Bugtraq

Date Index

[Prev Page][Next Page]

[USN-371-1] Ruby vulnerability, Kees Cook
Asterisk Local and Remote Denial of Service vulnerability, sil
[USN-373-1] mutt vulnerabilities, Kees Cook
Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion
- <Possible follow-ups>
- Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", rvirtue
[USN-370-1] screen vulnerability, Kees Cook
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0, security
iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability, iDefense Labs
iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability, iDefense Labs
iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability, iDefense Labs
Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD", LegendaryZion
Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD", LegendaryZion
Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion
PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability, paisterist . nst
[SECURITY] [DSA 1202-1] New screen packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1201-1] New ethereal packages fix denial of service, Moritz Muehlenhoff
Authentication bypass in BytesFall Explorer, RedTeam Pentesting
New Flaw in Firefox 2.0: DoS and possible remote code execution, xxxx
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Gouki
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Josh Bressers
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jan Heisterkamp
- <Possible follow-ups>
- Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, xxxx
  - Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Daniel Veditz
  - Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A
    - Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jerome Athias
      - Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A
Sun java System Messenger Express XSS, handrix
- <Possible follow-ups>
- Re: Sun java System Messenger Express XSS, b2wang
SQL Injection Vulnerability in bfExplorer 0.0.6, security
[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities, security
[ MDKSA-2006:193 ] - Updated ImageMagick packages fix vulnerabilities, security
Hawking Technology wireless router WR254-CA DNS issue, Nikolai Grigoriev
ActiveX security leaks in the TV owned web game platform, maxgipeh
ModSecurity 2.0, A Core Rule Set and Console now available, Ofer Shezaf
[security bulletin] HPSBTU02168 SSRT061237 rev.1 - HP Tru64 UNIX Running gzip, gunzip, and gzcat, Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.3 - HP OpenView Storage Data Protector Remote Unauthorized Arbitrary Command Execution, security-alert
[security bulletin] HPSBMA02138 SSRT061184 rev.2 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution, security-alert
Multiple Remote File Include, firewall1954
CORE FORCE R0.95 released!, CORE FORCE Team
[ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities, Raphael Marichez
Metasploit Framework 2.7 Released, H D Moore
opendocman <= 1.2p3 Bypass admin/user Login, k1tk4t
[ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, erdc
- <Possible follow-ups>
- Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim
Punbb <= 1.2.13 Multiple Vulnerabilities, Nms
Nucleus Core v3.23 - Remote File Include, firewall1954
- Re: Nucleus Core v3.23 - Remote File Include, Francesco Laurita
PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability, ajannhwt
PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability, ajannhwt
Simple Website Software v0.99 (common.php) Remote File Include, cw . cybersecurity
[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue, admin
easy notes manager sql injection and authentication bypass, poplix
freenews---> fileinclude, MoHaNdKo
- Re: freenews---> fileinclude, Tamriel
  - Re: freenews---> fileinclude, pokley
  - Message not available
    - Re: freenews---> fileinclude, pokley
SQL in WebWizForum by almaster hacker, almaster
Back-end => 0.4.5 Remote File Include Vulnerability Exploit, h4ck3riran
bbsNew => 2.0.1 Remote File Include Vulnerability Exploit, h4ck3riran
Exporia => 0.3.0 Remote File Include Vulnerability Exploit, h4ck3riran
CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, firewall1954
- Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, Francesco Laurita
- Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, Tamriel
Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, Matt Richard
[OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress), OpenPKG
[SECURITY] [DSA 1200-1] New Qt packages fix integer overflow, Noah Meyerhans
[ GLSA 200610-14 ] PHP: Integer overflow, Raphael Marichez
[ MDKSA-2006:191 ] - Updated screen packages fix vulnerability, security
[ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability, security
[ MDKSA-2006:190 ] - Updated mutt packages fix multiple vulnerabilities, security
[ MDKSA-2006:188 ] - Updated mono packages fix vulnerability, security
[ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability, security
Microsoft .NET request filtering bypass vulnerability, research
Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability, playpacific . emulacaid
Thepeak File Upload v1.3 : Read file vulneability, loveha
Ban v0.1 (bannieres.php) File Include, mahmood ali
- Re: Ban v0.1 (bannieres.php) File Include, Francesco Laurita
phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, zooz_998
- <Possible follow-ups>
- Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, emme0032
- Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, simo
[funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Gadi Evron
phpLedAds 2.0(dir) File Include, mahmood ali
- Re: phpLedAds 2.0(dir) File Include, Stefano Zanero
PLS-Bannieres 1.21 (bannieres.php) File Include, mahmood ali
- Re: PLS-Bannieres 1.21 (bannieres.php) File Include, Stefano Zanero
RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie
GestArt <= vbeta 1 Remote File Include Vulnerabilities, ip . 123 . 456 . 78 . 90
ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability, Bithedz
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability, paisterist . nst
UNISOR CMS sql injection, fireboy2006
IE7 status: 8 days after release, 3 unfixed issues, Moritz Naumann
SMF fgets off-by-one issue and filter size evasion, josecarlos . norte
TextPattern <=1.19 Remote File Inclusion Vulnerability, Bithedz
vulnerability in Symantec products, security
- <Possible follow-ups>
- Re: vulnerability in Symantec products, jay.tomas
  - unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products], Gadi Evron
[ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow, Raphael Marichez
ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, zdi-disclosures
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability, iDefense Labs
phpFaber CMS Cross Site Scripting, security
Directory Traversal in TorrentFlux 2.1, Christopher
Joomla extended_registration mod Remote File Include Vulnerabilities, crackers_child
Insecure storage of passwords in Axalto Protiva, nnposter
MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability, xorontr
MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues, Mayhemic Labs Security
TSLSA-2006-0059 - postgresql, Trustix Security Advisor
IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, LIUDIEYU dot COM
- Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, Reversemode
- Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, HASEGAWA Yosuke
rPSA-2006-0198-1 screen, rPath Update Announcements
[OpenPKG-SA-2006.026] OpenPKG Security Advisory (screen), OpenPKG
rPSA-2006-0195-2 kdelibs qt-x11-free, rPath Update Announcements
[security bulletin] HPSBMA02133 SSRT061201 rev.2 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox Lyrics3 v2.00 tags Heap Overflow Vulnerability, iDefense Labs
Web-style Wireless IDS attacks, noreply
iDefense Security Advisory 10.25.06: AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability, iDefense Labs
iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability, iDefense Labs
Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability, erreale
- Re: Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability, Christian Kalkhoff
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability, iDefense Labs
[ MDKSA-2006:187 ] - Updated Qt packages fix vulnerability, security
phpMyConferences_8.0.2 Remote File Inclusion, Outlaw
- Re: phpMyConferences_8.0.2 Remote File Inclusion, Tamriel
[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities, farhadkey
Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, Gadi Evron
Cisco Security Advisory: Cisco Security Agent for Linux Port Scan Denial of Service, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems, Noah Meyerhans
ProgSys verion 0.151 XSS vulnerability, security
[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities, vulnpost-remove
who needs a server ..., auto113922
CSLH2.9.9 Remote File Include Vulnerabilities, crackers_child
adobe php sdk Remote File Include Vulnerabilities, crackers_child
- Re: adobe php sdk Remote File Include Vulnerabilities, Mailinglists Address
InteliEditor (sys_path) Remote File Include Vulnerability, xorontr
[ GLSA 200610-10 ] ClamAV: Multiple Vulnerabilities, Raphael Marichez
[ GLSA 200610-11 ] OpenSSL: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200610-12 ] Apache mod_tcl: Format string vulnerability, Raphael Marichez
Month of Kernel Bugs and fsfuzzer release (0.6), L.M.H.
Modify Data via Inline Views, ak
Symantec Product Security: Symantec Device Driver Elevation of Privileg, secure
[SECURITY] [DSA 1198-1] New python2.3 packages fix arbitrary code execution, Moritz Muehlenhoff
INCA IM-204 Dsl several vulnerabilities, crackers_child
WikiNi Multiple Cross Site Scripting Vulnerabilities, raphael . huck
Application orders Linux in WebAPP v0.9.9.2.1, the_free_kernel
- <Possible follow-ups>
- Re: Application orders Linux in WebAPP v0.9.9.2.1, nicolascamino
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT, Debasis Mohanty
SQL Injection in Oracle package MDSYS.SDO_LRS, ak
SQL Injection in package SYS.DBMS_CDC_IMPDP, ak
SQL Injection in package XDB.DBMS_XDBZ0, ak
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL, ak
hack.lu Bluetooth demo, K F (lists)
- Re: [Full-disclosure] hack.lu Bluetooth demo, Thierry Zoller
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports, ak
http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html, ak
Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP, ak
SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES, ak
Smarty-2.6.1 Remote File Include Vulnerabilities, crackers_child
- Re: Smarty-2.6.1 Remote File Include Vulnerabilities, J. Carlos Nieto
Flaw in Firefox 2.0 Final, mike
D-Link DSL-G624T several vulnerabilities, jose . palanco
[PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability, Matteo Beccati
-==PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities==-, paisterist . nst
[SECURITY] [DSA 1197-1] New python2.4 packages fix arbitrary code execution, Moritz Muehlenhoff
AROUNDMe 0.6.9 remonte file inclusion, noislet . nospam
PHP Generator of Object SQL Database (path) Remote File Include Vulnerability, xorontr
WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability, crackers_child
speedberg <= 1.2beta1 Remote File Inclusion, k1tk4t
XSS in Zwahlen Online Shop, MC Iglo
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability, iDefense Labs
iDefense Security Advisory 10.21.06: Novell eDirectory NCP over IP length Heap Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability, iDefense Labs
IPEER Remote file inclusion, navairum
trawler <= 1.8.1 Remote File Inclusion, k1tk4t
RMSOFT Cross Site Scripting, FREAK_PR
[ GLSA 200610-09 ] libmusicbrainz: Multiple buffer overflows, Matthias Geerdsen
[USN-368-1] Qt vulnerability, Martin Pitt
Virtual Law Office (phpc_root_path) Remote File Include Vulnerability, xorontr
Hustle Labs & MNIN eDirectory Vulnerability, Ryan Smith
Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability, xorontr
[OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal), OpenPKG
PHPLibrary-1.5.3(Description.php) Remote File Include, arab_anaconda
Advisory for Oneorzero helpdesk, Mike Klingler
[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation, Reversemode
PHP Poll Creator 1.04 (poll_vote.php)File Include, mahmood ali
[security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code, security-alert
[ GLSA 200610-08 ] Cscope: Multiple buffer overflows, Raphael Marichez
PHP Classifieds 7.1 - Remote File Include Vulnerability, Le . CoPrA
- <Possible follow-ups>
- Re: PHP Classifieds 7.1 - Remote File Include Vulnerability, support
Simple Machines Forum (SMF) XSS issue, josecarlos . norte
- <Possible follow-ups>
- Re: Simple Machines Forum (SMF) XSS issue, mrapples
  - Re: Simple Machines Forum (SMF) XSS issue, RSnake
- Re: Re: Simple Machines Forum (SMF) XSS issue, oldiesmann
HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code, security-alert
[KAPDA::#60] Mambo V4.6.x vulnerabilities, alireza hassani
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED), Williams, James K
Multiple XSS Vulnerabilities in KnowledgeBank 1.01, security
ATutor 1.5.3.2=> Remote File Include Vulnerability, subzero . 0000
[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue, Uwe Hermann
KICS CMS sql injection, fireboy2006
[SECURITY] [DSA 1196-1] New clamav packages fix arbitrary code execution, Moritz Muehlenhoff
ERRATA: [ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez
[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues, Uwe Hermann
[DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue, Uwe Hermann
DigitalHive 2.0 RC2 (base_include.php)File Include, mahmood ali
[USN-367-1] Pike vulnerability, Kees Cook
UltraCMS 0.9 sql injection, fireboy2006
Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities, Stefan Esser
iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, iDefense Labs
- <Possible follow-ups>
- Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, abel . andrade
- Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, Steven M. Christey
[security bulletin] HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065, security-alert
TORQUE Spool Job Race condition (torque <= 2.0.0p8), Luís Miguel Silva
[Xss] IN SMF 1.1 RC2, the_free_kernel
SQL Injection simplog, navairum
[OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk), OpenPKG
[ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability, security
PHP "exec", "system", "popen" problem, Дмитрий Borgir
- Re: PHP "exec", "system", "popen" (+small POC), Bernhard Mueller
rPSA-2006-0195-1 kdelibs, rPath Update Announcements
[USN-366-1] binutils vulnerability, Kees Cook
Security-Assessment.com Advisory: Asterisk remote heap overflow, Adam Boileau
Static fmat exploits with random va, root
Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions, Secunia Research
Secunia Research: Joomla BSQ Sitestats Script Insertion and SQL Injection, Secunia Research
{x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit, corrado . liotta
Airmagnet management interfaces multiple vulnerabilities, noreply
- <Possible follow-ups>
- Re: Airmagnet management interfaces multiple vulnerabilities, ckuan
Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface, noreply
Call for Papers - First International Workshop on Secure Software Engineering (SecSE 2007), Lillian Røstad
PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, CarcaBotx
- Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, str0ke
- <Possible follow-ups>
- Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, theif
PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, mahmood ali
- <Possible follow-ups>
- Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, neothermic
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability, mahmood ali
TSLSA-2006-0057 - multi, Trustix Security Advisor
Analysis of the Oracle October 2006 Critical Patch Update, David Litchfield
[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion, erdc
zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit, MoHaNdKo
Simplog 0.9.3.1 SQL Injection, disfigure
Boonex Dolphin 5.2 Remote File Inclusion, disfigure
Comdev One Admin 4.1 Remote File Inclusion, disfigure
[ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities, security
[ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities, security
[ MDKSA-2006:183 ] - Updated libksba packages correct DoS vulnerability, security
iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability, iDefense Labs
Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin, advisory
[ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez
rPSA-2006-0194-1 kernel, rPath Update Announcements
phpAdsNew include bug!, wacky
- Re: phpAdsNew include bug!, Wim Godden
- <Possible follow-ups>
- Re: phpAdsNew include bug!, matteo
[ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery, Raphael Marichez
[ GLSA 200610-05 ] CAPI4Hylafax fax receiver: Execution of arbitrary code, Raphael Marichez
[security bulletin] HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges, security-alert
Flaw in Firefox 2.0 RC2, Mike
- Re: Flaw in Firefox 2.0 RC2, Jose Nazario
  - Re: Flaw in Firefox 2.0 RC2, Eliah Kagan
    - Re: Flaw in Firefox 2.0 RC2, Paul Schmehl
    - Re: Flaw in Firefox 2.0 RC2, arny
- Re: Flaw in Firefox 2.0 RC2, jm
  - RE: Flaw in Firefox 2.0 RC2, Aras "Russ" Memisyazici
  - Re: Flaw in Firefox 2.0 RC2, Mark A Basil
    - Re: Flaw in Firefox 2.0 RC2, Jure Pečar
- Re: Flaw in Firefox 2.0 RC2, Shane Lahey
- Re: Flaw in Firefox 2.0 RC2, Lubomir Kundrak
- RE: Flaw in Firefox 2.0 RC2, Sean Warnock
[ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability, erdc
[OpenPKG-SA-2006.023] OpenPKG Security Advisory (php), OpenPKG
TorrentFlux user_id Script Insertion, 3cab7cc7
TorrentFlux file Script Insertion, 3cab7cc7
TorrentFlux action Script Insertion, 3cab7cc7
PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting, research
[USN-365-1] libksba vulnerability, Kees Cook
[Xss] IN phplist v 2.10.2,, the-free_kernel
About.com contact, C. Hamby
Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability, Stefan Esser
PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability, mahmood ali
patchlodel-0.7.3 - Remote File Include Vulnerabilities, erne
Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux, advisory
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability, iDefense Labs
Full Path Disclosure in PHP-Wyana (2), xx_hack_xx_2004
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability, iDefense Labs
osprey 1.0 (ListRecords.php) Remote File Include Vulnerability, KaBaRa . HaCk . eGy
[ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities, Raphael Marichez
[USN-364-1] Xsession vulnerability, Kees Cook
WebYep-1.1.9 - Remote File Include Vulnerabilities, erne
MOStlyCEV454 - Remote File Include Vulnerabilities, erne
VoMM: Taking browser exploits to the next level, avivra
:ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities, 3APA3A
Full Path Disclosure in PHP-Wyana, xx_hack_xx_2004
maintain-3.0.0-RC2 - Remote File Include Vulnerabilities, erne
Back-end ( File Include Vulnerability Exploit ), h4ck3riran
vbulletin Exploit Tool Box, [dot]
- <Possible follow-ups>
- Re: vbulletin Exploit Tool Box, scottREMOVE
SYMSA-2006-010: Directory Traversal in IronWebMail, research
bbsNew ( File Include Vulnerability Exploit ), h4ck3riran
Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2, mkanat
Kmail <= 1.9.1 (table/frameset) DOS, nnp
Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS, Vidar Løkken
ISS BlackICE PC Protection Filelock protection bypass Vulnerability, Matousec - Transparent security Research
Spoofing security dialog in object packager - 2, seejay . 11
Jinzora 2.6 - Remote File Include Vulnerabilities, erne
WDT:- osTicket File Include all V, stormhacker
Multiple XSS Vulnerability in Gcontact, security
Re: iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability, Marco Ivaldi
EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability, mahmood ali
@lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit, xp1o
- <Possible follow-ups>
- Re: @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit, ptitgal
iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability, iDefense Labs
Utimaco Safeguard Easy vulnerability, boomboom999
- <Possible follow-ups>
- Re: Utimaco Safeguard Easy vulnerability, Juha-Matti Laurio
- Re: Utimaco Safeguard Easy vulnerability, benleavett
- Re: Re: Utimaco Safeguard Easy vulnerability, joachim . schneider
Buzlas <= v2006-1 Full Remote File Include Vulnerability, nima . salehi
PHP Top webs (config.php) Remote File Inclue Vulnerability, Le . CoPrA
PhpBB Prillian French Remote File Include Vulnerability, nima . salehi
RPG Events 1.0.0 Remote File Include Vulnerability, nima . salehi
phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability, nima . salehi
AMAZONIA MOD Remote File Include Vulnerability, nima . salehi
news defilante horizontale <= 4.1.1 Remote File Include Vulnerability, nima . salehi
maluinfo version 206.2.38l Remote File Include Vulnerability, nima . salehi
SpamOborona PHPBB Plugin Remote File Include Vulnerability, nima . salehi
phpBB Add Name Remote File Include Vulnerability, nima . salehi
phpMyConferences <= 8.0.2 Remote File Inclusion, k1tk4t
- <Possible follow-ups>
- phpMyConferences <= 8.0.2 Remote File Inclusion, mfp . c
- Re: phpMyConferences <= 8.0.2 Remote File Inclusion, Steven M. Christey
MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability, Le . CoPrA
Jax LinkLists Remote File include, dj_remix_20
- <Possible follow-ups>
- Re: Jax LinkLists Remote File include, xorontr
pbpbb archive for search engines Remote File Include Vulnerability, nima . salehi
TorrentFlux startpop.php torrent Script Insertion, 566d9bfe
[SECURITY] [DSA 1166-2] New cheesetraceker packages fix buffer overflow, Steve Kemp
Jax Newspage Remote File include, dj_remix_20
news7 <= (news.php) Remote File Inclusion Exploit, xp1o
PHPht Topsites Remote File İnclude, By_KorsaN_Son
phpBB Security <= 1.0.1 Remote File Include Vulnerability, nima . salehi
Bloq 0.5.4 Remote File İnclude, By_KorsaN_Son
PHP Cards <= 1.3 Remote File Inclue Vulnerability, Le . CoPrA
ISOI II - a DA Workshop (announcement and CFP), Gadi Evron
phpBB PlusXL 2.x <= biuld 272 Remote File Include Vulnerability, nima . salehi
Download-Engine Remote File İnclude, By_KorsaN_Son
SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability, nima . salehi
CMS contenido Path Disclosure, CvIr . System
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, Le . CoPrA
- <Possible follow-ups>
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio
PacSec Hype Security Team: CGI.pm param injection, Dragos Ruiu
RamaCMS (adodb.inc.php) Remote File Inclue Vulnerability, Le . CoPrA
[security bulletin] HPSBST02134 SSRT061187 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-052, MS06-053 and MS06-054, security-alert
[security bulletin] HPSBST02160 SSRT061254 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-055, security-alert
CMS contenido Remote File Inclusion, CvIr . System
Mcafee Network Agent (mcnasvc.exe) Remote DoS, Alexander Hristov
Open Conference Systems <= 1.1.3 Remote File Inclusion, k1tk4t
Google Earth (kml & kmz files) buffer overflow, Alexander Hristov
Phpbb insert mod Remote file include, By_KorsaN_Son
Black Hat CFP, Registration, and Announcements for October, Jeff Moss
Download-Engine Remote File Include, v1per-hacker
Security Suite IP Logger Remote File Inclusion, ReeM_HaCk
Iono all version fullpath disclosure, hack2prison
Admin User Viewed Posts Tracker Remote File Include Vulnerability, nima . salehi
Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability, nima . salehi
Cisco Security Advisory: Default Password in Wireless Location Appliance, Cisco Systems Product Security Incident Response Team
ExtCalThai_Component <= 0.9.1 Remote File Inclusion, k1tk4t
[security bulletin] HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege, security-alert
Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities, Tamriel
XeoPort <= 0.81 SQL Injection Vulnerability, Tamriel
MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues, Mayhemic Labs Security
SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability, Research
MS06-060 Microsoft Word Memmove Code Execution, Avert
iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability, iDefense Labs
new version of phplist fix XSS vulnerability, info
iDefense Security Advisory 10.11.06: AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability, iDefense Labs
[ MDKSA-2006:182 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
AlberT-EasySite <= 1.0.a5 Remote File Inclusion, k1tk4t
CommunityPortals <= 1.0 Remote File Include Vulnerability, nima . salehi
New tool release today - "wyd" - password profiling, Max Moser
Noah's Classifieds Cross Site Scripting Vulnerability, raphael . huck
gcards (languagefile) <= Remote File Include, D-virus
- Re: gcards (languagefile) <= Remote File Include, str0ke
Jinzora <= 2.1 Remote File Inclusion, k1tk4t
[USN-363-1] libmusicbrainz vulnerability, Kees Cook
Secunia Research: Microsoft Windows Object Packager Dialog Spoofing, Secunia Research
- <Possible follow-ups>
- Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing, edubp2002
MysqlDumper Version 1.21 b6 Xss Vulnerability, crackers_child
Microsoft Office Malformed Record Memory Corruption Vulnerability, Sowhat
ShmooCon 2006 CFP Announcement, B Potter
rPSA-2006-0187-1 idle python, rPath Update Announcements
Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, Steven M. Christey
[ MDKSA-2006:181 ] - Updated python packages fix vulnerability, security
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability, iDefense Labs
pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+, Dragos Ruiu
blueshoes <= 4.6_public Remote File Inclusion, k1tk4t
claroline <= 180rc1 Remote File Inclusion, k1tk4t
tagit2b -- Remote File Inclusion, k1tk4t
PHPLibrary <= 1.5.3 Remote File Inclusion, k1tk4t
[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service, Noah Meyerhans
[Fedora] libtool-ltdl uses relative paths to resolve and load libraries, Enrico Scholz
[USN-362-1] PHP vulnerabilities, Martin Pitt
ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability, zdi-disclosures
ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability, zdi-disclosures
ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability, zdi-disclosures
[security bulletin] HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues, Mayhemic Labs Security
eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities, Tamriel
phpWebSite 0.10.2 Remote File Include Vulnerabilities, crackers_child
- <Possible follow-ups>
- Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities, kevin
MS Windows DRM software Memory Corruption, Joxean Koret
[ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability, erdc
7 php scripts File Inclusion / Source disclosure Vuln, gmdarkfig
[USN-360-1] awstats vulnerabilities, Martin Pitt
[USN-361-1] Mozilla vulnerabilities, Martin Pitt
Re: net2ftp: a web based FTP client :) <= Remote File Inclusion, Steven M. Christey
[SECURITY] [DSA 1194-1] New libwmf packages fix arbitrary code execution, Moritz Muehlenhoff
yet another OpenSSH timing leak?, Marco Ivaldi
- Re: yet another OpenSSH timing leak?, Gianluca Varisco
- <Possible follow-ups>
- Re: yet another OpenSSH timing leak?, Marco Ivaldi
- Re: yet another OpenSSH timing leak?, Marco Ivaldi
[ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc
Cisco Security Advisory: Limitations in Cisco Secure Desktop, Cisco Systems Product Security Incident Response Team
[ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc
SUSE Security Announcement: php4,php5 (SUSE-SA:2006:059), Ludwig Nussel
HITBSecConf2006 CTF Source code and daemons, Praburaajan
SQL injection - moodle, disfigure
- Re: [Full-disclosure] SQL injection - moodle, scsantos@unigranrio com br
SQL injection - 4images, disfigure
Freenews v1.1 <= (chemin) Remote File Include Vulnerability, xorontr
PHP open_basedir with symlink() function Race Condition PoC exploit, paisterist . nst
XSS IN paFileDB 3.1, zarloule04
[ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability, erdc
PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability, xorontr
Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow, Stefan Esser
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability, erdc
Advanced Poll v2.02 :) <= Remote File Inclusion, alguidy
[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc
The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, xp1o
- Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, str0ke
JavaScript Spider (code that can traverse the web), pdp (architect)
PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability, paisterist . nst
RE: Informing Companies about security vulnerabilities..., bugtraq
- RE: Informing Companies about security vulnerabilities..., Wolf Halton
- <Possible follow-ups>
- RE: Informing Companies about security vulnerabilities..., Arian J. Evans
Observations on Mandatory Integrity Control (MIC) in Windows Vista, Enno Rey
Sorry....My Message With Out Live Site...., Dr . Ninux
Cahier de textes 2.0 Remote SQL injection Exploit, sami
LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
- Re: Invision Power Board Multiple Vulnerabilities, Rapigator
phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability, x0r0n
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability, x0r0n
LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
Vulnerability in Btitracker, aeroxteam
LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
Re: net2ftp Remote File Inclusion - bogus report, david
[ GLSA 200610-03 ] ncompress: Buffer Underflow, Raphael Marichez
phponline <= (LangFile) Remote File Inclusion Exploit, xp1o
Emek Portal v2.1 SQL Injection, dj_remix_20
Details of Lotus Notes Java Applet vulnerabilities, Jouko Pynnonen
FreeWPS File Upload Command Execution, security
rPSA-2006-0182-1 php php-mysql php-pgsql, rPath Update Announcements
TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities, TSRT
rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements
rPSA-2006-0183-1 nss_ldap, rPath Update Announcements
TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability, TSRT
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities, Williams, James K
[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation, Reversemode
ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability, zdi-disclosures
ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability, zdi-disclosures
ackerTodo 4.2 SQL Injection Vulnerability, Francesco Laurita
phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability, x0r0n
[USN-359-1] Python vulnerability, Martin Pitt
TorrentFlux User-Agent XSS Vulnerability, sec
TSLSA-2006-0055 - multi, Trustix Security Advisor
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
SUSE Security Summary Report SUSE-SR:2006:024, Thomas Biege
Hazir Site v2.0 Admin SQL Injection, dj_remix_20
Vulnerable function in newest PowerPoint case (MS Advisory #925984), Juha-Matti Laurio
[ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability, security
iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability, iDefense Labs
[SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit, xp1o
- <Possible follow-ups>
- Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit, Steven M. Christey
Vulnerability Type Distributions in CVE, Steven M. Christey
[ GLSA 200610-02 ] Adobe Flash Player: Arbitrary code execution, Matthias Geerdsen
[SECURITY] [DSA 1190-1] New maxdb-7.5.00 packages fix execution of arbitrary code, Moritz Muehlenhoff
[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code, Moritz Muehlenhoff
[ GLSA 200610-01 ] Mozilla Thunderbird: Multiple vulnerabilities, Matthias Geerdsen
Invision Power Board Multiple Vulnerabilities, Rapigator
[USN-357-1] Mono vulnerability, Martin Pitt
[USN-353-2] OpenSSL vulnerability, Martin Pitt
[USN-358-1] ffmpeg, xine-lib vulnerabilities, Martin Pitt
Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Gadi Evron
- Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Alexander Sotirov
  - Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Gadi Evron
Yener Haber Script v2.0 SQL injection, dj_remix_20
Directory Traversal Vulnerability in Goop Gallery 2.0.2, security
- <Possible follow-ups>
- Directory Traversal Vulnerability in Goop Gallery 2.0.2, security
- Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2, gene
[SECURITY] [DSA 1188-1] New mailman packages fix several problems, Martin Schulze
[ MDKSA-2006:179 ] - Updated openssh packages fix DoS vulnerabilities, security
Advisory 08/2006: PHP open_basedir Race Condition Vulnerability, Stefan Esser
[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability, Williams, James K
phpMyProfiler remote file include, mozi2weed
iDefense Security Advisory 10.02.06: Novell GroupWise Messenger nmma.exe DoS Vulnerability, iDefense Labs
PacSec 2006 Papers announcement and EUSecWest Call For Papers, Dragos Ruiu
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo
Security flaw in IBM Client Security Password Manager, Luís Miguel Silva
[ MDKSA-2006:178 ] - Updated ntp packages rebuilt against updated openssl., security
[ MDKSA-2006:177 ] - Updated MySQL packages rebuilt against updated openssl., security
[ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities, security
[SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution, Noah Meyerhans
[security bulletin] HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access, security-alert
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh, FreeBSD Security Advisories
Portable shell-exploit for buffer-overflow bugs, Roman Medina-Heigl Hernandez
Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053], Eiji James Yoshida
Security contact for Myspace/Fox?, E Mintz
- <Possible follow-ups>
- Re: Security contact for Myspace/Fox?, Juha-Matti Laurio
[USN-354-1] Firefox vulnerabilities, Martin Pitt
digishop v 4.0.0 Xss Vuln., meto5757
[USN-356-1] gdb vulnerability, Martin Pitt
[USN-355-1] openssh vulnerabilities, Martin Pitt
"POC 2006" by Korean hackers, securityproof
IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo
- Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Brian Eaton
  - Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo
[security bulletin] HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation, security-alert
Dayfox Blog v2.0 Remote file include, dj_remix_20
Pebble 2.0.0 RC[1,2] XSS vulnerability, Paolo Perego
Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability, David Matousek
IBM Informix Dynamic Server V10.0 File Clobbering during Install, Larry Cashdollar
[OpenPKG-SA-2006.022] OpenPKG Security Advisory (openssh), OpenPKG
EasyBannerFree (functions.php) Remote File Include Exploit, las_kid
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability, x0r0n
Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability, dh
zero-day flaws in Firefox: about 30 unpatched Firefox flaws, ragan
- Re: zero-day flaws in Firefox: about 30 unpatched Firefox flaws, Mailinglists Address
0day in Firefox from ToorCon '06, Thor Larholm
Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities, Stefan Esser
ZERT patch for setSlice(), Gadi Evron
phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2), x0r0n
Yblog => Cross Site Scripting, h4ck3riran
OlateDownload 3.4.0 Multiple Vulnerabilities, no-reply
[SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service, Moritz Muehlenhoff
setSlice exploited in the wild - massively, Gadi Evron
Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability, ozkan . aziz
rPSA-2006-0176-1 openldap openldap-clients openldap-servers, rPath Update Announcements
Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation, Matasano Advisories
rPSA-2006-0175-2 openssl openssl-scripts, rPath Update Announcements
Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow), Alexander Sotirov
[ MDKSA-2006:176 ] - Updated xine-lib packages fix buffer overflow vulnerabilities, security
[ MDKSA-2006:175 ] - Updated mplayer packages fix buffer overflow vulnerabilities, security
[ MDKSA-2006:174 ] - Update gstreamer-ffmpeg packages fix buffer overflow vulnerabilities, security
[ MDKSA-2006:173 ] - Updated ffmpeg packages fix buffer overflow vulnerabilities, security
Sql injection in PostNuke [Admin section], Omid
Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities, Stefan Esser
UBB.threads Multiple input validation error, security
[MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues, admin
FreeBSD Security Advisory FreeBSD-SA-06:23.openssl [REVISED], FreeBSD Security Advisories
Secunia Research: Joomla BSQ Sitestats Component Multiple Vulnerabilities, Secunia Research
TSLSA-2006-0054 - multi, Trustix Security Advisor
rPSA-2006-0175-1 openssl openssl-scripts, rPath Update Announcements
[ MDKSA-2006:172 ] - Updated openssl packages fix vulnerabilities, security
MkPortal UrloBox Increment Zize Desfiguration, vannovax
[ MDKSA-2006:171 ] - Updated openldap packages fixes ACL vulnerability, security
[ GLSA 200609-19 ] Mozilla Firefox: Multiple vulnerabilities, Matthias Geerdsen
[ MDKSA-2006:157-1 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities, security
[ GLSA 200609-20 ] DokuWiki: Shell command injection and Denial of Service, Matthias Geerdsen
An analysis of Microsoft Windows Vista’s ASLR, Renaud Lifchitz
SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion, chris_hasibuan
[SECURITY] [DSA 1185-1] New openssl packages fix denial of service, Moritz Muehlenhoff
Multiple XSS Vulnerabilities in Zen Cart 1.3.5, security
- <Possible follow-ups>
- Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5, security
[USN-353-1] openssl vulnerabilities, Martin Pitt
[ MDKSA-2006:170-1 ] - Updated webmin packages fix XSS vulnerability, security
ERRATA: [ GLSA 200609-17 ] OpenSSH: Denial of Service, Sune Kloppenborg Jeppesen
[OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl), OpenPKG
FreeBSD Security Advisory FreeBSD-SA-06:23.openssl, FreeBSD Security Advisories
Newswriter SW v1.4.2 Remote File Include Exploit, x0r0n
SAP Internet Transaction Server XSS vulnerability, info
Multitple XSS Vulnerabilities in Red Mombin 0.7, security
[ GLSA 200609-18 ] Opera: RSA signature forgery, Matthias Geerdsen
Comdev Events Calendar 3.1 :) <= Remote File Inclusion, stormhacker
PHPSelect Web Development Division <= Remote File Inclusion, stormhacker
Comdev Newsletter 3.1 :) <= Remote File Inclusion, stormhacker
Comdev FAQ Support 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Guestbook 3.1 :) <= Remote File Inclusion, stormhacker
Comdev eCommerce 3.1 :) <= Remote File Inclusion, stormhacker
Comdev CSV Importer 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Web Blogger 3.1 :) <= Remote File Inclusion, stormhacker
MkPortal Cross Site Scripting (All versions) xSS, vannovax
Comdev Contact Form 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Vote Caster 3.1 :) <= Remote File Inclusion, stormhacker
Comdev News Publisher 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Photo Gallery 3.1 :) <= Remote File Inclusion, stormhacker
Comdev Links Directory 3.1 :) <= Remote File Inclusion, stormhacker
[ GLSA 200609-17 ] OpenSSH: Denial of Service, Sune Kloppenborg Jeppesen
bug com_madeira, ifx
Exploit module available for WebViewFolderIcon setSlice 0-day, Chris Byrd
Digital Armaments September-October Hacking Challenge: Explorer and Mozilla, info
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities, Base64
Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit, gmdarkfig
net2ftp: a web based FTP client :) <= Remote File Inclusion, stormhacker
- <Possible follow-ups>
- Re: net2ftp: a web based FTP client :) <= Remote File Inclusion, securfrog
rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements
JAF CMS 4.0 RC1 multiple vulnerabilities, nanoymaster
Free Rainbow Tables.com, Jerome Athias
- Re: Free Rainbow Tables.com, Jerome Athias
ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities, zdi-disclosures
Windows VML security update MS06-055 released, Juha-Matti Laurio
- <Possible follow-ups>
- RE: Windows VML security update MS06-055 released, Alex Eckelberry
rPSA-2006-0173-1 openoffice.org, rPath Update Announcements
WD25:- Deparcq Pieter project File Include Vulnerability, stormhacker
VML Exploit vs. AV/IPS/IDS signatures, avivra
- Re: VML Exploit vs. AV/IPS/IDS signatures, Pukhraj Singh
  - RE: VML Exploit vs. AV/IPS/IDS signatures, Aviv Raff
    - Message not available
      - Message not available
        
        Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures, Pukhraj Singh
        
        RE: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures, avivra
        
        Message not available
        
        Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures, SanjayR
SUSE Security Announcement: gzip (SUSE-SA:2006:056), Thomas Biege
[Whitepaper] - Access over Ethernet: Insecurities in AoE, Morgan Marquis-Boire
[ GLSA 200609-16 ] Tikiwiki: Arbitrary command execution, Sune Kloppenborg Jeppesen
PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln., meto5757
[SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities, Martin Schulze
SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion, chris_hasibuan
Vbulletin 2.X sql injection, security
CubeCart Multiple input Validation vulnerabilities, security
webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit, the-wolf-ksa
Back-end => 0.4.5 Remote File Include Vulnerabilities, h4ck3riran
php_news => 2.0 Remote File Include Vulnerabilities, h4ck3riran
QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities, h4ck3riran
DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities, h4ck3riran
- <Possible follow-ups>
- Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities, dansoftaus
WebspotBlogging => 3.0 Remote File Include Vulnerabilities, h4ck3riran
- <Possible follow-ups>
- Re: WebspotBlogging => 3.0 Remote File Include Vulnerabilities, Steven M. Christey
Ruxcon 2006, cfp
[ GLSA 200609-14 ] ImageMagick: Multiple Vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200609-15 ] GnuTLS: RSA Signature Forgery, Sune Kloppenborg Jeppesen
Uninformed Journal Release Announcement: Volume 5, H D Moore
iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Signedness Vulnerability, iDefense Labs
iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability, iDefense Labs
[security bulletin] HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges, security-alert
[security bulletin] HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code, security-alert
Local File Inclusion : Kietu, cdg393
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability, Bastian Ahrens
- Message not available
  - Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability, Bastian Ahrens
- <Possible follow-ups>
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability, x82_
RE: [Full-disclosure] Yet another 0day for IE, Bill Stout
- Message not available
  - Re: [Full-disclosure] Yet another 0day for IE (Disabling Javascript no longer a fix), Nick FitzGerald
Re: More Vulnerable ATM Models, Jacob Appelbaum
Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS), Tim
- Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS), pdp (architect)
tech support being flooded due to IE 0day, Gadi Evron
PNews v1.1.0 (nbs) Remote File Inclusion, CvIr . System
[ MDKSA-2006:169 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
wwwthreads <= 5.4.2 croos site script vulnerbilities, h4ck3riran
[ MDKSA-2006:170 ] - Updated webmin packages fix XSS vulnerability, security
PhotoStore Multiple Cross-Site Scripting Vulnerabilities, meto5757
MyPhotos<= Remote File Include Vulnerability, h4ck3riran
Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns., meto5757
Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0, Moritz Naumann
[ GLSA 200609-13 ] gzip: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1184-1] New Linux 2.6.8 packages fix several vulnerabilities, Martin Schulze
"Buffer overflow" term considered overloaded, Steven M. Christey
- Re: "Buffer overflow" term considered overloaded, Dave "No, not that one" Korn

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]