Bugtraq

Date Index

[Prev Page][Next Page]

myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, sh3ll
- Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, Carsten Eilers
Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, sh3ll
- Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers
- <Possible follow-ups>
- Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Steven M. Christey
  - Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers
SquirrelMail 1.4.8 released - fixes variable overwriting attack, Thijs Kinkhorst
- Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Yves Goergen
  - Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Allie Daneman
  - Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Michael Engert
Nokia Browser Crash, qode
VWar <= 1.50 R14 (n) Remote SQL Injection, brom0815
UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities, Raphael Marichez
wheatblog ُSession.php Remote File Inclusion, Outlaw
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI, philipp . niedziela
rPSA-2006-0152-1 squirrelmail, Justin M. Forbes
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, sh3ll
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, Carsten Eilers
- <Possible follow-ups>
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, noname
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, securityfocus
[ GLSA 200608-19 ] WordPress: Privilege escalation, Raphael Marichez
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, sh3ll
- Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, Carsten Eilers
[security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert
TSLSA-2006-0046 - multi, Trustix Security Advisor
[security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
Security Vulnerability in Ruby on Rails 1.1.x, michael
XSSing the Lan 3 (web trojans.. not a new idea), pdp (architect)
Bypassing script filters with variable-width encodings, Cheng Peng Su
RE: [Full-disclosure] RE: when will AV vendors fix this???, Thomas D.
- RE: [Full-disclosure] RE: when will AV vendors fix this???, Dmitry Yu. Bolkhovityanov
  - Re: [Full-disclosure] RE: when will AV vendors fix this???, Paul Schmehl
    - Re: [Full-disclosure] RE: when will AV vendors fix this???, Bipin Gautam
Security Contact, Sean Warnock
Dragonfly CMS 9.0.6.1 and prior XSS, HeLiOsZ RooT
Simple one-file GuestBook 1.0, omnipresent
CGI Script Source Code Disclosure Vulnerability in Apache for Windows, susam . pal
- Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, Joe Orton
- <Possible follow-ups>
- Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, nareshhacker
XennoBB <= "avatar gallery" Directory Transversal, c . boulton
Virtual War v1.5.0 <= Sql Injection vuln., mfoxhacker
Compersus ASP shopping cart <= DataBase Downloading vuln., mfoxhacker
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, sh3ll
- <Possible follow-ups>
- Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, nukedx
- Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, istgha
InfanView 3.98 (with plugins) - Access violation at processing images ANI files, sehato
Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, sh3ll
- <Possible follow-ups>
- Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, noname
Netgear FVG318 is vunerable to DOS attack, root
- <Possible follow-ups>
- Re: Netgear FVG318 is vunerable to DOS attack, NetGear
- Re: Netgear FVG318 is vunerable to DOS attack, No
- Re: Re: Netgear FVG318 is vunerable to DOS attack, no
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability, camino
[ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows, Sune Kloppenborg Jeppesen
[ GLSA 200608-18 ] Net::Server: Format string vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@), Raphael Marichez
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service, Collin R. Mulliner
- Re: PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service, Collin R. Mulliner
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection, simo64
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, Mariano Nuñez Di Croce
XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php), ratboy727
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service, Mariano Nuñez Di Croce
Directory Traversal vulnerability in IPCheck Monitor Server, auuw73
- <Possible follow-ups>
- Re: Directory Traversal vulnerability in IPCheck Monitor Server, support
Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity)
[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution, Martin Schulze
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, x0r0n
- <Possible follow-ups>
- Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, tinywebgallery
- Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, tinywebgallery
Yabb XSS, Outlaw
- Re: Yabb XSS - or NOT, Volker Tanger
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability, security
[SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting, Moritz Muehlenhoff
[SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities, Moritz Muehlenhoff
TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability, TSRT
Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8, Luigi Auriemma
TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability, TSRT
Multiple buffer-overflows in AlsaPlayer 0.99.76, Luigi Auriemma
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability, TSRT
[ISR] - Novell Groupwise Webaccess (Cross-Site Scripting), Francisco Amato
Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability, philipp . niedziela
[ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability, security
BlogHoster v2.2 Post Comment Html Injection, piiiiiii pppiiiiiiii
CivicSpace Version 0.8.5 HTML injection, HeLiOsZ RooT
[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability, security
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation, Martin Schulze
Assessment of Vista Kernel Mode Security, ATR-Bugtraq
Latinchat Denial Of Service, Vicente Perez
- <Possible follow-ups>
- Re: Latinchat Denial Of Service, d4rksoft
[USN-333-1] libwmf vulnerability, Martin Pitt
PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities, x0r0n
SUSE Security Announcement: clamav (SUSE-SA:2006:046), Ludwig Nussel
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow, pucik
rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, Justin M. Forbes
ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities, Tom Yu
TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities, TSRT
MojoScripts' xss vulnerable, tugra
unwrapping PL/SQL, pete
[ GLSA 200608-14 ] DUMB: Heap buffer overflow, Sune Kloppenborg Jeppesen
Microsoft PowerPoint Malformed Record Memory Corruption, Sowhat
phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability, tr_zindan
rPSA-2006-0147-1 mysql mysql-bench mysql-server, Justin M. Forbes
docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability, x0r0n
Archangel Weblog 0.90.02 and prior Multiple HTML injections, piiiiiii pppiiiiiiii
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities, Moritz Muehlenhoff
ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability, zdi-disclosures
ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability, zdi-disclosures
[ GLSA 200608-13 ] ClamAV: Heap buffer overflow, Matthias Geerdsen
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
[EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow, eEye Advisories
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, sh3ll
- Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, Carsten Eilers
AUTODAFE: an Act of Software Torture [FUZZER], Martin Vuagnoux
Attacking the local LAN via XSS, pdp (architect)
- Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
  - Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect)
    - Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
      - Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect)
        
        Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov
- Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability, TSRT
TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability, TSRT
DeluxeBB Multiple Vulnerabilities, darkz . gsa
Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability, x0r0n
simplog 0.9.3 and prior XSS, piiiiiii pppiiiiiiii
Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio
- <Possible follow-ups>
- Re: Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio
[ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, Sune Kloppenborg Jeppesen
- <Possible follow-ups>
- Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, xvml
linksys WRT54g authentication bypass, Ginsu Rabbit
- RE: linksys WRT54g authentication bypass, Andy Meyers
  - RE: linksys WRT54g authentication bypass, Miguel Valentin
    - RE: linksys WRT54g authentication bypass, Ginsu Rabbit
- Re: linksys WRT54g authentication bypass, Nicholas Knight
- Re: linksys WRT54g authentication bypass, Rodrigo Barbosa
  - Re: linksys WRT54g authentication bypass, Ginsu Rabbit
- <Possible follow-ups>
- Re: linksys WRT54g authentication bypass, guant a
  - Re: linksys WRT54g authentication bypass, Ginsu Rabbit
- RE: linksys WRT54g authentication bypass, TeamXMM Consulting, Inc.
- Re: RE: linksys WRT54g authentication bypass, gooorguss
[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service, Moritz Muehlenhoff
[vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability, vulnpost-remove
Virtual War v1.5.0 Remote File Include (vwar_root), AG Spider
- AW: Virtual War v1.5.0 Remote File Include (vwar_root), Frank Reißner
[ GLSA 200608-11 ] Webmin, Usermin: File Disclosure, Sune Kloppenborg Jeppesen
php local buffer underflow could lead to arbitary code execution, heintz
[ GLSA 200608-10 ] pike: SQL injection vulnerability, Sune Kloppenborg Jeppesen
Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006), Luigi Auriemma
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY, king_purba
PHP: Zend_Hash_Del_Key_Or_Index Vulnerability, Stefan Esser
blur6ex 0.3 Comment title HTML inyection vuln., piiiiiii pppiiiiiiii
when will AV vendors fix this???, Bipin Gautam
- Re: when will AV vendors fix this???, Denis Jedig
- Re: when will AV vendors fix this???, Marius Huse Jacobsen
- RE: when will AV vendors fix this???, Thomas D.
- Re: when will AV vendors fix this???, Paul Schmehl
  - Re: when will AV vendors fix this???, Bipin Gautam
- <Possible follow-ups>
- Re: when will AV vendors fix this???, Andreas Marx
  - Re: [Full-disclosure] Re: when will AV vendors fix this???, Paul Schmehl
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion, philipp . niedziela
0-day XP SP2 wmf exploit (some details), cyanid-E
SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion, chris_hasibuan
0-day XP SP2 wmf exploit, cyanid-E
SAPID CMS remote File Inclusion vulnerabilities, simo64
XennoBB <= 2.1.0 "birthday" SQL injection, c . boulton
[ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion, erdc
XSS Vulnerability in FTD v3.7.3, try_og
MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure, rgod
[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen
Tinyportal Shoutbox, exploitex
- <Possible follow-ups>
- Re: Tinyportal Shoutbox, ichbin
vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit, addmimistrator
[ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01], Matthew Hall
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion, philipp . niedziela
CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities, Williams, James K
TSLSA-2006-0044 - multi, Trustix Security Advisor
[SECURITY] [DSA 1143-1] New dhcp packages fix denial of service, Martin Schulze
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion, matdhule
[SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution, Martin Schulze
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client, erdc
[ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200608-05 ] LibVNCServer: Authentication bypass, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service, Martin Schulze
XSS in Vbulletin 3.6.0 in IE 0nly, Stefan
GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities, Tamriel
CounterChaos <= 0.48c SQL Injection Vulnerability, Tamriel
GaesteChaos <= 0.2 Multiple Vulnerabilities, Tamriel
[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation, security-alert
ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability, x0r0n
- <Possible follow-ups>
- Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability, maric_sasa
[ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez
ME Download System 1.3 Remote File Inclusion, philipp . niedziela
vbulletin 3.5.4 IE exploit xss, stefan
- <Possible follow-ups>
- Re: vbulletin 3.5.4 IE exploit xss, james
[ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez
[DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue, Uwe Hermann
SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, chris_hasibuan
- Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, Mailinglists Address
[ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities, Stefan Cornelius
[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service, Martin Schulze
SendCard <= 3.4.0 unauthorized administrative access / remote commands execution, rgod
[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue, admin
Javascript software authentication brute force attack, Gianstefano Monni
[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation, Moritz Muehlenhoff
[USN-332-1] gnupg vulnerability, Martin Pitt
[USN-331-1] Linux kernel vulnerabilities, Martin Pitt
CMSimple Cross Site Scripting, Outlaw
Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions, Secunia Research
Vwar v1.5.0 <= Sql Injection and XSS vuln., mfoxhacker
TSEP <= 0.942 Remote File Include, beford
Simpliciti Locked Browser Jail Breakout Vulnerability, EvilPacket
- <Possible follow-ups>
- Simpliciti Locked Browser Jail Breakout Vulnerability, dc
[security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 1138-1] New cfs packages fix denial of service, Moritz Muehlenhoff
[SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution, Martin Schulze
Hobbit monitor security bugfix release - 4.1.2p2, Henrik Stoerner
[security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities, Martin Schulze
OZJournal v1.5 - XSS, luny
[security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 1136-1] New gpdf packages fix denial of service, Martin Schulze
[security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
[eVuln] MyBB 'Avatar URL' XSS Vulnerability, alex
[USN-330-1] tiff vulnerabilities, Martin Pitt
rPSA-2006-0143-1 gnupg, Justin M. Forbes
Content Management Framework "G3" - XSS Vulnerability in Search Function, Stefan Friedli
SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability, x0r0n
Secunia Research: Jetbox Multiple Vulnerabilities, Secunia Research
[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
EEYE: research.eeye.com, Marc Maiffret
rPSA-2006-0142-1 libtiff, Justin M. Forbes
JavaScript port scanning, pdp (architect)
[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code, Moritz Muehlenhoff
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities, security
DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow', K F (lists)
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], gssincla
- Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], Matthew Hall
Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], gssincla
- Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], pingywon
- RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], Roger A. Grimes
SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, secure
- Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, Chris Wysopal
  - Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, dm
[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities, security
SUSE Security Announcement: libtiff (SUSE-SA:2006:044), Thomas Biege
SUSE Security Announcement: freetype2 (SUSE-SA:2006:045), Thomas Biege
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow, Steve Kemp
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow, Steve Kemp
ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability, David Matousek
TSEP 0.9.4.2 <= Remote File Inclusion, philipp . niedziela
[USN-327-2] firefox regression, Martin Pitt
VMSA-2006-0004 Cross site scripting vulnerability and other fixes, VMware Security Team
[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities, security
[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability, vulnpost-remove
WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider
- <Possible follow-ups>
- WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider
[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting, Martin Schulze
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution, botan
[Kurdish Security # 20 ] Quickie Remote Command Execution, botan
[Kurdish Security # 19 ] FileManager Remote Command Execution, botan
[Kurdish Security # 18 ] FAQ Script Remote Command Execution, botan
[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution, botan
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution, botan
NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit, tr_zindan
[ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite, Matthias Geerdsen
Re: Do world's famous companies take care of their security?, Steven M. Christey
MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability, philipp . niedziela
Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5, Luigi Auriemma
Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue, advisories
Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue, advisories
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue, advisories
Oracle and Apache mod_rewrite Vulnerability, tigerblue
SQL injection Seir Anphin v666 Community Management System, vulnerabilities
PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI, philipp . niedziela
ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure, rgod
com_moskool (admin.moskool.php) Remote File Include Vulnerabilities, saudi . unix
UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
artlinks Mambo Component <= Remote Include Vulnerability, Dr . Jr7
[ GLSA 200607-11 ] TunePimp: Buffer overflow, Stefan Cornelius
[ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows, Matthias Geerdsen
Gdiplus.dll division by 0, Mr . Niega
- <Possible follow-ups>
- Re: Gdiplus.dll division by 0, Early Warning Team
  - Re: Gdiplus.dll division by 0, giacomo collini
    - Re: Gdiplus.dll division by 0, Dennis Lubert
[ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities, security
[ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities, Stefan Cornelius
mambatstaff Mambo Component <= Remote Include Vulnerability, Dr . Jr7
[ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability, security
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities, A-S-T2006
[KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php, roozbeh_afrasiabi
XSS vulnerability on AWBS, newbinaryfile
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities, A-S-T2006
PHP ip2long() function circumvention, rgod
- <Possible follow-ups>
- Re: PHP ip2long() function circumvention, darylf
[USN-329-1] Thunderbird vulnerabilities, Martin Pitt
rPSA-2006-0139-1 httpd mod_ssl, Justin M. Forbes
PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability, tr_zindan
Hustle -- Tumbleweed Email Firewall Remote Vulnerability, Ryan Smith
cpanel login problem, ali
- Re: cpanel login problem, nate
  - RE: cpanel login problem, Bugs
  - Re: cpanel login problem, Scott Gemma
    - RE: cpanel login problem, Alan
- <Possible follow-ups>
- Re: cpanel login problem, usar_y_tirar
Lan-Aces Office Logic, Mike
Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities, matdhule
PHP-Nuke INP XSS, l2odon
[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution, Martin Schulze
Apache mod_rewrite Buffer Overflow Vulnerability, Avert
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, William A. Rowe, Jr.
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Philip M. Gollucci
  - Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, William A. Rowe, Jr.
  - Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Steve VanDevender
Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1, R0t-K33Y
[ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability, security
[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype), OpenPKG
[OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby), OpenPKG
Portail PHP v1.7 Remote File Include, Meftun
- <Possible follow-ups>
- Re: Portail PHP v1.7 Remote File Include, x0r0n
[SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service, Martin Schulze
[OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache), OpenPKG
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities, Moritz Muehlenhoff
[FLSA-2006:175040] Updated php packages fix security issues, Marc Deslauriers
[USN-328-1] Apache vulnerability, Martin Pitt
[USN-327-1] firefox vulnerabilities, Martin Pitt
Oracle 10g R2 and, probably, all previous versions, putosoft softputo
- <Possible follow-ups>
- Oracle 10g R2 and, probably, all previous versions, Russell Lowenthal
AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC), c0rrupt
Xss in MttKe-php v2.6, R0t-K33Y
- <Possible follow-ups>
- Re: Xss in MttKe-php v2.6, Steven M. Christey
rPSA-2006-0137-1 firefox, Justin M. Forbes
ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability, zdi-disclosures
Bypassing Oracle dbms_assert, ak
- Re: Bypassing Oracle dbms_assert, David Litchfield
  - RE: Bypassing Oracle dbms_assert, Alexander Kornbrust
    - Re: Bypassing Oracle dbms_assert, David Litchfield
Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption, Secunia Research
[SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages), Moritz Muehlenhoff
[USN-326-1] heartbeat vulnerability, Martin Pitt
[USN-325-1] ruby1.8 vulnerability, Martin Pitt
[USN-324-1] freetype vulnerability, Martin Pitt
Buffer Overflow Vulnerability in Winlpd, Meftun
Cross-Site Scripting and Local File Inclusion in Phorum, Meftun
[SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service, Martin Schulze
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting, securityconnection
a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability, Dr . Jr7
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability, NSFOCUS Security Team
Phpprobid <= 5.24 XSS SQL injection Vulnerability, securityconnection
Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow, Secunia Research
[OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela), OpenPKG
[vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability, vulnpost-remove
[ECHO_ADV_41$2006] BufferOverflow in Midirecord2, the_day
[USN-323-1] mozilla vulnerabilities, Martin Pitt
Etomite CMS <= 0.6.1 'rfiles.php' remote command execution, rgod
Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
- <Possible follow-ups>
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Eloy Paris
  - Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Pavel Kankovsky
    - Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
- Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, henry . sieff
  - RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Lance Seelbach
    - Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Henry Sieff
[SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code, Moritz Muehlenhoff
Zyxel Prestige 660H-61 Cross-Site Scripting, jose . palanco
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities, TSRT
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability, TSRT
- RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability, Desai, Deepen
wwwThreads XSS, l2odon
ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability, zdi-disclosures
ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability, zdi-disclosures
TP-Book <= 1.00 Cross Site Scripting Vulnerabilities, tamriel
PHP-Auction SQL injection, l2odon
Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities, tamriel
[SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation, Moritz Muehlenhoff
Multiple vulnerabilities in OpenCMS, Meder Kydyraliev
EzUpload multi file vulnerabilities, hack2prison
[USN-320-2] php4 regression, Martin Pitt
[USN-297-3] Thunderbird vulnerabilities, Martin Pitt
Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability, Secunia Research
MS06-034 lies? IIS 6 can still be owned?, Cesar
Full Path Disclosure xGuestBook v1.02, dicomdk
[ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability, security
[security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties, simo64
[vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow, vulnpost-remove
[vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability, vulnpost-remove
[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities, vulnpost-remove
Advisory: VMware Possible Incorrect Permissions On SSL Key Files, Nick Breese
[USN-296-2] Firefox vulnerabilities, Martin Pitt
[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006), Luigi Auriemma
[SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service, Martin Schulze
Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127), Luigi Auriemma
SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced, research
Opsware NAS 6.0 reveals MySQL 'root' password, Freeman, Michael
- <Possible follow-ups>
- Re: Opsware NAS 6.0 reveals MySQL 'root' password, security-alert
- Re: Opsware NAS 6.0 reveals MySQL 'root' password, danil9470
rPSA-2006-0135-1 gimp, Justin M. Forbes
Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability, info
- <Possible follow-ups>
- Re: Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability, malaguka
[SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution, Moritz Muehlenhoff
Heap overflow in the GT2 loader of libmikmod 3.2.2, Luigi Auriemma
SQuery v.x (devi.php) (armygame.php) Remote File Inclusion, saudi . unix
Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
  - Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", 3CO
    - Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities, admin
ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow, Sune Kloppenborg Jeppesen
Windows XP/NT/SMB2003/2000 Denial of Service attack, J. Oquendo
[SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data, Moritz Muehlenhoff
MusicBox <= 2.3.4 XSS SQL injection Vulnerability, securityconnection
[USN-322-1] Konqueror vulnerability, Martin Pitt
Check Point R55W Directory Traversal, Sec-Tec Lists
- Re: Check Point R55W Directory Traversal, Hugo van der Kooij
- <Possible follow-ups>
- Re: Check Point R55W Directory Traversal, dave_kwek
PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities, saudi . unix
[SECURITY] [DSA 1121-1] New postgrey packages fix denial of service, Martin Schulze
Buffer-overflow in the XM loader of Cheese Tracker 0.9.9, Luigi Auriemma
[CYBSEC] TippingPoint detection bypass, Andres Riancho
[ GLSA 200607-08 ] GIMP: Buffer overflow, Sune Kloppenborg Jeppesen
- Re: [ GLSA 200607-08 ] GIMP: Buffer overflow, Michael Shigorin
Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln., mfoxhacker
- <Possible follow-ups>
- Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln., dinoboff
[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla], botan
[SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
DotClear : Multiples Full Path Disclosure, Silitix
Map MS Security Bulletins to MS KB numbers, Matthew Leeds
Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio
Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability, harbl
Com Multibanners Remote File Inclusion (mosConfig_absolute_path), mail
[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure, admin
MiniBB Forum <= 1.5a Remote File Include (news.php), AG Spider
[Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla], botan
SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path), mail
new shell bypass safe mode, d3nger
- <Possible follow-ups>
- Re: new shell bypass safe mode, cxib
New CVE identifiers for separate PowerPoint 0-day issues assigned, Juha-Matti Laurio
[SECURITY] [DSA 1119-1] New hiki packages fix denial of service, Martin Schulze
about bid 17404, crack
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
Low security hole affecting IPCalc's CGI wrapper, Tim Brown
- <Possible follow-ups>
- Re: Low security hole affecting IPCalc's CGI wrapper, krischan
[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting, admin
[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities, admin
MicroGuestBook Remote XSS Attack, omnipresent
Microsoft Internet Explorer DOS Vulnerability, SnoBmsn
iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, labs-no-reply
- Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Micheal Turner
  - Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Micheal Turner
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php), AG Spider
[SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution, Moritz Muehlenhoff
SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion, chris_hasibuan
[SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution, Martin Schulze
[ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability., security
Samba Internal Data Structures DOS Vulnerability Exploit, Alexander Hristov
- Re: Samba Internal Data Structures DOS Vulnerability Exploit, Gerald (Jerry) Carter
Unidomedia Chameleon LE/Pro Directory Traversal, kicktd
TSLSA-2006-0042 - multi, Trustix Security Advisor
LoudBlog <=0.5 Sql injection, rgod
[SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service, Martin Schulze
[ GLSA 200607-07 ] xine-lib: Buffer overflow, Thierry Carrez
SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1, armin390
[security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006, security-alert
[USN-321-1] mysql-dfsg-4.1 vulnerability, Martin Pitt
[SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service, Moritz Muehlenhoff
rPSA-2006-0134-1 sendmail sendmail-cf, Justin M. Forbes
[security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
[ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability., security
[MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin
- <Possible follow-ups>
- Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin
[MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability, admin
[MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability, admin
Advisory: Remote command execution in planetGallery, RedTeam Pentesting
[ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion, matdhule
Cisco MARS < 4.2.1 remote compromise, Jon Hart
rPSA-2006-0133-1 libpng, Justin M. Forbes
Security point-of-contact for Ameritrade?, James M. Blackburn
AFCommerce Shopping Cart, sledge
- <Possible follow-ups>
- Re: AFCommerce Shopping Cart, contact
[USN-313-2] OpenOffice.org vulnerabilities, Martin Pitt
[USN-319-2] Linux kernel vulnerability, Martin Pitt
[ GLSA 200607-06 ] libpng: Buffer overflow, Thierry Carrez
VMSA-2006-0003 VMware possible incorrect permissions on SSL key files, VMware Security Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Systems Product Security Incident Response Team
rPSA-2006-0132-1 tshark wireshark, Justin M. Forbes
[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities, security
[ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities., security
[ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability., security
[ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability., security
[USN-320-1] PHP vulnerabilities, Martin Pitt
New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio
- Re: New PowerPoint Trojan installs itself as LSP, Mike Healan
Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl, Alexander Hristov
osDate 1.1.7 multiple vulnerabilities, binary . loc
- <Possible follow-ups>
- Re: osDate 1.1.7 multiple vulnerabilities, binary . loc
Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior, mullware
ASP.DLL Include File Buffer Overflow, Brett Moore
hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities, tamriel
Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22], ak
[security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS), security-alert
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21], ak
Invision Power Board v2.1 <= 2.1.6 sql injection exploit, paul14075
PcAnywhere > 12 Local Privilege Escalation, root
ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, saudi . unix
- <Possible follow-ups>
- Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, matdhule
Consumers of Broadband Providers (ISP) may be open to hijack attacks, peter_philipp
[SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure, Moritz Muehlenhoff
Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03], ak
WebScarab <= 20060621-0003 cross site scripting, security
- Re: WebScarab <= 20060621-0003 cross site scripting, Rogan Dawes
Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01], ak
$100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
- <Possible follow-ups>
- RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
- RE: $100 plus several of my books if you can crack my Windows password hashes., Michael Scheidell
  - RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability, farhadkey
DeluxeBB mutiple vulnerabilities, Jessica Hope
About the latest three Powerpoint vulnerabilities: exploitable?, ewt
Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam
[ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability, security
ToendaCMS <= 1.0.0 arbitrary file upload, rgod
Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download, x0r0n
Professional PHP Tools Guestbook Multiple Vulnerabilities, tamriel
Cross Site Scripting Vulnerability in Zoho Virtual Office, ss_team
Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule
23rd Chaos Communication Congress 2006: Call for Participation, fukami
New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities, matdhule
Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form, pagvacito
[USN-319-1] Linux kernel vulnerability, Martin Pitt
RUXCON 2006 Final Call For Papers, cfp
ToorCon 2006 Call for Papers, h1kari@xxxxxxxxxxx
[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service, Moritz Muehlenhoff
[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation, Moritz Muehlenhoff
ListMessenger v0.9.3 Remote File Inclusion Vulnerability, x0r0n
Multiple vulnerabilities in UFO2000 svn 1057, Luigi Auriemma
boastMachine <= 3.1 SQL Injection Exploit, gmdarkfig
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30), Dragos Ruiu
Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability, Secunia Research
[SECURITY] [DSA 1110-1] New samba packages fix denial of service, Moritz Muehlenhoff
Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities, Secunia Research
[EEYEB-20060227] D-Link Router UPNP Stack Overflow, eEye Advisories
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, scott
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, solutions_PHP
- <Possible follow-ups>
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, kala_z
  - RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, m
rPSA-2006-0130-1 kernel, Justin M. Forbes
[SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation, Moritz Muehlenhoff
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities, Secunia Research
Plesk Control Panel <= 8.0.0 XSS vulnerability, vuln . invent
Calendar Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion, chris_hasibuan
Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs, Juha-Matti Laurio
Mercury Messenger, Hans Wolters
MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection, rgod
Invision Power Board 2.1 <= 2.1.6 sql injection, rst
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul dansing
  - Re: Invision Power Board 2.1 <= 2.1.6 sql injection, str0ke
- <Possible follow-ups>
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection, mattmecham
- Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul14075
[OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt), OpenPKG
Fantastic Guestbook v2.0.1 Advisory, omnipresent
Crtical Shockwave Embeded XSS Execution, spammeanddie
VBZooM <=V1.11 "sub-join.php" SQL Injection, Breeeeh
SubberZ[Lite] - Remote File Include, ChironeX . FleckeriX
- <Possible follow-ups>
- Re: SubberZ[Lite] - Remote File Include, the . jalal
Microsoft PowerPoint 0-day Vulnerability FAQ document written, Juha-Matti Laurio
VBZooM <=V1.11 " ignore-pm.php" SQL Injection, Breeeeh
VBZooM <=V1.11 " reply.php" SQL Injection, Breeeeh
MiniBB Forum <= 1.5a Remote File Include Vulnerabilities, matdhule
VBZooM "sendmail.php" SQL Injection, Breeeeh
Phorum 5.1.14 XSS SQL injection Vulnerability, securityconnection
- Re: Phorum 5.1.14 XSS SQL injection Vulnerability, Maurice Makaay
[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file, finde_schwachstelle
Rocks Clusters <=4.1 local root, Xavier
MyGallery "Room.php" SQL Injection, Breeeeh
XSS phpBB 2.0.21 in administration, renatrix
- Re: XSS phpBB 2.0.21 in administration, Jessica Hope
  - RE: XSS phpBB 2.0.21 in administration, David Thomson
    - Re: XSS phpBB 2.0.21 in administration, Jessica Hope
  - Message not available
    - Re: XSS phpBB 2.0.21 in administration, Jessica Hope
saphp "add.php" forumid Parameter SQL Injection, Breeeeh
crashing firefox <= 1.5.0.4, reywen
- <Possible follow-ups>
- Re: crashing firefox <= 1.5.0.4, bugtraq
Linux sys_prctl LKM based hotfix, Abhisek Datta
Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability, David Matousek
Norton Insufficient protection of Norton service registry keys, David Matousek
MS Power Point Multiple Vulnerabilities - (memory corruption) POC, naveed
MS Power Point Multiple Vulnerabilities - (mso.dll) POC, naveed
MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC, naveed
Bybass HTTP ( extension files ) in ISA 2004, medozero
- Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God)
- <Possible follow-ups>
- RE: Bybass HTTP ( extension files ) in ISA 2004, Edward Tripovich
- Re: Bybass HTTP ( extension files ) in ISA 2004, medozero
  - Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God)
- Re: Bybass HTTP ( extension files ) in ISA 2004, medozero
EEYE: McAfee ePolicy Orchestrator Remote Compromise, eEye Advisories
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities, Benjamin Tobias Franz
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion"), Maurice Makaay
IE <= 6 DoS vulnerability, jonasschaub
rPSA-2006-0122-2 kernel, Justin M. Forbes
- Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Caveo Internet BV - Security
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Hugo van der Kooij
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Michael Shigorin
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Lukasz Trabinski
    - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Michal Zalewski
[security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS), security-alert
perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion, endeneu
[ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities, security
phpbb 3.x sql injection (with global moderator rights), rgod
- <Possible follow-ups>
- Re: phpbb 3.x sql injection (with global moderator rights), bugtraq
PHORUM 5 arbitrary local inclusion, rgod
flatnuke <= 2.5.7 arbitrary php file upload, rgod
- <Possible follow-ups>
- Re: flatnuke <= 2.5.7 arbitrary php file upload, segatom
[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities, security
[USN-318-1] libtunepimp vulnerability, Martin Pitt
Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability, x0r0n
Orbitmatrix PHP Script v1.0, luny
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability, x0r0n
Photocycle v1.0 - XSS, luny
- <Possible follow-ups>
- Re: Photocycle v1.0 - XSS, securityfocus
[USN-317-1] zope2.8 vulnerability, Martin Pitt
SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, research
[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities, matdhule
- Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities, Joxean Koret
[ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability, security
Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ), Roman Medina-Heigl Hernandez
- Message not available
  - Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ), Jon Hart
SMB Information Disclosure Vulnerability, Avert
[ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability, security
FLV Players Multiple Input Validation Vulnerabilities, xzerox
NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability, NSFOCUS Security Team
New CVE number states Excel Style handling as a separate issue, Juha-Matti Laurio
NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability, NSFOCUS Security Team
[ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability, security
Lazarus Guestbook Cross Site Scripting Vulnerabilities, simo64
S21Sec-032-en: Vulnerability in Fatwire Content Server, labs
TOPo v.2.2.178 Account Reset, darkz . gsa
[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution, Moritz Muehlenhoff
NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability, NSFOCUS Security Team
Microsoft Excel Array Index Error Remote Code Execution, Sowhat
Fuzzing Microsoft Office, naveed
rPSA-2006-0128-1 samba samba-swat, Justin M. Forbes
Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service, Cisco Systems Product Security Incident Response Team
SQuery <= 4.5(libpath) Remote File Inclusion Exploit, SHiKaA-
[USN-314-1] samba vulnerability, Martin Pitt
[ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability, security
Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities, Cisco Systems Product Security Incident Response Team
[USN-315-1] libmms, xine-lib vulnerabilities, Martin Pitt
[USN-316-1] installer vulnerability, Martin Pitt
[USN-313-1] OpenOffice.org vulnerabilities, Martin Pitt
ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability, zdi-disclosures
TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, Tippingpoint Security Research Team
- <Possible follow-ups>
- Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, public
  - Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, mr
CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow, Mariano Nuñez Di Croce
SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability, research
[ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
- Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities, Cyneox
[ GLSA 200607-02 ] FreeType: Multiple integer overflows, Sune Kloppenborg Jeppesen

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]