Bugtraq

Date Index

[Prev Page][Next Page]

Secunia Research: Lotus Notes Applix Graphics Parsing Vulnerabilities, Secunia Research
Secunia Research: Symantec Mail Security Folio Flat File Parsing Buffer Overflows, Secunia Research
Secunia Research: Adobe Flash Player "Declare Function (V7)" Heap Overflow, Secunia Research
Secunia Research: Lotus Notes htmsr.dll Buffer Overflows, Secunia Research
OneSecurityDay 2008 - Web application auditing challenge, bugtraq
Secunia Research: activePDF DocConverter Folio Flat File Parsing Buffer Overflows, Secunia Research
Secunia Research: Lotus Notes kvdocve.dll Path Processing Buffer Overflow, Secunia Research
project announcement - oCERT - Open Source CERT, Andrea Barisani
[oCERT-2008-003] libpng zero-length chunks incorrect handling, Andrea Barisani
[ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability, security
Re: WoltLab(R) Community Framework WCF 1.0.6, marc . deroche
DEF CON 16 Retro Announcement! Back to Bang!, The Dark Tangent
- <Possible follow-ups>
- DEF CON 16 Retro Announcement! Back to Bang!, The Dark Tangent
IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows, Justin Ferguson
Trillian 3.1.9.0 DTD File Buffer Overflow, david130490
Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53, Luigi Auriemma
[ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation, Robert Buchholz
[ GLSA 200804-12 ] gnome-screensaver: Privilege escalation, Raphael Marichez
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities, ascii
[USN-600-1] rsync vulnerability, Kees Cook
iDefense Security Advisory 04.09.08: EMC DiskXtender Authentication Bypass Vulnerability, iDefense Labs
iDefense Security Advisory 04.09.08: EMC DiskXtender MediaStor Format String Vulnerability, iDefense Labs
[SECURITY] [DSA 1546-1] New gnumeric packages fix arbitrary code execution, Devin Carraway
Borland InterBase 2007 "ibserver.exe" Buffer Overflow Vulnerability POC, Liu Zhen Hua
iDefense Security Advisory 04.09.08: EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability, iDefense Labs
w2b.ru multiple products SQL Injection, noreply
[ GLSA 200804-10 ] Tomcat: Multiple vulnerabilities, Pierre-Yves Rofes
[ GLSA 200804-09 ] am-utils: Insecure temporary file creation, Pierre-Yves Rofes
[SECURITY] [DSA 1545-1] New rsync packages fix arbitrary code execution, Moritz Muehlenhoff
EUSecWest CFP Closes April 14th (conf May 21/22 2008), Dragos Ruiu
[ GLSA 200804-08 ] lighttpd: Multiple vulnerabilities, Tobias Heinlein
[ MDVSA-2008:083 ] - Updated audit packages fix vulnerability, security
paFileDB 3.1 Remote SQL Injection, noreply
[USN-599-1] Ghostscript vulnerability, Jamie Strandboge
IOActive Security Advisory: Buffer overflow in Python zlib extension module, Justin Ferguson
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities, Devin Carraway
[SECURITY] [DSA 1544-1] New pdns-recursor packages fix cache poisoning vulnerability, Florian Weimer
[ MDVSA-2008:082 ] - Updated php-apc packages fix vulnerability, security
[SECURITY] [DSA 1542-1] New libcairo packages fix arbitrary code execution, Devin Carraway
[CVE-2007-5301] alsaplayer PoC - exploit, Albert Sellarès
iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability, iDefense Labs
iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability, iDefense Labs
[ GLSA 200804-07 ] PECL APC: Buffer Overflow, Robert Buchholz
Pu Arcade component for Joomla - SQL injection, netmantis . com
SAP Netweaver 6.40-7.0 Cross-Site-Scripting, jaime . blasco
CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS, I)ruid
[SECURITY] [DSA 1541-1] New openldap2.3 packages fix denial of service, Moritz Muehlenhoff
ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability, zdi-disclosures
ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability, zdi-disclosures
[security bulletin] HPSBMA02242 SSRT061260 rev.3 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution, security-alert
[security bulletin] [security bulletin] HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data, security-alert
Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020), Amit Klein
New tool released : Syslog Fuzzer, jaime . blasco
[security bulletin] HPSBMA02327 SSRT071455 rev.1 - HP Integrity Servers iLO-2 Management Processors (iLO-2 MP), Denial of Service (DoS), security-alert
Wayport Public Access PC Authentication Bypass Weakness, Pascal Cretain
licq remote DoS?, Milen Rangelov
- Re: licq remote DoS?, 3APA3A
- <Possible follow-ups>
- Re: Re: licq remote DoS?, mrangelov
WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability, Jessica Hope
Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities, brad . antoniewicz
Multiple vulnerabilities in HP OpenView NNM 7.53, Luigi Auriemma
- <Possible follow-ups>
- Re: Multiple vulnerabilities in HP OpenView NNM 7.53, Luigi Auriemma
Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility, virangar_nml
- <Possible follow-ups>
- Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility, yeppy
Attack Technique: File Download Injection, Jeff Williams
[ GLSA 200804-04 ] MySQL: Multiple vulnerabilities, Robert Buchholz
openMosix userspace library stack-based buffer overflow, jose
- <Possible follow-ups>
- Re: openMosix userspace library stack-based buffer overflow, nixpanic
[ GLSA 200804-06 ] UnZip: User-assisted execution of arbitrary code, Robert Buchholz
[SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service, Steve Kemp
CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities, Simon Ryeo
Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow, Patrick Webster
[ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code, Robert Buchholz
[ GLSA 200804-03 ] OpenSSH: Privilege escalation, Robert Buchholz
Blogator-script 0.95 SQL Injection Vulnerbility, hadihadi_zedehal_2006
Alkacon OpenCms sessions.jsp searchfilter XSS, nnposter
- <Possible follow-ups>
- Re: Alkacon OpenCms sessions.jsp searchfilter XSS, a . westtermann
Blogator-script 0.95 Change User Password Vulnerbility, hadihadi_zedehal_2006
TheGreenBowVPN, Login Credentials Disclosure, evilcry
F5 BIG-IP Management Interface Perl Injection, nnposter
rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements
rPSA-2008-0138-1 tshark wireshark, rPath Update Announcements
rPSA-2008-0136-1 cups, rPath Update Announcements
[SECURITY] [DSA 1538-1] New alsaplayer packages fix arbitrary code execution, Devin Carraway
[SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities, Devin Carraway
iDefense Security Advisory 04.03.08: Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities, iDefense Labs
iDefense Security Advisory 04.02.08: Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability, iDefense Labs
ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability, zdi-disclosures
CORE-2008-0314 - Orbit Downloader "Download failed" buffer overflow, CORE Security Technologies Advisories
[security bulletin] HPSBMA02323 SSRT080032 rev.1 - HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection, security-alert
KwsPHP Module ConcoursPhoto XSS, hsx
CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities, Williams, James K
ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability, zdi-disclosures
iDefense Security Advisory 04.02.08: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability, iDefense Labs
CA Alert Notification Server Multiple Vulnerabilities, Williams, James K
ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability, zdi-disclosures
Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron, Tim Brown
ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities, zdi-disclosures
POC2008 call for papers, pocadm
Cisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Recon 2008 CFP last call, early registration open, Recon Conference
[USN-588-2] MySQL regression, Jamie Strandboge
Parallels virtuozzo's VZPP multiple csrf vulnerabilities, poplix
Joomla Component com_lms SQL Injection, no-reply
Vulnerabilities in kses-based HTML filters, lpilorz
[USN-598-1] CUPS vulnerabilities, Jamie Strandboge
Webwasher Denial of Service Vulnerability, security
[ GLSA 200804-02 ] bzip2: Denial of Service, Pierre-Yves Rofes
[SECURITY] [DSA 1537-1] New xpdf packages fix multiple vulnerabilities, Devin Carraway
[ MDVSA-2008:081 ] - Updated CUPS packages fix multiple vulnerabilities, security
Directory traversal in LANDesk Management Suite 8.80.1.1, Luigi Auriemma
ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59, Adam Laurie
HPSBTU02325 SSRT080006 rev.1 - HP Internet Express for Tru64 UNIX running PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of Service (DoS), security-alert
[USN-597-1] OpenSSH vulnerability, Kees Cook
Datalife Engine 6.7 XSRF, irancrash
HPSBMA02317 SSRT080026 rev.1 - HP Select Identity Software, Gain Unauthorized Access, security-alert
Writers Block SQL Injection Vulnerabilities, nebelfrost23
[ GLSA 200804-01 ] CUPS: Multiple vulnerabilities, Robert Buchholz
TCP/IP security vulnerability disclosed, J. Oquendo
[SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities, Devin Carraway
cevado technologies real estate CMS SQL injection, joseph . giron13
Terracotta Personal Edition Multiple vulnerabilities, joseph . giron13
CAU-2008-0001 - Slowly Closing Door Race Condition, I)ruid
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities, Thijs Kinkhorst
EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI), irancrash
iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability, iDefense Labs
Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]", Amit Klein
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities, Moritz Muehlenhoff
Directory traversal in 2X ThinClientServer v5.0_sp1-r3497, Luigi Auriemma
rPSA-2008-0132-1 lighttpd, rPath Update Announcements
[TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption, Tobias Klein
London DEFCON meet - DC4420 - New Venue - Wednesday 2nd April, 2008, Major Malfunction
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit, r57blg
[SECURITY] [DSA 1531-2] New policyd-weight packages fix insecure temporary files, Thijs Kinkhorst
Efestech Video v5,0 (id) Remote Sql Injection, dj_remix_20
Proviso SiteKiosk File Download Vulnerability, nebelfrost23
CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities, hadihadi_zedehal_2006
VMSA-2008-0006 Updated libxml2 service console package, VMware Security team
[ MDVSA-2008:080 ] - Updated Firefox packages fix multiple vulnerabilities, security
Internet explorer 7.0 spoofing, jplopezy
- RE: Internet explorer 7.0 spoofing, Darth Jedi
- <Possible follow-ups>
- Re: Internet explorer 7.0 spoofing, w0lfd33m
  - Re: Internet explorer 7.0 spoofing, mouss
    - Re: Internet explorer 7.0 spoofing, Razi Shaban
- Re: Re: Internet explorer 7.0 spoofing, w0lfd33m
- Re: Re: Re: Internet explorer 7.0 spoofing, jplopezy
- RE: Internet explorer 7.0 spoofing, Mike Diaz
Immunity Debugger 1.5, Nicolas Waisman
[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities, Moritz Muehlenhoff
XChat 2.8.4-1 - Multiple Vulnerabilities, evilcry
- <Possible follow-ups>
- Re: XChat 2.8.4-1 - Multiple Vulnerabilities, fabio
- Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities, omnipresent
CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability, Williams, James K
[security bulletin] HPSBOV02278 SSRT071479 rev.1 - HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access, security-alert
[security bulletin] HPSBGN02319 SSRT080027 rev.1 - HP Compaq Notebook PC BIOS, Local Unauthorized Access, security-alert
[security bulletin] HPSBGN02305 SSRT080004 rev.1 - HP Compaq Business Notebook PC BIOS, Local Denial of Service (DoS), security-alert
Smf 1.1.4 Remote File Inclusion Vulnerabilities, sibertrwolf
- Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, Jindrich Kubec
  - Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, Mike Duncan
- <Possible follow-ups>
- Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, fake
- Re: Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, douchbag
[SECURITY] [DSA 1533-1] New exiftags packages fix several vulnerabilities, Devin Carraway
[ MDVSA-2008:079 ] - Updated sarg packages fix multiple vulnerabilities, security
[SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities, Moritz Muehlenhoff
rPSA-2008-0128-1 firefox, rPath Update Announcements
[SECURITY] [DSA 1531-1] New policyd-weight packages fix insecure temporary files, Thijs Kinkhorst
JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities, r57blg
- Re: JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities, str0ke
[USN-595-1] SDL_image vulnerabilities, Kees Cook
[USN-593-1] Dovecot vulnerabilities, Kees Cook
[securityreason] *BSD libc (strfmon) Multiple vulnerabilities, cxib
- Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities, Christos Zoulas
[USN-596-1] Ruby vulnerabilities, Kees Cook
[ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking, security
TopperMod 2.0 Remote SQL Injection Vulnerability, r57blg
[USN-594-1] libnet-dns-perl vulnerability, Kees Cook
[SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDVSA-2008:077 ] - Updated perl-Tk packages fix GIF processing vulnerability, security
Multiple XSS in DigiDomain, xx_hack_xx_2004
[ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities, security
Multiple vulnerabilities in solidDB 06.00.1018, Luigi Auriemma
Invision Power Board <=2.3.x iFrame Vuln, shaheemirza
ZDI-08-013: Novell eDirectory for Linux Stack Overflow, zdi-disclosures
Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers, Cisco Systems Product Security Incident Response Team
[USN-592-1] Firefox vulnerabilities, Jamie Strandboge
Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS, Cisco Systems Product Security Incident Response Team
php-addressbook v2.0 SQL Injection Vulnerbility, hadihadi_zedehal_2006
Aztech ADSL2/2+ 4 Port remote root, sipherr
[security bulletin] HPSBTU02322 SSRT080011 rev.1 - HP Tru64 UNIX running SSH/SFTP Server, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
Blackboard Academic Suite Multiple XSS Vulnerabilities, knight4vn
phpBB PJIRC mod LFI, 0in . email
CORE-2007-1212: SILC pkcs_decode buffer overflow, Core Security Technologies Advisories
[DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1, Digital Security Research Group
rPSA-2008-0123-1 ruby, rPath Update Announcements
Cuteflow Bin v1.5.0 Local File Inclusion Vuln, r57blg
rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements
e107 My_Gallery Plugin Arbitrary File Download Vulnerability, Jerome Athias
[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities, Noah Meyerhans
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection, arsalan1991
[ GLSA 200803-32 ] Wireshark: Denial of Service, Pierre-Yves Rofes
[USN-590-1] bzip2 vulnerability, Kees Cook
[ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities, Robert Buchholz
[USN-591-1] libicu vulnerabilities, Jamie Strandboge
[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting, Thijs Kinkhorst
HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de), zero-x
Hamachi Password Disclosure Vulnerability, evilcry
- <Possible follow-ups>
- Re: Hamachi Password Disclosure Vulnerability, anonymous
[DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b, Digital Security Research Group
[DSECRG-08-020] RFI-LFI in PowerClan 1.14a, Digital Security Research Group
[DSECRG-08-019] LFI in PowerBook 1.21, Digital Security Research Group
[SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation, Thijs Kinkhorst
ircu/snircd remote crash vulnerability, Chris Porter
EfesTech E-Kontr (id) Remote SQL INJECTION, dj_remix_20
Alkacon OpenCms users_list.jsp searchfilter XSS, nnposter
Linksys phone adapter denial of service, sipherr
- Re: Linksys phone adapter denial of service, J. Oquendo
  - Re: Linksys phone adapter denial of service, orsino
    - Re: Linksys phone adapter denial of service, J. Oquendo
      - Re: Linksys phone adapter denial of service, Michael VERGOZ
- <Possible follow-ups>
- Re: Re: Linksys phone adapter denial of service, sipherr
[ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability, security
F5 BIG-IP Web Management Audit Log XSS, nnposter
Safari browser 3.1 (525.13) spoofing, jplopezy
Google SoC 2008: Security Projects, jkouns
phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities, Guns
hacking the mitsubishi GB-50A, Chris Withers
- RE: hacking the mitsubishi GB-50A, Desai, Ashish
  - RE: hacking the mitsubishi GB-50A, James C. Slora Jr.
    - Re: hacking the mitsubishi GB-50A, Vincent Archer
    - Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A, Joe
  - Re: hacking the mitsubishi GB-50A, Chris Withers
- <Possible follow-ups>
- Re: hacking the mitsubishi GB-50A, Steven M. Christey
  - Re: hacking the mitsubishi GB-50A, Chris Withers
Fedora, Ubuntu publish wrong advisories for CVE-2007-6318, Abel Cheung
rPSA-2008-0118-1 bzip2, rPath Update Announcements
rPSA-2008-0116-1 unzip, rPath Update Announcements
Buffer-overflow in ASUS Remote Console 2.0.0.24, Luigi Auriemma
Safari 3.1 for windows download bug, jplopezy
XSS in cPanel 11.x, xx_hack_xx_2004
- <Possible follow-ups>
- Re: XSS in cPanel 11.x, morin . josh
{securityreason.com}PHP 5 *printf() - Integer Overflow, cxib
webutil.pl is still vulnerable against Remote Command Execution., zero-x
[ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation, security
DotNetNuke Default Machine Key Exposure, labs
[MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling., Minded Security Research Labs
MS08-014, Anonymous
[INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow, infocus
[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling., Minded Security Research Labs
CanSecWest 2008 PWN2OWN - Mar 26-28, Dragos Ruiu
[ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability, security
[USN-589-1] unzip vulnerability, Kees Cook
Multiple heap overflows in xine-lib 1.1.11, Luigi Auriemma
[ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability, security
Note about recently publicized CA BrightStor ActiveX exploit code, Williams, James K
[SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities, Steve Kemp
KAPhotoservice (album.asp) Remote SQL Injection Exploit, sys-project
[USN-588-1] MySQL vulnerabilities, Jamie Strandboge
[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities, Moritz Muehlenhoff
Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability, info
Pizco vulnerable to buffer overflow in activex, david130490
[SECURITY] [DSA 1506-2] New iceape packages fix regression, Moritz Muehlenhoff
[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure, Robert Buchholz
rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements
[ MDVSA-2008:071 ] - Updated Kerberos packages fix multiple vulnerabilities, security
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities, Tobias Heinlein
[ MDVSA-2008:070 ] - Updated Kerberos packages fix multiple vulnerabilities, security
[ MDVSA-2008:069 ] - Updated Kerberos packages fix multiple vulnerabilities, security
[ GLSA 200803-28 ] OpenLDAP: Denial of Service vulnerabilities, Pierre-Yves Rofes
IBM Rational ClearQuest Web Multiple XSS Vulnerabilities, swhite
CS-Cart XSS, swhite
Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?, James Connery
HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access, security-alert
AST-2008-004: Format String Vulnerability in Logger and Manager, Asterisk Security Team
[USN-587-1] Kerberos vulnerabilities, Kees Cook
AST-2008-002: Two buffer overflows in RTP Codec Payload Handling, Asterisk Security Team
[ MDVSA-2008:068 ] - Updated unzip packages vulnerability, security
AST-2008-003: Unauthenticated calls allowed from SIP channel driver, Asterisk Security Team
Mambo/joomla com_intellect "page" LFI [Aria-Security], no-reply
phpBB 2.0.23 Session Hijacking Vulnerability, nbbn@xxxxxxx
AST-2008-005: HTTP Manager ID is predictable, Asterisk Security Team
[ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities, Pierre-Yves Rofes
[ MDVSA-2008:067 ] - Updated nagios packages fix multiple vulnerabilities, security
iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability, iDefense Labs
[SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities, Noah Meyerhans
CORE-2008-0123: Leopard Server Remote Path Traversal, Core Security Technologies Advisories
MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject), raeburn
MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc, raeburn
- <Possible follow-ups>
- MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc, raeburn
Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit, info
[ GLSA 200803-26 ] Adobe Acrobat Reader: Insecure temporary file creation, Robert Buchholz
[ GLSA 200803-24 ] PCRE: Buffer overflow, Tobias Heinlein
cPanel 11.x => List Directories and Folders, xx_hack_xx_2004
[security bulletin] HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-014 to MS08-017, security-alert
Internet Explorer 7.0 crash, jplopezy
[ GLSA 200803-25 ] Dovecot: Multiple vulnerabilities, Robert Buchholz
VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues, VMware Security team
eForum 0.4 XSS, omnipresent
[SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting, Florian Weimer
[SECURITY] [DSA 1522-1] New unzip packages fix potential code execution, Florian Weimer
Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125, Hanno Böck
[SECURITY] [DSA 1485-2] New icedove packages fix regression, Moritz Muehlenhoff
Agile Hacking, Petko D. Petkov
Home FTP Server DoS, 0in . email
Buffer-overflow in BootManage TFTPD 1.99, Luigi Auriemma
Multiple vulnerabilities in Net Inspector 6.5.0.828, Luigi Auriemma
VLC highlander bug, Luigi Auriemma
Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), greentea-lemon
[SECURITY] [DSA 1493-2] New sdl-image1.2 packages fix arbitrary code execution, Thijs Kinkhorst
raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition), Collin R. Mulliner
Security Advisory on RSA Web ID (XSS), quentin . berdugo
Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities, sys-project
EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities, sys-project
vuln in snewscms Rus v 2.3, www . yo . by
[SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure, Steve Kemp
[ GLSA 200803-23 ] Website META Language: Insecure temporary file usage, Pierre-Yves Rofes
[SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution, Thijs Kinkhorst
Joomla components com_guide "category" Remote SQL Injection [Aria-Security], no-reply
[SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure, Thijs Kinkhorst
[SECURITY] [DSA 1518-1] New backup-manager packages fix information disclosure, Thijs Kinkhorst
[SECURITY] [DSA 1517-1] New ldapscripts packages fix information disclosure, Thijs Kinkhorst
XNview 1.92.1 Long Filename Overflow, Sylvain
Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc
- <Possible follow-ups>
- Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, david130490
- Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc
- Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc
[USN-586-1] mailman vulnerability, Kees Cook
Troopers08 Security Conference, April 23/24 (Munich/Germany), Enno Rey
- <Possible follow-ups>
- Troopers08 Security Conference, April 23/24 (Munich/Germany), Enno Rey
[SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation, Florian Weimer
Local persistent DoS in Windows XP SP2 Taskmgr, SkyOut
- Re: Local persistent DoS in Windows XP SP2 Taskmgr, paraw
- RE: Local persistent DoS in Windows XP SP2 Taskmgr, Thor (Hammer of God)
Black Hat Announcements: New CFP system and Japan '08 confirmed, jmoss
EasyGallery <= 5.0tr - Multiple Remote Vulnerabilities, sys-project
Airspan WiMAX ProST Authentication Bypass Vulnerability, admin
[ GLSA 200803-22 ] LIVE555 Media Server: Denial of Service, Pierre-Yves Rofes
Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability, zdi-disclosures
ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability, zdi-disclosures
[ MDVSA-2008:066 ] - Updated gcc packages fix directory traversal vulnerability in fastjar, security
Office XP Remote SQL Injection, no-reply
- Re: Office XP Remote SQL Injection, Steve Shockley
PR08-02: Plone CMS Security Research - the Art of Plowning, ProCheckUp Research
Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability, kralor
Rise of the spammers, vulns
Zabbix (zabbix_agentd) denial of service, Milen Rangelov
Directory traversal in EdiorCMS V3.0, wsn1983
XSS in PHP-Nuke (eWeather module), nima_501
rPSA-2008-0108-1 dovecot, rPath Update Announcements
Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), Luigi Auriemma
- <Possible follow-ups>
- Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), neodwija
[ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code, Raphael Marichez
rPSA-2008-0106-1 lighttpd, rPath Update Announcements
Powered by phpBB 2001, 2006 (SQL), turkish-warriorr
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow, zdi-disclosures
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow, zdi-disclosures
Cisco ACS UCP Remote Pre-Authentication Buffer Overflows, Felix 'FX' Lindner
hacking a pacemaker, Gadi Evron
Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities, Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection, iDefense Labs
iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability, iDefense Labs
travelsized cms 0.4.1 multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab
[SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities, Florian Weimer
uberghey cms 0.3.1 multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab
iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability, iDefense Labs
TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability, DVLabs
[ GLSA 200803-20 ] International Components for Unicode: Multiple vulnerabilities, Pierre-Yves Rofes
PHP-Nuke Module ZClassifieds [cat] SQL Injection, lovebug
[ GLSA 200803-19 ] Apache: Multiple vulnerabilities, Pierre-Yves Rofes
Advisory Adobe LiveCycle Workflow XSS Vulnerability, Liquidmatrix Security Digest
ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability, zdi-disclosures
CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection, Core Security Technologies Advisories
ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1), ACROS Security
ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2), ACROS Security
Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer, patrick
[USN-585-1] Python vulnerabilities, Kees Cook
PHP-Nuke Module NukeC30 sql injection, houssamix
- <Possible follow-ups>
- Re: PHP-Nuke Module NukeC30 sql injection, my_msn_my_msn_my
[security bulletin] HPSBUX02313 SSRT080015 rev.2 - HP-UX Running Apache, Remote Cross Site Scripting (XSS), security-alert
Mambo Components ensenanzas "id" Remote SQL Injection, no-reply
Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5, titon
- Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5, Luigi Auriemma
Advisory: SQL-Injections in Mapbender, RedTeam Pentesting GmbH
[security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code, security-alert
[ GLSA 200803-18 ] Cacti: Multiple vulnerabilities, Pierre-Yves Rofes
Directory traversal in Argon Client Management Services 1.31, Luigi Auriemma
NULL pointer in Acronis True Image Windows Agent 1.0.0.54, Luigi Auriemma
Invalid memory access in Acronis True Image Group Server 1.5.19.191, Luigi Auriemma
iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability, iDefense Labs
Multiple vulnerabilities in ASG-Sentry 7.0.0, Luigi Auriemma
Vulnerabilities in Timbuktu Pro 8.6.5, Luigi Auriemma
iDefense Security Advisory 03.10.08: SAP MaxDB Signedness Error Heap Corruption Vulnerability, iDefense Labs
Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076, Luigi Auriemma
NULL pointer in Remotely Anywhere 8.0.668, Luigi Auriemma
[ GLSA 200803-17 ] PDFlib: Multiple buffer overflows, Pierre-Yves Rofes
Denial of Service in PacketTrap TFTP server 2.0.3901.0, Luigi Auriemma
[ GLSA 200803-16 ] MPlayer: Multiple buffer overflows, Pierre-Yves Rofes
Summer Camp 2008 - La Garrotxa, Gerardo García Peña
Firebird remote BOF POC, underwater
PHP-Nuke SQL injection Module "Hadith" [cat], lovebug
VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, gmdarkfig
- Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, Maximiliano Müller
- <Possible follow-ups>
- Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, app
- Re: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, sad_wabi_user
[ MDVSA-2008:065 ] - Updated pulseaudio packages fix denial of service vulnerabilities, security
[security bulletin] HPSBUX02306 SSRT071463 rev.2 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS), security-alert
[ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability, Pierre-Yves Rofes
[SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities, Moritz Muehlenhoff
WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability, nbbn
[TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability, Tobias Klein
Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure, nnposter
F5 BIG-IP Web Management Console XSS, nnposter
[ GLSA 200803-14 ] Ghostscript: Buffer overflow, Pierre-Yves Rofes
[ GLSA 200803-13 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes
XSS in Neptune Web Server, nima_501
[ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling, security
rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11, rPath Update Announcements
Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13, Luigi Auriemma
PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding, r080cy90r
RE: [Full-disclosure] Firewire Attack on Windows Vista, Glenn.Everhart
- Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
[ MDVSA-2008:063 ] - Updated Evolution packages fix critical vulnerability, security
Horde Webmail file inclusion proof of concept & patch., ppelanne
- Re: Horde Webmail file inclusion proof of concept & patch., Ben Klang
  - Re: Horde Webmail file inclusion proof of concept & patch., David Morton
[ MDVSA-2008:062 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
WordPress Multiple Cross-Site Scripting Vulnerabilities, DoZ
[USN-582-2] Thunderbird vulnerabilities, Jamie Strandboge
[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure, Steve Kemp
[ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities, security
Directory traversal in MicroWorld eScan Server 9.0.742.98, Luigi Auriemma
Checkpoint VPN-1 UTM Edge cross-site scripting, Henri Lindberg - Smilehouse Oy
PHP-Nuke KutubiSitte "kid" SQL Injection, lovebug
Sun JDK image parsing vulnerabilities, Chris Evans
[SECURITY] [DSA 1503-2] New Linux kernel 2.4.27 packages fix several issues, dann frazier
[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability, Alexandr Polyakov
- Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability, H D Moore
[ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation, Pierre-Yves Rofes
[USN-584-1] OpenLDAP vulnerabilities, Jamie Strandboge
[ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities, security
[ GLSA 200803-12 ] Evolution: Format string vulnerability, Pierre-Yves Rofes
[USN-583-1] Evolution vulnerability, Kees Cook
[ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities, security
[ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability, security
[ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities, Pierre-Yves Rofes
ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities, Robert Buchholz
Multiple vulnerabilities in Perforce Server 2007.3/143793, Luigi Auriemma
Firewire Attack on Windows Vista, Bernhard Mueller
- Re: Firewire Attack on Windows Vista, Thierry Zoller
- RE: Firewire Attack on Windows Vista, Roger A. Grimes
  - Re: Firewire Attack on Windows Vista, Peter Watkins
    - RE: Firewire Attack on Windows Vista, Larry Seltzer
      - Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God)
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God)
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God)
        
        Message not available
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Jacob Appelbaum
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Jacob Appelbaum
        
        Re: Firewire Attack on Windows Vista, Stefan Kanthak
        
        RE: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Stefan Kanthak
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, Ansgar -59cobalt- Wiechers
        
        Re: Firewire Attack on Windows Vista, Steve Shockley
        
        Re: Firewire Attack on Windows Vista, Stefan Kanthak
        
        Re: [Full-disclosure] Firewire Attack on Windows Vista, FD
      - RE: Firewire Attack on Windows Vista, Thor (Hammer of God)
  - Re: Firewire Attack on Windows Vista, Daniel O'Connor
  - Re: Firewire Attack on Windows Vista, Tonnerre Lombard
  - RE: Firewire Attack on Windows Vista, bzhbfzj3001
    - Re: Firewire Attack on Windows Vista, Tonnerre Lombard
      - Re: Firewire Attack on Windows Vista, Nathanael Hoyle
[SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution, Thijs Kinkhorst
Arbitrary commands execution in Versant Object Database 7.0.1.3, Luigi Auriemma
CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK, Core Security Technologies Advisories
Dovecot mail_extra_groups setting is often used insecurely, Timo Sirainen
[ GLSA 200803-09 ] Opera: Multiple vulnerabilities, Pierre-Yves Rofes
Minigal 2 critical XSS, jose
[ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities, Pierre-Yves Rofes
SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit, nyubicrew
PHP-Nuke Module "seminar" Local FIle Inclusion, no-reply
PHP-Nuke Module eGallery "pid" Remote SQL Injection, no-reply
[ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities, security
VMSA-2008-0004 Low: Updated e2fsprogs service console package, VMware Security team
Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities, Seth Fogie
[ GLSA 200803-04 ] Mantis: Cross-Site Scripting, Pierre-Yves Rofes
[SECURITY] [DSA 1511-1] New libicu packages fix multiple problems, Steve Kemp
[ GLSA 200803-07 ] Paramiko: Information disclosure, Pierre-Yves Rofes
[ GLSA 200803-06 ] SWORD: Shell command injection, Pierre-Yves Rofes
[ GLSA 200803-05 ] SplitVT: Privilege escalation, Pierre-Yves Rofes
DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability, vulnerabilityresearch
LayerOne 2008 Update, Layer One
Cross-site Scripting and CSRF in TorrentTrader Classic v1.08, Valery Marchuk
Multiple integer overflows in Borland StarTeam server 10.0.0.57, Luigi Auriemma
DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability, vulnerabilityresearch
CSRF in joomla 1.0.11 stable version, vivek_infosec
- <Possible follow-ups>
- Re: CSRF in joomla 1.0.11 stable version, zinho
[DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities, Digital Security Research Group
Recon 2008 - Call For Paper, Recon
[ GLSA 200803-03 ] Audacity: Insecure temporary file creation, Pierre-Yves Rofes
Squid Analysis Report Generator <= 2.2.3.1 buffer overflow, L4teral
[ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities, Pierre-Yves Rofes
XSS in XP Book version 3.0, xx_hack_xx_2004
kcwiki 1.0 multiple remote file inclusion vulnerabilities., muuratsalo experimental hack lab
[ GLSA 200803-02 ] Firebird: Multiple vulnerabilities, Pierre-Yves Rofes
Dynamic photo gallery V1.02 SQL Injection, no-reply
The Router Hacking Challenge is Over!, Petko D. Petkov
Livebox Router vulnerability to REMOTE BUFFER OVERFLOW DoS (FTPD)_, 0in . email
PHP-Nuke Copyright 2005 SQL, turkish-warriorr
h2desk helpdesk path disclosure vulnerability, joseph . giron13
- <Possible follow-ups>
- Re: h2desk helpdesk path disclosure vulnerability, john
Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability, sys-project
Mambo com_Musica "id" Remote SQL Injection, no-reply
[ MDVSA-2008:056 ] - Updated gnumeric packages fix vulnerability, security
[USN-582-1] Thunderbird vulnerabilities, Jamie Strandboge
rPSA-2008-0094-1 kernel, rPath Update Announcements
rPSA-2008-0093-1 thunderbird, rPath Update Announcements
Release: Pass-The-Hash toolkit v1.3, Hernan Ochoa
rPSA-2008-0092-1 tshark wireshark, rPath Update Announcements
rPSA-2008-0091-1 cups, rPath Update Announcements
netOffice Dwins 1.3 Remote code execution., db
- <Possible follow-ups>
- Re: netOffice Dwins 1.3 Remote code execution., luiswang
Centreon <= 1.4.2.3 (index.php) Remote File Disclosure, sys-project
Ghostscript buffer overflow, Chris Evans
[ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability, security
PHPMyTourney Remote file include Vulnerability, security
Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials, brad . antoniewicz
[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability, security
Loginwindow.app and Mac OS X, Jacob Appelbaum
- Re: Loginwindow.app and Mac OS X, oc photon
  - Re: Loginwindow.app and Mac OS X, Jacob Appelbaum
    - Re: Loginwindow.app and Mac OS X, Matt Johnston
rPSA-2008-0082-1 espgs, rPath Update Announcements
rPSA-2008-0088-1 am-utils, rPath Update Announcements
rPSA-2008-0086-1 pcre, rPath Update Announcements
rPSA-2008-0084-1 lighttpd, rPath Update Announcements
XSS on XRMS- open source CRM, vijayv
PR07-41: XSS on Juniper Networks Secure Access 2000, ProCheckUp Research
PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000, ProCheckUp Research
PHP-Nuke My_eGallery "gid" Remote SQL Injection, no-reply
123 Flash Chat Module for phpBB, f10
- <Possible follow-ups>
- Re: 123 Flash Chat Module for phpBB, f10
Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385), Daniel Roethlisberger
security and aluminum foil hats, Pete Herzog
[ MDVSA-2008:053 ] - Updated pcre packages fix vulnerability, security
CORE-2008-0130: VLC media player chunk context validation error, Core Security Technologies Advisories
[ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities, security
Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products, Luigi Auriemma
- <Possible follow-ups>
- RE: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products, Raymond_Villafania
CFP - ekoparty 4th edition, ekoparty
iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability, iDefense Labs
[SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution, Thijs Kinkhorst
iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability, iDefense Labs
[ MDVSA-2008:051 ] - Updated cups packages fix vulnerabilities, security
[ GLSA 200802-11 ] Asterisk: Multiple vulnerabilities, Pierre-Yves Rofes
[ GLSA 200802-12 ] xine-lib: User-assisted execution of arbitrary code, Robert Buchholz
[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities, security
SandMan 1.0.080226 is out!, Matthieu Suiche
Bypassing OfficeScan Trend Micro AV, Danux
[SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities, Noah Meyerhans
php-nuke sql injection reportaj [secid], lovebug
Nortel IP Phone DoS, sipherr
- <Possible follow-ups>
- Re: Nortel IP Phone DoS, amarkov
- Re: Re: Nortel IP Phone DoS, sipherr
NULL pointer in SurgeFTP 2.3a2, Luigi Auriemma
Format string and buffer-overflow in SurgeMail 38k4, Luigi Auriemma
[SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution, Thijs Kinkhorst
Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection, No-Reply
Powered by Pagetool Ver (1.04-05-06-07), turkish-warrorr
- Re: Powered by Pagetool Ver (1.04-05-06-07), packet
Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities, nbbn
CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation, Core Security Technologies Advisories
[ GLSA 200802-10 ] Python: PCRE Integer overflow, Robert Buchholz
Packeteer Products File Listing XSS, nnposter
Php Nuke "Sell" module SQL Injection ("cid"), no-reply
[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities, Moritz Muehlenhoff
[SECURITY] [DSA 1507-1] New turba2 packages fix permission testing, Steve Kemp
S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server, S21sec labs
Alkacon OpenCms tree_files.jsp resource XSS, nnposter
Pigyard Art Gallery Multiple SQL Injection, No-Reply
Softbiz jokes and funny pictures (index.php) sql injection, Hamza Almersoumi
Joomla com_inter "id" Remote SQL Injection, no-reply
Joomla Com_blog "pid" Remote SQL Injection, no-reply
joomla com_simpleshop SQL Injection(section) #, hackturkiye . hackturkiye
joomla com_wines SQL Injection(id), hackturkiye . hackturkiye
joomla com_garyscookbook SQL Injection(id), hackturkiye . hackturkiye
Joomla com_stat "id" Remote SQL Injection, no-reply
[ MDVSA-2008:049 ] - Updated nss_ldap package fixes race condition allowing user data theft, security
phpechocms v 2.0 rc3 RFI, beenudel1986
php-nuke Quran SQL Injection(surano), hackturkiye . hackturkiye
CastleCops Six Years Old, Paul Laudanski
aura cms lihatberita SQL Injection(id), hackturkiye . hackturkiye
[ MDVSA-2008:048 ] - Updated Firefox packages fix multiple vulnerabilities, security
php nuke gallery SQL Injection(aid), hackturkiye . hackturkiye
php-nuke Kuran SQL Injection(surano), hackturkiye . hackturkiye
php-nuke Recipes SQL Injection(recipeid), hackturkiye . hackturkiye
php nuke Sections SQL Injection(print), hackturkiye . hackturkiye
joomla com_hello_world SQL Injection(id), hackturkiye . hackturkiye
joomla com_product SQL Injection(catid), hackturkiye . hackturkiye
[Aria-Security.Net] BestWebApp Dating System SQL Injection, no-reply
[SECURITY] [DSA 1505-1] New alsa-driver packages fix kernel memory leak, dann frazier
[SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues, dann frazier
Multiple vulnerabilities in Double-Take 5.0.0.2865, Luigi Auriemma
- Message not available
  - Re: Multiple vulnerabilities in Double-Take 5.0.0.2865, Steve Shockley
[SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues, dann frazier
[security bulletin] HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert
Tool release: extract Windows credentials from registry hives, Brendan Dolan-Gavitt
IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter), goldshlager19
[USN-581-1] PCRE vulnerability, Kees Cook
[SECURITY] [DSA 1502-1] New wordpress packages fix multiple vulnerabilities, Noah Meyerhans
EDLGraph 1.0, subere
Certification for Web Application Security Professionals, Anurag Agarwal
CanSecWest 2008 Mar 26-28, Dragos Ruiu
Cold Boot Attacks on Disk Encryption, Jacob Appelbaum
[ GLSA 200802-09 ] ClamAV: Multiple vulnerabilities, Pierre-Yves Rofes
[SECURITY] [DSA 1501-1] New dspam packages fix information disclosure, Thijs Kinkhorst
Academic Computer Security Conference, Jon R. Kibler
[SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation, Steve Kemp
joomla SQL Injection(com_cms), hackturkiye . hackturkiye
XOOPS Module prayerlist SQL Injection(cid), hackturkiye . hackturkiye
aeries browser interface(ABI) 3.8.2.8 Remote SQL Injection, admin
VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates, VMware Security team
joomla SQL Injection(com_most)secid, hackturkiye . hackturkiye
joomla SQL Injection(com_mygallery), hackturkiye . hackturkiye
PHP-Nuke Module Downloads SQL Injection(sid), hackturkiye . hackturkiye
PHP-Nuke genaral print SQL Injection(id), hackturkiye . hackturkiye
PHP-Nuke Module Dossiers Injection(did), hackturkiye . hackturkiye
Announce: RFIDIOt credit card sub-module: ChAP.py, Adam Laurie
SQL-injection, XSS in OSSIM (Open Source Security Information Management), marcin . kopec
- Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management), Dominique Karg
- <Possible follow-ups>
- Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management), dcid
PHP-Nuke Siir SQL Injection(id), hackturkiye . hackturkiye
XOOPS Module tinyevent-print SQL Injection(id), hackturkiye . hackturkiye
joomla SQL Injection(com_idvnews), hackturkiye . hackturkiye
PHP-Nuke Module BenchmarkNewsInjection(sid), hackturkiye . hackturkiye
joomla SQL Injection(com_joomlavvz), hackturkiye . hackturkiye
CFP: Workshop on Open Source Software for Computer and Network Forensics, Stefano Zanero
- <Possible follow-ups>
- CFP: Workshop on Open Source Software for Computer and Network Forensics, Stefano Zanero
joomla SQL Injection(com_referenzen), hackturkiye . hackturkiye
[USN-580-1] libcdio vulnerability, Jamie Strandboge
PHP-Nuke Module Classifieds SQL Injection(Details), hackturkiye . hackturkiye
iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability, iDefense Labs
ZyXEL Gateways Vulnerability Research: http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf, ProCheckUp Research
aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection, admin
joomla SQL Injection(com_asortyment)katid, hackturkiye . hackturkiye
- <Possible follow-ups>
- joomla SQL Injection(com_asortyment)katid, hackturkiye . hackturkiye
[ MDVSA-2008:046-1 ] - Updated xine-lib package fixes arbitrary code execution vulnerability, security
aeries browser interface(ABI) 3.8.2.8 XSS, admin
[security bulletin] HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013, security-alert

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]