Bugtraq

Date Index

[Prev Page][Next Page]

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability, Darren Bounds
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability, Saudi . Unix
Local file inclusion in Farsinews3.0BETA1, armin390
[SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service, Martin Schulze
[ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd, Gerald (Jerry) Carter
- Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd, Gerald (Jerry) Carter
Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, Alexander Hristov
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, José Parrella
  - Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, str0ke
Old vulnerable sotwares collection, Jerome Athias
- <Possible follow-ups>
- RE: Old vulnerable sotwares collection, John Rigali
Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, info
- <Possible follow-ups>
- Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales
- Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales
MS Word Unchecked Boundary Condition Vulnerability, naveed
CC announces new Rootkit help forum insync with Book, Paul Laudanski
RE: MIMESweeper For Web 5.X Cross Site Scripting, Erez Metula
- <Possible follow-ups>
- RE: MIMESweeper For Web 5.X Cross Site Scripting, Erez Metula
[USN-312-1] gimp vulnerability, Martin Pitt
phpPolls 1.0.3 Administration ByPass, alp_eren
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation, Martin Schulze
[ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities, matdhule
ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton), mozilla
- Message not available
  - Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton), Mailinglists
LAMP vs Microsoft, Darren Reed
- Re: LAMP vs Microsoft, Jarrod Frates
- Re: LAMP vs Microsoft, Bob Beck
  - Re: LAMP vs Microsoft, Darren Reed
    - Re: LAMP vs Microsoft, Bob Beck
      - Re: LAMP vs Microsoft, Darren Reed
        
        Re: LAMP vs Microsoft, Bob Beck
        
        Re: LAMP vs Microsoft, Bob Beck
        
        Re: LAMP vs Microsoft, Darren Reed
      - Re: LAMP vs Microsoft, George Capehart
        
        Re: LAMP vs Microsoft, Darren Reed
      - Re: LAMP vs Microsoft, Hugo van der Kooij
  - Re: LAMP vs Microsoft, Joel Maslak
- <Possible follow-ups>
- Re: LAMP vs Microsoft, Steven M. Christey
MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download, StorMBoY
[ GLSA 200607-04 ] PostgreSQL: SQL injection, Sune Kloppenborg Jeppesen
Graffiti Forums v1.0 SQL Injection Vulnerabilities, paisterist . nst
Webvizyon Portal 2006 Version SQL Injection, StorMBoY
[ GLSA 200607-03 ] libTIFF: Multiple buffer overflows, Sune Kloppenborg Jeppesen
RW::Download stats.php Remote File Inc., StorMBoY
ATutor 1.5.3 Cross Site Scripting, securityconnection
- <Possible follow-ups>
- Re: ATutor 1.5.3 Cross Site Scripting, info
- Re: ATutor 1.5.3 Cross Site Scripting, Steven M. Christey
[KAPDA::#46] - AjaxPortal Authentication Bypass, alireza hassani
- <Possible follow-ups>
- Re: [KAPDA::#46] - AjaxPortal Authentication Bypass, earthquake
Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7), flockoyd
PAPOO <=3RC3 sql injection / admin credentials disclosure, rgod
[ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities, security
ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability, zdi-disclosures
Pivot <=1.30rc2 privilege escalation / remote commands execution, rgod
IBM AIX Security contact?, Joxean Koret
- Re: IBM AIX Security contact?, Troy Bollinger
lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug], k07iX
[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service, Martin Schulze
HostingController: An attacker can gain reseller privileges and after that can gain admin privileges, Irsdl
Sport-slo.net Guestbook v1.0, luny
[ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability, security
PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities, paisterist . nst
Format string bug in Sparklet 0.9.4try3, Luigi Auriemma
rPSA-2006-0122-1 kernel, Justin M. Forbes
- Re: rPSA-2006-0122-1 kernel, Paul Starzetz
Possible code execution in Kaillera 0.86, Luigi Auriemma
[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities, matdhule
ATutor : Cross-Site Scripting Vulnerabilities, bug@xxxxxxxxxxxxxxx
PHP-Blogger Multiple Cross Site Scripting Vulnerabilities, OS2A BTO
WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Litchfield
- Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Rowe
  - Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Litchfield
- <Possible follow-ups>
- RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Web Ex
TSLSA-2006-0040 - kernel, Trustix Security Advisor
Mico crashes when contected with wrong IOR / DoS, tuergeist
- <Possible follow-ups>
- Re: Mico crashes when contected with wrong IOR / DoS, tuergeist
- Re: Mico crashes when contected with wrong IOR / DoS, Karel Gardas
  - Re: Mico crashes when contected with wrong IOR / DoS, tuergeist
    - Re: Mico crashes when contected with wrong IOR / DoS, Karel Gardas
      - Gracenote buffer overflow, MNV
McAfee VirusScan Enterprise 8.0.0 Buffer Overflow, johndoe1529
Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006), Luigi Auriemma
Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs, Juha-Matti Laurio
[USN-310-1] ppp vulnerability, Martin Pitt
[USN-309-1] libmms vulnerability, Martin Pitt
[USN-308-1] shadow vulnerability, Martin Pitt
Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues, Moritz Naumann
[SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution, Martin Schulze
vBulletin 3.5.4 (install_path) Exploit, CarcaBotx
- <Possible follow-ups>
- Re: vBulletin 3.5.4 (install_path) Exploit, mikathebest2003
- Re: vBulletin 3.5.4 (install_path) Exploit, scott
- Re: Re: vBulletin 3.5.4 (install_path) Exploit, mikathebest2003
  - RE: Re: vBulletin 3.5.4 (install_path) Exploit, Robert Marquardt
TigerTom Scripts, luny
[ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities, security
- Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities, Paul Starzetz
BLOG:CMS 4.1.0 SQL injection File Include Vulnerability, securityconnection
sNews 1.3 XSS SQL, securityconnection
Touch arbitrary file execute vulnerability, Alex Park
Windows Explorer URL File format overflow, nanika
- Re: Windows Explorer URL File format overflow, naveed
Shopping Cart V0.9, luny
Invision Power Board "v1.X & 2.X" SQL Injection, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: Invision Power Board "v1.X & 2.X" SQL Injection, mattmecham
PhpWebGallery Cross Site Scripting Vulnerability, iss4m . h
file include exploits in randshop v1.2, black code
- Re: file include exploits in randshop v1.2, Rainer Duffner
[scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting, Marc Ruef
galleria <= 1.0 Remote File Inclusion Vulnerability, ineal
- <Possible follow-ups>
- Re: galleria <= 1.0 Remote File Inclusion Vulnerability, counterpoint
[scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection, Marc Ruef
imgsvr dos exploit by n00b, co296
TBE 4.0 XSS, securityconnection
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability, David Matousek
[ GLSA 200607-01 ] mpg123: Heap overflow, Sune Kloppenborg Jeppesen
5 php scripts remote database password disclosure, gmdarkfig
Excel 2000/XP/2003 Style 0day POC, nanika
Contact for nhl.com, C. Hamby
Invision Power Board v1.3 Final SQL Injection, Breeeeh
- <Possible follow-ups>
- Re: Invision Power Board v1.3 Final SQL Injection, mattmecham
QTOFileManager 1.0, securityconnection
popup Vacation Rentals[calendar_year.php] SQL Injection, BoNy-m
Multiple vulnerabilities in TK8 Safe v.3.0.5, clappymonkey
Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability, mac68k
free QBoard v1.1 Multiple Remote File include, KARKOR23
Pearl Products Multiple Remote File Inclusion, xzerox
plume-cms v1.0.4 Multiple Remote File include, KARKOR23
WordPress 2.0.3 SQL Error and Full Path Disclosure, xzerox
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, James Davis
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, Jaroslaw Sajko
- <Possible follow-ups>
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, zck zck
  - RE: WordPress 2.0.3 SQL Error and Full Path Disclosure, Aaron Newman
    - Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, nate
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, jholguin
[MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure, admin
call for papers - IT Underground, Italy 2006, it_underground
Glossaire<<--v1.7 Remote File Include, CrAzY . CrAcKeR
Php-Fusion (Xss) With Avatar Upload, zeberus_
Whitepaper: IT (in)security implementation in a real world example, Denis Jedig
SturGeoN Upload v1 Remote Command Execution Exploit, gmdarkfig
Sql injection in Diesel joke site script, black code
SmS Script SQL Injection, Breeeeh
Internet Crna Gora SQL Injection, Breeeeh
OPERA Web Browser 9 Denial OF Service, y3dips
DEF CON 14: Speakers Selected and more., The Dark Tangent
phpMyAdmin : Cross-Site Scripting Vulnerability, bug@xxxxxxxxxxxxxxx
mAds v1.0, lunY
Buddy Zone Version 1.0.1 - XSS, luny
- <Possible follow-ups>
- Re: Buddy Zone Version 1.0.1 - XSS, support
[security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access, security-alert
phpBB 2.0.21 Full Path Disclosure, xzerox
News <= 5.2 XSS, SQL Injection, Full Path Disclosure, gmdarkfig
NewsPHP 2006 PRO XSS SQL injection Vulnerability, securityconnection
Hobbit monitor: Security issue with Hobbit 4.2-beta client, Henrik Stoerner
My smiles "browse.php" SQL Injection, CrAzY . CrAcKeR
Module's Name "Classifieds" SQL Injection, CrAzY . CrAcKeR
CDJ<<--V NITKID 2.0 "category.php" SQL Injection, CrAzY . CrAcKeR
MyNewsGroups<<--v. 0.6 "tree.php" SQL Injection, CrAzY . CrAcKeR
FreeHost "misc.php & news.php" SQL Injection, CrAzY . CrAcKeR
ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability, zdi-disclosures
ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox], Juha-Matti Laurio
[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability, mac68k
Zen-Cart 1.3.0.2 Full Path Disclosure, o . y . 6
[ GLSA 200606-30 ] Kiax: Arbitrary code execution, Sune Kloppenborg Jeppesen
libwmf integer/heap overflow, sean
[SECURITY] [DSA 1104-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
ezWaiter v3.0 - XSS, luny
Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS), Juha-Matti Laurio
- <Possible follow-ups>
- RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS), Schmehl, Paul L
Browser bugs hit IE, Firefox today (SANS), Bill Stout
- Re: Browser bugs hit IE, Firefox today (SANS), Alex Potter
  - Re: Browser bugs hit IE, Firefox today (SANS), Thor Larholm
    - Re: Browser bugs hit IE, Firefox today (SANS), Paul Szabo
    - Re: Browser bugs hit IE, Firefox today (SANS), 3CO
rPSA-2006-0120-1 gnupg, Justin M. Forbes
Msie 7.0 beta Crash, Mr . Niega
- <Possible follow-ups>
- Re: Msie 7.0 beta Crash, mike
[security bulletin] HPSBUX02122 SSRT061158 rev.2 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[security bulletin] HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution, security-alert
Novell Security Announcement NOVELL-SA:2006:001, Jim Short
Multiple Vulnerabilities in PatchLink Update Server 6, Chris Steipp
rPSA-2006-0116-1 mutt, Justin M. Forbes
Novell Security contact address change, Roman Drahtmueller
Digital Armaments Security Advisory 29.06.2006: Siemens Speedstream Wireless Router Password Protection Bypass Vulnerability, info
[ GLSA 200606-28 ] Horde Web Application Framework: XSS vulnerability, Sune Kloppenborg Jeppesen
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities, Secunia Research
[ MDKSA-2006:115 ] - Updated mutt packages fix buffer overflow vulnerability, security
Softbiz Banner Exchange 1.0 XSS, securityconnection
CSRF in Nuked Klan 1.7 SP4.2, blwood
[ GLSA 200606-29 ] Tikiwiki: SQL injection and multiple XSS vulnerabilities, Sune Kloppenborg Jeppesen
DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability', K F (lists)
[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html, addmimistrator
PHPClassifieds General, luny
Layered Defense Advisory: Format String Vuln in CA eTrust, dh
Presentation: AT&T ISNN - "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications.", Kenneth F. Belva
Secunia Research: Opera SSL Certificate "Stealing" Weakness, Secunia Research
[ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities, security
Cisco Security Advisory: Access Point Web-Browser Interface Vulnerability, Cisco Systems Product Security Incident Response Team
Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Ralf
[OpenPKG-SA-2006.011] OpenPKG Security Advisory (png), OpenPKG
Microsoft's Real Test with Vista is Vulnerabilities, Gadi Evron
- Re: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, thomas48
  - RE: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, Larry Seltzer
Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System, Cisco Systems Product Security Incident Response Team
PHP iCalendar Cross Site Scripting, botan
MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl), stormhacker
AzDGDatingPlatinum<<--v1.1.0 "view.php" SQL Injection, CrAzY . CrAcKeR
SyScan'06 Highlight - Is Phone Banking Safe?, thomas48
[ GLSA 200606-27 ] Mutt: Buffer overflow, Sune Kloppenborg Jeppesen
[USN-307-1] mutt vulnerability, Martin Pitt
BLOG:CMS <= 4.0.0k sql injection, rgod
PHP-Nuke Module's Name Sections<<--V3 SQL Injection, CrAzY . CrAcKeR
[ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
- <Possible follow-ups>
- [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
[ MDKSA-2006:112 ] - Updated gd packages fix DoS vulnerability., security
vCard PRO SQL Injection, CrAzY . CrAcKeR
[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag, addmimistrator
smartsite cms v1.0 Remote File include, KARKOR23
[Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability, mac68k
Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
- <Possible follow-ups>
- Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability, Williams, James K
[Kurdish Security # 10 ] MF Piadas 1.0 Remote File Include Vulnerability, botan
SUSE Security Announcement: freetype2 (SUSE-SA:2006:037), Thomas Biege
Re: Is Windows TCP/IP source routing PoC code available?, 3APA3A
- Re[2]: Is Windows TCP/IP source routing PoC code available?, "Ìèíàåâ_Àíäðåé"
  - Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available?, 3APA3A
[Kurdish Security # 11] SiteBar Cross-Site Scripting, botan
phpvillage "funshow.php" SQL Injection, CrAzY . CrAcKeR
CrisoftRicette<<--1.0pre15b Remote File Inclusion, CrAzY . CrAcKeR
SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service, research
Re: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, Steven M. Christey
[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities, Moritz Muehlenhoff
[USN-305-1] OpenLDAP vulnerability, Martin Pitt
[USN-306-1] MySQL 4.1 vulnerability, Martin Pitt
Usenet Script v0.5, luny
Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow, Alexander Hristov
Jaws <= 0.6.2 'Search gadget' SQL injection, rgod
error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2, cxib
Winged Gallery v1.0, luny
Taking Over Laptops by Fuzzing Wireless Drivers, Gadi Evron
Universal Hooker - Tool release, Hernan Ochoa
Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities, Gadi Evron
[OpenPKG-SA-2006.010] OpenPKG Security Advisory (gnupg), OpenPKG
OpenGuestbook Cross Site Scripting & SQL Injection, simo64
Amazon and Msn vulnerabilities, dcrab
Undisclosed cross site scripting vulnerabilities in domaintools.com - requesting contacts, admin
Mailenable SMTP Service DoS, db0
GlobeTrotter Mobility Manager - security issue, dzelek
[ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability., security
[ GLSA 200606-26 ] EnergyMech: Denial of Service, Thierry Carrez
[ GLSA 200606-25 ] Hashcash: Possible heap overflow, Thierry Carrez
XSS in Cpanel 10, preth00nker
- <Possible follow-ups>
- Re: XSS in Cpanel 10, bug
DeluxeBB 1.07 Create admin Exploit, Hessamx
[USN-304-1] gnupg vulnerability, Martin Pitt
Planetnews Authecnication Admin ByPass, alp_eren
[SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation, Steve Kemp
Claroline Cross-Site Scripting Vulnerabilities, bug@xxxxxxxxxxxxxxx
[Kurdish Security # 9] MyMail Directory Traversal And XSS Attacking Vulnerability, botan
ERNW Security Advisory 01/2006, mozilla
Softbiz Dating 1.0 SQL injection, securityconnection
WBB<<---v2.0 RC2 "newthread.php" SQL Injection, CrAzY . CrAcKeR
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability, mac68k
phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln, rozowa . landrynka
SYMSA-2006-005, research
WBB<<---v2.3.1"report.php" SQL Injection, CrAzY . CrAcKeR
[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, the_day
Calendar ( Provided by Codewalkers ) - SQL Injection, Silitix
- <Possible follow-ups>
- Re: Calendar ( Provided by Codewalkers ) - SQL Injection, krustevs
[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
- <Possible follow-ups>
- [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
WBB<<---v1.2 "showmods.php" SQL Injection, CrAzY . CrAcKeR
Dating biz@ dating script v1.0 - XSS, luny
productcart soltan_defacer, soltan_defacer
rPSA-2006-0110-1 kernel, Justin M. Forbes
Linux VNC evil client patch - BID 17978, embyte
- <Possible follow-ups>
- Re: Linux VNC evil client patch - BID 17978, embyte
DREAMACCOUNT V3.1 Remote Command Execution Exploit, KARKOR23
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability, mac68k
[ GLSA 200606-24 ] wv2: Integer overflow, Stefan Cornelius
Cisco Secure ACS Weak Session Management Vulnerability, Darren Bounds
- Re: Cisco Secure ACS Weak Session Management Vulnerability, Clayton Kossmeyer
Dating Agent PRO 4.7.1 Vulnerability, securityconnection
Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability, Darren Bounds
aeDating 4.1 XSS, securityconnection
TSLSA-2006-0037 - multi, Trustix Security Advisor
[security bulletin] HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS), security-alert
[KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables, addmimistrator
QaTraq 6.5 RC: Multiple XSS Vulnerabilities, enji
[SNS Advisory No.88] Webmin Directory Traversal Vulnerability, snsadv@xxxxxxxxx
vlbook 1.2 XSS Bug, omnipresent
[SECURITY] [DSA 1101-1] New courier packages fix denial of service, Martin Schulze
flock d0s exploit remote. beta 1 (v0.7), co296
- Re: flock d0s exploit remote. beta 1 (v0.7), Chris Rothecker
  - [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7), .myke lyons
[ GLSA 200606-23 ] KDM: Symlink vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200606-22 ] aRts: Privilege escalation, Sune Kloppenborg Jeppesen
VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01), VigilantMinds Advisories
MS Excel Remote Code Execution POC Exploit, naveed
- <Possible follow-ups>
- RE: MS Excel Remote Code Execution POC Exploit, Jain, Siddhartha
  - Re: MS Excel Remote Code Execution POC Exploit, naveed
- Re: MS Excel Remote Code Execution POC Exploit, Steven M. Christey
  - Re: MS Excel Remote Code Execution POC Exploit, naveed
- Re: Re: MS Excel Remote Code Execution POC Exploit, Juha-Matti Laurio
[ MDKSA-2006:109 ] - Updated wv2 packages fix vulnerability, security
Somechess v1.5 rc1 - XSS, luny
Excel 0-day FAQ updated with Microsoft advisory information, Juha-Matti Laurio
cjGuestbook v1.3 - XSS, luny
Digital Armaments July-August Hacking Challange: Microsoft, info
- Re: Digital Armaments July-August Hacking Challange: Microsoft, Alexander Sotirov
Eduha Meeting php shell upload Vulnerabilities, liz0
[ MDKSA-2006:110 ] - Updated gnupg packages fix vulnerability, security
Bypassing of web filters by using ASCII, k . huwig
- Re: Bypassing of web filters by using ASCII, Fixer
  - Re: Bypassing of web filters by using ASCII, Paul
    - Re: Bypassing of web filters by using ASCII, Kurt Huwig
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
      - RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
        
        RE: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
        
        RE: Bypassing of web filters by using ASCII, RSnake
        
        Re: Bypassing of web filters by using ASCII, Hubert Seiwert
        
        RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
    - Re: Bypassing of web filters by using ASCII, Thor (Hammer of God)
- Re: Bypassing of web filters by using ASCII, RSnake
  - Re: Bypassing of web filters by using ASCII, Kurt Huwig
  - Re: Bypassing of web filters by using ASCII, David Huecking
- Re: Bypassing of web filters by using ASCII, Hubert Seiwert
- Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
  - Message not available
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
      - Re: Bypassing of web filters by using ASCII, Vincent Archer
      - Re: Bypassing of web filters by using ASCII, Balazs Attila-Mihaly (Cd-MaN)
- <Possible follow-ups>
- Re: Bypassing of web filters by using ASCII, Kurt Huwig
Opera 9 DoS PoC, N9
- Re: Opera 9 DoS PoC, Bruno Lustosa
  - Re: Opera 9 DoS PoC, Bastian Ahrens
  - Re: Opera 9 DoS PoC, Eric Furman
- <Possible follow-ups>
- Re: Opera 9 DoS PoC, Darren Clarke
  - Re: Opera 9 DoS PoC, Laurent
[ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities, security
Sendmail MIME DoS vulnerability, Jain, Siddhartha
- Re: Sendmail MIME DoS vulnerability, Gadi Evron
- Re: Sendmail MIME DoS vulnerability, Claus Assmann
JEdit ActiveX Control Information Disclosure vulnerability, bulten
[ MDKSA-2006:107 ] - Updated arts packages fix vulnerability in artswrapper, security
ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code), mbrooks
RahnemaCo "page.php" Remote File Inclusion[2], CrAzY . CrAcKeR
Module's Name Content<<--V1.0 SQL injection, CrAzY . CrAcKeR
Module's Name Downloads <<--V 7 SQL injection, CrAzY . CrAcKeR
[MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, admin
- Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Marc MERLIN
vBulletin<<--v3.5.X "member.php" Cross Site Scripting, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: vBulletin<<--v3.5.X "member.php" Cross Site Scripting, scott
Multiple Bypass and Integrity Lost Vulnerabilities, egavriil
display.cgi, soltan_defacer
- <Possible follow-ups>
- Re: display.cgi, eufrato
trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows, Martin Herfurt
Janus Contact, Charles Hamby
Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks, Reynolds, Jake
V3Chat Instant Messenger - XSS, luny
- <Possible follow-ups>
- Re: V3Chat Instant Messenger - XSS, support
qtofilemanager xss attack !, alijsb
Vm ware 0day dos exploit by n00b., co296
- Re: Vm ware 0day dos exploit by n00b., Paul Szabo
- Re: Vm ware 0day dos exploit by n00b., Eliah Kagan
Dragons Kingdom v1.0 - XSS & cookie disclosure, luny
WeBBoA Hosting Script SQL Injection, entrika_fs
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities, liz0
singapore gallery <= 0.10.0 Multiple Vulnerabilities, simo64
[ GLSA 200606-20 ] Typespeed: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
onedotoh xss atack, alijsb
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, selfar2002
- <Possible follow-ups>
- Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, stormhacker
[ GLSA 200606-21 ] Mozilla Thunderbird: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
SaphpLesson<<--1.1 "misc.php" SQL injection, CrAzY . CrAcKeR
vuBB <= 0.2.1 [BFA] SQL Injection Exploit + Advisory link, gmdarkfig
VBZooM <<--V1.00 "lng.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.11 "message.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.00 "rank.php" SQL injection, CrAzY . CrAcKeR
XSS Vulnerability in Maximus SchoolMAX, Fixer
e107 v0.7.5 XSS, securityconnection
[security bulletin] HPSBTU02116 SSRT061135 rev.2 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
Microsoft Excel 0-day Vulnerability FAQ document written, Juha-Matti Laurio
MPCS v0.2 - XSS, luny
XSS in http://www.newscientist.com/ - Search, viz . security
mp3.com - Cross site scripting vulnerability, admin
vbzoom V1.11 forum.php SQL Injection Vulnerabilities, KARKOR23
PTT.yu Guestbook Vulnebility, us3rg0d
Technorati.com - XSS with cookie disclosure, luny
43things.com - XSS with cookie disclosure, luny
Blogspot.com - XSS with cookie disclosure, luny
RahnemaCo Remote File Inclusion Exploit, Breeeeh
SinFP 2.00 - a major release with many new features, GomoR
Biblenet.net - XSS, luny
B3ta.com - XSS with cookie disclosure, luny
Confixx <= 3, kr4ch
- <Possible follow-ups>
- Confixx <= 3, kr4ch
Facetherating.com - XSS & session disclosure, luny
VampireFreaks journal XSS, nanoymaster
Ratemylook.co.uk - XSS with session disclosure, luny
Ratescene.co.uk - XSS with session disclosure, luny
Ashop Search Module SQL injection, entrika_fs
- Re: Ashop Search Module SQL injection, security curmudgeon
webcrawler.com - XSS vulnerability in search-engine, admin
Palm.com - XSS vulnerability, admin
About.com - XSS with cookie disclosure, luny
Macworld.com - XSS vulnerability, admin
Cybersocieties.com - XSS & cookie disclosure, luny
Windowsitpro.com - XSS with cookie disclosure, luny
animesuki XSS, nanoymaster
Facerave.com - XSS & sessions disclosure, luny
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML], botan
Proof of concept: mybb 1.1.2 remote code execution, Javier Olascoaga
Hotscripts.com - XSS with cookie disclosure, luny
alipager xss attack, s3rv3r_hack3r
ISO.org - XSS vulnerability, admin
hi5.com - XSS with cookie disclosure, luny
Apnaspace.com - XSS with cookie disclosure, luny
XSS in GardenWeb, nanoymaster
Cline Communications Sql injection, liz0
Mambo <= 4.6rc1 sql injection, rgod
Dealgates.com - XSS with cookie disclosure, luny
Housecarers.com - XSS & cookie disclosure, luny
[ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion, eufrato
bitweaver <= v1.3 multiple vulnerabilities, rgod
GreatDomains.com - XSS with cookie disclosure, admin
webcrawler.com - Cross site scripting vulnerability, admin
Netscape.com - Cross site scripting vulnerability, admin
Simple PHP Poll Authecnication Admin ByPass, alp_eren
file include exploits in dotwidgeta Version 2, SWEET SWEET
Bingbox.com - XSS & cookie disclosure, luny
- Re: Bingbox.com - XSS & cookie disclosure, Sven Vetsch
PHP security (or the lack thereof), Darren Reed
- Re: PHP security (or the lack thereof), Bojan Zdrnja
  - Re: PHP security (or the lack thereof), Jessica Hope
- Re: PHP security (or the lack thereof), Jose Nazario
  - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), kicktd
      - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Crispin Cowan
- Re: PHP security (or the lack thereof), Neil Neely
  - RE: [lists] Re: PHP security (or the lack thereof), Curt Purdy
- Re: PHP security (or the lack thereof), john mullee
  - Re: PHP security (or the lack thereof), Darren Reed
    - Re: PHP security (or the lack thereof), Ronald Chmara
      - Re: PHP security (or the lack thereof), Dan Falconer
        
        Re: PHP security (or the lack thereof), Darren Reed
    - Re: PHP security (or the lack thereof), Tonnerre Lombard
      - Re: PHP security (or the lack thereof), Darren Reed
- <Possible follow-ups>
- Re: PHP security (or the lack thereof), Steven M. Christey
- Re: PHP security (or the lack thereof), Alan J Rosenthal
  - Re: PHP security (or the lack thereof), Geo.
- Re: Re: PHP security (or the lack thereof), nabiy
  - Re: PHP security (or the lack thereof), Crispin Cowan
    - Re: PHP security (or the lack thereof), Daniel Hulme
    - Re: PHP security (or the lack thereof), Tobias J. Kreidl
    - Re: PHP security (or the lack thereof), Glynn Clements
  - Re: PHP security (or the lack thereof), Ronald Chmara
    - RE: PHP security (or the lack thereof), Geo.
      - Re: PHP security (or the lack thereof), Paul Schmehl
        
        RE: PHP security (or the lack thereof), Geo.
        
        Re: PHP security (or the lack thereof), Kevin Waterson
      - Re: PHP security (or the lack thereof), Matthias Kestenholz
        
        RE: PHP security (or the lack thereof), Geo.
        
        Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Gezim Hoxha
        
        Re: Securing PHP or finding PHP alternatives, Crispin Cowan
        
        Re: Securing PHP or finding PHP alternatives, SkyFlash
        
        Re: Securing PHP or finding PHP alternatives, Crispin Cowan
        
        Re: Securing PHP or finding PHP alternatives, Sheryl Coppenger
        
        Re: Securing PHP or finding PHP alternatives, Crispin Cowan
        
        Re: Securing PHP or finding PHP alternatives, Michael Cordover
        
        Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Matthias Kestenholz
        
        Re: Securing PHP or finding PHP alternatives, Michael Shigorin
        
        Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Meet Myself on the Internet
      - Re: PHP security (or the lack thereof), Mrten
- Re: Re: PHP security (or the lack thereof), nabiy
Youtube.com - XSS & cookie disclosure, luny
Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability, t . brehm
Re: Secunia Research: PicoZip "zipinfo.dll" Multiple Archives BufferOverflow, c0rrupt
PictureDis Products "lang" Parameter File Inclusion Vulnerability, root-hacked
[ MDKSA-2006:106 ] - Updated mdkkdm packages fix local vulnerability, security
[ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm, security
Blacksingles.com - XSS & cookie disclosure, luny
Cisco Secure ACS Cross Site Scripting Vulnerability., liam . romanis
- <Possible follow-ups>
- RE: Cisco Secure ACS Cross Site Scripting Vulnerability., Paul Oxman (poxman)
Zeroboard File Upload & extension bypass Vulnerability, mins
Carspace.com - XSS with cookie disclosure, luny
Ji-takz Chat (mycfg) Remote File Inclusion, SpC-x
Calendarix 0.7.20060401, SQL Injection Vulnerabilities, Federico Fazzi
Chatizens.com - XSS with cookie disclosure, luny
file include exploits in nucleus 3.23, gamr-14
- <Possible follow-ups>
- Re: file include exploits in nucleus 3.23, nukedx
aXentForum II XSS vuLLn, SnoBmsn
- <Possible follow-ups>
- Re: aXentForum II XSS vuLLn, Steven M. Christey
[security bulletin] HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS), security-alert
Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities, KARKOR23
Develooping Flash Chat (banned_file) Remote File Inclusion, SpC-x
Boardhost.com - XSS, luny
[USN-303-1] MySQL vulnerability, Martin Pitt
dvdwolf SQL injection/XSS, CrAzY . CrAcKeR
TSLSA-2006-0036 - multi, Trustix Security Advisor
rPSA-2006-0105-1 arts, Justin M. Forbes
HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities, Federico Fazzi
[ GLSA 200606-19 ] Sendmail: Denial of Service, Sune Kloppenborg Jeppesen
rPSA-2006-0106-1 kdebase, Justin M. Forbes
[ GLSA 200606-17 ] OpenLDAP: Buffer overflow, Sune Kloppenborg Jeppesen
Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed., Reversemode
[ GLSA 200606-18 ] PAM-MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
ePrayver v.Alpha - XSS, luny
APBoard 2.2-r3 <= SQL Injections, 666
[USN-297-2] Thunderbird extensions update for recent security update, Martin Pitt
Andys Chat 4.5 (action) Remote File Inclusion, SpC-x
HotPlugCMS_1.0 - SQL Injection Vulnerability, guest01
Advisory: Unauthorized password recovery in phpBannerExchange, RedTeam Pentesting
Advisory: Authentication bypass in phpBannerExchange, RedTeam Pentesting
MP3 Search/Archive v1.2 - XSS, luny
[SECURITY] [DSA 1100-1] New wv2 packages fix integer overflow, Martin Schulze
[ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability, security
[SECURITY] [DSA 1099-1] New horde2 packages fix cross-site scripting, Moritz Muehlenhoff
Flipper Poll (root_path) Remote File Inclusion, SpC-x
[USN-300-1] wv2 vulnerability, Martin Pitt
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
- <Possible follow-ups>
- Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
FreeBSD Security Advisory FreeBSD-SA-06:17.sendmail, FreeBSD Security Advisories
EC2ND - Call for Papers, Blyth A J C (Comp)
Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities, Secunia Research
[ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability, security
[USN-301-1] kdm vulnerability, Martin Pitt
[FSA016] ISPConfig 2.2.3, File inclusion vulnerability, Federico Fazzi
- <Possible follow-ups>
- Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability, t . brehm
[ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability, security
[SECURITY] [DSA 1098-1] New horde3 packages fix cross-site scripting, Moritz Muehlenhoff
[ MDKSA-2006:101 ] - Updated squirrelmail packages fix vulnerabilities, security
MySQL DoS, Kanatoko
- Re: MySQL DoS, Tonnerre Lombard
- <Possible follow-ups>
- Re: MySQL DoS, xhire
[SECURITY] [DSA 1097-1] New Kernel 2.4.27 packages fix several vulnerabilities, Moritz Muehlenhoff
[KDE Security Advisory] KDM symlink attack vulnerability, Dirk Mueller
[ GLSA 200606-15 ] Asterisk: IAX2 video frame buffer overflow, Sune Kloppenborg Jeppesen
PhpBlueDragon CMS 2.9.1, File inclusion vulnerability, Federico Fazzi
Fusion Polls (xtrphome) Remote File Inclusion, SpC-x
- Re: Fusion Polls (xtrphome) Remote File Inclusion, security curmudgeon
SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability, SEC Consult Research
[ GLSA 200606-16 ] DokuWiki: PHP code injection, Sune Kloppenborg Jeppesen
wbb<<--v 2.1.6 "profile.php" SQL injection, CrAzY . CrAcKeR
wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection, CrAzY . CrAcKeR
wbb<<--v 2.2.2 "thread.php" SQL injection, CrAzY . CrAcKeR
bbrss PhpBB (phpbb_root_path) Remote File Inclusion, SpC-x
Freeze Greetings Cards PWD.txt, alp_eren
[ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability, security
[ MDKSA-2006:099-1 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
Secunia Research: PicoZip "zipinfo.dll" Multiple Archives Buffer Overflow, Secunia Research
Black Hat Speakers + 2005 Content on-line, Jeff Moss
[USN-299-1] dhcdbd vulnerability, Martin Pitt
Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability, Secunia Research
[USN-298-1] libgd2 vulnerability, Martin Pitt
[USN-288-4] dovecot regression fix, Martin Pitt
[USN-297-1] Thunderbird vulnerabilities, Martin Pitt
G Shout 1.3.1 Version - Remote File Include Vulnerability, SpC-x
[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, admin
- <Possible follow-ups>
- Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, ellinger
VBZooM <<-- V1.11 "show.php" SQL injection, CrAzY . CrAcKeR
ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability, zdi-disclosures
Simpleshout 1.6.0 Version - Remote File Include Vulnerability, SpC-x
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, research
file include exploits in mcGuestbook 1.3, gamr-14
- <Possible follow-ups>
- file include exploits in mcGuestbook 1.3, SWEET SWEET
Oracle DBMS_STANDARD security problem, putosoft softputo
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others, gmdarkfig
GamePlay.co.uk XSS, charlie
- Re: GamePlay.co.uk XSS, Patrick Morris
Chipmailer <= 1.09 Multiple Vulnerabilities, tamriel
iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow, labs-no-reply
REMOTE FILE INCLUSION ( ALL ), SpC-x
- <Possible follow-ups>
- Re: REMOTE FILE INCLUSION ( ALL ), Steven M. Christey
- Re: REMOTE FILE INCLUSION ( ALL ), eufrato
blur6ex <= 0.3.462 'ID' blind sql injection, rgod
TikiWiki Sql injection & XSS Vulnerabilities, bug@xxxxxxxxxxxxxxx
Web-CMS <<--1.0 "print.php" SQL injection, CrAzY . CrAcKeR
[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock., Reversemode
# MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., erne@xxxxxxxxxxxxx
- <Possible follow-ups>
- Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., Amelie
- Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., amelie
[REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege escalation advisory, Reversemode
Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities, SpC-x
Re: Shoutpro 1.0 Version - Remote File Include Vulnerability, Steven M. Christey
- <Possible follow-ups>
- Shoutpro 1.0 Version - Remote File Include Vulnerability, SpC-x
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS, labs-no-reply
S H O U T B O X (v1.5) Version - Remote File Include Vulnerability, SpC-x
Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, SpC-x
- <Possible follow-ups>
- Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, Steven M. Christey
Jobline 1 1 1 Version - Remote File Include Vulnerability, SpC-x
PHP MESSENGER 1.0 Version - Remote File Include Vulnerability, SpC-x
ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability, zdi-disclosures
iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability, labs-no-reply
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow, labs-no-reply
High Risk Vulnerability in Microsoft Windows RASMAN Service, Peter Winter-Smith
multiple Xss exploits in 35mmslidegallery V6, black code
Simpnews <= All version - Remote File Include Vulnerabilities, SpC-x
- Re: Simpnews <= All version - Remote File Include Vulnerabilities, str0ke
VBZooM <<--V1.01 "language.php" SQL injection, CrAzY . CrAcKeR
[SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution, Martin Schulze
VBZooM <<--V1.11 "subject.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.02 "meaning.php" SQL injection, CrAzY . CrAcKeR
Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection, Steven M. Christey
DCP-Portal 6.1.x, Remote command execution, Federico Fazzi
Content-Builder (CMS) 0.7.5, Remote command execution, Federico Fazzi
Emllabs.com - XSS, luny
Call For Papers - No cON Name 2006 Edition Spain, Jose Nicolas Castellano
- <Possible follow-ups>
- Call For Papers - No cON Name 2006 Edition Spain, deese
[FSA013] phpCMS 1.2.1pl2, Remote command execution, Federico Fazzi
internet explorer vulnerability based on MarjinZ & Mr.Niega discovered, Kevin Berkane
Invision Power Board XSS, kepche
Blackplanet.com - XSS & cookie disclosure vuln., luny
[ GLSA 200606-09 ] SpamAssassin: Execution of arbitrary code, Sune Kloppenborg Jeppesen
Yourfacesucks.com - XSS & cookie disclosure, luny
Onlinenode.com - XSS, luny
[EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow, eEye Advisories
Meefo.com - XSS with cookie include, luny
# MHG Security Team --- PHORUM 5.1.13 Remote File Inc., erne
- <Possible follow-ups>
- Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc., brian
Vampirefreaks.com - XSS with cookie disclosure, luny
Flork.com, luny
myPHP Guestbook 2.0.2 XSS Vulnerabilitie, x0r_1
[ MDKSA-2006:099 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
rPSA-2006-0100-1 freetype, Justin M. Forbes
Virtualtourist.com - XSS with cookie disclosure, luny
[ GLSA 200606-14 ] GDM: Privilege escalation, Sune Kloppenborg Jeppesen
Wireclub.com - XSS & cookie disclosure, luny
Windows XP Task Scheduler Local Privilege Escalation (Advisory), zipk0der
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory), Eliah Kagan
Stargazer.org - XSS with Session output, luny
cescripts.com - XSS, luny
ThWboard 3.0 <= SQL Injection, 666
Nowtalking.com - XSS, luny
sorry i wrong something, this is original AWF CMS 1.11 adv, Federico Fazzi
Foing (manage_songs.php) Remote File Inclusion[phpBB], darkfire
Opengaia.com - XSS Vuln & Session Include, luny
[KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack, addmimistrator
Wanderlist.com - XSS vuln with sessions disclosure, luny
PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, redl_ine
- <Possible follow-ups>
- Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, reports
tempnam() Bypass unique file name PHP 5.1.4, cxib
Myscrapbook v3.1 - XSS, luny
CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure, gmdarkfig
RCblog 1.03 Directory Traversal [index.php], irc0d3r
WinSCP - URI Handler Command Switch Parsing, Jelmer Kuperus
Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability, Secunia Research
vbulletin.com Multiple XSS Vulnerabilities, chris
- <Possible follow-ups>
- Re: vbulletin.com Multiple XSS Vulnerabilities, contact
5 Star Review - review-script.com - XSS w/ cookie output, luny
Hotbot.com - XSS vulnerability in search engine, admin
Lycos.com - XSS vulnerability, admin
[ GLSA 200606-13 ] MySQL: SQL Injection, Sune Kloppenborg Jeppesen
[ GLSA 200606-12 ] Mozilla Firefox: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Mydeardiary.com - XSS, luny
[ GLSA 200606-11 ] JPEG library: Denial of Service, Sune Kloppenborg Jeppesen
igloo DoubleSpeak v 0.1 Multiple remote file inclusion, aminrayden
- Re: igloo DoubleSpeak v 0.1 Multiple remote file inclusion, str0ke
Diaryland.com - XSS, luny
[ GLSA 200606-10 ] Cscope: Many buffer overflows, Sune Kloppenborg Jeppesen
[KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability, farhadkey
Joomla! 1.0 Remote File Inclusion, c4nberx

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]