Bugtraq

Date Index

[Prev Page][Next Page]

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features, Mariano Nuñez Di Croce
URL Rdirecction Bug Yahoo, matrix
[KOffice security advisory] KOffice OLEfilter integer overflow, Dirk Mueller
SNORT Covered channels detector patch, fryxar fryxar
TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities, TSRT
new xss in modbb forum, h angel
rPSA-2006-0211-2 doxygen libpng, rPath Update Announcements
XSS in JAB Guest Book, nj
- <Possible follow-ups>
- Re: XSS in JAB Guest Book, Steven M. Christey
- Re: XSS in JAB Guest Book, Barnz
[USN-392-1] xine-lib vulnerability, Kees Cook
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, ss_team
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell
  - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, eugeny gladkih
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Steve Shockley
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Ansgar -59cobalt- Wiechers
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Thor (Hammer of God)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell
[USN-391-1] libgsf vulnerability, Kees Cook
[ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability, security
F-Prot Antivirus for Unix: heap overflow and Denial of Service, research
Multiple bugs in TFT-Gallery, nj
- <Possible follow-ups>
- Re: Multiple bugs in TFT-Gallery, simo64
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
[Aria-Security Team] uGestBook SQL Injection Vuln, Advisory
- <Possible follow-ups>
- Re: [Aria-Security Team] uGestBook SQL Injection Vuln, Stuart Moore
- Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln, saps . audit
Re: UPublisher Exploit - Superfreaker, me
Vt-Forum Lite System V.1.3 Xss Vuln., starext
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution, Moritz Muehlenhoff
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, ajannhwt
- Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, 3APA3A
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting, ajannhwt
2[xss]Vulnerabilities in Script Mobile Ac4p.com, gamr-14
SMF upload XSS vulnerability, Jessica Hope
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
Online BookMarks Multiple SQL Injection/XSS Vulnerabilities, security
fl0p - passive L7 flow fingerprinting, Michal Zalewski
[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail, ISecAuditors Security Advisories
Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln., ShaFuq31
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail, ISecAuditors Security Advisories
listpics v5, blasterim
[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS, ISecAuditors Security Advisories
[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuForum SQL Injection Vuln, Advisory
CuteNews 1.3.6 XSS, emulamex
[Aria-Security Team] DuWare DuDownloads SQL Injection Vuln, Advisory
[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability, security
KhaledMuratList mdb, blasterim
PHPNews 1.3.0 XSS, emulamex
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuNews SQL Injection Vuln, Advisory
[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability, security
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-
rPSA-2006-0222-1 tar, rPath Update Announcements
TSLSA-2006-0068 - multi, Trustix Security Advisor
rPSA-2006-0224-1 gnupg, rPath Update Announcements
[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability, iDefense Labs
Aspee Ziyareti Defteri (tr) Sql injection Vuln., ShaFuq31
rPSA-2006-0220-1 dovecot, rPath Update Announcements
deV!L`z Clanportal - SQL Injection [061124a], Tim Weber
Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability, Matousec - Transparent security Research
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite, Noah Meyerhans
Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability, dh
deV!L`z Clanportal - Arbitrary File Upload [061124b], Tim Weber
[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites, Advisory
rPSA-2006-0221-1 openldap openldap-clients openldap-servers, rPath Update Announcements
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability, security
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability, security
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation, Steve Kemp
Invision Gallery 2.0.7 SQL Injection Vulnerability, infection
- <Possible follow-ups>
- Re: Invision Gallery 2.0.7 SQL Injection Vulnerability, emin
LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION, blueshisha
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
contentserv 4.x, capt . nem0
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
- <Possible follow-ups>
- Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, emin
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS, mr_kaliman
[USN-390-1] evince vulnerability, Kees Cook
[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution, Martin Schulze
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert
Secunia Research: MailEnable IMAP Service Two Vulnerabilities, Secunia Research
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities, security
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff
[USN-389-1] GnuPG vulnerability, Kees Cook
Potentially OT: AJAX article, clappymonkey
[USN-388-1] KOffice vulnerability, Kees Cook
[Aria-Security Team] FipsSHOP SQL Injection, Advisory
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
New Windows tool - PWDumpX v1.0, Reed Arvin
OWASP JBroFuzz 0.3 Fuzzer Released!, subere
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability, jesper . jurcenoks
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability, Mike Prosser
Multiple Vulnerabilities in AlternC version 0.9.5, Vincent A.Menard
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability, Secunia Research
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, philip anselmo
- <Possible follow-ups>
- Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, Stuart Moore
ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
  - Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
    - Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability, iDefense Labs
Re: [WEB SECURITY] The state of JavaScript Hacking, bugtraq
b2evolution Remote File inclusion Vulnerability, tarkus
New report on Teredo security, Jim Hoagland
- Re: [Full-disclosure] New report on Teredo security, Jeroen Massar
[ GLSA 200611-24 ] LHa: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability, Raphael Marichez
[ GLSA 200611-23 ] Mono: Insecure temporary file creation, Raphael Marichez
[USN-387-1] Dovecot vulnerability, Kees Cook
b2evolution XSS Vulnerabilities, tarkus
[USN-385-1] tar vulnerability, Kees Cook
ProFTPD mod_tls pre-authentication buffer overflow, research
- Re: ProFTPD mod_tls pre-authentication buffer overflow, Mark Wadham
TSLSA-2006-0066 - multi, Trustix Security Advisor
evince buffer overflow exploit (gv), kspecial
[USN-386-1] ImageMagick vulnerability, Kees Cook
uPhotoGallery (v 1.1) SQL Injection, Advisory
[ GLSA 200611-22 ] Ingo H3: Folder name shell command injection, Sune Kloppenborg Jeppesen
GnuPG 1.4 and 2.0 buffer overflow, Werner Koch
- safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer
  - Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Simon Josefsson
- Re: GnuPG 1.4 and 2.0 buffer overflow, Damien Miller
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, research
- Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, Jon Hart
CVE-2006-5815: remote code execution in ProFTPD, John Morrissey
ClickContact SQL Injection, Advisory
AIDE problem handling symlinks, fryxar fryxar
Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, sflist
[ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen
iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs
MHL-2006-003 Public Advisory: "mboard" file creation issue, Mayhemic Labs Security
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, x___ . _
- <Possible follow-ups>
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, Mefisto
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, yalnifj
rPSA-2006-0219-1 info install-info texinfo, rPath Update Announcements
CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, Francesco Laurita
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, raven
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), liuqx
- <Possible follow-ups>
- Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), fgghy
rPSA-2006-0218-1 ImageMagick, rPath Update Announcements
iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability, iDefense Labs
[SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities, Noah Meyerhans
ClickGallery Sql Injection, Advisory
Clickblog Sql Injection, Advisory
VMware 5.5.1 Local Buffer Overflow (HTML Exploit), NormandiaN_MailID
- Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit), str0ke
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename), liuqx
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution, Moritz Muehlenhoff
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability, Advisory
[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability, Advisory
mAlbum v0.3 local file inclusion, tux025
Free tool for pattern identification (for researchers), Gary Golomb
AttackAPI 2.0 alpha, pdp (architect)
Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74
Siap Cms Sql Injection (login.asp), nagazakig74
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl
  - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Tim Newsham
    - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- <Possible follow-ups>
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
  - Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steven M. Christey
  - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Shawn Fitzgerald
New Windows tool - NBTEnum 3.3, Reed Arvin
DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar
- <Possible follow-ups>
- Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz
WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory
[ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen
CPanel 11 Multiple Cross-Site Scription, Advisory
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child
[Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory
Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig
[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen
[Aria-Security Team] iNews News Manager SQL Injection, Advisory
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory
[Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory
Wolflab Burning Board Lite 1.0.2 two sql injections, retrog
[ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen
mmgallery Multiple vulnerabilities, saudi
Cross site scripting & fullpath disclosure, saudi
- <Possible follow-ups>
- Re: Cross site scripting & fullpath disclosure, james . brown
Cracking String Encryption in Java Obfuscated Bytecode, subere
- Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico
  - Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET
- <Possible follow-ups>
- RE: Cracking String Encryption in Java Obfuscated Bytecode, Jeremy Epstein
Active PHP Bookmarks (apb.php) Remote file include, philip anselmo
- <Possible follow-ups>
- Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto
[ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security
Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell
- <Possible follow-ups>
- Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio
CFP - VII National Computer and Information Security Conference, Jeimy Cano
NVIDIA nView (keystone) local Denial Of service, no-reply
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc
Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on
- Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A
XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14
Perl proxy checker using samair.ru, Iko Riyadi
CONFidence 2007 CFP, andrzej . targosz
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
- Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik
- <Possible follow-ups>
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security
Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research
*BSD banner INT overflow vulnerability, Gruzicki Wlodek
- Re: *BSD banner INT overflow vulnerability, Steve Shockley
  - Re: *BSD banner INT overflow vulnerability, admin
- <Possible follow-ups>
- Re: Re: *BSD banner INT overflow vulnerability, evilrabbi
  - Re: *BSD banner INT overflow vulnerability, Bob Beck
[USN-381-1] Firefox vulnerabilities, Kees Cook
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
Vulnerability in PostNuke, sni-labs
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team
Clarifying integer overflows vs. signedness errors, Steven M. Christey
- Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti
- Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
[USN-382-1] Thunderbird vulnerabilities, Kees Cook
JiRos Links Manager[injection sql & xss permanent], saps . audit
creadirectory [injection sql & xss], saps . audit
Link Exchange Lite [injection sql], saps . audit
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge
aBitWhizzy [local file include], saps . audit
- <Possible follow-ups>
- Re: aBitWhizzy [local file include], john . goodman
[SECURITY] [DSA 1218-1] New proftpd packages fix denial of service, Moritz Muehlenhoff
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research
[ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev
[KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
- RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K
Which is more secure? Oracle vs. Microsoft, David Litchfield
- "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover
  - Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
[USN-384-1] OpenLDAP vulnerability, Kees Cook
The Classified Ad System [multiple xss & injection sql], saps . audit
[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression, Moritz Muehlenhoff
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r
Classified System [injection sql], saps . audit
[ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
- <Possible follow-ups>
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit
  - Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni
my little weblog => Cross Site Scripting, the_3dit0r
mAlbum v0.3 Multiple vulnerabilitizzz, tux025
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code, Moritz Muehlenhoff
Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security
BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r
[SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service, Moritz Muehlenhoff
[ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r
[ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass, Moritz Muehlenhoff
[ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen
The Week of Oracle Database Bugs, Cesar
- Re: The Week of Oracle Database Bugs, Tony Jambu
LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security
- Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research
[SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution, Moritz Muehlenhoff
Rialto 1.6[admin login bypass & multiples injections sql], saps . audit
Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r
mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r
mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r
iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r
enomphp => 4.0 Remote Traversal Directory, the_3dit0r
klf-realty [injection sql], saps . audit
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r
dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r
Shopping_Catalog Remote File Include exploit, the_3dit0r
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r
gNews Publisher SQL Injection Vulnerabilites, Advisory
eClassifieds [injection sql], saps . audit
Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
- Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
- Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
  - Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl
PHPOLL => 0.96 Cross Site Scripting, the_3dit0r
ehomes [multiples injections sql], saps . audit
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt
Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities, Moritz Muehlenhoff
Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit
Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info
Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis
Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen
GPhotos 1.5 Multiple vulnerabilities, tux025
- Re: GPhotos 1.5 Multiple vulnerabilities, packet
A-Cart 2.0 SQL Injection, Advisory
linksys wrt54g v5 authentication bypass fixed, Ginsu Rabbit
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite, Advisory
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues, admin
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, Advisory
- <Possible follow-ups>
- Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, gmdarkfig
PhpBB Module Dimension Remote File Include, bluespy . ok
- <Possible follow-ups>
- PhpBB Module Dimension Remote File Include, bluespy . ok
BLOG:CMS <= 4.1.3 XSS, katatafish
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security
Vikingboard (0.1.2) [ multiples vulnerability ], saps . audit
Drone Armies C&C Report - 17 Nov 2006, c2report
Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection, gmdarkfig
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING, pagvac
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues, admin
A-Cart PRO SQL Injection, Advisory
- <Possible follow-ups>
- Re: A-Cart PRO SQL Injection, gmdarkfig
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability, security
Infinitytechs Restaurants CM, saps . audit
Dating Site [ login bypass & xss], saps . audit
MosReporter Joomla Component Remote File Inclusion Exploi, crackers_child
XSS vBulletin 3.6.X Admin Control Painel, insanity
20/20 datashed [ multiples injection sql ], saps . audit
igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote, info
Aspmforum [ multiples injection sql (get&post)], saps . audit
Sphpblog => 0.8 Remote File Include Vulnerabilities, the_3dit0r
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Reversemode
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K
TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability, liuqx
20/20 real estate [ multiples injection sql ], saps . audit
20/20 auto gallery [ multiples injection sql ], saps . audit
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory], Advisory
[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
TSLSA-2006-0065 - libpng, Trustix Security Advisor
[ GLSA 200611-09 ] libpng: Denial of Service, Sune Kloppenborg Jeppesen
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS), security-alert
[USN-383-1] libpng vulnerability, Kees Cook
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png), OpenPKG
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities, security
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities, security
Active News Manager [ injection sql (post&get)], saps . audit
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd), OpenPKG
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities, security
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities, security
Kerio WebSTAR local privilege escalation, K F (lists)
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities, security
Pilot Cart V.7.2 [ injection sql (post) ], saps . audit
Storystream => 4.0 Remote File Include Vulnerability Exploit, the_3dit0r
RED Blog => Remote File Include Vulnerability Exploit, the_3dit0r
blogcms => 4.0.0 Remote File Include, the_3dit0r
- Re: blogcms => 4.0.0 Remote File Include, Stefano Zanero
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit, the_3dit0r
Image gallery with Access Database SQL Injection, Advisory
rPSA-2006-0211-1 libpng, rPath Update Announcements
Links smbclient command execution, Teemu Salmela
UK Security Convention - Continuity 2006, Manchester 2600
Secunia Research: Panda ActiveScan Multiple Vulnerabilities, Secunia Research
eggblog=> 3.1.0 Cross Site Scripting, the_3dit0r
Hot Links download backup authorized vulnerabilities (re-post with some edit), hack2prison
worksystem => Remote File Include Vulnerability Exploit, the_3dit0r
- <Possible follow-ups>
- Re: worksystem => Remote File Include Vulnerability Exploit, Laurent . van_den_reysen
ASP Cart [multiples injection sql (post & get)], saps . audit
Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include, AG- Spider
BlogTorrent-preview => 0.92 Cross Site Scripting, the_3dit0r
Sphpblog => 0.8 Cross Site Scripting, the_3dit0r
i-Gallery 3.4 Cross Site Scripting, Advisory
Myphotos => Remote File Include Vulnerability Exploit, the_3dit0r
Helm Cross Site Scripting, Advisory
ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability, zdi-disclosures
BaalAsp forum [login bypass ,injections sql(post), xss(post)], saps . audit
CandyPress Store[ multiples injection sql ], saps . audit
Vulnerabilities in Client Service for NetWare, Avert
Whitepaper: Implementing and Detecting a PCI Rootkit, John Heasman
eShopping Cart [injection sql], saps . audit
Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), revenge
- <Possible follow-ups>
- Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), dean
discloser => 0.0.4 Remote File Include Vulnerability Exploit, the_3dit0r
dev_wms => 1.5 Remote File Include Vulnerabilities, the_3dit0r
- Re: dev_wms => 1.5 Remote File Include Vulnerabilities, Stefano Zanero
Secunia Research: MDaemon Insecure Default Directory Permissions, Secunia Research
Chetcpasswd 2.x: multiple vulnerabilities, riclem
Bloo => 1.00 Remote File Include Vulnerability, the_3dit0r
Team Evil - Incident #2, beSIRT
OdysseusBlog => 1.0.0 Cross Site Scripting, the_3dit0r
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues, admin
PhpMyAdmin all version [multiples vulnerability], saps . audit
Hot Links download backup authorized vulnerabilities, hack2prison
discloser => 0.0.4 Remote File Include Vulnerabilities, the_3dit0r
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection, Advisory
MetaCart e-Shop [multiples injection sql (get & post)], saps . audit
E-commerce Kit 1 PayPal Edition [ injection sql ], saps . audit
Bloo => 1.00 Cross Site Scripting, the_3dit0r
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability, security
FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
- Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Lucas Holt
- <Possible follow-ups>
- RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen
Helm Cross-Site Scripting (XSS), Advisory
E-Calendar Pro 3.0 [ login bypass & injection sql (post)], saps . audit
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
[SECURITY] [DSA 1212-1] New openssh packages fix denial of service, Noah Meyerhans
[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability, security
TSLSA-2006-0063 - multi, Trustix Security Advisor
TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo), OpenPKG
NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
MultiCalendars [ multiples injection sql ], saps . audit
[SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution, Moritz Muehlenhoff
Dragon calendar [ login bypass & injection sql ], saps . audit
hpecs shopping cart[login bypass & injection sql (post)], saps . audit
A-Cart pro[ injection sql (post&get)], saps . audit
A+ Store E-Commerce[ injection sql & xss (post) ], saps . audit
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability, zdi-disclosures
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, zdi-disclosures
- Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner
EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, eEye Advisories
- Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, security-list
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux], K F (lists)
[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'], K F (lists)
Property Site Manager [login bypass ,multiples injection sql & xss (get)], saps . audit
Blogme v3 [admin login bypass & xss (post)], saps . audit
FunkyASP Glossary v1.0 [injection sql], saps . audit
Evolve Merchant[ injection sql ], saps . audit
- <Possible follow-ups>
- Re: Evolve Merchant[ injection sql ], tony
Car Site Manager [injection sql & xss (get)], saps . audit
Inventory Manager [injection sql & xss (get)], saps . audit
Apple Safari "match" Buffer Overflow Vulnerability, jbh_cg
- Re: Apple Safari "match" Buffer Overflow Vulnerability, J. Oquendo
BPG Content Management System SQL Injection, Advisory
Engine Manager SQL Injection, Advisory
ECommerce Store Shop Builder, Advisory
Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Stefan Esser
- Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Marcello Barnaba
eShopping SQL Injection, Advisory
Ustore SQL Injection, Advisory
WWWeb Cocepts SQL Injection, Advisory
SiteXpress SQL Injection, Advisory
ASPintranet SQL Injection, Advisory
- <Possible follow-ups>
- ASPintranet SQL Injection, Advisory
Real Estate Listing System SQL Injection, Advisory
[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
DirectAdmin Multiple Cross Site Scription, Advisory
[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
[ GLSA 200611-08 ] RPM: Buffer overflow, Raphael Marichez
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2, VMware Security team
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4, VMware Security team
[ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities, Raphael Marichez
New Bug MiniBB Forum <= 2 Remote File Include (index.php), philip anselmo
- <Possible follow-ups>
- Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php), navairum
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability, ajannhwt
[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows, Raphael Marichez
Challenges faced by automated web application security assessment tools, bugtraq
VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2, VMware Security team
SinFP 2.04 release, works under Windows, GomoR
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue, VMware Security team
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1, VMware Security team
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit, ajannhwt
iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, iDefense Labs
[FLSA-2006:211760] Updated gzip package fixes security issues, David Eisenstein
Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit, ajannhwt
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
Old SAP exploits, Nicob
CPanel Multiple Cross Site Scription, Advisory
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability, ajannhwt
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability, ajannhwt
ELOG Web Logbook Remote Denial of Service Vulnerability, OS2A BTO
Phpdebug 1.1.0 - Remote File Include by Firewall, Firewall1954
Phpjobscheduler 3.0 - Multiple Remote File Include, Firewall1954
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include, Stefano Zanero
  - Re: Phpjobscheduler 3.0 - Multiple Remote File Include, str0ke
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow, zdi-disclosures
Digipass Go3 Token Dumper (at least for 2006), fcollyer
- Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij
- <Possible follow-ups>
- Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer
VBulletin DoS Exploit [ all Versions ], root
- RE: VBulletin DoS Exploit [ all Versions ], Bart Seresia
Web Interface remote file inclusion, navairum
shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit, crackers_child
infinicart [ multiples injection sql & xss (post) ], saps . audit
XSS in Email Signature Script, miladkaleh
[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities, Moritz Muehlenhoff
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit, ajannhwt
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability, ajannhwt
NuRems 1.0 Remote XSS/SQL Injection Exploit, ajannhwt
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit, ajannhwt
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability, ajannhwt
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit, ajannhwt
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit, ajannhwt
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure], benjilenoob
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue, admin
TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability, stormhacker
Wordpress File Inclusion, vannovax
- Re: Wordpress File Inclusion, Expanders
- <Possible follow-ups>
- Re: Wordpress File Inclusion, emc3
Mega Mall [ multiples injection sql & full path disclosure ], saps . audit
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
Exophpdesk V1.2 - Remote File Include, firewall1954
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, philipp . niedziela
- <Possible follow-ups>
- Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, yorn
encapscms 0.3.6 - Remote File Include by Firewall, firewall1954
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability, zdi-disclosures
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit, corrado . liotta
[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, corrado . liotta
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, Noam Rathaus
[ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap), OpenPKG
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
- <Possible follow-ups>
- [ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities, security
rPSA-2006-0207-1 openssh openssh-client openssh-server, rPath Update Announcements
rPSA-2006-0206-1 firefox thunderbird, rPath Update Announcements
rPSA-2006-0205-1 php php-mysql php-pgsql, rPath Update Announcements
rPSA-2006-0204-1 kernel, rPath Update Announcements
[ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities, Matthias Geerdsen
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert
Wheatblog [multiple xss (post) & full path disclosure], saps . audit
[USN-379-1] texinfo vulnerability, Kees Cook
LandShop Real Estate [multiple injection sql & xss], saps . audit
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities, Moritz Muehlenhoff
GNU gv Stack Overflow Vulnerability, Renaud Lifchitz
- Re: GNU gv Stack Overflow Vulnerability, Noam Rathaus
bitweaver <=1.3.1 [injection sql (post) & xss (post)], saps . audit
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability, security
omnistar article manager [multiples injection sql], saps . audit
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006, Manh Tho
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities, ajannhwt
FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive, FreeBSD Security Advisories
FreeWebshop <=2.2.2 [local file include & xss], saps . audit
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability, ajannhwt
[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error, security
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities, security
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh), OpenPKG
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop, Cisco Systems Product Security Incident Response Team
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability, security
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities, security
Portix-PHP [login bypass & xss (post)], saps . audit
phpsatk => Remote File Include Vulnerability EXploit, h4ck3riran
Speedwiki 2.0 Arbitrary File Upload Vulnerability, saps . audit
TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability, TSRT
iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs
iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities, iDefense Labs Security Advisories
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability, h4ck3riran
Y.A.N.S sql injection, navairum
Lotus Notes pre-login User.ID key leak, Andrew Christensen
Abarcar Realty Portal [injection sql], saps . audit
WFTPD Pro Server 3.23 Buffer Overflow, Joxean Koret
XSS in Kayako SupportSuite v3.00.32, hacker hackers
[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick Boyce
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez
    - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick FitzGerald
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Glynn Clements
WarFTPd 1.82.00-RC11 Remote Denial Of Service, Joxean Koret
Minimizing error cascades in vulnerability information management, Steven M. Christey
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability, security
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, jesper . jurcenoks
- <Possible follow-ups>
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, Jesper Jurcenoks
News publication system remote File include, navairum
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities, security
GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability, skulmatic
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability, security
[USN-376-2] imlib2 regression fix, Kees Cook
IE7 website security certificate discrediting exploit, inge_eivind . henriksen
- <Possible follow-ups>
- Re: IE7 website security certificate discrediting exploit, inge_eivind . henriksen
ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability, zdi-disclosures
VulnDisco Pack for Metasploit, Evgeny Legerov
Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, broken-proxy
- <Possible follow-ups>
- Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, simo64
Hotmail and Windows Live Mail XSS Vulnerabilities, applesoup
- Message not available
  - Re: Hotmail and Windows Live Mail XSS Vulnerabilities, HASEGAWA Yosuke
XSS Vulnerability in Zend Framework Preview 0.2.0, security
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities, Moritz Muehlenhoff
[SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution, Moritz Muehlenhoff
Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New), ajannhwt
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues, admin
[ GLSA 200611-02 ] Qt: Integer overflow, Matthias Geerdsen
TSLSA-2006-0061 - multi, Trustix Security Advisor
Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server, ProCheckUp Research
Joomla 1.0.11 Remote File Include, root
- Antwort: Joomla 1.0.11 Remote File Include, srunschke
MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss], saps . audit
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability, erdc
Mail Drives Security Considerations, darkz . gsa
[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability, erdc
PHP Rapid Kill All Version File Injection, null_hack
Stanford university SCARF user editing, navairum
- <Possible follow-ups>
- Re: Stanford university SCARF user editing, spam
Article Script v1.*and v1.6.3 Sql injection, liz0
@cid stats v2.3 File Include, mahmood ali
- Re: @cid stats v2.3 File Include, Heiko Wundram
IF-CMS multiples XSS vunerabilities, saps . audit
[USN-377-1] NVIDIA vulnerability, Kees Cook
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues, admin
[USN-378-1] RPM vulnerability, Kees Cook
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind), OpenPKG
Web Directory Pro bypass Vulnerabilities, hack2prison
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php), OpenPKG
MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, admin
- <Possible follow-ups>
- Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, saps . audit
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby), OpenPKG
[USN-376-1] imlib2 vulnerabilities, Kees Cook
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability, zdi-disclosures
XSS in script Mobile, m-0-t
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
SIMPLOG 0.9.3 injection sql & multiple xss, saps . audit
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation, Steve Kemp
[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability, Matthias Geerdsen
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, harrisonholland
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob
  - Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities, security
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue, security
EUSecWest/London CFP extended to Nov. 7, Dragos Ruiu
Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability, Stefan Esser
Educational write-up by Amit Klein: "A Refreshing Look at Redirection", Amit Klein
[USN-375-1] PHP vulnerability, Martin Pitt
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS), security-alert
[SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass, Moritz Muehlenhoff
iodine client 0.3.2 buffer overflow, poplix
Firefox 1.5.0.7 Exploit, koenig
- Re: Firefox 1.5.0.7 Exploit, Robert McGrew
- Re: Firefox 1.5.0.7 Exploit, Bram Dumolin
- Re: Firefox 1.5.0.7 Exploit, Martin Pitt
- Re: Firefox 1.5.0.7 Exploit, Lubomir Kundrak
- <Possible follow-ups>
- Re: Firefox 1.5.0.7 Exploit, OOZIE
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability, Stefan Esser
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], securfrog
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä
  - Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä
    - RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Richard Stanway
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Paul Laudanski
Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00, Nicob
Internet Explorer 7 - Still Spyware Writers' Heaven, avivra
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes
  - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Thierry Zoller
    - Message not available
      - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan
    - RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes
[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege, security-alert
[USN-374-1] wvWare vulnerability, Kees Cook
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access, security-alert
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution, security-alert
[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert
rPSA-2006-0202-1 tshark wireshark, rPath Update Announcements
Outpost Insufficient validation of 'SandBox' driver input buffer, Matousec - Transparent security Research
tikiwiki 1.9.5 mysql password disclosure & xss, securfrog
- <Possible follow-ups>
- Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI
- Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin
Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass, Cisco Systems Product Security Incident Response Team

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]