Bugtraq

• Thread Index

• mambo-phphop Product Scroller Module R.F.I
  • From: Outlaw
• [SECURITY] [DSA 1152-1] New trac packages fix information disclosure
  • From: Martin Schulze
• Joomla Rssxt <= 1.0 Remote File Include Vulnerability
  • From: crackers_child
• anjel Mambo Component Remote File Include
  • From: crackers_child
• Joomla x-shop <= 1.7 Remote File Include Vulnerability
  • From: crackers_child
• mtg_myhomepage Component For Mambo R.F.I
  • From: Outlaw
• Secunia Research: AOL Insecure Default Directory Permissions
  • From: Jakob Balle
• ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added
  • From: h1kari@xxxxxxxxxxx
• RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942)
  • From: Marc Maiffret
• [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability
  • From: nop
• [ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities
  • From: security
• [security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS)
  • From: security-alert
• Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege
  • From: secure
• powergap <= (s0x.php) Remote File Inclusion
  • From: saudi . unix
• RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems
  • From: Michael Wojcik
• Re: discloser 0.0.4 Remote File Inclusion (with Exploit)
  • From: Carsten Eilers
• UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
  • From: Tom Yu
• World Summit on Intrusion Prevention
  • From: wsip
• Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems
  • From: Steven M. Christey
• CubeCart <= 3.0.11 SQL injection & cross site scripting
  • From: rgod
• [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability
  • From: nop
• Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows
  • From: nareshhacker
• [USN-336-1] binutils vulnerability
  • From: Martin Pitt
• Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA
  • From: Richard Lindberg
• [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability
  • From: eEye Advisories
• [USN-337-1] imagemagick vulnerability
  • From: Martin Pitt
• discloser 0.0.4 Remote File Inclusion (with Exploit)
  • From: dr . t3rr0r1st
• Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow
  • From: Daniel Kobras
• Reporter Mambo Component Remote File &#304;nclude
  • From: crackers_child
• SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege
  • From: Mike Prosser
• Re: MS Terminal Server application session breakout
  • From: Thor (Hammer of God)
• [ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities
  • From: security
• Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
  • From: Amit Klein (AKsecurity)
• [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS)
  • From: security-alert
• ShockwaveFlash 9 (Stack overflow)
  • From: Mr . Niega
• MS Terminal Server application session breakout
  • From: pedantic1
• [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting
  • From: Marc Ruef
• [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing
  • From: Marc Ruef
• [USN-335-1] heartbeat vulnerability
  • From: Martin Pitt
• Mambo com_lm component (archive.php) Remote File Include Vulnerabilities
  • From: crackers_child
• Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
  • From: tinywebgallery
• Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows
  • From: Joe Orton
• [XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue.
  • From: root
• [USN-334-1] krb5 vulnerabilities
  • From: Martin Pitt
• CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service
  • From: Core Security Technologies advisories
• fusionnews 3,7 Remote File Inclusion
  • From: Outlaw
• Lizge V.20 Web Portal File Include Vulnerability
  • From: crackers_child
• Re: Concurrency-related vulnerabilities in browsers - expect problems
  • From: Michal Zalewski
• otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln
  • From: vampire_chiristof
• [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service
  • From: Martin Schulze
• [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
  • From: nop
• [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability
  • From: nop
• Koobi Pro CMS 5.6 SQL injection & XSS
  • From: vampire_chiristof
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability
  • From: Carsten Eilers
• [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability
  • From: nop
• Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942)
  • From: Gerardo Richarte
• local file include in PHP-Nuke (autohtml.php)
  • From: MosT3mR
• Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability
  • From: Carsten Eilers
• [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability
  • From: security
• [ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability
  • From: security
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability
  • From: Steven M. Christey
• Security contact from Critical Path Inc
  • From: Guillermo Marro
• Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability
  • From: istgha
• Re: RE: linksys WRT54g authentication bypass
  • From: gooorguss
• Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
  • From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
• Opera 9 Remote Denial of Service
  • From: NNP
• Multiple Arbitrary File Access (Write/Read) Vulnerabilities
  • From: NGSSoftware Insight Security Research
• RE: linksys WRT54g authentication bypass
  • From: TeamXMM Consulting, Inc.
• [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities
  • From: Raphael Marichez
• Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities
  • From: x0r0n
• Multiple Buffer Overflow Vulnerabilities in Informix
  • From: NGSSoftware Insight Security Research
• (somewhat) breaking the same-origin policy by undermining dns-pinning
  • From: Martin Johns
• [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow
  • From: Damian Put
• Multiple buffer-overflows in libmusicbrainz 2.1.2
  • From: Luigi Auriemma
• Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities
  • From: matdhule
• Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
  • From: noname
• RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA
  • From: Dave Wichers
• osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed
  • From: vijay
• Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
  • From: mr
• Multiple Password Exposures Flaws
  • From: NGSSoftware Insight Security Research
• Local privilege Escalation in SmartLine DeviceLock 5.73
  • From: seppi
• Unauthorized Database Creation Privilege on Informix
  • From: NGSSoftware Insight Security Research
• Technical note: under some conditions, it's possible to steal HTTP credentials using Flash
  • From: Amit Klein (AKsecurity)
• Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack
  • From: Michael Engert
• InfanView 3.98 (with plugins) - Access violation at processing images CUR files
  • From: sehato
• Multiple Arbitrary Command Execution Vulnerabilities
  • From: NGSSoftware Insight Security Research
• Arbitrary Library Loading in Informix
  • From: NGSSoftware Insight Security Research
• Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability
  • From: ss_team
• Kaspersky Anti-Hacker personal firewall unstealthy stealth mode
  • From: tbratusa
• HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution
  • From: security-alert
• Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
  • From: Carsten Eilers
• RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Lance Seelbach
• JavaScript get Internal Address (thanks to DanBUK)
  • From: pdp (architect)
• Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack
  • From: Allie Daneman
• Virtual War v1.5.0 SQL injection and XSS
  • From: vampire_chiristof
• BlaBla 4U XSS Vulnerabilite
  • From: vampire_chiristof
• Re: Yabb XSS - or NOT
  • From: Volker Tanger
• XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution
  • From: rgod
• SQLIDEBUG envariable overflow on Informix
  • From: NGSSoftware Insight Security Research
• Google Picasa Listening on Port 80?
  • From: Geoff Vass
• Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
  • From: Carsten Eilers
• RE: [Full-disclosure] RE: when will AV vendors fix this???
  • From: Dmitry Yu. Bolkhovityanov
• [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability
  • From: erdc
• Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability
  • From: noname
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability
  • From: Carsten Eilers
• Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities
  • From: Carsten Eilers
• Error logging buffer overflow in Informix
  • From: NGSSoftware Insight Security Research
• Informix Long Username Buffer Overflow Vulnerability
  • From: NGSSoftware Insight Security Research
• Informix - Discovery, Attack and Defense
  • From: David Litchfield
• Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
  • From: public
• Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities
  • From: Reversemode
• ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability
  • From: ScatterChat Advisories
• (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow
  • From: Secure
• Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss
  • From: blood2_20032003
• Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability
  • From: nukedx
• Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities
  • From: Benjamin Tobias Franz
• [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation
  • From: Martin Schulze
• Concurrency-related vulnerabilities in browsers - expect problems
  • From: Michal Zalewski
• myEvent <= 1.4 Multiple Remote File Include Vulnerabilities
  • From: sh3ll
• Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability
  • From: sh3ll
• Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack
  • From: Yves Goergen
• SquirrelMail 1.4.8 released - fixes variable overwriting attack
  • From: Thijs Kinkhorst
• Nokia Browser Crash
  • From: qode
• VWar <= 1.50 R14 (n) Remote SQL Injection
  • From: brom0815
• UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities
  • From: Raphael Marichez
• wheatblog &#1615;Session.php Remote File Inclusion
  • From: Outlaw
• Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
  • From: xvml
• WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
  • From: philipp . niedziela
• rPSA-2006-0152-1 squirrelmail
  • From: Justin M. Forbes
• Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
  • From: sh3ll
• [ GLSA 200608-19 ] WordPress: Privilege escalation
  • From: Raphael Marichez
• miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
  • From: sh3ll
• Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Henry Sieff
• [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS)
  • From: security-alert
• TSLSA-2006-0046 - multi
  • From: Trustix Security Advisor
• Re: when will AV vendors fix this???
  • From: Bipin Gautam
• [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• Security Vulnerability in Ruby on Rails 1.1.x
  • From: michael
• Re: linksys WRT54g authentication bypass
  • From: Ginsu Rabbit
• XSSing the Lan 3 (web trojans.. not a new idea)
  • From: pdp (architect)
• Re: linksys WRT54g authentication bypass
  • From: guant a
• Bypassing script filters with variable-width encodings
  • From: Cheng Peng Su
• RE: linksys WRT54g authentication bypass
  • From: Ginsu Rabbit
• RE: linksys WRT54g authentication bypass
  • From: Miguel Valentin
• Re: linksys WRT54g authentication bypass
  • From: Ginsu Rabbit
• Re: linksys WRT54g authentication bypass
  • From: Rodrigo Barbosa
• Re: linksys WRT54g authentication bypass
  • From: Nicholas Knight
• Re: [Full-disclosure] Attacking the local LAN via XSS
  • From: Nikolay Kubarelov
• Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: henry . sieff
• RE: [Full-disclosure] RE: when will AV vendors fix this???
  • From: Thomas D.
• Re: when will AV vendors fix this???
  • From: Paul Schmehl
• RE: when will AV vendors fix this???
  • From: Thomas D.
• Re: when will AV vendors fix this???
  • From: Marius Huse Jacobsen
• Security Contact
  • From: Sean Warnock
• Dragonfly CMS 9.0.6.1 and prior XSS
  • From: HeLiOsZ RooT
• Simple one-file GuestBook 1.0
  • From: omnipresent
• CGI Script Source Code Disclosure Vulnerability in Apache for Windows
  • From: susam . pal
• XennoBB <= "avatar gallery" Directory Transversal
  • From: c . boulton
• Virtual War v1.5.0 <= Sql Injection vuln.
  • From: mfoxhacker
• Compersus ASP shopping cart <= DataBase Downloading vuln.
  • From: mfoxhacker
• myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability
  • From: sh3ll
• InfanView 3.98 (with plugins) - Access violation at processing images ANI files
  • From: sehato
• Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability
  • From: sh3ll
• Netgear FVG318 is vunerable to DOS attack
  • From: root
• Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability
  • From: camino
• Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure
  • From: dm
• [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200608-18 ] Net::Server: Format string vulnerability
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@)
  • From: Raphael Marichez
• PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service
  • From: Collin R. Mulliner
• PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection
  • From: simo64
• CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
  • From: Mariano Nuñez Di Croce
• XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php)
  • From: ratboy727
• CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service
  • From: Mariano Nuñez Di Croce
• Directory Traversal vulnerability in IPCheck Monitor Server
  • From: auuw73
• Sending multipart/form-data requests from Flash (with arbitrary headers)
  • From: Amit Klein (AKsecurity)
• [SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution
  • From: Martin Schulze
• TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
  • From: x0r0n
• Yabb XSS
  • From: Outlaw
• [ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability
  • From: security
• [SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability
  • From: TSRT
• Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8
  • From: Luigi Auriemma
• TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability
  • From: TSRT
• Multiple buffer-overflows in AlsaPlayer 0.99.76
  • From: Luigi Auriemma
• TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
  • From: TSRT
• [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)
  • From: Francisco Amato
• Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability
  • From: philipp . niedziela
• [ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability
  • From: security
• BlogHoster v2.2 Post Comment Html Injection
  • From: piiiiiii pppiiiiiiii
• CivicSpace Version 0.8.5 HTML injection
  • From: HeLiOsZ RooT
• [ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability
  • From: security
• [SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
  • From: Martin Schulze
• Assessment of Vista Kernel Mode Security
  • From: ATR-Bugtraq
• Latinchat Denial Of Service
  • From: Vicente Perez
• [USN-333-1] libwmf vulnerability
  • From: Martin Pitt
• PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities
  • From: x0r0n
• SUSE Security Announcement: clamav (SUSE-SA:2006:046)
  • From: Ludwig Nussel
• [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow
  • From: pucik
• rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
  • From: Justin M. Forbes
• ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
  • From: Sune Kloppenborg Jeppesen
• AW: Virtual War v1.5.0 Remote File Include (vwar_root)
  • From: Frank Reißner
• Re: Will Microsoft patch remarkable old Msjet40.dll issue?
  • From: Juha-Matti Laurio
• MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
  • From: Tom Yu
• TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities
  • From: TSRT
• MojoScripts' xss vulnerable
  • From: tugra
• unwrapping PL/SQL
  • From: pete
• [ GLSA 200608-14 ] DUMB: Heap buffer overflow
  • From: Sune Kloppenborg Jeppesen
• Microsoft PowerPoint Malformed Record Memory Corruption
  • From: Sowhat
• phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability
  • From: tr_zindan
• rPSA-2006-0147-1 mysql mysql-bench mysql-server
  • From: Justin M. Forbes
• docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability
  • From: x0r0n
• Archangel Weblog 0.90.02 and prior Multiple HTML injections
  • From: piiiiiii pppiiiiiiii
• [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability
  • From: zdi-disclosures
• ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability
  • From: zdi-disclosures
• [ GLSA 200608-13 ] ClamAV: Heap buffer overflow
  • From: Matthias Geerdsen
• Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]
  • From: SPI Labs
• [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow
  • From: eEye Advisories
• Re: [Full-disclosure] Attacking the local LAN via XSS
  • From: Schanulleke
• phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability
  • From: sh3ll
• AUTODAFE: an Act of Software Torture [FUZZER]
  • From: Martin Vuagnoux
• Re: vbulletin 3.5.4 IE exploit xss
  • From: james
• Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  • From: Thierry Zoller
• Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
  • From: pdp (architect)
• Re: [Full-disclosure] Attacking the local LAN via XSS
  • From: pdp (architect)
• Re: [Full-disclosure] Attacking the local LAN via XSS
  • From: Thierry Zoller
• Attacking the local LAN via XSS
  • From: pdp (architect)
• ARES 2007: Call for workshop proposals, deadline Sept 10, 2006
  • From: Manh Tho
• Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion
  • From: Mailinglists Address
• Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
  • From: Steve VanDevender
• TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability
  • From: TSRT
• TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability
  • From: TSRT
• DeluxeBB Multiple Vulnerabilities
  • From: darkz . gsa
• Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
  • From: x0r0n
• simplog 0.9.3 and prior XSS
  • From: piiiiiii pppiiiiiiii
• RE: linksys WRT54g authentication bypass
  • From: Andy Meyers
• Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
  • From: dinoboff
• Will Microsoft patch remarkable old Msjet40.dll issue?
  • From: Juha-Matti Laurio
• [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
  • From: Sune Kloppenborg Jeppesen
• linksys WRT54g authentication bypass
  • From: Ginsu Rabbit
• [SECURITY] [DSA 1144-1] New chmlib packages fix denial of service
  • From: Moritz Muehlenhoff
• [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability
  • From: vulnpost-remove
• Virtual War v1.5.0 Remote File Include (vwar_root)
  • From: AG Spider
• [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure
  • From: Sune Kloppenborg Jeppesen
• php local buffer underflow could lead to arbitary code execution
  • From: heintz
• Re: when will AV vendors fix this???
  • From: Denis Jedig
• [ GLSA 200608-10 ] pike: SQL injection vulnerability
  • From: Sune Kloppenborg Jeppesen
• Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)
  • From: Luigi Auriemma
• IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY
  • From: king_purba
• PHP: Zend_Hash_Del_Key_Or_Index Vulnerability
  • From: Stefan Esser
• blur6ex 0.3 Comment title HTML inyection vuln.
  • From: piiiiiii pppiiiiiiii
• when will AV vendors fix this???
  • From: Bipin Gautam
• NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion
  • From: philipp . niedziela
• 0-day XP SP2 wmf exploit (some details)
  • From: cyanid-E
• SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion
  • From: chris_hasibuan
• 0-day XP SP2 wmf exploit
  • From: cyanid-E
• SAPID CMS remote File Inclusion vulnerabilities
  • From: simo64
• XennoBB <= 2.1.0 "birthday" SQL injection
  • From: c . boulton
• [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion
  • From: erdc
• Re: flatnuke <= 2.5.7 arbitrary php file upload
  • From: segatom
• XSS Vulnerability in FTD v3.7.3
  • From: try_og
• MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure
  • From: rgod
• [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
  • From: Sune Kloppenborg Jeppesen
• Tinyportal Shoutbox
  • From: exploitex
• vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit
  • From: addmimistrator
• [ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01]
  • From: Matthew Hall
• phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion
  • From: philipp . niedziela
• CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities
  • From: Williams, James K
• TSLSA-2006-0044 - multi
  • From: Trustix Security Advisor
• [SECURITY] [DSA 1143-1] New dhcp packages fix denial of service
  • From: Martin Schulze
• [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion
  • From: matdhule
• [SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution
  • From: Martin Schulze
• [ECHO_ADV_42$2006] BufferOverflow in Eremove Client
  • From: erdc
• [ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200608-05 ] LibVNCServer: Authentication bypass
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service
  • From: Martin Schulze
• XSS in Vbulletin 3.6.0 in IE 0nly
  • From: Stefan
• GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities
  • From: Tamriel
• CounterChaos <= 0.48c SQL Injection Vulnerability
  • From: Tamriel
• GaesteChaos <= 0.2 Multiple Vulnerabilities
  • From: Tamriel
• [security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation
  • From: security-alert
• ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability
  • From: x0r0n
• [ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities
  • From: Thierry Carrez
• ME Download System 1.3 Remote File Inclusion
  • From: philipp . niedziela
• vbulletin 3.5.4 IE exploit xss
  • From: stefan
• [ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities
  • From: Thierry Carrez
• Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
  • From: Matthew Hall
• [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue
  • From: Uwe Hermann
• SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion
  • From: chris_hasibuan
• [ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities
  • From: Stefan Cornelius
• [SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service
  • From: Martin Schulze
• SendCard <= 3.4.0 unauthorized administrative access / remote commands execution
  • From: rgod
• [MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue
  • From: admin
• Javascript software authentication brute force attack
  • From: Gianstefano Monni
• Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
  • From: William A. Rowe, Jr.
• [SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation
  • From: Moritz Muehlenhoff
• Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
  • From: Philip M. Gollucci
• [USN-332-1] gnupg vulnerability
  • From: Martin Pitt
• [USN-331-1] Linux kernel vulnerabilities
  • From: Martin Pitt
• CMSimple Cross Site Scripting
  • From: Outlaw
• Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions
  • From: Secunia Research
• Vwar v1.5.0 <= Sql Injection and XSS vuln.
  • From: mfoxhacker
• TSEP <= 0.942 Remote File Include
  • From: beford
• RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]
  • From: Roger A. Grimes
• Simpliciti Locked Browser Jail Breakout Vulnerability
  • From: EvilPacket
• [security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 1138-1] New cfs packages fix denial of service
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution
  • From: Martin Schulze
• Hobbit monitor security bugfix release - 4.1.2p2
  • From: Henrik Stoerner
• [security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities
  • From: Martin Schulze
• OZJournal v1.5 - XSS
  • From: luny
• [security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 1136-1] New gpdf packages fix denial of service
  • From: Martin Schulze
• [security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]
  • From: pingywon
• [eVuln] MyBB 'Avatar URL' XSS Vulnerability
  • From: alex
• [USN-330-1] tiff vulnerabilities
  • From: Martin Pitt
• rPSA-2006-0143-1 gnupg
  • From: Justin M. Forbes
• Content Management Framework "G3" - XSS Vulnerability in Search Function
  • From: Stefan Friedli
• SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability
  • From: x0r0n
• Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure
  • From: Chris Wysopal
• Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Roy Hills
• Secunia Research: Jetbox Multiple Vulnerabilities
  • From: Secunia Research
• [SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities
  • From: Martin Schulze
• EEYE: research.eeye.com
  • From: Marc Maiffret
• rPSA-2006-0142-1 libtiff
  • From: Justin M. Forbes
• JavaScript port scanning
  • From: pdp (architect)
• [SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code
  • From: Moritz Muehlenhoff
• [ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities
  • From: security
• Re: Gdiplus.dll division by 0
  • From: Dennis Lubert
• DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'
  • From: K F (lists)
• Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
  • From: gssincla
• Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]
  • From: gssincla
• SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure
  • From: secure
• [ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities
  • From: security
• SUSE Security Announcement: libtiff (SUSE-SA:2006:044)
  • From: Thomas Biege
• SUSE Security Announcement: freetype2 (SUSE-SA:2006:045)
  • From: Thomas Biege
• [SECURITY] [DSA 1131-1] New apache package fix buffer overflow
  • From: Steve Kemp
• [SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow
  • From: Steve Kemp
• WoW Roster <= 1.5.x Remote File Include (hsList.php)
  • From: AG Spider
• ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability
  • From: David Matousek
• TSEP 0.9.4.2 <= Remote File Inclusion
  • From: philipp . niedziela
• [USN-327-2] firefox regression
  • From: Martin Pitt
• VMSA-2006-0004 Cross site scripting vulnerability and other fixes
  • From: VMware Security Team
• [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities
  • From: security
• [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability
  • From: vulnpost-remove
• Re: Gdiplus.dll division by 0
  • From: giacomo collini
• WoW Roster <= 1.5.x Remote File Include (hsList.php)
  • From: AG Spider
• [SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting
  • From: Martin Schulze
• [Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution
  • From: botan
• [Kurdish Security # 20 ] Quickie Remote Command Execution
  • From: botan
• [Kurdish Security # 19 ] FileManager Remote Command Execution
  • From: botan
• [Kurdish Security # 18 ] FAQ Script Remote Command Execution
  • From: botan
• [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution
  • From: botan
• [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution
  • From: botan
• NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit
  • From: tr_zindan
• [ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite
  • From: Matthias Geerdsen
• Re: Xss in MttKe-php v2.6
  • From: Steven M. Christey
• Re: Do world's famous companies take care of their security?
  • From: Steven M. Christey
• MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability
  • From: philipp . niedziela
• RE: cpanel login problem
  • From: Alan
• Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5
  • From: Luigi Auriemma
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow
  • From: solutions_PHP
• Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue
  • From: advisories
• Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue
  • From: advisories
• Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue
  • From: advisories
• Oracle and Apache mod_rewrite Vulnerability
  • From: tigerblue
• Re: Check Point R55W Directory Traversal
  • From: Hugo van der Kooij
• Re: Gdiplus.dll division by 0
  • From: Early Warning Team
• Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Pavel Kankovsky
• SQL injection Seir Anphin v666 Community Management System
  • From: vulnerabilities
• PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI
  • From: philipp . niedziela
• ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure
  • From: rgod
• com_moskool (admin.moskool.php) Remote File Include Vulnerabilities
  • From: saudi . unix
• Re: cpanel login problem
  • From: usar_y_tirar
• Re: PHP ip2long() function circumvention
  • From: darylf
• Re: Portail PHP v1.7 Remote File Include
  • From: x0r0n
• Re: cpanel login problem
  • From: Scott Gemma
• RE: cpanel login problem
  • From: Bugs
• UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• artlinks Mambo Component <= Remote Include Vulnerability
  • From: Dr . Jr7
• [ GLSA 200607-11 ] TunePimp: Buffer overflow
  • From: Stefan Cornelius
• [ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows
  • From: Matthias Geerdsen
• Re: cpanel login problem
  • From: nate
• Gdiplus.dll division by 0
  • From: Mr . Niega
• [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities
  • From: security
• [ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities
  • From: Stefan Cornelius
• mambatstaff Mambo Component <= Remote Include Vulnerability
  • From: Dr . Jr7
• [ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability
  • From: security
• Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities
  • From: A-S-T2006
• [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php
  • From: roozbeh_afrasiabi
• Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Eloy Paris
• RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability
  • From: Desai, Deepen
• XSS vulnerability on AWBS
  • From: newbinaryfile
• Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities
  • From: A-S-T2006
• PHP ip2long() function circumvention
  • From: rgod
• [USN-329-1] Thunderbird vulnerabilities
  • From: Martin Pitt
• rPSA-2006-0139-1 httpd mod_ssl
  • From: Justin M. Forbes
• PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability
  • From: tr_zindan
• Hustle -- Tumbleweed Email Firewall Remote Vulnerability
  • From: Ryan Smith
• cpanel login problem
  • From: ali
• Re: Check Point R55W Directory Traversal
  • From: dave_kwek
• Lan-Aces Office Logic
  • From: Mike
• Re: Fusion Polls (xtrphome) Remote File Inclusion
  • From: security curmudgeon
• Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities
  • From: matdhule
• PHP-Nuke INP XSS
  • From: l2odon
• [SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution
  • From: Martin Schulze
• Apache mod_rewrite Buffer Overflow Vulnerability
  • From: Avert
• [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
  • From: William A. Rowe, Jr.
• Oracle 10g R2 and, probably, all previous versions
  • From: Russell Lowenthal
• Re: Bypassing Oracle dbms_assert
  • From: David Litchfield
• RE: Bypassing Oracle dbms_assert
  • From: Alexander Kornbrust
• Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1
  • From: R0t-K33Y
• [ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability
  • From: security
• [OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype)
  • From: OpenPKG
• [OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby)
  • From: OpenPKG
• Portail PHP v1.7 Remote File Include
  • From: Meftun
• [SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service
  • From: Martin Schulze
• [OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache)
  • From: OpenPKG
• [SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: Bypassing Oracle dbms_assert
  • From: David Litchfield
• [FLSA-2006:175040] Updated php packages fix security issues
  • From: Marc Deslauriers
• [USN-328-1] Apache vulnerability
  • From: Martin Pitt
• Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [USN-327-1] firefox vulnerabilities
  • From: Martin Pitt
• Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection
  • From: Steven M. Christey
• Oracle 10g R2 and, probably, all previous versions
  • From: putosoft softputo
• AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC)
  • From: c0rrupt
• Xss in MttKe-php v2.6
  • From: R0t-K33Y
• rPSA-2006-0137-1 firefox
  • From: Justin M. Forbes
• ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
  • From: zdi-disclosures
• Bypassing Oracle dbms_assert
  • From: ak
• Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption
  • From: Secunia Research
• [SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages)
  • From: Moritz Muehlenhoff
• [USN-326-1] heartbeat vulnerability
  • From: Martin Pitt
• [USN-325-1] ruby1.8 vulnerability
  • From: Martin Pitt
• [USN-324-1] freetype vulnerability
  • From: Martin Pitt
• Re: Low security hole affecting IPCalc's CGI wrapper
  • From: krischan
• Buffer Overflow Vulnerability in Winlpd
  • From: Meftun
• Cross-Site Scripting and Local File Inclusion in Phorum
  • From: Meftun
• [SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service
  • From: Martin Schulze
• Re: Opsware NAS 6.0 reveals MySQL 'root' password
  • From: security-alert
• GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting
  • From: securityconnection
• Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"
  • From: Amit Klein (AKsecurity)
• a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability
  • From: Dr . Jr7
• NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability
  • From: NSFOCUS Security Team
• Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"
  • From: 3CO
• Re: new shell bypass safe mode
  • From: cxib
• Phpprobid <= 5.24 XSS SQL injection Vulnerability
  • From: securityconnection
• Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow
  • From: Secunia Research
• [OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela)
  • From: OpenPKG
• [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
  • From: vulnpost-remove
• [ECHO_ADV_41$2006] BufferOverflow in Midirecord2
  • From: the_day
• [USN-323-1] mozilla vulnerabilities
  • From: Martin Pitt
• Etomite CMS <= 0.6.1 'rfiles.php' remote command execution
  • From: rgod
• Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • From: Roy Hills
• [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code
  • From: Moritz Muehlenhoff
• Zyxel Prestige 660H-61 Cross-Site Scripting
  • From: jose . palanco
• TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities
  • From: TSRT
• TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability
  • From: TSRT
• wwwThreads XSS
  • From: l2odon
• ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability
  • From: zdi-disclosures
• ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability
  • From: zdi-disclosures
• TP-Book <= 1.00 Cross Site Scripting Vulnerabilities
  • From: tamriel
• PHP-Auction SQL injection
  • From: l2odon
• Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities
  • From: tamriel
• Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"
  • From: Amit Klein (AKsecurity)
• [SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation
  • From: Moritz Muehlenhoff
• Multiple vulnerabilities in OpenCMS
  • From: Meder Kydyraliev
• EzUpload multi file vulnerabilities
  • From: hack2prison
• [USN-320-2] php4 regression
  • From: Martin Pitt
• [USN-297-3] Thunderbird vulnerabilities
  • From: Martin Pitt
• Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability
  • From: Secunia Research
• MS06-034 lies? IIS 6 can still be owned?
  • From: Cesar
• Full Path Disclosure xGuestBook v1.02
  • From: dicomdk
• [ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability
  • From: security
• Re: Ashop Search Module SQL injection
  • From: security curmudgeon
• [security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS)
  • From: security-alert
• [ GLSA 200607-10 ] Samba: Denial of Service vulnerability
  • From: Sune Kloppenborg Jeppesen
• LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties
  • From: simo64
• [vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow
  • From: vulnpost-remove
• [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability
  • From: vulnpost-remove
• [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities
  • From: vulnpost-remove
• Advisory: VMware Possible Incorrect Permissions On SSL Key Files
  • From: Nick Breese
• [USN-296-2] Firefox vulnerabilities
  • From: Martin Pitt
• [ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006)
  • From: Luigi Auriemma
• [SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service
  • From: Martin Schulze
• Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)
  • From: Luigi Auriemma
• SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced
  • From: research
• Opsware NAS 6.0 reveals MySQL 'root' password
  • From: Freeman, Michael
• rPSA-2006-0135-1 gimp
  • From: Justin M. Forbes
• Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability
  • From: info
• [SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• Heap overflow in the GT2 loader of libmikmod 3.2.2
  • From: Luigi Auriemma
• SQuery v.x (devi.php) (armygame.php) Remote File Inclusion
  • From: saudi . unix
• Write-up by Amit Klein: "Forging HTTP request headers with Flash"
  • From: Amit Klein (AKsecurity)
• [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities
  • From: admin
• ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow
  • From: Sune Kloppenborg Jeppesen
• Windows XP/NT/SMB2003/2000 Denial of Service attack
  • From: J. Oquendo
• [SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data
  • From: Moritz Muehlenhoff
• MusicBox <= 2.3.4 XSS SQL injection Vulnerability
  • From: securityconnection
• [USN-322-1] Konqueror vulnerability
  • From: Martin Pitt
• Check Point R55W Directory Traversal
  • From: Sec-Tec Lists
• Re: [ GLSA 200607-08 ] GIMP: Buffer overflow
  • From: Michael Shigorin
• Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability
  • From: Micheal Turner
• PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities
  • From: saudi . unix
• [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service
  • From: Martin Schulze
• Buffer-overflow in the XM loader of Cheese Tracker 0.9.9
  • From: Luigi Auriemma
• [CYBSEC] TippingPoint detection bypass
  • From: Andres Riancho
• [ GLSA 200607-08 ] GIMP: Buffer overflow
  • From: Sune Kloppenborg Jeppesen
• Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
  • From: mfoxhacker
• [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]
  • From: botan
• [SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities
  • From: Martin Schulze
• DotClear : Multiples Full Path Disclosure
  • From: Silitix
• Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability
  • From: sales
• Map MS Security Bulletins to MS KB numbers
  • From: Matthew Leeds
• Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP
  • From: Juha-Matti Laurio
• Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure
  • From: admin
• Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability
  • From: harbl
• Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
  • From: mail
• [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure
  • From: admin
• MiniBB Forum <= 1.5a Remote File Include (news.php)
  • From: AG Spider
• Re: New PowerPoint Trojan installs itself as LSP
  • From: Mike Healan
• Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities
  • From: matdhule
• Re: AFCommerce Shopping Cart
  • From: contact
• [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla]
  • From: botan
• Re: XSS phpBB 2.0.21 in administration
  • From: Jessica Hope
• SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path)
  • From: mail
• new shell bypass safe mode
  • From: d3nger
• RE: $100 plus several of my books if you can crack my Windows password hashes.
  • From: Roger A. Grimes
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow
  • From: scott
• RE: $100 plus several of my books if you can crack my Windows password hashes.
  • From: Michael Scheidell
• New CVE identifiers for separate PowerPoint 0-day issues assigned
  • From: Juha-Matti Laurio
• Re: SubberZ[Lite] - Remote File Include
  • From: the . jalal
• Re: XSS phpBB 2.0.21 in administration
  • From: Jessica Hope
• [SECURITY] [DSA 1119-1] New hiki packages fix denial of service
  • From: Martin Schulze
• about bid 17404
  • From: crack
• [SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities
  • From: Martin Schulze
• Low security hole affecting IPCalc's CGI wrapper
  • From: Tim Brown
• [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting
  • From: admin
• RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow
  • From: m
• [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities
  • From: admin
• MicroGuestBook Remote XSS Attack
  • From: omnipresent
• Microsoft Internet Explorer DOS Vulnerability
  • From: SnoBmsn
• RE: XSS phpBB 2.0.21 in administration
  • From: David Thomson
• Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability
  • From: Micheal Turner
• Re: Securing PHP or finding PHP alternatives
  • From: Michael Cordover
• Re: ATutor 1.5.3 Cross Site Scripting
  • From: Steven M. Christey
• Re: LAMP vs Microsoft
  • From: Darren Reed
• RE: $100 plus several of my books if you can crack my Windows password hashes.
  • From: Roger A. Grimes
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow
  • From: kala_z
• iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability
  • From: labs-no-reply
• MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)
  • From: AG Spider
• Re: Securing PHP or finding PHP alternatives
  • From: Crispin Cowan
• Re: Samba Internal Data Structures DOS Vulnerability Exploit
  • From: Gerald (Jerry) Carter
• [SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion
  • From: chris_hasibuan
• [SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution
  • From: Martin Schulze
• [ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability.
  • From: security
• Samba Internal Data Structures DOS Vulnerability Exploit
  • From: Alexander Hristov
• Unidomedia Chameleon LE/Pro Directory Traversal
  • From: kicktd
• TSLSA-2006-0042 - multi
  • From: Trustix Security Advisor
• LoudBlog <=0.5 Sql injection
  • From: rgod
• [SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service
  • From: Martin Schulze
• [ GLSA 200607-07 ] xine-lib: Buffer overflow
  • From: Thierry Carrez
• SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1
  • From: armin390
• [security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006
  • From: security-alert
• [USN-321-1] mysql-dfsg-4.1 vulnerability
  • From: Martin Pitt
• [SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service
  • From: Moritz Muehlenhoff
• rPSA-2006-0134-1 sendmail sendmail-cf
  • From: Justin M. Forbes
• [security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• [ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability.
  • From: security
• [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure
  • From: admin
• [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability
  • From: admin
• [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability
  • From: admin
• Advisory: Remote command execution in planetGallery
  • From: RedTeam Pentesting
• [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion
  • From: matdhule
• Cisco MARS < 4.2.1 remote compromise
  • From: Jon Hart
• rPSA-2006-0133-1 libpng
  • From: Justin M. Forbes
• Re: osDate 1.1.7 multiple vulnerabilities
  • From: binary . loc
• Security point-of-contact for Ameritrade?
  • From: James M. Blackburn
• AFCommerce Shopping Cart
  • From: sledge
• Re: imageVue16.1 upload vulnerability
  • From: info
• [USN-313-2] OpenOffice.org vulnerabilities
  • From: Martin Pitt
• [USN-319-2] Linux kernel vulnerability
  • From: Martin Pitt
• [ GLSA 200607-06 ] libpng: Buffer overflow
  • From: Thierry Carrez
• VMSA-2006-0003 VMware possible incorrect permissions on SSL key files
  • From: VMware Security Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
  • From: Cisco Systems Product Security Incident Response Team
• rPSA-2006-0132-1 tshark wireshark
  • From: Justin M. Forbes
• Re: Bybass HTTP ( extension files ) in ISA 2004
  • From: Thor (Hammer of God)
• [ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities
  • From: security
• [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities.
  • From: security
• [ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability.
  • From: security
• [ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability.
  • From: security
• [USN-320-1] PHP vulnerabilities
  • From: Martin Pitt
• New PowerPoint Trojan installs itself as LSP
  • From: Juha-Matti Laurio
• Re: crashing firefox <= 1.5.0.4
  • From: bugtraq
• Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl
  • From: Alexander Hristov
• osDate 1.1.7 multiple vulnerabilities
  • From: binary . loc
• Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
  • From: str0ke
• Re: LAMP vs Microsoft
  • From: Hugo van der Kooij
• Re: XSS phpBB 2.0.21 in administration
  • From: Jessica Hope
• Re: LAMP vs Microsoft
  • From: Bob Beck
• Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection
  • From: paul14075
• Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior
  • From: mullware
• ASP.DLL Include File Buffer Overflow
  • From: Brett Moore
• hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities
  • From: tamriel
• Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]
  • From: ak
• [security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS)
  • From: security-alert
• Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]
  • From: ak
• Invision Power Board v2.1 <= 2.1.6 sql injection exploit
  • From: paul14075
• PcAnywhere > 12 Local Privilege Escalation
  • From: root
• ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities
  • From: saudi . unix
• Consumers of Broadband Providers (ISP) may be open to hijack attacks
  • From: peter_philipp
• [SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure
  • From: Moritz Muehlenhoff
• Re: Bybass HTTP ( extension files ) in ISA 2004
  • From: medozero
• Re: Bybass HTTP ( extension files ) in ISA 2004
  • From: medozero
• RE: [lists] Re: PHP security (or the lack thereof)
  • From: Curt Purdy
• Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]
  • From: ak
• WebScarab <= 20060621-0003 cross site scripting
  • From: security
• Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]
  • From: ak
• $100 plus several of my books if you can crack my Windows password hashes.
  • From: Roger A. Grimes
• [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability
  • From: farhadkey
• DeluxeBB mutiple vulnerabilities
  • From: Jessica Hope
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection
  • From: mattmecham
• About the latest three Powerpoint vulnerabilities: exploitable?
  • From: ewt
• Outpost Firewall Pro secrately fixing security flaws?
  • From: Bipin Gautam
• [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability
  • From: security
• ToendaCMS <= 1.0.0 arbitrary file upload
  • From: rgod
• Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download
  • From: x0r0n
• Professional PHP Tools Guestbook Multiple Vulnerabilities
  • From: tamriel
• Cross Site Scripting Vulnerability in Zoho Virtual Office
  • From: ss_team
• Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant
  • From: Mark Litchfield
• Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities
  • From: matdhule
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection
  • From: str0ke
• 23rd Chaos Communication Congress 2006: Call for Participation
  • From: fukami
• New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities
  • From: matdhule
• Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form
  • From: pagvacito
• Re: LAMP vs Microsoft
  • From: Darren Reed
• Re: LAMP vs Microsoft
  • From: George Capehart
• Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround
  • From: Michal Zalewski
• [USN-319-1] Linux kernel vulnerability
  • From: Martin Pitt
• Re: Securing PHP or finding PHP alternatives
  • From: Crispin Cowan
• RUXCON 2006 Final Call For Papers
  • From: cfp
• ToorCon 2006 Call for Papers
  • From: h1kari@xxxxxxxxxxx
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection
  • From: paul dansing
• [SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation
  • From: Moritz Muehlenhoff
• ListMessenger v0.9.3 Remote File Inclusion Vulnerability
  • From: x0r0n
• Multiple vulnerabilities in UFO2000 svn 1057
  • From: Luigi Auriemma
• boastMachine <= 3.1 SQL Injection Exploit
  • From: gmdarkfig
• PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)
  • From: Dragos Ruiu
• Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability
  • From: Secunia Research
• [SECURITY] [DSA 1110-1] New samba packages fix denial of service
  • From: Moritz Muehlenhoff
• Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities
  • From: Secunia Research
• [EEYEB-20060227] D-Link Router UPNP Stack Overflow
  • From: eEye Advisories
• rPSA-2006-0130-1 kernel
  • From: Justin M. Forbes
• RE: Bybass HTTP ( extension files ) in ISA 2004
  • From: Edward Tripovich
• [SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation
  • From: Moritz Muehlenhoff