Bugtraq

• Thread Index

• [ GLSA 200703-27 ] Squid: Denial of Service
  • From: Raphael Marichez
• [SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution
  • From: Noah Meyerhans
• 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability
  • From: BorN To K!LL BorN To K!LL
• MS announces out-of-band patch for ANI 0day
  • From: Gadi Evron
• Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC
  • From: vaughan . montgomery
• Remot File Include In Aardvark Topsites PHP 5
  • From: RaeD Hasadya
• Remot File Include In Shop-SCRIPT FREE
  • From: RaeD Hasadya
• Remot File Include In SLAED_CMS_2
  • From: RaeD Hasadya
• PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC
  • From: UniquE
• Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
  • From: Alexander Sotirov
• Windows .ANI Stack Overflow Exploit
  • From: devcode29
• On-going Internet Emergency and Domain Names
  • From: Gadi Evron
• CA BrightStor ARCserve Backup Mediasvr.exe vulnerability
  • From: Williams, James K
• RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)
  • From: Eric Sites
• Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
  • From: Alexander Sotirov
• Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
  • From: Jan Wrobel
• TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability
  • From: TSRT
• Busting The Bluetooth Myth
  • From: Max Moser
• [ GLSA 200703-26 ] file: Integer underflow
  • From: Raphael Marichez
• ANI Zeroday, Third Party Patch
  • From: Marc Maiffret
• Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user
  • From: support
• [ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability
  • From: erdc
• The Week Of Vista Bugs [TWOVB]
  • From: TWOVB Team
• Re: Bypass phishing protection in Firefox / Opera
  • From: Łukasz Pilorz
• AIX 4.3 lsmcode local root command execution
  • From: pr1nce_empire
• DrakeCMS multiple vulerabilities
  • From: security
• VMSA-2007-0002 VMware ESX security updates
  • From: VMware Security team
• CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability
  • From: M. Shirk
• 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
  • From: Alexander Sotirov
• Mybb Change Password Vulnerability
  • From: security
• Re: Re: Bypass phishing protection in Firefox / Opera
  • From: zonafirefox
• FLEA-2007-0005-1: slocate
  • From: Foresight Linux Essential Announcement Service
• [ MDKSA-2007:073 ] - Updated openoffice.org packages to address vulnerabilities
  • From: security
• [ GLSA 200703-25 ] Ekiga: Format string vulnerability
  • From: Raphael Marichez
• [ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror
  • From: security
• FLEA-2007-0004-1: openoffice.org
  • From: Foresight Linux Essential Announcement Service
• iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
  • From: iDefense Labs
• [ MDKSA-2007:071 ] - Updated xmms packages to address integer vulnerabilities
  • From: security
• AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability
  • From: Justin Seitz
• Re: Re: Bypass phishing protection in Firefox / Opera
  • From: bob
• Windows Live Spaces logged user NetworkSetup.aspx cross site scripting
  • From: paolo . difebbo
• Re: Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability
  • From: acme
• [Full-disclosure] [USN-447-1] KDE library vulnerabilities
  • From: Kees Cook
• Widespread vulnerabilities in Libero.it/Infostrada.it web portals
  • From: rosario . valotta
• Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability
  • From: bithedz
• Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user
  • From: support
• Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit
  • From: ajannhwt
• Re: Bypass phishing protection in Firefox / Opera
  • From: Anonymous
• Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability
  • From: 3APA3A
• rPSA-2007-0061-1 inkscape
  • From: rPath Update Announcements
• Arbitrary Command Execution in DataDomain Administrator Interface
  • From: Elliot Kendall
• [SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities
  • From: Martin Schulze
• Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
  • From: Moritz Naumann
• Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180)
  • From: Tim Rees
• Re: [viewvc-users] Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
  • From: C. Michael Pilato
• Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).
  • From: William A. Rowe, Jr.
• Re: [SECURITY ALERT] osTicket bugs
  • From: eticket
• Re: Multiple Vulnerabilities In osTicket
  • From: eticket
• iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability
  • From: iDefense Labs
• ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability
  • From: zdi-disclosures
• iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability
  • From: iDefense Labs
• [Full-Disclosure] Another XSS vulnerability in italian Libero.it
  • From: Matteo G.P. Flora
• Corel Wordperfect Office X3 Stack Overflow
  • From: jonny
• [USN-446-1] NAS vulnerabilities
  • From: Kees Cook
• Bypass phishing protection in Firefox / Opera
  • From: zonafirefox
• [USN-445-1] XMMS vulnerabilities
  • From: Kees Cook
• [USN-444-1] OpenOffice.org vulnerabilities
  • From: Kees Cook
• Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC
  • From: andy
• Re: RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: 5150sd
• Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability
  • From: Robert Święcki
• [USN-443-1] Firefox vulnerability
  • From: Kees Cook
• [SECURITY] [DSA 1273-1] New nas packages fix multiple remote vulnerabilities
  • From: Noah Meyerhans
• Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01
  • From: skillTube.com
• [ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability
  • From: security
• Linux Kernel DCCP Memory Disclosure Vulnerability
  • From: Robert Święcki
• Yahoo! Messenger Auth Bypass Vulnerability
  • From: kishor . tech
• [KDE Security Advisory] KDE ioslave PASV port scanning vulnerability
  • From: Dirk Mueller
• [ECHO_ADV_78$2007] C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability
  • From: erdc
• [KAPDA::#64] - Flexbb Sql Injection
  • From: alireza hassani
• Metasploit Framework 3.0 RELEASED!
  • From: H D Moore
• Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC
  • From: UniquE
• Re: Path Disclosure - Wordpress 2.1.2
  • From: jm
• Re: Horde Webmail Multiple HTML Injection vulnerability
  • From: Jan Schneider
• [ GLSA 200703-24 ] mgv: Stack overflow in included gv code
  • From: Raphael Marichez
• [USN-442-1] Evolution vulnerability
  • From: Kees Cook
• [USN-441-1] Squid vulnerability
  • From: Kees Cook
• Libero.it (italian ISP) XSS vulnerability
  • From: rosario . valotta
• Playstation 3 "Remote Play" Remote DoS Exploit
  • From: mak0b
• FLEA-2007-0003-1: cups
  • From: Foresight Linux Essential Announcement Service
• Re: **SubHub v2.3.0**
  • From: webmaster
• PHP 5.2.1 with PECL phpDOC local buffer overflow
  • From: retrog
• Re: [Full-disclosure] XSS at Aon.at, Austrian ISP
  • From: Nikolay Kichukov
• Multiple XSS in IronMail
  • From: Javier Olascoaga
• Re: Linksys WAG200G - Information disclosure
  • From: Bartłomiej Ochman
• Satel Lite for PhpNuke (Satellite.php) <= Local File Inclusion
  • From: stormhacker
• Mephisto blog is vulnerable to XSS
  • From: Sergey Tikhonov
• Fizzle : Firefox Extension Vulnerability
  • From: CrYpTiC MauleR
• Horde Webmail Multiple HTML Injection vulnerability
  • From: DoZ
• CcCounter 2.0 cross-site scripting vulnerability
  • From: localexploit
• Path Disclosure - Wordpress 2.1.2
  • From: lj
• Re: Remote File Include In phpBB-2.0.19
  • From: neothermic
• BOGUS: Remote File Include In phpBB-2.0.19
  • From: Cornelius Riemenschneider
• Remote File Include In phpBB-2.0.19
  • From: RaeD Hasadya
• FLEA-2007-0002-1: inkscape
  • From: Foresight Linux Essential Announcement Service
• File Upload System V1.0 (AD_BODY_TEMP) multiple file include
  • From: ngevedBangetAsli
• Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi
  • From: Cold - Zero
• iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability
  • From: iDefense Labs
• [ MDKSA-2007:069 ] - Updated inkscape packages to format string vulnerability
  • From: security
• CRLF injection in PHP ftp function
  • From: fangxiaodun
• [ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability
  • From: security
• [NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server
  • From: Lluis Mora
• [NB07-09] Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server
  • From: Lluis Mora
• [NB07-08] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server
  • From: Lluis Mora
• [SECURITY] [DSA 1272-1] New tcpdump packages fix denial of service
  • From: Moritz Muehlenhoff
• [NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server
  • From: Lluis Mora
• [NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server
  • From: Lluis Mora
• [NB07-22] Multiple vulnerabilities in NETxEIB OPC server
  • From: Lluis Mora
• [ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability
  • From: security
• Remote File Include In Coppermine Photo Gallery
  • From: RaeD Hasadya
• Remote File Include In copyright © James Coyle; JCcorp
  • From: RaeD Hasadya
• ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user
  • From: yearsilent
• rPSA-2007-0059-1 file
  • From: rPath Update Announcements
• FLEA-2007-0001-1: firefox
  • From: Foresight Linux Essential Announcement Service
• [USN-440-1] MySQL vulnerability
  • From: Kees Cook
• [USN-439-1] file vulnerability
  • From: Kees Cook
• CFP for RAID 2007: Extended due date for papers: April 8th
  • From: jeffh
• [ECHO_ADV_77$2007] Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability
  • From: erdc
• **SubHub v2.3.0**
  • From: anon
• Two new DoS Vulnerabilities in Asterisk Fixed
  • From: Matt Riddell (NZ)
• RE: Your Opinion
  • From: Neale Green
• HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)
  • From: security-alert
• Secunia Research: XMMS Integer Overflow and Underflow Vulnerabilities
  • From: Secunia Research
• Secunia Research: Evolution Shared Memo Categories Format String Vulnerability
  • From: Secunia Research
• Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow
  • From: Secunia Research
• [USN-438-1] Inkscape vulnerability
  • From: Kees Cook
• [ MDKSA-2007:066 ] - Updated OpenAFS packages address vulnerability
  • From: security
• [ MDKSA-2007:065 ] - Updated nas packages address multiple vulnerabilities
  • From: security
• [ GLSA 200703-21 ] PHP: Multiple vulnerabilities
  • From: Raphael Marichez
• Re: Linksys WAG200G - Information disclosure
  • From: Shawn Merdinger
• [ GLSA 200703-23 ] WordPress: Multiple vulnerabilities
  • From: Raphael Marichez
• [ GLSA 200703-22 ] Mozilla Network Security Service: Remote execution of arbitrary code
  • From: Raphael Marichez
• [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
  • From: Martin Schulze
• Re: Your Opinion +
  • From: Thor (Hammer of God)
• Linksys WAG200G - Information disclosure
  • From: dniggebrugge
• [SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug
  • From: Noah Meyerhans
• Helix Server heap overflow
  • From: research
• Re: Your Opinion
  • From: Jack Lloyd
• RE: Your Opinion
  • From: jay.tomas
• Re: Your Opinion
  • From: Paul Stepowski
• RE: Your Opinion
  • From: Jim Harrison
• RE: Your Opinion
  • From: Jim Harrison
• Re: Conflict of Interest - My summary
  • From: crazy frog crazy frog
• Re: Your Opinion
  • From: Andrew Kramer
• Microsoft coverup ? Stolen Xbox live accounts list of known victims - Please Help
  • From: Kevin Finisterre (lists)
• Call For Papers - IT Underground Dublin
  • From: marcin . tkaczyk
• w-agora [multiples file upload,xss,full path disclosure,error sql]
  • From: none
• Advisory - Redirection Vulnerability in wp-login.php.
  • From: Metaeye SG
• Re: WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include
  • From: craig
• Web Wiz Forums 8.05 (MySQL version) SQL Injection
  • From: Ivan Fratric
• Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy
  • From: Sea Shark
• ZynOS v3.40 One packet killer
  • From: Joxean Koret
• [USN-437-1] libwpd vulnerability
  • From: Kees Cook
• Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability
  • From: str0ke
• w-agora version 4.2.1 Information Disclosure Vulnerability
  • From: jesper . jurcenoks
• w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities
  • From: jesper . jurcenoks
• [Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation
  • From: Reversemode
• Conflict of Interest - My summary
  • From: Mark Litchfield
• Re: Your Opinion +
  • From: Alex Belits
• RE: Your Opinion
  • From: Alex Eckelberry
• Re: Your Opinion
  • From: Forrest J. Cavalier III
• phpx 3.5.15 multiples vulnerabilities
  • From: none
• CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability
  • From: snakeapollon
• Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability
  • From: dh
• Unclassified NewsBoard 1.6.3 multiples logs disclosure
  • From: none
• RE: Bypassing Mcafee Entreprise Password Protection
  • From: Rogheden Anders
• [ GLSA 200703-20 ] LSAT: Insecure temporary file creation
  • From: Raphael Marichez
• [ GLSA 200703-19 ] LTSP: Authentication bypass in included LibVNCServer code
  • From: Raphael Marichez
• [ GLSA 200703-18 ] Mozilla Thunderbird: Multiple vulnerabilities
  • From: Raphael Marichez
• [ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code
  • From: Raphael Marichez
• MetaForum <= 0.513 Beta - Remote file upload Vulnerability
  • From: aeroxteam------nospam-----
• [SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file
  • From: Martin Schulze
• Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day
  • From: gmdarkfig
• Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB
  • From: Chris Travers
• [SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution
  • From: Martin Schulze
• Re: Bypassing Mcafee Entreprise Password Protection
  • From: 3APA3A
• Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability
  • From: starcadi
• RE: Your Opinion
  • From: Jim Harrison
• Re: Your Opinion
  • From: Casper . Dik
• Your Opinion +
  • From: Mark Litchfield
• Re: Your Opinion
  • From: The Fungi
• CLBOX <= (signup.php header) Remote File Include Vulnerability
  • From: BorN To K!LL BorN To K!LL
• Bypassing Mcafee Entreprise Password Protection
  • From: thesinoda
• [ GLSA 200703-16 ] Apache JK Tomcat Connector: Remote execution of arbitrary code
  • From: Raphael Marichez
• [ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities
  • From: Raphael Marichez
• [ GLSA 200703-14 ] Asterisk: SIP Denial of Service
  • From: Raphael Marichez
• RE: Your Opinion
  • From: Scott Blake
• Re: Your Opinion
  • From: William A. Rowe, Jr.
• Re: Your Opinion
  • From: Neil Dickey
• [NETRAGARD-20070316 SECURITY ADVISORY][FrontBase Database <= 4.2.7 ALL PLATFORMS][REMOTE BUFFER OVERFLOW CONDITION][LEVEL: EASY][RISK:MEDIUM]
  • From: Netragard Security Advisories
• Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot
  • From: Steven M. Christey
• [ MDKSA-2007:064 ] - Updated openoffice.org packages to address libwpd heap overflow vulnerabilities
  • From: security
• [ MDKSA-2007:063 ] - Updated libwpd packages to address heap overflow vulnerabilities
  • From: security
• Re: Your Opinion
  • From: Crispin Cowan
• RE: Your Opinion
  • From: Mario Contestabile
• Re: Your Opinion
  • From: Jonathan Glass (GM)
• rPSA-2007-0057-1 libwpd
  • From: rPath Update Announcements
• Re: Your Opinion
  • From: bugtraq
• rPSA-2007-0056-1 gnupg
  • From: rPath Update Announcements
• Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit
  • From: UniquE
• Your Opinion
  • From: Mark Litchfield
• iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
  • From: iDefense Labs
• April, 2007 is the "Month of Myspace Bugs"
  • From: mondo_armando
• Call For Papers - IT Underground Dublin
  • From: Marcin Tkaczyk
• Re: fx-APP Version 0.0.8.1
  • From: osdesk
• RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability
  • From: Topolski, Leo
• Oracle Portal PORTAL.wwv_main.render_warning_screen XSS
  • From: Sea Shark
• Rot 13 <= (enkrypt.php) Remote File Disclosure Vulnerability
  • From: BorN To K!LL BorN To K!LL
• [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities
  • From: Williams, James K
• MS07-012 Not Fixed
  • From: Greg Sinclair
• [SECURITY] [DSA 1267-1] New webcalendar packages fix remote file inclusion
  • From: Moritz Muehlenhoff
• DirectAdmin Cross Site Scripting XSS
  • From: Mandr4ke . root
• Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php
  • From: Bastian Ahrens
• Norton Insufficient validation of 'SymTDI' driver input buffer
  • From: Matousec - Transparent security Research
• LIBFtp 5.0 (sprintf(), strcpy()) Multiple local buffer overflow
  • From: starcadi starcadi
• Orion-Blog v2.0 Version Remote Privilege Escalation Exploit
  • From: UniquE
• [ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability
  • From: erdc
• Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues
  • From: Moritz Naumann
• Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  • From: Nicolas RUFF
• RE: Phishing using IE7 local resource vulnerability
  • From: avivra
• PHP <= 4.4.6 ibase_connect() local buffer overflow
  • From: retrog
• Remote File Inclusion in ViperWeb
  • From: asamad
• Re: Phishing using IE7 local resource vulnerability
  • From: robert
• Re: Firekeeper - IDS for Firefox available
  • From: Gadi Evron
• Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• vbulletin admincp sql injection
  • From: disfigure
• Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit
  • From: UniquE
• XSS vulnerability in the online help system of several Cisco products
  • From: cassio
• iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability
  • From: iDefense Labs
• Re: XSS vulnerability in the online help system of several Cisco products
  • From: Eloy Paris
• PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln
  • From: BorN To K!LL BorN To K!LL
• - Call for chapters - Handbook of Research on Digital Anti-forensics and In-security Governance
  • From: Jeimy Cano
• QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow
  • From: starcadi starcadi
• WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include
  • From: drackanz
• IBM Rational ClearQuest Web - Cross Site Scripting
  • From: james
• [ECHO_ADV_76$2007] Company WebSite Builder PRO (INCLUDE_PATH) Remote File Inclusion Vulnerability
  • From: erdc
• Horde 3.1.4 (RC1) fixes XSS issue
  • From: Moritz Naumann
• Woltab Burning Board SQL Injection usergroups.php
  • From: x666
• [ GLSA 200703-13 ] SSH Communications Security's Secure Shell Server: SFTP privilege escalation
  • From: Raphael Marichez
• Phishing using IE7 local resource vulnerability
  • From: avivra
• WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit
  • From: UniquE
• Re: Remote File Include In Script PHP Photo Album
  • From: Steven M. Christey
• [ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability
  • From: erdc
• [ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability
  • From: erdc
• [ECHO_ADV_71$2007] AMP v3.2 (base_path) Remote File Inclusion Vulnerability
  • From: erdc
• iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability
  • From: iDefense Labs
• Re: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: retrog
• Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability
  • From: starcadi starcadi
• Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• New report on Windows Vista network attack surface
  • From: Jim Hoagland
• SymEvent Driver Local Access System Denial of Service
  • From: Matousec - Transparent security Research
• SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal
  • From: David Matscheko
• [ GLSA 200703-12 ] SILC Server: Denial of Service
  • From: Matthias Geerdsen
• n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection
  • From: security
• n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion
  • From: security
• [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
  • From: Moritz Muehlenhoff
• n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery
  • From: security
• n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation
  • From: security
• [ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code
  • From: Raphael Marichez
• CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow
  • From: CORE Security Technologies Advisories
• Re: Php Nuke POST XSS on steroids
  • From: Paul Laudanski
• Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Paweł Goleń
• [ MDKSA-2007:062 ] - Updated xine-lib packages to address buffer overflow vulnerability
  • From: security
• [ MDKSA-2007:061 ] - Updated mplayer packages to address buffer overflow vulnerability
  • From: security
• Re: Firekeeper - IDS for Firefox available
  • From: Bob Beck
• Re: Re: RIM BlackBerry Pearl 8100 Browser DoS
  • From: clappymonkey
• Re: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln
  • From: Mailinglists Address
• JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit
  • From: UniquE
• [USN-432-2] GnuPG2, GPGME vulnerability
  • From: Kees Cook
• Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Daniel Hazelton
• Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  • From: Reversemode
• Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Richard Huxton
• Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  • From: Gadi Evron
• Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln
  • From: BorN To K!LL BorN To K!LL
• [ECHO_ADV_73$2007] MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability
  • From: erdc
• Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• Re: Firekeeper - IDS for Firefox available
  • From: Jan Wrobel
• Re: Remote File Include In Script moodle-1.7.1
  • From: martin
• Re: Re: Firekeeper - IDS for Firefox available
  • From: irondell
• Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
  • From: Paul Böhm
• Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  • From: Thierry Zoller
• [ECHO_ADV_69$2007] OES (Open Educational System) 0.1beta Remote File Inclusion Vulnerability
  • From: erdc
• [USN-436-1] KTorrent vulnerabilities
  • From: Kees Cook
• RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: Dr Joe
• Re: Firekeeper - IDS for Firefox available
  • From: Jan Wrobel
• [USN-435-1] Xine vulnerability
  • From: Kees Cook
• Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Steven M. Christey
• Re: RIM BlackBerry Pearl 8100 Browser DoS
  • From: anon
• Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: Steven M. Christey
• [security bulletin] HPSBUX02196 SSRT071318 rev.2 - HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code
  • From: security-alert
• Re: PHP-Nuke <= 8.0 Cookie Manipulation (lang)
  • From: Paul Laudanski
• RIM BlackBerry Pearl 8100 Browser DoS
  • From: clappymonkey
• GuppY v4.0 remote del files/index
  • From: sn0oPy . team
• Fantastico In all Version Cpanel 10.x <= local File Include
  • From: z3r0 z3r0.2.z3r0
• Re: Wiki Remote Authentication Bypass Vulnerability
  • From: Matt D. Harris
• AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability
  • From: BorN To K!LL BorN To K!LL
• Re: Php Nuke POST XSS on steroids
  • From: Paul Laudanski
• Re: Php Nuke POST XSS on steroids
  • From: ascii
• Wiki Remote Authentication Bypass Vulnerability
  • From: DoZ
• Remote File Include In ClipShare.v1.5.3
  • From: RaeD Hasadya
• Remote File Include In Script moodle-1.7.1
  • From: RaeD Hasadya
• Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• [security bulletin] HPSBUX02129 SSRT061149 rev.2 - HP-UX running SLP, Remote Unauthorized Access
  • From: security-alert
• Re: Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Thor (Hammer of God)
• Remote File Include In Script PHP Photo Album
  • From: RaeD Hasadya
• [SECURITY] [DSA 1265-1] New Mozilla packages fix several vulnerabilities
  • From: Martin Schulze
• Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: Stefan Esser
• Re: Firekeeper - IDS for Firefox available
  • From: Bob Beck
• RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Thor (Hammer of God)
• [ GLSA 200703-10 ] KHTML: Cross-site scripting (XSS) vulnerability
  • From: Raphael Marichez
• Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: ascii
• Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: Stefano Di Paola
• Re: PHP Classifieds 7.1 - Remote File Include Vulnerability
  • From: support
• Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
  • From: Stefan Esser
• NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit
  • From: gmdarkfig
• [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability
  • From: erdc
• Pre-open files attack agains locked file
  • From: 3APA3A
• Grayscale <= 0.8.0 Multiple Vulnerabilities
  • From: omnipresent
• WWWboard password disclosure
  • From: r00t2000
• F&#305;st&#305;q Duyuru Scripti Remote Sql &#304;njection Exploit
  • From: crazy_king
• Remote File Include In Script SoftNews Media Group
  • From: RaeD Hasadya
• Remote File Include In Script Premod SubDog 2
  • From: RaeD Hasadya
• PHP-Nuke <= 8.0 Cookie Manipulation (lang)
  • From: programmer
• [Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)
  • From: Cesar
• [ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities
  • From: Raphael Marichez
• [USN-433-1] Xine vulnerability
  • From: Kees Cook
• RE: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Tim
• wwwpaintboar(newsfile) Remote File Inclusion Vulnerability
  • From: saw_xyz
• RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• [ GLSA 200703-08 ] SeaMonkey: Multiple vulnerabilities
  • From: Raphael Marichez
• Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)
  • From: Chris Travers
• WordPress XSS under function wp_title()
  • From: g30rg3_x
• Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Thor (Hammer of God)
• [ MDKSA-2007:060 ] - Updated kernel packages fix multiple vulnerabilities and bugs
  • From: security
• Re: Sql injection in WordPress 2.1.2
  • From: steven
• Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• [ MDKSA-2007:058 ] - Updated ekiga packages fix string vulnerabilities.
  • From: security
• HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection
  • From: UniquE
• Re: Firekeeper - IDS for Firefox available
  • From: Jex
• SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service
  • From: research
• RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: M. Burnett
• RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Laundrup, Jens
• Re: Word Press Sensitive Directory exposure (SQL)
  • From: Francesco Laurita
• RE: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: M. Burnett
• RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• SecurityFocus is turning seven. What's next? - OFFTOPIC - Please excuse the X-Post
  • From: Alfred Huger
• Remote File Include In Script Coppermine Photo Gallery
  • From: RaeD Hasadya
• Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: KJKHyperion
• Remote File Include In Script copyright (c) James Coyle; JCcorp
  • From: RaeD Hasadya
• [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability
  • From: Williams, James K
• Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Tim
• Sql injection in WordPress 2.1.2
  • From: Omid
• RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: Roger A. Grimes
• SyScan'07 - Call for Paper - NEW UPDATES
  • From: organiser@xxxxxxxxxx
• Php Nuke POST XSS on steroids
  • From: ascii
• Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability
  • From: hugo
• XSS In Script deviantART
  • From: RaeD Hasadya
• MS07-016 FTP Response DOS PoC
  • From: Mathew Rowley
• TSLSA-2007-0009 - multi
  • From: Trustix Security Advisor
• [USN-434-1] Ekiga vulnerability
  • From: Kees Cook
• Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)
  • From: Daniel Roethlisberger
• [ MDKSA-2007:059 ] - Updated gnupg packages provide enhanced forgery detection
  • From: security
• [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability
  • From: erdc
• PHP import_request_variables() arbitrary variable overwrite
  • From: Stefano Di Paola
• Microsoft Windows Vista/2003/XP/2000 file management security issues
  • From: 3APA3A
• Re: Word Press Sensitive Directory exposure (SQL)
  • From: none
• Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot -
  • From: Mailinglists Address
• [USN-432-1] GnuPG vulnerability
  • From: Kees Cook
• [ MDKSA-2007:054 ] - Updated kdelibs packages to address DoS issue in KDE Javascript
  • From: security
• Word Press Sensitive Directory exposure (SQL)
  • From: r00t2000
• [ MDKSA-2007:055 ] - Updated mplayer packages to address buffer overflow vulnerability
  • From: security
• PHP 4.4.6 crack_opendict() local buffer overflow poc exploit
  • From: retrog
• [ MDKSA-2007:056 ] - Updated tcpdump packages address off-by-one overflow
  • From: security
• [ MDKSA-2007:057 ] - Updated xine-lib packages to address buffer overflow vulnerability
  • From: security
• [USN-424-2] PHP regression
  • From: Kees Cook
• Ann: Backtrack 2.0 released
  • From: Thierry Zoller
• Black Hat USA CFP Now Open!
  • From: Jeff Moss
• dynaliens v2.0/v2.1 bypass admin authentification + XSS
  • From: sn0oPy . team
• rPSA-2007-0052-1 kdelibs
  • From: rPath Update Announcements
• rPSA-2007-0051-1 mod_python
  • From: rPath Update Announcements
• Buffer-overflow in Conquest client 8.2a (svn 691)
  • From: Luigi Auriemma
• Lazarus Guestbook (admin.php)Remote File Include Expliot
  • From: c_r_ck
• FLSA - foresight linux security announcements
  • From: Jonathan Smith
• [SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability
  • From: zdi-disclosures
• ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability
  • From: zdi-disclosures
• Re: Re: Wordpress <= v2.1.0
  • From: ciri
• RPS 6.2 SQL Injection Exploit
  • From: s0cratex
• Re: [Full-disclosure] month of PHP bugs, secondary message?
  • From: Marcus Meissner
• month of PHP bugs, secondary message?
  • From: Gadi Evron
• Re: Remote File Include In DBImageGallery
  • From: tg
• Firekeeper - IDS for Firefox available
  • From: Jan Wrobel
• xss in phpmyadmin >=2.8.0 and < 2.10.0
  • From: alfa
• iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities
  • From: iDefense Labs
• Re: Drake CMS v0.3.2 < = RFi Vulnerabilities
  • From: legolas558
• [ MDKSA-2007:053 ] - Updated util-linux packages address umount crash issue
  • From: security
• [ MDKSA-2007:052 ] - Updated Thunderbird packages fix multiple vulnerabilities
  • From: security
• [USN-431-1] Thunderbird vulnerabilities
  • From: Kees Cook
• [SECURITY] [DSA 1263-1] New clamav packages fix denial of service
  • From: Moritz Muehlenhoff
• [USN-430-1] mod_python vulnerability
  • From: Kees Cook
• [USN-429-1] tcpdump vulnerability
  • From: Kees Cook
• [ GLSA 200703-07 ] STLport: Possible remote execution of arbitrary code
  • From: Matthias Geerdsen
• rPSA-2007-0050-1 kernel
  • From: rPath Update Announcements
• Re: Extending JavaScript Portscanning to Include Banner Grabbing
  • From: Vincent Archer
• Re: Tinyportal Shoutbox
  • From: ichbin
• PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass
  • From: retrog
• [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption
  • From: Reversemode
• [security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
  • From: security-alert
• Re: XXS in script Phorum
  • From: Maurice Makaay
• [security bulletin] HPSBUX02153 SSRT061181 rev.3 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)
  • From: security-alert
• Apple QuickTime udta ATOM Integer Overflow
  • From: Sowhat
• Call for Participation Chaos Communication Camp 2007
  • From: fukami
• Re: Wordpress <= v2.1.0
  • From: vvitkov@xxxxxxxxxxxxx
• Apple QuickTime Player Remote Heap Overflow
  • From: Piotr Bania
• RE: Wordpress <= v2.1.0
  • From: McCarty, Eric C.
• iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability
  • From: iDefense Labs
• CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability
  • From: CORE Security Technologies Advisories
• DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25
  • From: Chris Travers
• Wordpress <= v2.1.0
  • From: ciri
• XSS Remote In vCard 2.6 (c)2002
  • From: RaeD Hasadya
• HITBSecConf2007 - Malaysia: Call for Papers now Open
  • From: Praburaajan
• Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6
  • From: Sebastian Wolfgarten
• LI-Guestbook SQL Injection Vulnerability
  • From: bugtraq
• Sava's GuestBook Multiple Vulnerabilities
  • From: bugtraq
• XXS in script Phorum
  • From: RaeD Hasadya
• Extending JavaScript Portscanning to Include Banner Grabbing
  • From: mark
• Konqueror DoS Via JavaScript Read Of FTP Iframe
  • From: mark
• ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities
  • From: Stefan Friedli
• Show Password Admin In Script Uploadscript
  • From: RaeD Hasadya
• [SECURITY] [DSA 1262-1] New gnomemeeting packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• [ GLSA 200703-06 ] AMD64 x86 emulation Qt library: Integer overflow
  • From: Raphael Marichez
• Re: SPAW Editor PHP Edition
  • From: Steve Watt
• [ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities
  • From: Raphael Marichez
• ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code
  • From: Raphael Marichez
• Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: ron . kleinman
• Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities
  • From: emptysands
• [Fwd: Re: Angel LMS 7.1 - Remote SQL Injection]
  • From: don bailey
• rPSA-2007-0040-3 firefox thunderbird
  • From: rPath Update Announcements
• Re: Evading the Norman SandBox Analyzer
  • From: John Smith
• Re: Evading the Norman SandBox Analyzer
  • From: Arne Vidstrom
• BJ Webring XSS
  • From: sn0oPy . team
• Tyger Bug Tracking System Multiple Vulnerability
  • From: corrado . liotta
• [ GLSA 200703-04 ] Mozilla Firefox: Multiple vulnerabilities
  • From: Raphael Marichez
• rPSA-2007-0048-1 tcpdump
  • From: rPath Update Announcements
• webSPELL <= 4.01.02 Remote PHP Code Execution Exploit
  • From: gmdarkfig
• WordPress source code compromised to enable remote code execution
  • From: ifsecure
• [ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities
  • From: security
• Limited format string in Netrek 2.12.0
  • From: Luigi Auriemma
• Remote File Include In DBImageGallery
  • From: RaeD Hasadya
• Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
  • From: MC Iglo
• iDefense Security Advisory 03.02.07: Kaspersky AntiVirus UPX File Decompression DoS Vulnerability
  • From: iDefense Labs
• Re: Re: WordPress Search Function SQL-Injection
  • From: none
• Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
  • From: SaMuschie
• ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
  • From: zdi-disclosures
• vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.
  • From: meto5757
• [ GLSA 200703-03 ] ClamAV: Denial of Service
  • From: Raphael Marichez
• [USN-428-2] Firefox regression
  • From: Kees Cook
• SPAW Editor PHP Edition
  • From: RaeD Hasadya
• [ GLSA 200703-02 ] SpamAssassin: Long URI Denial of Service
  • From: Raphael Marichez
• [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code
  • From: Raphael Marichez
• Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: jrgong420
• aWebNews V 1.1
  • From: mostafa_ragab
• LayerOne 2007 - Call for Papers and Pre-Registration
  • From: Layer One
• WB News Remote File Include in all versions
  • From: mostafa_ragab
• Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
  • From: revenge
• aWebNews v 1.1=>RFI
  • From: mostafa_ragab
• Re: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)
  • From: sithlordstorm
• Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting
  • From: the_3dit0r
• Re: Angel LMS 7.1 - Remote SQL Injection
  • From: str0ke
• Serendipity unauthenticated SQL-Injection
  • From: SaMuschie
• Angel LMS 7.1 - Remote SQL Injection
  • From: Guns
• Comodo Bypassing settings protection using magic pipe Vulnerability
  • From: Matousec - Transparent security Research
• [USN-416-2] nvidia-glx-config regression
  • From: Martin Pitt
• [ MDKSA-2007:051 ] - Updated snort packages fix DoS vulnerability
  • From: security
• Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB
  • From: Chris Travers
• [ MDKSA-2007:050 ] - Updated Firefox packages fix multiple vulnerabilities
  • From: security
• Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: anohacker
• [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability
  • From: Williams, James K
• [USN-428-1] Firefox vulnerabilities
  • From: Martin Pitt
• Evading the Norman SandBox Analyzer
  • From: Arne Vidstrom
• Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: gera
• RE: MSIE7 browser entrapment vulnerability (probably Firefox, too)
  • From: perpetualmotionuk
• Cisco Security Advisory: Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Re: WordPress Search Function SQL-Injection
  • From: ascii
• Re: WordPress Search Function SQL-Injection
  • From: kelson
• Xbox 360 Hypervisor Privilege Escalation Vulnerability
  • From: Anonymous Hacker
• Re: WordPress Search Function SQL-Injection
  • From: Justin Frydman - Thinkweb Media
• [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass]
  • From: Netragard Security Advisories
• iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability
  • From: iDefense Labs
• Nullsoft ShoutcastServer Persistant XSS - 0day
  • From: SaMuschie
• WordPress Search Function SQL-Injection
  • From: SaMuschie
• rPSA-2007-0043-1 php php-mysql php-pgsql
  • From: rPath Update Announcements
• RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  • From: Roger A. Grimes
• [ GLSA 200702-12 ] CHMlib: User-assisted remote execution of arbitrary code
  • From: Raphael Marichez
• [ GLSA 200702-11 ] MPlayer: Buffer overflow
  • From: Raphael Marichez
• Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities
  • From: Stefan Friedli
• Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Michal Zalewski
• Re: [Full-disclosure] ViewCVS 0.9.4 issues
  • From: Moritz Naumann
• Few unreported vulnerabilities by SehaTo
  • From: 3APA3A
• Re: XXS in script Phorum
  • From: brian
• ViewCVS 0.9.4 issues
  • From: Moritz Naumann
• MTCMS multiple upload vulnerabilities
  • From: none
• Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)
  • From: Michal Zalewski
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: Ismail Dönmez
• XXS in script Phorum
  • From: c_r_ck
• WordPress AdminPanel CSRF/XSS - 0day
  • From: SaMuschie
• Secunia Software Inspector OS Security Assessment problem
  • From: David ROBERT
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: pdp (architect)
• RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  • From: McCarty, Eric C.
• [security bulletin] HPSBST02194 SSRT071306 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-005 Through MS07-016
  • From: security-alert
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: arman
• SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
  • From: research
• rPSA-2007-0040-1 firefox
  • From: rPath Update Announcements
• Know your Enemy: Web Application Threats
  • From: Gadi Evron
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: Ismail Dönmez
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: pdp (architect)
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: Michael Silk
• Re: ActiveCalendar 1.2.0, Multiple vulnerabilities
  • From: simon . itsecurity
• Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Michal Zalewski
• SQLiteManager v1.2.0 Multiple Vulnerabilities
  • From: simon . itsecurity
• Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Ismail Dönmez
• Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)
  • From: Jeffrey Katz
• Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Stan Bubrouski
• sitex multiple vulnerabilities
  • From: none
• Call for Paper - SyScan'07
  • From: Thomas Lim
• Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences
  • From: David Litchfield
• [ GLSA 200702-10 ] UFO2000: Multiple vulnerabilities
  • From: Raphael Marichez
• Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Daniel Veditz
• JBrowser Acces to Admin Panel Exploit
  • From: crazy_king
• [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities
  • From: Raphael Marichez
• Phpwebgallery-1.4.1, Multiple Cross Site Scripting
  • From: simon . itsecurity
• Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit
  • From: s0cratex
• Photostand_1.2.0 Multiple Cross Site Scripting
  • From: simon . itsecurity
• ActiveCalendar 1.2.0, Multiple vulnerabilities
  • From: simon . itsecurity
• Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final
  • From: krasza
• Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support
  • From: John Smith
• pickle download local file
  • From: none
• [ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability
  • From: security
• Simple one-file gallery
  • From: none
• Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
  • From: Stefan Esser
• xtcommerce local file include
  • From: none
• shopkitplus local file include
  • From: none
• Re: iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability
  • From: Steven M. Christey
• iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
  • From: iDefense Labs
• Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support
  • From: secure
• rPSA-2007-0038-1 spamassassin
  • From: rPath Update Announcements
• rPSA-2007-0036-1 kernel
  • From: rPath Update Announcements
• [USN-427-1] enigmail vulnerability
  • From: Martin Pitt
• Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability
  • From: Secunia Research
• [ MDKSA-2007:048 ] - Updated php packages fix multiple vulnerabilities
  • From: security
• Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
  • From: Michal Zalewski
• MSIE7 browser entrapment vulnerability (probably Firefox, too)
  • From: Michal Zalewski
• Firefox Cache Hack - Firefox History Hack redux
  • From: pdp (architect)
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: Daniel Veditz
• Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability
  • From: Chris Smith
• [OpenPKG-SA-2007.010] OpenPKG Security Advisory (php)
  • From: OpenPKG GmbH
• Re: JBoss jmx-console CSRF
  • From: pagvac
• iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability
  • From: iDefense Labs
• Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux
  • From: Ben Bucksch
• iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities
  • From: iDefense Labs
• Firefox: onUnload tailgating (MSIE7 entrapment bug variant)
  • From: Michal Zalewski
• [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability
  • From: erdc
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: pdp (architect)
• Re: [Full-disclosure] iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability
  • From: aCaB
• Re[2]: Solaris telnet vulnberability - how many on your network?
  • From: Steven M. Christey
• iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability
  • From: iDefense Labs
• Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit
  • From: gmdarkfig
• RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  • From: Roger A. Grimes
• Re: Firefox: about:blank is phisher's best friend
  • From: Michal Zalewski
• FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
  • From: malic89
• Re: Firefox: about:blank is phisher's best friend
  • From: Florian Weimer
• Re[2]: [Full-disclosure] Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak
  • From: 3APA3A
• WebSpell > 4.0 Authentication Bypass and arbitrary code execution
  • From: r . verton
• JBoss jmx-console CSRF
  • From: buben . razuma
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: Michal Zalewski
• Hasadya Raed
  • From: RaeD Hasadya
• JBrowser acces to admin/config files
  • From: sn0oPy . team
• RE: Overtaking Google Desktop
  • From: Yair Amit
• SaphpLesson v3.0 SQL Injection Exploit
  • From: gamr-14
• RE: Re[2]: Solaris telnet vulnberability - how many on your network?
  • From: Roger A. Grimes
• Re: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability
  • From: e4c5
• pheap [edit LFI] vulnerability
  • From: none
• LoveCMS 1.4 multiple vulnerabilities
  • From: none
• Plantilla PHP Simple
  • From: none
• Re: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  • From: chgsupra1
• SYMSA-2007-002-1: Palm OS Treo Find Feature System Password Bypass
  • From: research
• Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  • From: chgsupra1
• Pics Navigator Directory Traversal Vulnerability
  • From: sn0oPy . team
• Magic News Plus File Inclusion And Xss Vulnerabilitis
  • From: security
• Re: Drive-by Pharming Threat
  • From: hlockhar
• OWASP JBroFuzz 0.5 Fuzzer Released!
  • From: subere
• Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak
  • From: 3APA3A
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: Michal Zalewski
• [USN-426-1] Ekiga vulnerabilities
  • From: Kees Cook
• Re[2]: Solaris telnet vulnberability - how many on your network?
  • From: Thierry Zoller
• [USN-425-1] slocate vulnerability
  • From: Kees Cook
• Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
  • From: Michal Zalewski
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: pdp (architect)
• Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
  • From: pdp (architect)
• Firefox bookmark cross-domain surfing vulnerability
  • From: Michal Zalewski
• iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability
  • From: iDefense Labs
• [ MDKSA-2007:047 ] - Updated kernel packages fix multiple vulnerabilities and bugs
  • From: security
• Re: Jboss vulnerability (AUSCERT#2007d2feb)
  • From: AusCERT
• Call Center Software - Remote Xss Post Exploit -
  • From: corrado . liotta
• [ MDKSA-2007:044 ] - Updated ekiga packages fix string vulnerabilities.
  • From: security
• Re: Solaris telnet vulnberability - how many on your network?
  • From: Edsel Adap
• Nabopoll Blind SQL Injection vulnerabilies
  • From: s0cratex
• [ MDKSA-2007:045 ] - Updated gnomemeeting packages fix string vulnerabilities
  • From: security
• Players disconnection in Simbin racing games
  • From: Luigi Auriemma
• Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
  • From: Mark Wadham
• Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant
  • From: Cisco Systems Product Security Incident Response Team
• Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
  • From: str0ke
• Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• /bin/ls with gid=0 in Debian linux-ftpd
  • From: Paul Szabo
• Overtaking Google Desktop
  • From: Yair Amit
• [USN-424-1] PHP vulnerabilities
  • From: Martin Pitt
• XLAtunes 0.1 (album) Remote SQL Injection Vulnerability
  • From: Guns
• [ MDKSA-2007:046 ] - Updated gnucash packages fix temp file issues.
  • From: security
• Re: Re: Apache Multiple Injection Vulnerabilities
  • From: hugo
• qwik-smtpd format string
  • From: hotturk
• Re: Jboss vulnerability
  • From: ben . dexter
• Re: Jboss vulnerability
  • From: Javier Antunez
• TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities
  • From: TSRT
• VMware Workstation multiple denial of service and isolation manipulation vulnerabilities
  • From: EitanCaspi@xxxxxxxxx
• TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities
  • From: TSRT
• Metaye Released - ZmbScap
  • From: Contact
• [USN-423-1] MoinMoin vulnerabilities
  • From: Kees Cook
• Re: Apache Multiple Injection Vulnerabilities
  • From: Amit Klein
• RE: Solaris telnet vulnberability - how many on your network?
  • From: Nate Eldredge
• Re: Drive-by Pharming Threat
  • From: Jeremy Saintot
• NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit
  • From: gmdarkfig
• Re: [Full-disclosure] Drive-by Pharming Threat
  • From: auto400208
• Re: [Full-disclosure] Drive-by Pharming Threat
  • From: auto400208
• Re: [Full-disclosure] Drive-by Pharming Threat
  • From: Andrew Farmer
• Re: [Full-disclosure] Drive-by Pharming Threat
  • From: Martin Johns
• ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
  • From: Guns
• Re: Drive-by Pharming Threat
  • From: auto400208
• Re: Web Server Botnets and Server Farms as Attack Platforms
  • From: Anders Henke
• AdMentor Script Remote SQL injection Exploit
  • From: crazy_king
• phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities
  • From: ilkerkandemir
• Rootkit Profiler LX
  • From: Tobias Klein
• Re: XLAtunes 0.1 (album) Remote SQL Injection Vulnerability
  • From: str0ke
• Re: Jboss vulnerability
  • From: Harry Hoffman
• RE: Solaris telnet vulnberability - how many on your network?
  • From: Michael Wojcik
• Re: Jboss vulnerability
  • From: James Davis
• RE: Firefox: about:blank is phisher's best friend
  • From: Michael Wojcik
• Re: Solaris telnet vulnberability - how many on your network?
  • From: Marco Ivaldi
• Re: DotClear v1.2.5
  • From: contact