Bugtraq

Date Index

[Prev Page][Next Page]

Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, (continued)
- Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, dkirker
- Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, agonline . dummy
- Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, chgsupra1
  - RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
    - RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, McCarty, Eric C.
      - RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
- Re: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, chgsupra1
[ GLSA 200702-04 ] RAR, UnRAR: Buffer overflow, Raphael Marichez
MS Interactive Training .cbo Overflow, Brett Moore
RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?, Peter Ferrie
[ GLSA 200702-03 ] Snort: Denial of Service, Raphael Marichez
[ GLSA 200702-02 ] ProFTPD: Local privilege escalation, Raphael Marichez
iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability, iDefense Labs NO-REPLY
[ GLSA 200702-01 ] Samba: Multiple vulnerabilities, Raphael Marichez
Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ., ShaFuq31
UPDATE: [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez
Cisco Security Advisory: Multiple IOS IPS Vulnerabilities, Cisco Systems Product Security Incident Response Team
TSLSA-2007-0007 - multi, Trustix Security Advisor
NDSS: Network and Distributed Systems Security, Crispin Cowan
[ MDKSA-2007:042 ] - Updated smb4k packages fix numerous vulnerabilities, security
Aruba Mobility Controller Management Buffer Overflow, security
Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account, security
Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Thierry Zoller
- RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Michael Wojcik
  - Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Casper . Dik
  - RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron
    - Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Joep Vesseur
      - Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron
    - Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability -, Darren Reed
Inertia News Remote File İnclude, crazy_king
PHP 5.2.1 crash bug, squeeky . mouse
XSS in eWay, bl4ck
SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)., 3APA3A
- Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)., William A. Rowe, Jr.
XSS in lighttpd, bl4ck
- RE: XSS in lighttpd, Bart Seresia
XSS in communityserver !, bl4ck
Solaris telnet vulnberability - how many on your network?, Gadi Evron
- Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Vincent Archer
  - Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Huzeyfe Onal
    - Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, armin walland
- RE: Solaris telnet vulnberability - how many on your network?, Oliver Friedrichs
  - RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
    - RE: Solaris telnet vulnberability - how many on your network?, Oliver Friedrichs
      - RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
    - RE: Solaris telnet vulnberability - how many on your network?, Michal Zalewski
      - Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
        
        Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
        
        Re: Solaris telnet vulnberability - how many on your network?, Damien Miller
        
        Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
        
        Re[2]: Solaris telnet vulnberability - how many on your network?, Thierry Zoller
        
        RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
        
        RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Gadi Evron
        
        Re: Re[2]: Solaris telnet vulnberability - how many on your network?, Darren Reed
        
        RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Evans, Thomas
        
        Reflections on Trusting Trust [was: Re: Solaris telnet ...], Gadi Evron
    - Re: Solaris telnet vulnberability - how many on your network?, georg . oppenberg
  - Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
    - Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      - Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
        
        Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
        
        Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
        
        Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
        
        Re: Solaris telnet vulnberability - how many on your network?, Joe Shamblin
        
        Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
        
        RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?, David Taylor
        
        Re: Solaris telnet vulnberability - how many on your network?, Darren Reed
- Re: Solaris telnet vulnberability - how many on your network?, Leandro Gelasi
- <Possible follow-ups>
- Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
- Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
  - RE: Re: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
  - Re: Re: Solaris telnet vulnberability - how many on your network?, jf
    - Re: Re: Solaris telnet vulnberability - how many on your network?, Hugo van der Kooij
- RE: Re: Re: Solaris telnet vulnberability - how many on your network?, jf
- Re: RE: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
- Re: Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
  - Re: Re: Re: Solaris telnet vulnberability - how many on your network?, jf
    - Re: Solaris telnet vulnberability - how many on your network?, Anthony R. Nemmer
      - Re: Solaris telnet vulnberability - how many on your network?, greimer
        
        Re: Solaris telnet vulnberability - how many on your network?, Darren Reed
        
        Re: Solaris telnet vulnberability - how many on your network?, Nate Eldredge
        
        RE: Solaris telnet vulnberability - how many on your network?, Michael Wojcik
        
        RE: Solaris telnet vulnberability - how many on your network?, Nate Eldredge
        
        Re: Solaris telnet vulnberability - how many on your network?, Edsel Adap
        
        Re: Solaris telnet vulnberability - how many on your network?, Cromar Scott
  - Re: Re: Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
- Re: RE: Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
- Re: Solaris telnet vulnberability - how many on your network?, Brandon Butterworth
- Re: Solaris telnet vulnberability - how many on your network?, Marco Ivaldi
  - Re[2]: Solaris telnet vulnberability - how many on your network?, Thierry Zoller
    - RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
- Re[2]: Solaris telnet vulnberability - how many on your network?, Steven M. Christey
XSS in JBoss Portal, bl4ck
Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
- Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
  - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
  - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Paul Szabo
    - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      - Re: Firefox focus stealing vulnerability (possibly other browsers), Claus Färber
        
        Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
        
        Re: Firefox focus stealing vulnerability (possibly other browsers), Andreas Beck
        
        Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
- Firefox/MSIE focus stealing vulnerability - clarification, Michal Zalewski
- Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
  - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
    - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      - Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
- Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
  - Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
    - Message not available
      - Message not available
        
        Message not available
        
        Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability, me you
Port randomization paper, Fernando Gont
Windows logoff bug solution possibly., Rage Coder
Oreon1.2.x Series Exploit Coded, hotturk
[USN-417-3] PostgreSQL regression, Martin Pitt
Radical Technologies - Portal Search- multiple XSS issue, claxus
Miniwebsvr 0.0.6 - Directory traversal, Daniel Nyström
Jportal 2.3.1 CSRF vulnerability, dzitu
DotClear Full Path Disclosure Vulnerability, raphael . huck
- Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
  - Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
    - Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
      - Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
        
        Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
        
        Re: DotClear Full Path Disclosure Vulnerability, Gmail account
        
        Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
        
        Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
Web Server Botnets and Server Farms as Attack Platforms, Gadi Evron
- Re: Web Server Botnets and Server Farms as Attack Platforms, Anders Henke
- <Possible follow-ups>
- Re: Web Server Botnets and Server Farms as Attack Platforms, Steven M. Christey
- Re: Web Server Botnets and Server Farms as Attack Platforms, Tom
[OpenPKG-SA-2007.009] OpenPKG Security Advisory (twiki), OpenPKG GmbH
Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6, Sebastian Wolfgarten
Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb), Sebastian Wolfgarten
KvGuestbook Remote Add Admin Exploit, crazy_king
Multiple vulnerabilities in phpMyVisites, Nicob
MediaWiki Full Path Disclosure Vulnerability, raphael . huck
phpPolls 1.0.3 (acces to sensitive file), sn0oPy . team
[XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel, Andrea Purificato - bunker
- Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel, Andrea Purificato - bunker
nabopoll 1.1.2 sensitive file (admin without password), sn0oPy . team
Allons_voter Version 1.0 xss and admin votes, sn0oPy . team
mcRefer SQL injection, sn0oPy . team
- <Possible follow-ups>
- Re: mcRefer SQL injection, gmdarkfig
[USN-421-1] MoinMoin vulnerability, Kees Cook
rPSA-2007-0031-1 kernel, rPath Update Announcements
rPSA-2006-0233-1 dbus dbus-glib dbus-qt dbus-x11, rPath Update Announcements
[ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability, security
FreeBSD Security Advisory FreeBSD-SA-07:02.bind, FreeBSD Security Advisories
XSS in Rainbow with Rainbow.Zen, bl4ck
Every MS Exploit, layne
local bug :[xxs] in whm, ali
- <Possible follow-ups>
- Re: local bug :[xxs] in whm, anon . e . mouse
Call for Papers: IT-Incident Management and IT-Forensics 2007, Oliver Goebel
Capital Request Forms Db Username and Password Vulnerabilities, gokhankaya
Ovidentia Exploit Codeds, hotturk
Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, clappymonkey
- Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
  - RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, McCarty, Eric C.
    - Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, Nicolas RUFF
PAKCON III: Call for Papers [cfp], Ayaz Ahmed Khan
[Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities., Reversemode
eXtreme File Hosting remote file upload vulnerability, hamed . bazargani
[ MDKSA-2007:037-1 ] - Updated postgresql packages address multiple vulnerabilities, security
rPSA-2007-0029-1 ImageMagick, rPath Update Announcements
rPSA-2007-0028-1 gd, rPath Update Announcements
ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability, zdi-disclosures
TFTP directory traversal in Kiwi CatTools, Nicob
- <Possible follow-ups>
- Re: TFTP directory traversal in Kiwi CatTools, support
Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details), Nicob
[security bulletin] HPSBMA02190 SSRT071300 rev.1 - HP OpenView Storage Data Protector, Local Execution of Arbitrary Code, security-alert
[security bulletin] HPSBGN02187 SSRT061280 rev.1 - Mercury LoadRunner, Performance Center, Monitor over Firewall, Remote Unauthenticated Arbitrary Code Execution, security-alert
rPSA-2007-0025-2 postgresql postgresql-server, rPath Update Announcements
remote file include in whm (all version), ali
- Re: remote file include in whm (all version), Mailinglists Address
Ability to inject and execute any code as root in SysCP, flo
[ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs, security
iDefense Security Advisory 02.07.07: Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 02.07.07: RARLabs Unrar Password Prompt Buffer Overflow Vulnerability, iDefense Labs
[ MDKSA-2007:040 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
iDefense Security Advisory 02.07.07: Trend Micro TmComm Local Privilege Escalation Vulnerability, iDefense Labs
XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln., gokhankaya
rPSA-2007-0026-1 samba samba-swat, rPath Update Announcements
[SECURITY] [DSA 1258-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
[ MDKSA-2007:038 ] - Updated php packages to address multiple issues, security
[ MDKSA-2007:037 ] - Updated postgresql packages address multiple vulnerabilities, security
[ MDKSA-2007:036 ] - Updated libwmf packages fix embedded gd DoS vulnerability., security
[ MDKSA-2007:035 ] - Updated gd packages fix DoS vulnerability., security
Medium level security hole in FreeProxy, Tim Brown
MySQLNewsEngine (affichearticles.php3) Remote File Inc. Vuln., gokhankaya
[USN-417-2] PostgreSQL 8.1 regression, Martin Pitt
VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability, DoZ
- <Possible follow-ups>
- Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability, kier
[USN-419-1] Samba vulnerabilities, Kees Cook
[USN-420-1] KDE library vulnerability, Kees Cook
[security bulletin] HPSBUX02181 SSRT061289 rev.2 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS), security-alert
rPSA-2007-0025-1 postgresql postgresql-server, rPath Update Announcements
PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Andrea "bunker" Purificato
- Re: [Full-disclosure] PS Information Leak on HP Tru64 Alpha OSF1 v5.1 1885, Andrea "bunker" Purificato
- Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Ivan Jager
  - Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Andrea Purificato - bunker
[USN-418-1] Bind vulnerabilities, Kees Cook
Unofficial SQL-Ledger patch for CVE-2007-0667, Chris Travers
Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass., Kanedaaa Bohater
Sql injection bugs in Joomla and Mambo, Omid
Sql injection bugs in Virtuemart and Letterman, Omid
Firefox + popup blocker + XMLHttpRequest + srand() = oops, Michal Zalewski
- Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops, pdp (architect)
  - Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops, Michal Zalewski
iDefense Security Advisory 02.02.07: Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability, iDefense Labs
[USN-417-1] PostgreSQL vulnerabilities, Martin Pitt
Uphotogallery Multiple Cross-Site Scripting Vulnerability, DoZ
[ MDKSA-2007:034 ] - Updated samba packages address multiple vulnerabilities, security
Mina Ajans Script Remote File Inclusion Vuln., canberx
rPSA-2007-0023-1 tshark wireshark, rPath Update Announcements
Les News v2.2 [Admin news without password], sn0oPy . team
[SECURITY] [DSA 1257-1] New samba packages fix several vulnerabilities, Moritz Muehlenhoff
Sql injection bugs in PHP-Nuke, Omid
[SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin, Gerald (Jerry) Carter
Cold Fusion Web Server XSS 0 day, digi7al64
dvddb-0.6 media remote file include vuln., gokhankaya
[SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris, Gerald (Jerry) Carter
[SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d, Gerald (Jerry) Carter
TSLSA-2007-0005 - multi, Trustix Security Advisor
Jetty Session ID Prediction, NGSSoftware Insight Security Research
- Re: Jetty Session ID Prediction, Amit Klein
- Re: Jetty Session ID Prediction, Michal Zalewski
  - Re: Jetty Session ID Prediction, Amit Klein
    - Re: Jetty Session ID Prediction, Michal Zalewski
- <Possible follow-ups>
- Re: Jetty Session ID Prediction, Chris Anley
  - Re: Jetty Session ID Prediction, Amit Klein
    - Re: Jetty Session ID Prediction, Chris Anley
  - Re: Jetty Session ID Prediction, Michal Zalewski
flashChat 4.7.8 Cross Site Scripting Vulnerability, binaryloc
Wap Portal Serve 1.* <= Remote File Inclusion, stormhacker
dvddb-0.6 media sql-inj. vuln., gokhankaya
- Re: dvddb-0.6 media sql-inj. vuln., str0ke
- <Possible follow-ups>
- Re: dvddb-0.6 media sql-inj. vuln., james
Sql injection bugs in Xoops 2.0.16 + Weblinks module, Omid
Adrenalin's ASP Chat XSS, sn0oPy . team
MysearchEngine XSS, sn0oPy . team
Vmare workstation guest isolation weaknesses (clipboard transfer), EitanCaspi@xxxxxxxxx
Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest, Michal Zalewski
- Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest, Amit Klein
Ublog Reload Admin Panel Multiple HTML Injections, DoZ
[ MDKSA-2007:033 ] - Updated wireshark packages fix multiple vulnerabilities, security
Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3, mkanat
[ MDKSA-2007:032 ] - Updated mpg123 packages fix DoS vulnerability., security
[ MDKSA-2007:031 ] - Updated kdelibs packages fix KHTML vulnerability, security
Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, Steven M. Christey
- Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, 3APA3A
- <Possible follow-ups>
- Re: Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, michal . bucko
- Re: Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, ismaelalfaro
Chicken of the VNC 2.0 remote DoS, poplix
- <Possible follow-ups>
- Re: Chicken of the VNC 2.0 remote DoS, support
Phishing Evolution Report Released, Carl Jongsma
Cerulean Portal System (phpbb_root_path) Remote File Include Exploit, xorontr
Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit, xorontr
php web portail [remote file include & local file include], saps . audit
strange behavior on Cisco 2801, Marcin
- Re: strange behavior on Cisco 2801, Neil Anderson
  - Sourceforge compromized?, Michael Scheidell
    - Re: Sourceforge compromized?, Eliah Kagan
    - Re: Sourceforge compromized?, Serguei A. Mokhov
    - Re: Sourceforge compromized?, Tim
      - Re: Sourceforge compromized?, Karl Schlitt
- Re: strange behavior on Cisco 2801, Eloy Paris
[USN-415-1] GTK vulnerability, Kees Cook
Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, Michal Bucko
Technika - Attack Scripting Environment, pdp (architect)
[SECURITY] [DSA 1256-1] New gtk+2.0 packages fix denial of service, Moritz Muehlenhoff
[ GLSA 200701-26 ] KSirc: Denial of Service vulnerability, Raphael Marichez
BBED - Oracle Block Browser and Editor, pete
[ GLSA 200701-28 ] thttpd: Unauthenticated remote file access, Raphael Marichez
[ GLSA 200701-27 ] ELinks: Arbitrary Samba command execution, Raphael Marichez
Windows Vista and unexported kernel symbols (Part II, 32bits version), Matthieu Suiche
[SECURITY] [DSA 1255-1] New libgtop2 packages fix arbitrary code execution, Moritz Muehlenhoff
[ECHO_ADV_63$2007] Cadre remote file inclusion, y3dips
Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP, Cisco Systems Product Security Incident Response Team
2007 Security OPUS CFP: Closed (Agenda included), Sharkey
Oracle 10g R2 Enterprise Manager Directory Traversal, NGS Software Insight Security Research
Remote Unauthenticated Resource Exhaustion CA Mobile BackupService, NGS Software Insight Security Research
Remote DOS BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research
Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research
OWASP JBroFuzz 0.4 Fuzzer Released!, subere
Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup, NGS Software Insight Security Research
[ MDKSA-2007:030 ] - Updated bind packages fix DoS vulnerabilities, security
Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, trzindan
- Re: BOGUS: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Mailinglists Address
- Re: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Casey Marshall
EncapsCMS 0.3.6 (common_foot.php) Remote File Include, trzindan
PhP Generic library & framework (include_path) Remote File Include Exploit, umutc4n
RBL - ASP (scripts with db) SQL injection, sn0oPy . team
COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched), Coseinc
rPSA-2007-0020-2 rmake, rPath Update Announcements
[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue, Uwe Hermann
Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases, David Litchfield
RBL - ASP (scripts with db) SQL injection, sn0oPy . team
VII National Computer and Information Security Conference ACIS 2007 - COLOMBIA, Jeimy Cano
[ GLSA 200701-25 ] X.Org X server: Multiple vulnerabilities, Matthias Geerdsen
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects, Chris Travers
gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, trzindan
- Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, Francesco Laurita
Phorum HTML Injection Vulnerability, DoZ
- <Possible follow-ups>
- Re: Phorum HTML Injection Vulnerability, brian
Defeating CAPTCHAs via Averaging, noreply9871234
- Re: Defeating CAPTCHAs via Averaging, Alexander Klimov
  - Re: Defeating CAPTCHAs via Averaging, Fred Leeflang
    - Re: Defeating CAPTCHAs via Averaging, Lou Katz
      - Re: Defeating CAPTCHAs via Averaging, Andreas Beck
        
        Re: Defeating CAPTCHAs via Averaging, noreply9871234
CVSTrac 2.0.0 Denial of Service (DoS) vulnerability, Ralf S. Engelschall
Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities, h4cked . eg
[OpenPKG-SA-2007.008] OpenPKG Security Advisory (cvstrac), OpenPKG GmbH
Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS), Alexander Sotirov
MDPro 1.0.76 - Multiple Remote Vulnerabilities, adexior
[SECURITY] [DSA 1254-1] New bind9 packages fix denial of service, Moritz Muehlenhoff
[OpenPKG-SA-2007.007] OpenPKG Security Advisory (bind), OpenPKG GmbH
[SECURITY] [DSA 1252-1] New vlc packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
local Calendar System v1.1 (lcStdLib.inc) Remote File Include, trzindan
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero
  - Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron
    - Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero
    - Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Simple Nomad
      - Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron
- <Possible follow-ups>
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Steven M. Christey
AdMentor (banners) admin SQL injection, sn0oPy . team
- <Possible follow-ups>
- AdMentor (banners) admin SQL injection, sn0oPy . team
[ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security
Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski
- Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001
  - Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski
    - Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski
    - Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Stefano Zanero
[USN-398-4] Firefox regression, Kees Cook
Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872, Chris Travers
stompy the session stomper - tool availability, Michal Zalewski
- Re: stompy the session stomper - tool availability, Rogan Dawes
  - Re: stompy the session stomper - tool availability, Michal Zalewski
- Re: stompy the session stomper - tool availability, Michal Zalewski
[ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability, security
WS_FTP 2007 Professional SCP handling format string vulnerability, Michal Bucko
Dexia website security alert, Jos Kirps
- Re: Dexia website security alert, Thierry Zoller
rPSA-2007-0020-1 rmake, rPath Update Announcements
rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements
iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs
S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs
- Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, Clay Seaman-Kossmeyer
FdScript <= v1.3.2 Remote File Disclosure Vulnerability, ajannhwt
PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ
Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, hainamluke
- RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani
  - Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, 3B.Security Researcher
- <Possible follow-ups>
- Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw
[ GLSA 200701-23 ] Cacti: Command execution and SQL injection, Matthias Geerdsen
[ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities, security
Movable Type <= 3.33 XSS Exploit, teracci2002
[OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
- Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
[ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen
[USN-410-2] teTeX vulnerability, Kees Cook
Medium Risk Vulnerability in PGP Desktop, NGSSoftware Insight Security Research
RubyGems 0.9.0 and earlier installation exploit, Eric Hodel
Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities, DoZ
Vulnerability disclosure comments, Shawna McAlearney
The certification password of Internet Explorer 7 and operation of auto complete, support
high5 Review script Security Risk, anon
Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux, Sebastian Wolfgarten
[ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities, Matthias Geerdsen
[x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
[NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories
GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability, ajannhwt
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, me you
- Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, str0ke
Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig
- <Possible follow-ups>
- Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig
BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.], Lebbeous Weekley
makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability, ajannhwt
EzDatabase Multiple Cross-Site Scripting Vulnerability, DoZ
ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability, ajannhwt
Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity, xorontr
uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability, ajannhwt
rPSA-2007-0019-1 gtk, rPath Update Announcements
ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability, ajannhwt
Remove all admin->root authorization prompts from OSX, K F (lists)
- RE: Remove all admin->root authorization prompts from OSX, Marvin Simkin
  - Re: Remove all admin->root authorization prompts from OSX, Baptiste Malguy
  - Re: Remove all admin->root authorization prompts from OSX, Ben Bucksch
  - Re: Remove all admin->root authorization prompts from OSX, John Smith
- Re: Remove all admin->root authorization prompts from OSX, A. Shaw
[USN-414-1] Squid vulnerabilities, Kees Cook
Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Team SHATTER
- <Possible follow-ups>
- Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Steven M. Christey
- Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, shatter
[CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, Williams, James K
Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD, Team SHATTER
Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY, Team SHATTER
Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Team SHATTER
- <Possible follow-ups>
- Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Steven M. Christey
Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE, Team SHATTER
Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT, Team SHATTER
Maxtricity Tagger Password Disclosure Vulnerability, beks
Multiple Remote Vulnerabilities in Wordpress, bmatheny
ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability, zdi-disclosures
[security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access, security-alert
DoS against Telligent Community Server, bmatheny
[ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution, Matthias Geerdsen
Weaknesses in Pingback Design, bmatheny
[OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed, Matteo Beccati
Cisco Security Advisory: Crafted IP Option Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: IPv6 Routing Header Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service, Cisco Systems Product Security Incident Response Team
ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, me you
- <Possible follow-ups>
- Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, anonym
[CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities, Williams, James K
Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
- Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
Toxiclab Shoutbox Password Disclosure Vulnerability, beks
[Aria-Security Team] MyBB Cross-Site Scripting, Advisory
[USN-413-1] BlueZ vulnerability, Kees Cook
[USN-412-1] GeoIP vulnerability, Kees Cook
[ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling, Raphael Marichez
[ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities, security
SUSE Security Announcement: xine (SUSE-SA:2007:013), Thomas Biege
Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, me you
- Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, Stefano Zanero
PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability, ProCheckUp Research
[USN-411-1] libsoup vulnerability, Kees Cook
rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements
[ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation, Raphael Marichez
subscribe (pwd.txt) Remote Password Disclosur, the . tiger100
[ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities, security
[ GLSA 200701-18 ] xine-ui: Format string vulnerabilities, Raphael Marichez
RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur, the . tiger100
SUSE Security Announcement: squid (SUSE-SA:2007:012), Thomas Biege
[ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
rPSA-2007-0014-1 libgtop, rPath Update Announcements
[ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion, y3dips
rPSA-2007-0015-1 libsoup, rPath Update Announcements
[ GLSA 200701-17 ] libgtop: Privilege escalation, Matthias Geerdsen
Adobe ColdFusion Information Disclosure, zck zck
Re: Bluetooth DoS by obex push [readable], hornung
xss filter to protect from xss attacks, Anurag Agarwal
rPSA-2007-0012-1 ed, rPath Update Announcements
Bluetooth DoS by obex push, hornung
- <Possible follow-ups>
- Bluetooth DoS by obex push, Armin Hornung
AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct
- <Possible follow-ups>
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, mail
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, bounce
[ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability, security
Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Jose Avila III
- Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Robert Tasarz
rPSA-2007-0011-1 wget, rPath Update Announcements
- Re: [Full-disclosure] rPSA-2007-0011-1 wget, Ron DuFresne
[ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service, Raphael Marichez
SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before, Rolf Huisman
[ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure, Matthias Geerdsen
Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability, me you
UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability, me you
[x0n3-h4ck] bitweaver 1.3.1 XSS Exploit, corrado . liotta
Check Point Connectra End Point security bypass, Roni Bachar
- Re: [Full-disclosure] Check Point Connectra End Point security bypass, Felix Lindner
Fantastic News <=- (news.php) Remote File Include Vulnerability, me you
- Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again, Mailinglists Address
Full Path Disclosure in Open-Realty ( v2.3.4 ), xx_hack_xx_2004
PHP Link Directory XSS Vulnerability version <= 3.0.6, jussi . vuokko
phpAdsNew 2.0.7 Remote File Include, mr alkomandoz
- <Possible follow-ups>
- Re: phpAdsNew 2.0.7 Remote File Include, l . d . 0
- Re: phpAdsNew 2.0.7 Remote File Include, matteo
Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability, porkythepig
cmsimple 2.7 Remote File Include, mr alkomandoz
SQL Injection in Unique Ads ( UDS ), xx_hack_xx_2004
XSS in Guestbook ( v.4.00 beta ), xx_hack_xx_2004
XMB "U2U Instant Messenger" Cross-Site Scripting, Advisory
[SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution, Steve Kemp
FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, me you
- Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, Stefano Zanero
FishCart [injection sql], saps . audit
- Re: FishCart [injection sql], Michael Brennen
Wiki-how path disclosure, iamtheevil1
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit, luoluonet
XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ), xx_hack_xx_2004
Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, info
- <Possible follow-ups>
- Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, nospam
- Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, hugo
SMF "index.php?action=pm" Cross Site-Scripting, Advisory
- Re: SMF "index.php?action=pm" Cross Site-Scripting, Lise Moorveld
- <Possible follow-ups>
- Re: SMF "index.php?action=pm" Cross Site-Scripting, lfx4sodas
- Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, alexbove
- Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw
- Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, sirdarckcat
- Re: SMF "index.php?action=pm" Cross Site-Scripting, grudge
Paypal Subscription Manager Multiple HTML Injections, DoZ
Login Manager Multiple HTML Injections, DoZ
a-forum xss, sn0oPy
[RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability, RISE Security
DIMVA 2007: Final Call for Papers, Robin Sommer
WzdFTPD < 8.1 Denial of service, S21sec Labs
Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, advisory07
- Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, security@xxxxxxxxx
- <Possible follow-ups>
- Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, jn
- Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, kissme
Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop, porkythepig
DoS against AVM Fritz!Box 7050 (and others), collin
- Re: DoS against AVM Fritz!Box 7050 (and others), Matthias Wenzel
TSLSA-2007-0003 - multi, Trustix Security Advisor
Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability, dh
MyShoutBox Multiple Cross-Site Scripting Vulnerability, DoZ
EUSecWest 2007 Papers, Dragos Ruiu
[ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability, security
[ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability, security
[ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability, security
[x0n3-h4ck] sabros.us 1.7 XSS Exploit, corrado . liotta
[ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability, security
[ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability, security
[ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability, security
Directory Traversal in ArsDigita Community System, Elliot Kendall
[security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS), security-alert
Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability, Cisco Systems Product Security Incident Response Team
[USN-410-1] poppler vulnerability, Martin Pitt
CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, CYBSEC Advisories
FW: [cacti-announce] Cacti 0.8.6j Released, Warner Moore
- Re: FW: [cacti-announce] Cacti 0.8.6j Released, Steve Friedl
Multiple OS kernel insecure handling of stdio file descriptor, XFOCUS Security Team
- Re: Multiple OS kernel insecure handling of stdio file descriptor, 3APA3A
- Re: Multiple OS kernel insecure handling of stdio file descriptor, Peter Jeremy
  - Re: Multiple OS kernel insecure handling of stdio file descriptor, Carson Gaspar
- Re: Multiple OS kernel insecure handling of stdio file descriptor, Shiva Persaud
  - Re: Multiple OS kernel insecure handling of stdio file descriptor, eugeny gladkih
    - Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Troy Bollinger
- <Possible follow-ups>
- Re: Re: Multiple OS kernel insecure handling of stdio file descriptor, watercloud
[security bulletin] HPSBST02184 SSRT071296 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-001 Through MS07-004, security-alert
[security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS), security-alert
Microsoft Help Workshop .CNT contents files buffer overflow vulnerability, porkythepig
[x0n3-h4ck] myBloggie 2.1.5 XSS exploit, corrado . liotta
[ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS, ISecAuditors Security Advisories
[SECURITY] [DSA 1250-1] New cacti packages fix arbitrary code execution, Moritz Muehlenhoff
Windows logoff bug possible security vulnerability and exploit., Rage Coder
- Re: Windows logoff bug possible security vulnerability and exploit., 3APA3A
  - Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder
- <Possible follow-ups>
- Re: Windows logoff bug possible security vulnerability and exploit., Bart ....
  - Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder
ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability, zdi-disclosures
SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal, research
[ GLSA 200701-12 ] Mono: Information disclosure, Raphael Marichez
[ GLSA 200701-11 ] Kronolith: Local file inclusion, Raphael Marichez
[ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability, security
rPSA-2007-0008-1 gd, rPath Update Announcements
vulnerability script indexu all versions, gamr-14
[ GLSA 200701-09 ] oftpd: Denial of Service, Raphael Marichez
[x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit, corrado . liotta
Announcement: The Cross-site Request Forgery FAQ, bugtraq
rPSA-2007-0007-1 kdenetwork, rPath Update Announcements
dt_guestbook version 1.0f XSS vulnerability, jesper . jurcenoks
[ MDKSA-2007:016 ] - Updated fetchmail packages fix vulnerability, security
[KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability, Dirk Mueller
[ MDKSA-2007:015 ] - Updated cacti packages SQL injection vulnerability, security
[ MDKSA-2007:017 ] - Updated wget packages fix ftp vulnerability, security
MS07-004 VML Integer Overflow Exploit, LifeAsaGeek
- <Possible follow-ups>
- Re: MS07-004 VML Integer Overflow Exploit, lifeasageek
PHPATM Remote Password Disclosure Vulnerablity, nightmare
Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, me you
- Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, Chris Kelly
- <Possible follow-ups>
- Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, krasza
[ GLSA 200701-10 ] WordPress: Multiple vulnerabilities, Raphael Marichez
liens_dynamiques xss and admin authentification, sn0oPy . team
[USN-409-1] ksirc vulnerability, Martin Pitt
Uninformed Journal Release Announcement: Volume 6, H D Moore
InstantForum.NET Multiple Cross-Site Scripting Vulnerability, DoZ
wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity, ilkerkandemir
Jax Petition Book (languagepack) Remote File Include Vulnerabilities, ilkerkandemir
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, bmatheny
  - Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, John McGuire
Outpost Bypassing Self-Protection using file links Vulnerability, Matousec - Transparent security Research
[USN-408-1] krb5 vulnerability, Martin Pitt
Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio
- Message not available
  - Re: Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio
Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability, ilkerkandemir
Oracle Passwords and OraBrute, paulw
[USN-407-1] libgtop2 vulnerability, Martin Pitt
London DC4420 meet - Wednesday 17th January, 2007, Major Malfunction
Ovidentia 5.6x Series Remote File İnclude, hotturk
Trevorchan <= v0.7 Remote File Include Vulnerability, ilkerkandemir
- Re: Trevorchan <= v0.7 Remote File Include Vulnerability, Stefano Zanero
PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability, paisterist
Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, sapheal
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, 3APA3A
  - Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, Eliah Kagan
    - Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, HACKPL - bugtraq/sapheal
[ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability, security
[SECURITY] [DSA 1248-1] New libsoup packages fix denial of service, Moritz Muehlenhoff
[ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities, Raphael Marichez
[ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities, Raphael Marichez
[ GLSA 200701-06 ] w3m: Format string vulnerability, Raphael Marichez
[ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service, Raphael Marichez
Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, me you
- <Possible follow-ups>
- Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, maxpost
AIOCP Login Bypass Vulnerability, coloss7
AIOCP SQL Injection Vulnerability, coloss7
[ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
Wordpress disclosure of Table Prefix Weakness, process
seeking comments on disclosure articles, smcalearney
- <Possible follow-ups>
- RE: seeking comments on disclosure articles, Michael Scheidell
[CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities, Williams, James K
Micro CMS <= 3.5 Remote File Include Exploit, ilkerKandemir
Web Honeynet Project: announcement, exploit URLs this Wednesday, Gadi Evron
- Re: [Full-disclosure] Web Honeynet Project: announcement,, bugtraq
  - Re: [Full-disclosure] Web Honeynet Project: announcement,, Gadi Evron
Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, advisories
- Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, Jim Manico
Re (3): Circumventing CSFR Form Token Defense, bugtraq
[USN-406-1] OpenOffice.org vulnerability, Kees Cook
[ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
xss in phpmyadmin <= 2.8.1, alfa
- <Possible follow-ups>
- Re: xss in phpmyadmin <= 2.8.1, alfa
Ezboxx multiple vulnerabilities., Info
LunarPoll (PollDir) Remote File Include Vulnerabilities, ilkerKandemir
Nwom topsites v3.0, lunY
LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability, advisories
[security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert
[ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities, security
Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability, info
- Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability], Lubomir Kundrak
[USN-405-1] fetchmail vulnerability, Kees Cook
easy-content filemanager, hackerbinhphuoc
ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability, zdi-disclosures
LayerOne 2007 CFP Announced, Layer One
[security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files, security-alert
ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability, zdi-disclosures
ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability, zdi-disclosures
rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements
FreeBSD Security Advisory FreeBSD-SA-07:01.jail, FreeBSD Security Advisories
Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability, Calyptix Advisories
phpBB (privmsg.php) XSS Exploit, info
- <Possible follow-ups>
- Re: phpBB (privmsg.php) XSS Exploit, neothermic
- Re: phpBB (privmsg.php) XSS Exploit, neothermic
Jshop Server 1.3, irvian
Xine-ui format string Vulnerabilties., saik0pod
WMF CreateBrushIndirect vulnerability (DoS), Alexander Sotirov
- Re: WMF CreateBrushIndirect vulnerability (DoS), temp0_123
Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability, advisories
[ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability, security
[ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability, security
[ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability, security
DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS, K F (lists)
VMware ESX server security updates, VMware Security team
sazcart v1.5 (cart.php) Remote File include, emel_gw_ini
A Major design Bug in Camouflage 1.2.1 (latest), thesinoda
CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability, ahmed_labib_hilmy
[ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez
VLC Format String Vulnerability also in XINE, Sven . Czaja

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]