vulnerability headlines
- In-Portal CMS
- PHPCMS2008 "download.php" Information Disclosure Issue
- Online Work Order Suite Lite Edition Multiple Cross-Site Scripting Vulnerabilities
- QEMU KVM Multiple Issues
- Serv-U Denial of Service and Security Bypass Vulnerabilities
- Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of Service
- Vuln: Trend Micro Internet Security Pro ActiveX Control Remote Code Execution Vulnerability
- Vuln: HP-UX Software Distributor Unspecified Local Privilege Escalation Vulnerability
- Vuln: Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
- Vuln: KSP '.m3u' File Buffer Overflow Vulnerability
- Netpet CMS "confirm.php" Local File Include
- PHP City Portal "login.php" Multiple SQL Injection Issues
- ACCESSGUARDIAN Unspecified Cross-Site Scripting Issue
- Novell iPrint Client Multiple Security Vulnerabilities
- VU#204055: Blackboard Transact database credentials disclosure
- VU#707943: Microsoft Windows based applications may insecurely load dynamic libraries
- VU#278785: DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin
- VU#644319: Ghostscript Heap Corruption in TrueType bytecode interpreter
- VU#320233: Wyse ThinOS LPD service buffer overflow vulnerability
- VU#660993: Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability
- MS10-047 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
- MS10-048 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
- MS10-049 - Critical: Vulnerabilities in SChannel could allow Remote Code Execution (980436)
- MS10-050 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
- MS10-051 - Critical: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
- MS10-052 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
- MS10-053 - Critical: Cumulative Security Update for Internet Explorer (2183461)
- MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
- MS10-055 - Critical: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
- MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
- MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
- MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
- MS10-059 - Important: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
- MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
- VU#275247: FreeType 2 CFF font stack corruption vulnerability
- VU#174089: Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability
- VU#703189: Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow
- VU#840249: Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
- VU#362332: Wind River Systems VxWorks debug service enabled by default
- MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
- VU#940193: Microsoft Windows automatically executes code specified in shortcut files
- VU#541921: ISC DHCP server fails to handle zero-length client identifier
- MS10-042 - Critical: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
- MS10-043 - Critical: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
- MS10-044 - Critical: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
- MS10-045 - Important: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
- VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
- VU#643615: libpng fails to limit number of rows in header
- VU#173009: Snare Agent web interface cross-site request forgery vulnerabilities
- VU#251133: S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
- VU#221257: Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution
- VU#578319: Microsoft Windows Help and Support Center URI processing vulnerability
- MS10-036 - Important: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
- MS10-037 - Important: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
- MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
- MS10-039 - Important: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
- MS10-040 - Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
- MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
- VU#486225: Adobe Flash ActionScript AVM2 newfunction vulnerability
- VU#757804: Cisco Network Building Mediator products contain multiple vulnerabilities
- VU#245081: Accoria Rock Web Server contains multiple vulnerabilities
- VU#943165: Apple Safari window object invalid pointer vulnerability
- VU#602801: Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities
- VU#886582: Java Deployment Toolkit insufficient argument validation
- VU#902793: IntelliCom NetBiter devices have default HICP passwords
- VU#507652: Oracle Sun Java fails to properly validate Java applet signatures
- VU#570177: Foxit Reader vulnerable to arbitrary command execution
- VU#512705: Broadcom NetXtreme management firmware ASF buffer overflow
- VU#181737: IntelliCom NetBiter Config HICP hostname buffer overflow
- Linux Kernel Null Pointer Dereference in keyctl_session_to_parent() May Let Local Users Gain Elevated Privileges
- HP Operations Agent Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
- Linux Kernel GFS2 Rename Null Pointer Dereference May Let Local Users Gain Elevated Privileges
- Blackboard Transact Suite Discloses Passwords to Local Users
- Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
- More rss feeds from SecurityFocus
- Bugtraq: [ MDVSA-2010:170 ] wget
- Bugtraq: [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
- Bugtraq: VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
- Bugtraq: Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
- TA10-131A: Microsoft Updates for Multiple Vulnerabilities
- TA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability
- TA10-159B: Microsoft Updates for Multiple Vulnerabilities
- TA10-162A: Adobe Flash and AIR Vulnerabilities
- TA10-194A: Microsoft Updates for Multiple Vulnerabilities
- TA10-194B: Oracle Updates for Multiple Vulnerabilities
- TA10-222A: Microsoft Updates for Multiple Vulnerabilities
- TA10-223A: Adobe Flash and AIR Vulnerabilities
- TA10-231A: Adobe Reader and Acrobat Vulnerabilities
- TA10-238A: Microsoft Windows Insecurely Loads Dynamic Libraries
exploit archives
- vbshout-rfilfi.txt
- moaub-quicktime.txt
- moovida-dllhijack.tgz
- PRL-2010-07.txt
- webmanagerpro-sql.txt
- onecms-xss.txt
- moaub-trendmicro.txt
- moaub-visinia.txt
- pligg104-sql.txt
- smbind-sql.txt
Bugtraq - mailing list
- Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
- VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
- [ MDVSA-2010:170 ] wget
- [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
- nullcon Goa dwitiya (2.0) Call For Papers
- [ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code
- [security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code
- Rooted CON 2011 - Call for Papers
- Vulnerabilities in CMS WebManager-Pro
- {PRL} Novell Netware OpenSSH Remote Stack Overflow
- Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)
- [ MDVSA-2010:168 ] openssl
- [ MDVSA-2010:169 ] mozilla-thunderbird
- [USN-982-1] Wget vulnerability
- XSS vulnerability in ArtGK CMS
Full Disclosure - mailing list
- Re: Virus submission site
- Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
- Re: Virus submission site
- Internet Explorer 8 PoC: Twitter forced-tweet demo
- Re: Virus submission site
- Re: Virus submission site
- Re: Orange Spain disclosing user phone number
- Tuscl.net SQL injection with 30k Plain Text Passwords & 80k Email list
- Re: Virus submission site
- Re: Virus submission site
- Re: Virus submission site
- Re: Virus submission site
- Re: Virus submission site
- Virus submission site
- [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
Mirko Iodice
mirko -at- notageek (.dot) it
