Bugtraq
[Prev Page][Next Page]
- A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version),
thesinoda
- [ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability,
security
- iDefense Q-1 2007 Challenge,
contributor
- Cisco Security Advisory: DLSw Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability,
Cisco Systems Product Security Incident Response Team
- [OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos),
OpenPKG GmbH
- Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite,
Piotr Bania
- slocate leaks filenames of protected directories,
steven
- iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability,
iDefense Labs
- edit-x ecommerce (include_dir) Remote File include,
emel_gw_ini
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability,
iDefense Labs
- [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
- rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability,
iDefense Labs
- rPSA-2007-0004-1 bzip2,
rPath Update Announcements
- Circumventing CSFR Form Token Defense,
Jim Manico
- CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice,
Williams, James K
- Easy Banner Pro Version 2.8 <= Remote File Inclusion,
stormhacker
- [USN-404-1] MadWifi vulnerability,
Kees Cook
- iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability,
iDefense Labs
- MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers,
Tom Yu
- MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer,
Tom Yu
- [USN-403-1] X.org vulnerabilities,
Kees Cook
- rPSA-2007-0003-1 fetchmail,
rPath Update Announcements
- magic photo storage website Multiple Remote File Inclusion,
emel_gw_ini
- Sina UC ActiveX Multiple Remote Stack Overflow,
Sowhat
- ppc engine Multiple file inclusion,
emel_gw_ini
- [KDE Security Advisory] ksirc Denial of Service vulnerability,
Dirk Mueller
- [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability,
security
- Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws),
socket69
- Cracking Steganography Application in less than ONE minute,
thesinoda
- RFID open source library - RFIDIOt code release - version 0.1k,
Adam Laurie
- [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability,
security
- GForge Cross Site Scripting vulnerability,
jose . palanco
- createauction (cats.asp) Remote SQL Injection Vulnerability,
emel_gw_ini
- Vendor guidelines regarding security contacts,
Steven M. Christey
- cisco nac bypass vulnerability - cisco trust agent,
thorben schroeder
- [SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service,
Noah Meyerhans
- rPSA-2007-0001-1 openoffice.org,
rPath Update Announcements
- [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution,
Martin Schulze
- Packeteer PacketWise CLI overflow DoS,
kian . mohageri
- magic photo storage website Remote File Inclusion,
k1tk4t
- QASEC Announcement: Writing Software Security Test Cases,
bugtraq
- HP Multiple Products PML Driver Local Privilege Escalation,
Sowhat
- MKPortal Full Path Disclosure,
info
- TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling,
Lolek of TK53
- GeoBB Georgian Bulletin Board Remote File Include Vuln.,
ShaFuq31
- Dayfox Blog Remote File Include Vuln.,
ShaFuq31
- [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service,
Moritz Muehlenhoff
- NUNE News Script (custom_admin_path) Remote File Include Vulnerablity,
xorontr
- Uguestbook Remote Password Disclosure Vulnerability,
beks
- Webulas Remote Password Disclosure Vulnerability,
beks
- HarikaOnline v2.0 Remote Password Disclosure Vulnerability,
beks
- M-Core Remote Password Disclosure Vulnerability,
beks
- MitiSoft Remote Password Disclosure Vulnerability,
beks
- EMembersPro 1.0 Remote Password Disclosure Vulnerability,
beks
- AJLogin v3.5 Remote Password Disclosure Vulnerability,
beks
- @lex Guestbook <= 4.0.2 Remote Command Execution Exploit,
gmdarkfig
- 0trace - traceroute on established connections,
Michal Zalewski
- [OpenPKG-SA-2007.005] OpenPKG Security Advisory (wordpress),
OpenPKG GmbH
- FON Router allows anonymous web access,
l . friedrichs
- shopstorenow (orange.asp) sql injection,
emel_gw_ini
- Fix & Chips CMS v1.0,
luny
- [OpenPKG-SA-2007.004] OpenPKG Security Advisory (fetchmail),
OpenPKG GmbH
- [OpenPKG-SA-2007.003] OpenPKG Security Advisory (drupal),
OpenPKG GmbH
- Yet Another Link Directory v1.0,
lunY
- ohhASP Remote Password Disclosure,
Advisory
- fetchmail security announcement 2006-02 (CVE-2006-5867),
Matthias Andree
- fetchmail security announcement 2006-03 (CVE-2006-5974),
Matthias Andree
- iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability,
iDefense Labs
- ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability,
zdi-disclosures
- [OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2),
OpenPKG GmbH
- Kolayindir Download (Yenionline) (tr) SqL Injection Vuln.,
ShaFuq31
- iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability,
iDefense Labs
- Flog 1.1.2 Remote Admin Password Disclosure,
corrado . liotta
- [USN-402-1] Avahi vulnerability,
Kees Cook
- Multiple bugs in EditTag,
nj
- Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability,
Stefan Esser
- [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue,
Uwe Hermann
- RI Blog 1.3 XSS Vuln.,
ShaFuq31
- [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue,
Uwe Hermann
- iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability,
iDefense Labs
- Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit,
gmdarkfig
- Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability,
Stefan Esser
- Intranet Open Source Remote Password Disclosure "intranet.mdb",
Advisory
- Uber Uploader 4.2 Arbitrary File Upload Vulnerability,
null_hack
- IG Calendar SQL Injection,
asdfj38
- IG Shop remote code execution,
asdfj38
- MkPortal Admin XSS,
info
- [USN-400-1] Thunderbird vulnerabilities,
Kees Cook
- [USN-401-1] D-Bus vulnerability,
Kees Cook
- CMS Made Simple non-permanent XSS,
nanoymaster
- SAP Security,
Mark Litchfield
- Perforce client: security hole by design,
Ben Bucksch
- [USN-398-3] Firefox theme regression,
Kees Cook
- MkPortal "All Guests are Admin" Exploit,
info
- DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability',
K F (lists)
- Concurrency strikes MSIE (potentially exploitable msxml3 flaws),
Michal Zalewski
- High Risk Vulnerability in the OpenOffice and StarOffice Suites,
NGSSoftware Insight Security Research
- [ GLSA 200701-03 ] Mozilla Thunderbird: Multiple vulnerabilities,
Raphael Marichez
- Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites),
NGSSoftware Insight Security Research
- [ GLSA 200701-02 ] Mozilla Firefox: Multiple vulnerabilities,
Raphael Marichez
- Wordpress <= 2.x dictionnary & Bruteforce attack,
kadaj-diabolik
- [ GLSA 200701-01 ] DenyHosts: Denial of Service,
Raphael Marichez
- SAP Security Contact,
Mark Litchfield
- Universal PDF XSS After Party,
pdp (architect)
- [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability,
vulnpost-remove
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect)
- LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability,
advisories
- 23C3 - Bluetooth hacking revisted [Summary and Code],
Thierry Zoller
- CFP for RAID 2007,
Jeffrey Horton
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous,
Juha-Matti Laurio
a cheesy Apache / IIS DoS vuln (+a question),
Michal Zalewski
jgbbs,
dr . t3rr0r1st
[USN-398-2] Firefox vulnerabilities,
Kees Cook
Simple Web Content Management System SQL Injection Exploit,
gmdarkfig
[USN-398-1] Firefox vulnerabilities,
Kees Cook
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access,
Cisco Systems Product Security Incident Response Team
Black Hat New Years Updates (Free Stuff, too!),
Jeff Moss
OpenPinboard <= Remote File Include,
zooz_998
WineGlass "data.mdb" Remote Password Disclosure,
Advisory
Hacking AJAX DWR Applications,
shulman
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities,
Stefano Di Paola
[USN-399-1] w3m vulnerabilities,
Kees Cook
openmedia local read file,
exe_crack
Universal XSS with PDF files: highly dangerous,
pdp (architect)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect)
Message not available
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
sven . vetsch
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Jean-Jacques Halans
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
HASEGAWA Yosuke
Re: Universal XSS with PDF files: highly dangerous,
The Anarcat
<Possible follow-ups>
Re: Universal XSS with PDF files: highly dangerous,
Jeff Williams
GuestBook v0.3a Remote Password Disclosure,
Advisory
Whos Johny Pwnerseed?,
K F
[ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
Windows NT Message Compiler 1.00.5239 arbitrary code execution,
sapheal
rPSA-2006-0234-2 firefox thunderbird,
rPath Update Announcements
Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit,
kadaj-diabolik
[ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities,
security
Windows Vista 64bits and unexported kernel symbols,
Matthieu Suiche
AspBB Remote Password Disclosure,
Advisory
Openforum Remote password Disclosure,
Advisory
lblog Remote Password Disclosure,
Advisory
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution,
sapheal
Re: [Full-disclosure] simplog 0.9.3.2 SQL injection,
str0ke
Welcome to Pwndertino...,
K F (lists)
Dailymotion password reset vulnerability,
daftrix
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Chad Maron
Mozilla Firefox 2.0 denial of service vulnerability,
sapheal
AShop Shopping Cart Multiple XSS Vulnerabilities,
DoZ
[OpenPKG-SA-2007.001] OpenPKG Security Advisory (cacti),
OpenPKG GmbH
ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution,
sapheal
rblog Database Download Vulnerability,
Advisory
golden book XSS,
sn0oPy . team
Kerio Fake 'iphlpapi' DLL injection Vulnerability,
Matousec - Transparent security Research
BattleBlog Database Download Vulnerability,
Advisory
[NGSEC] ngGame #3 - BrainStorming,
labs@NGSEC
vBulletin vCard PRO XSS,
exexp
PHPIrc_bot <= Remote File Include,
zooz_998
WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability,
76693223
Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files,
gregory_panakkal
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow,
76693223
Spooky Login Multiple HTML Injection Vulnerability,
DoZ
Enigma WordPress Bridge (boarddir) Remote File Include,
xorontr
Enigma Coppermine Bridge (boarddir) Remote File Include,
xorontr
[vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability,
vulnpost-remove
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit,
inge_eivind . henriksen
MythControl (MythTV remote control) arbitrary code execution,
sapheal
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit,
Reversemode
DoceboLMS Xss Vuln.,
starext
LDU <= 8.x (journal.php) SQL Injection Vulnerability,
starext
QuickCam linux device driver allows arbitrary code execution,
sapheal
XSS with default page parameter in Oracle Portal 10g,
duchaikhtn
XSS in script Mobilelib GOLD v2,
gamr-14
[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution,
Moritz Muehlenhoff
[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution,
Moritz Muehlenhoff
[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m),
OpenPKG GmbH
SMS handling OpenSER remote code executing,
sapheal
OpenSER OSP Module remote code execution,
sapheal
[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution,
Moritz Muehlenhoff
Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities,
xorontr
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution,
Moritz Muehlenhoff
ShmooCon Announcement,
B Potter
NtRaiseHardError Csrss.exe memory Disclosure exploit,
Reversemode
Secure Login Manager Multiple Input Validation Vulnerabilities,
DoZ
Host directory full disclosure and input error,
hack2prison
[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links),
OpenPKG GmbH
[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser),
OpenPKG GmbH
LuckyBot v3 Remote File Include,
i-k-t
logahead UNU edition 1.0 Remote File Upload & code execution,
corrado . liotta
XSS - CMS Made Simple v1.0.2,
Curtis Zimmerman
HLStats Remote SQL Injection Exploit,
nospam
PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability,
xorontr
phpcms <=- 1.1.7 Remote File Inclusion,
Zarloule04
Cahier de texte V2.2 Bypass general access protection exploit,
gmdarkfig
PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities,
DoZ
[SECURITY] [DSA 1241-1] New squirrelmail packages fix cross-site scripting,
Moritz Muehlenhoff
XSS with Vbulletin (new idea !),
ashraf1984
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"),
Amit Klein
Forum AnyBoard - Sql Inyection By Firewall,
Firewall1954
TimberWolf 1.2.2 vulnerable to XSS,
corrado . liotta
Fishyshoop Security Vulnerability,
James Gray
Chatwm V1.0 SqL Injection Vuln.,
ShaFuq31
Okul Merkezi Portal v1.0 Remote File IncLude Vuln.,
ShaFuq31
iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability,
iDefense Labs
iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability,
iDefense Labs
Multiple Bugs in Future Internet ( XSS & SQL Injection ),
xx_hack_xx_2004
Efkan Forum v1.0 SqL Inj. Vuln.,
ShaFuq31
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability,
zdi-disclosures
ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability,
zdi-disclosures
ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability,
zdi-disclosures
Re: Multiple Remote Vulnerabilities in KISGB,
3APA3A
SQID v0.2 - SQL Injection Digger.,
contact
Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day,
Mike
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting,
putosoft softputo
TSLSA-2006-0074 - multi,
Trustix Security Advisor
Oracle Applications/Portal 9i/10g Cross Site Scripting,
putosoft softputo
rPSA-2006-0234-1 firefox,
rPath Update Announcements
Xt-News 0.1 : SQL Injection Vulnerability & XSS,
mr_kaliman
PWDumpX updated (includes CacheDump functionality),
Reed Arvin
OpenSER 1.1.0 parse_config buffer overflow vulnerability,
sapheal
[OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby),
OpenPKG GmbH
[TOOL] untidy - XML Fuzzer,
Andres Riancho
SQID v0.1 - SQL Inhection Digger.,
contact
Ixprim CMS 1.2 Remote Blind SQL Injection Exploit,
gmdarkfig
RE: [Full-disclosure] Fun with event logs (semi-offtopic),
Michele Cicciotti
[ MDKSA-2006:234 ] - Updated mono packages fix vulnerability,
security
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution,
Steve Kemp
Microsoft Windows XP/2003/Vista memory corruption 0day,
3APA3A
Fun with event logs (semi-offtopic),
3APA3A
NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory,
security
[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus),
OpenPKG GmbH
[CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability,
Williams, James K
[USN-397-1] mono vulnerability,
Kees Cook
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip,
quincy
[ GLSA 200612-21 ] Ruby: Denial of Service vulnerability,
Raphael Marichez
[ GLSA 200612-20 ] imlib2: Multiple vulnerabilities,
Raphael Marichez
[ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability,
Raphael Marichez
[security bulletin] HPSBST02180 SSRT061288 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-072 Through MS06-078,
security-alert
[security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege,
security-alert
Mono XSP ASP.NET Server sourcecode disclosure vulnerability,
jose . palanco
NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory,
security
Oracle Portal 10g HTTP Response Splitting,
putosoft softputo
SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability,
SEC Consult Research
ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability,
zdi-disclosures
MkPortal Urlobox Cross Site Request Forgery,
info
Multiple Bugs in MINI WEB SHOP,
xx_hack_xx_2004
Oracle <= 9i / 10g File System Access via utl_file Exploit,
none
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit,
none
Burak Yilmaz Download Portal Sql Injection Vuln.,
ShaFuq31
xss in Support Cards v1 ( oSTicket ),
l . d . 0
Trend Micro's Vista "0day exploit auction" claim,
Ryan Meyer
<Possible follow-ups>
Re: RE: Trend Micro's Vista "0day exploit auction" claim,
agoodhez1
HP Printers FTP Server Denial Of Service,
Joxean Koret
New Skype Worm,
Christopher Mosby
Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo.,
filip . palian
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities,
7all7
HITBSecConf2007 - Dubai - Call for Papers now open!,
Praburaajan
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability,
security
[ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability,
security
[security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS),
security-alert
[ GLSA 200612-18 ] ClamAV: Denial of Service,
Sune Kloppenborg Jeppesen
Checkpoint NG3 ICMP Flood,
bdmoraes
Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow,
Secunia Research
SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response,
research
RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability,
saudi
HyperVM Cross-Site Scripting,
Advisory
Cisco not honoring update promises?,
Michael Scheidell
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution,
Moritz Muehlenhoff
[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities,
Dann Frazier
Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.,
Pasi Sjoholm
[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities,
DoZ
Contra Haber Sistemi v1.0 SqL Injection Vuln.,
ShaFuq31
Odysseus 2.0 / Telemachus 1.0 (Beta),
Dave
Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln.,
ShaFuq31
XSS in gmial google,
gamr-14
Drone Armies C&C Report - 15 Dec 2006,
c2report
[OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd),
OpenPKG GmbH
Bypassing process identification of several personal firewalls and HIPS,
Matousec - Transparent security Research
Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!,
gplit
Project Server 2003 - Credential Disclosure,
Brett Moore
[security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access,
security-alert
Windows Media MID File Denial Of Service Vulnerability,
sehato
[USN-396-1] gdm vulnerability,
Kees Cook
Windows Explorer WMV File Denial Of Service Vulnerability,
sehato
TSLSA-2006-0072 - clamav,
Trustix Security Advisor
BitDefender AV Packed PE File Parsing Engine Heap Overflow,
security
[ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability,
security
Top 10 Real Computer Crimes for 2007,
Pete Herzog
[ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH,
Sune Kloppenborg Jeppesen
CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th),
Dragos Ruiu
Kerio MailServer < 6.3.1 remote Denial of Service,
research
[ GLSA 200612-17 ] GNU Radius: Format string vulnerability,
Raphael Marichez
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page,
Juha-Matti Laurio
iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability,
iDefense Labs
[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
[CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities,
Williams, James K
[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability,
security
[ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability,
security
rPSA-2006-0232-1 libgsf,
rPath Update Announcements
[USN-380-2] avahi regression,
Martin Pitt
[ GLSA 200612-16 ] Links: Arbitrary Samba command execution,
Raphael Marichez
HyperAccess - Multiple Vulnerabilities,
Brett Moore
GenesisTrader v1.0 - Multiple Vulnerabilities,
mr_kaliman
The (in)security of Xorg and DRI,
Darren Reed
Call for papers and presenters - Dec. 15th deadline,
Mike Allgeier
CORE-2006-1127: ProFTPD Controls Buffer Overflow,
CORE Security Technologies Advisories
ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability,
zdi-disclosures
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability,
zdi-disclosures
IBM DB2 Remote DoS during CONNECT processing,
Team SHATTER
ASP Cmd Shell On IIS 5.1,
Brett Moore
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks,
Steve Kemp
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service,
Steve Kemp
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service,
Steve Kemp
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability,
iDefense Labs
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability,
iDefense Labs
ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability,
zdi-disclosures
[ GLSA 200612-14 ] Trac: Cross-site request forgery,
Sune Kloppenborg Jeppesen
[ GLSA 200612-13 ] libgsf: Buffer overflow,
Sune Kloppenborg Jeppesen
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability,
zdi-disclosures
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
Secunia Research: Internet Explorer Script Error Handling Memory Corruption,
Secunia Research
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability,
zdi-disclosures
Re: [fuzzing] OWASP Fuzzing page,
Joxean Koret
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability,
zdi-disclosures
BLOG:CMS Remote file include Vulnerability,
security
rPSA-2006-0231-1 squirrelmail,
rPath Update Announcements
rPSA-2006-0230-1 evince,
rPath Update Announcements
Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability,
rko . thelegendkiller
[SBDA] SiteKiosk - FileSystem Access,
Brett Moore
OpenLDAP kbind authentication buffer overflow,
Solar Eclipse
[ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability,
security
[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability,
security
[ GLSA 200612-05 ] KOffice shared libraries: Heap corruption,
Sune Kloppenborg Jeppesen
Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow,
Secunia Research
[ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities,
Raphael Marichez
RFID access control tokens widely open to cloning,
Adam Laurie
[ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities,
Raphael Marichez
[ GLSA 200612-04 ] ModPlug: Multiple buffer overflows,
Raphael Marichez
Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup,
Williams, James K
The newest Word flaw is due to malformed data structure handling,
Juha-Matti Laurio
[ GLSA 200612-10 ] Tar: Directory traversal vulnerability,
Matthias Geerdsen
Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup,
Williams, James K
[ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities,
Raphael Marichez
Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability,
Secunia Research
shopsite advisory,
DoZ
looking for security community input,
Gadi Evron
Another, different MS Word 0-day vulnerability reported,
Juha-Matti Laurio
Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document,
Juha-Matti Laurio
[ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities,
Raphael Marichez
Multiple vulnerabilities in Winamp Web Interface 7.5.13,
Luigi Auriemma
ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities,
Raphael Marichez
Firefox 2.0 security bug: Extensions can hide themself,
azurIt
RFIDIOt release - version 0.1i,
Adam Laurie
[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities,
security
D-LINK DWL-2000AP+ remote DoS,
poplix
Unauthenticated access to IBM Host On-Demand administration pages,
Ferguson, David (Kansas City)
[SBDA] - ColdFusion MX7 - Multiple Vulnerabilities,
Brett Moore
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow,
Raphael Marichez
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz,
robert
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities,
Dann Frazier
[SECURITY] [DSA 1232-1] New clamav packages fix denial of service,
Moritz Muehlenhoff
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution,
Moritz Muehlenhoff
AnnonceScriptHP V2.0 Multiple Vulnerabilities,
mr_kaliman
Messageriescripthp V2.0 XSS & SQL Injection,
mr_kaliman
ProNews V1.5 XSS & SQL Injection,
mr_kaliman
KDPics Multiple Vulnerabities,
mr_kaliman
[ GLSA 200612-02 ] xine-lib: Buffer overflow,
Sune Kloppenborg Jeppesen
Call For Papers: SecurityOPUS 2007,
Sharkey
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability,
iDefense Labs
iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability,
iDefense Labs
Enforcing Java Security Manager in Restricted Windows Environments?,
Jan P. Monsch
PhpBB Toplist 1.3.7 Xss Vuln.,
starext
[USN-394-1] Ruby vulnerability,
Kees Cook
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass,
cxib
Animated Smiley Generator File Include Vul.,
starext
ASX Playlists and Jumping to Conclusions,
Sûnnet Beskerming
LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability,
advisories
LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability,
advisories
[CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability,
Williams, James K
Midicart vulerable,
ifx
Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written,
Juha-Matti Laurio
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow,
Steve Kemp
[OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar),
OpenPKG GmbH
TSLSA-2006-0070 - multi,
Trustix Security Advisor
[Aria-Security Team] cPanel BoxTrapper Cross Site Scripting,
Advisory
[Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting,
Advisory
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting,
Advisory
EEYE: Intel Network Adapter Driver Local Privilege Escalation,
eEye Advisories
[OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg),
OpenPKG GmbH
DUdirectory Admin Panel SQL Injection,
Meftun
[USN-393-2] GnuPG2 vulnerabilities,
Kees Cook
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit,
crackers_child
[USN-390-3] evince-gtk vulnerability,
Kees Cook
phpbb 2.0.x [xss],
saps . audit
[USN-393-1] GnuPG vulnerability,
Kees Cook
Some Thoughts about Office Open XML and Malware Detection,
Jan P. Monsch
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability,
TSRT
Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability,
info
[ GLSA 200612-01 ] wv library: Multiple integer overflows,
Sune Kloppenborg Jeppesen
Linksys WIP 330 VoIP wireless phone crash from Nmap scan,
Shawn Merdinger
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability,
zdi-disclosures
New MySpace worm could be on its way,
pdp (architect)
Microsoft 0-day word vulnerability - Secunia - Extremely critical,
Ryan Buena
rPSA-2006-0227-1 gnupg,
rPath Update Announcements
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability,
security
rPSA-2006-0226-1 kernel,
rPath Update Announcements
GnuPG: remotely controllable function pointer [CVE-2006-6235],
Werner Koch
SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability,
research
Multiple Vendor Unusual MIME Encoding Content Filter Bypass,
Hendrik Weimer
BTSaveMySql 1.2 (acces to config files),
sn0oPy . team
Oracle PL/SQL Fuzzing Tool,
Joxean Koret
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution,
Martin Schulze
FreeBSD Security Advisory FreeBSD-SA-06:26.gtar,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem,
FreeBSD Security Advisories
Uploadscript Vulnerabilities: Text file Hash password,
hack2prison
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.),
José Carlos Nieto Jarquín
Internet Explorer 6. CSS Expression Denial of Service (P.o.C.),
José Carlos Nieto Jarquín
Barracuda Convert-UUlib library buffer overflow leads to remote compromise,
Jean-Sébastien Guay-Leroux
[USN-390-2] evince vulnerability,
Kees Cook
[ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability,
security
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability,
eEye Advisories
HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access,
security-alert
eEye's Zero-Day Tracker Launch,
chinese soup
Re: Symantec LiveState Agent for Windows vulnerabi,
Damjan
EasyPage Portal ( all ver )SQL Injection,
matrix
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution,
Moritz Muehlenhoff
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal,
Mariano Nuñez Di Croce
DistrRTgen 1.0 launched!,
Martin Jørgensen
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
