vulnerability, Michal Majchrowicz, 2007/04/04
- Re: [Full-disclosure] Mozilla Firefox Insecure Element Stealth Injection Vulnerability, 3APA3A, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.03.07: Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability, iDefense Labs, 2007/04/04
[VulnWatch] Libero.it (italian ISP) XSS vulnerability, Rosario Valotta, 2007/04/04
[VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability, Michał Majchrowicz, 2007/04/04
- Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability, 3APA3A, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability, iDefense Labs, 2007/04/04
iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability, iDefense Labs, 2007/04/04
[VulnWatch] cftp 0.12 (readrc) Local buffer overflow vulnerability, starcadi, 2007/04/04
[VulnWatch] dkftpbench 0.45 (Platoon:init) Local buffer overflow vulnerability, starcadi, 2007/04/04
Conflict of Interest - My summary, Mark Litchfield, 2007/04/04
- Re: Conflict of Interest - My summary, crazy frog crazy frog, 2007/04/04
[VulnWatch] Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability, starcadi, 2007/04/04
Your Opinion +, Mark Litchfield, 2007/04/04
- Re: Your Opinion +, Alex Belits, 2007/04/04
[Full-disclosure] Call For Papers - IT Underground Dublin, Marcin Tkaczyk, 2007/04/04
Your Opinion, Mark Litchfield, 2007/04/04
- Re: Your Opinion, bugtraq, 2007/04/04
- Re: Your Opinion, Jonathan Glass (GM), 2007/04/04
- RE: Your Opinion, Mario Contestabile, 2007/04/04
- Re: Your Opinion, Crispin Cowan, 2007/04/04
- RE: Your Opinion, Scott Blake, 2007/04/04
- Re: Your Opinion, William A. Rowe, Jr., 2007/04/04
- Re: Your Opinion, The Fungi, 2007/04/04
- RE: Your Opinion, Jim Harrison, 2007/04/04
  - RE: Your Opinion, Alex Eckelberry, 2007/04/04
  - Re: Your Opinion, Andrew Kramer, 2007/04/04
- Re: Your Opinion, Casper . Dik, 2007/04/04
  - RE: Your Opinion, Jim Harrison, 2007/04/04
- Re: Your Opinion, Forrest J. Cavalier III, 2007/04/04
- Re: Your Opinion, Paul Stepowski, 2007/04/04
- Re: Your Opinion, Neil Dickey, 2007/04/04
- RE: Your Opinion, jay.tomas, 2007/04/04
  - RE: Your Opinion, Jim Harrison, 2007/04/04
- RE: Your Opinion, Neale Green, 2007/04/04
iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities, iDefense Labs, 2007/04/04
Call For Papers - IT Underground Dublin, Marcin Tkaczyk, 2007/04/04
RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, Topolski, Leo, 2007/04/04
[VulnWatch] LIBFtp 5.0 (sprintf(), strcpy()) Multiple local buffer overflow, starcadi starcadi, 2007/04/04
[VulnWatch] QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow, starcadi starcadi, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability, iDefense Labs, 2007/04/04
iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, iDefense Labs, 2007/04/04
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow, CORE Security Technologies Advisories, 2007/04/04
[VulnWatch] Unrarlib 0.4.0 (urarlib_get) Local buffer overflow, starcadi, 2007/04/04
[VulnWatch] Windows Multimedia mmioRead Denial of Service Vulnerability, Michał Majchrowicz, 2007/04/04
[Full-disclosure] Php Nuke POST XSS on steroids, ascii, 2007/04/04
- Re: [Full-disclosure] Php Nuke POST XSS on steroids, Paul Laudanski, 2007/04/04
  - Re: [Full-disclosure] Php Nuke POST XSS on steroids, ascii, 2007/04/04
    - Re: [Full-disclosure] Php Nuke POST XSS on steroids, Paul Laudanski, 2007/04/04
    - Re: [Full-disclosure] Php Nuke POST XSS on steroids, Paul Laudanski, 2007/04/04
[VulnWatch] ANNOUNCE: Security OPUS San Francisco, CA - March 19-21, 2007, Steve Manzuik, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities, iDefense Labs, 2007/04/04
iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability, iDefense Labs, 2007/04/04
CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability, CORE Security Technologies Advisories, 2007/04/04
[Full-disclosure] iDefense Security Advisory 03.02.07: Kaspersky AntiVirus UPX File Decompression DoS Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability, iDefense Labs, 2007/04/04
[VulnWatch] Overtaking Google Desktop, Yair Amit, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability, iDefense Labs, 2007/04/04
- [Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability, iDefense Labs, 2007/04/04
[Full-disclosure] iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability, iDefense Labs, 2007/04/04