Bugtraq
[Prev Page][Next Page]
- ERRATA: [ GLSA 200604-10 ] zgv: Heap overflow,
Sune Kloppenborg Jeppesen
- [MajorSecurity #12]ZMS<= 2.9 - XSS,
admin
- [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS,
admin
- [MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS,
admin
- [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS,
admin
- AsianXO.com - XSS with cookie data include,
luny
- Tempinbox.com,
luny
- fx-APP Version 0.0.8.1,
luny
- Ringlink v3.2 - XSS,
luny
- [SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities,
Martin Schulze
- rPSA-2006-0099-1 openldap openldap-clients openldap-servers,
Justin M. Forbes
- CORE-2006-0330: Asterisk PBX truncated video frame vulnerability,
Core Security Technologies advisories
- [Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability,
mac68k
- [Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability,
mac68k
- [Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability,
mac68k
- [USN-296-1] firefox vulnerabilities,
Martin Pitt
- TSLSA-2006-0034 - multi,
Trustix Security Advisor
- 0verkill 0.6, Remote integer overflow,
Federico Fazzi
- ST AdManager Lite v1,
luny
- P.A.I.D v2.2,
luny
- Windows Software Restriction Policy Protection Bypass,
3APA3A
- [USN-288-2] PostgreSQL server/client vulnerabilities,
Martin Pitt
- [USN-288-3] PostgreSQL client vulnerabilities,
Martin Pitt
- Contensis CMS XSS vunerability,
smigofthedump
- CORE-2006-0327: IAXclient truncated frames vulnerabilities,
Core Security Technologies advisories
- PHP-Nuke Download Module Remote SQL Injection,
BuNy-m
- TinyMuw v1.0 - XSS,
luny
- Secunia Research: AutoMate unacev2.dll Buffer Overflow Vulnerability,
Secunia Research
- [ GLSA 200606-08 ] WordPress: Arbitrary command execution,
Sune Kloppenborg Jeppesen
- Secunia Research: SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities,
Secunia Research
- Docebo Lms 3.0.3, Remote command execution,
Federico Fazzi
- MobeSpace v2.0 - XSS,
luny
- Docebo Kms 3.0.3, Remote command execution,
Federico Fazzi
- mole.com.ua Ticket Booking Script - XSS,
luny
- mole.com.ua Booking Script,
luny
- Docebo Core 3.0.3, Remote command execution,
Federico Fazzi
- Docebo CMS 3.0.3, Remote command execution,
Federico Fazzi
- [USN-293-1] gdm vulnerability,
Martin Pitt
- [USN-292-1] binutils vulnerability,
Martin Pitt
- phazizGuestbook v2.0 - XSS,
luny
- iFoto v0.20-06/06/06,
luny
- Dell Openmanage CD Vulnerability,
wiz561
- okscripts.com - XSS Vulns,
luny
- [SECURITY] [DSA 1094-1] New gforge packages fix cross-site scripting,
Moritz Muehlenhoff
- [USN-294-1] courier vulnerability,
Martin Pitt
- [ GLSA 200606-07 ] Vixie Cron: Privilege Escalation,
Sune Kloppenborg Jeppesen
- [USN-295-1] xine-lib vulnerability,
Martin Pitt
- rPSA-2006-0098-1 gdm,
Justin M. Forbes
- SSL VPNs and security,
Michal Zalewski
- Message not available
- Re: SSL VPNs and security,
Eloy Paris
- <Possible follow-ups>
- Re: SSL VPNs and security,
wnorth
- Re: SSL VPNs and security,
thanekamp
[security bulletin] HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution,
security-alert
[SECURITY] [DSA 1092-1] New MySQL 4.1 packages fix SQL injection,
Martin Schulze
'Multiple Sql injection and XSS in integramod portal,
ahwaz
[USN-291-1] FreeType vulnerabilities,
Martin Pitt
[USN-289-1] tiff vulnerabilities,
Martin Pitt
Ie opera dos exploit,
co296
bug of script injection in shoutcast servers,
mantasjadzevicius
[SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution,
Martin Schulze
PHP-Nuke <= 7.9 Search XSS Vulnerability,
try_og
Back-end = 0.7.2.1 (jpcache.php) Remote command execution,
Federico Fazzi
NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure,
gmdarkfig
Mathcad Area Lock Vulnerability,
bugtraq
Uninformed Journal Release Announcement: Volume 4,
Uninformed Journal
[SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service,
Martin Schulze
Tikiwiki 1.9.3.2 security release,
marc
cms-bandits 2.5, Remote command execution,
Federico Fazzi
[MajorSecurity #10]i.List <= 1.5 - XSS,
admin
GUESTEX guestbook code execution,
root
Ez Ringtone Manager from scriptez.net - XSS,
luny
E-Dating System from scriptsez.net - XSS,
luny
[ GLSA 200606-06 ] AWStats: Remote execution of arbitrary code,
Sune Kloppenborg Jeppesen
[NOBYTES.COM: #12] ViArt Shop v2.5.5 - XSS Vulnerability,
John Cobb
Easy Ad-Manager,
luny
Chemical Directory - XSS,
luny
Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns,
luny
Mafia Moblog Full Path Disclosure / SQL injection,
simo64
[ MDKSA-2006:098 ] - Updated postgresql packages fixes SQL injection vulnerabilities.,
security
PBL Guestbook v1.31 - XSS,
luny
[ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability.,
security
[ MDKSA-2006:096 ] - Updated openldap packages fixes buffer overflow vulnerability.,
security
Calendar Express 2 SQL injection,
CrAzY . CrAcKeR
[FLSA-2006:189137-2] Updated firefox package fixes security issues,
Marc Deslauriers
[FLSA-2006:190884] Updated squirrelmail package fixes security issues,
Marc Deslauriers
[FLSA-2006:190941] Updated ipsec-tools package fixes security issue,
Marc Deslauriers
[FLSA-2006:190777] Updated X.org packages fix security issue,
Marc Deslauriers
MiraksGalerie <= 2.62 Multiple Remote command execution,
Federico Fazzi
aWebNews <= 1.0 (login.php) Remote DocumentRoot file disclosure,
Federico Fazzi
[ GLSA 200606-01 ] Opera: Buffer overflow,
Sune Kloppenborg Jeppesen
[ GLSA 200606-04 ] Tor: Several vulnerabilities,
Sune Kloppenborg Jeppesen
[FLSA-2006:189137-1] Updated mozilla packages fix security issues,
Marc Deslauriers
MyBB 1.1.2 New XSS,
o . y . 6
[ GLSA 200606-05 ] Pound: HTTP request smuggling,
Sune Kloppenborg Jeppesen
[HV-LOW] Microsoft NetMeeting memory corruption (Brief),
vuln
rPSA-2006-0096-1 spamassassin,
Justin M. Forbes
Vice Stats 0.5b SQL injection,
CrAzY . CrAcKeR
[ GLSA 200606-03 ] Dia: Format string vulnerabilities,
Sune Kloppenborg Jeppesen
ADVISORY - D-Link Wireless Access-Point,
news
XSS on LarkinWEB & Company,
spymeta
TinyPHP forum <= 3.6 Remote Command Execution Exploit,
hessamx
BloggIT <= 1.01 (admin.php) Arbitrary code execution,
Federico Fazzi
bug on showwich.asp,
ip . chat
[ GLSA 200606-02 ] shadow: Privilege escalation,
Sune Kloppenborg Jeppesen
libgd 2.0.33 infinite loop in GIF decoding ?,
rocheml
[SECURITY] [DSA 1090-1] New spamassassin packages fix remote command execution,
Martin Schulze
IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass,
IRM Advisories
Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix,
Matt Riddell (IT)
GANTTy v1.0.3,
luny
[ MDKSA-2006:095 ] - Updated libtiff packages fixes tiffsplit vulnerability,
security
ParticleSoft Wiki v1.0.2,
luny
ParticleSoft Whois v1.0.3,
luny
Partial Links v1.2.2,
luny
Particle Gallery v1.0.0,
luny
Multiple file include exploits in Xtreme Downloads v.1.0,
black code
file include in Xtreme Downloads v.1.0,
gamr-14
ASPScriptz Guest Book 2.0 XSS,
omnipresent
[KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection,
farhadkey
[Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability,
mac68k
[Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability,
mac68k
Personal Information Disclosure/Account Hijacking Vulerability in mafia online games,
Ulrich Keil
Dmx Forum <= v2.1a Remote Passwords Disclosure,
gmdarkfig
[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability,
admin
[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability,
admin
Re: [Full Disclosure] [Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability,
mac68k
Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker,
Stefan Esser
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability,
ajannhwt
FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit,
ajannhwt
TSLSA-2006-0032 - multi,
Trustix Security Advisor
Kmita FAQ v1.0,
luny
LabWiki v1.0,
luny
Multiple Vendor NTFS Data Stream Malware Stealth Technique,
Joxean Koret
CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion,
SpC-x
Re: [Full-disclosure] bug in oscomerce,
Frank Laszlo
# MHG Security Team ---Rumble 1.02 version Remote File Inc.,
erne
Bookmark4U Remote File Include,
selfar2002
Client buffer-overflow in Quake 3 engine (1.32c / rev 795),
Luigi Auriemma
XSS in ICQ.com,
sn4k3 . 23
SMS "messages.php" SQL injection,
CrAzY . CrAcKeR
New <<BackTrack release announcement,
Max Moser
Timberland Search XSS Vulnerability,
try_og
VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue,
VMware Security Team
LifeType <=1.0.4 'articleId' SQL injection,
rgod
DotClear <= 1.2.4 'blog_dc_path' (php5) arbitrary remote inclusion,
rgod
[SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution,
Martin Schulze
[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability,
admin
phpBB2 (template.php) Remote File Inclusion,
canberx
LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability,
ajannhwt
Blackhat USA 2006 - Review , remarks and proposal agenda,
newslist@xxxxxxxxxxxxxxxxxxxxxx
[SECURITY] [DSA 1088-1] New centericq packages fix arbitrary code execution,
Martin Schulze
Critical SQL Injection in CoolForum,
gmdarkfig
[ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution,
eufrato
[SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities,
Martin Schulze
Pixelpost <= 1-5rc1-2 multiple vulnerabilities,
rgod
rPSA-2006-0091-1 firefox thunderbird,
Justin M. Forbes
[DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue,
Uwe Hermann
[DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue,
Uwe Hermann
[DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue,
Uwe Hermann
[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue,
Uwe Hermann
# MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit,
erne ayaz
Pro Publish SQL Injection and XSS Vulnerabilities,
Soothackers
new bug,
webmaster
[SECURITY] [DSA 1086-1] New xmcd packages fix denial of service,
Martin Schulze
MyTrueHood.com - XSS,
luny
aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit,
ajannhwt
New Snort Bypass - Patch - Bypass of Patch,
Sigint Consulting
Redaxo CMS <= 3.2 Remote File Include,
beford
newsfactory Cross Site Scripting & SQL injection,
CrAzY . CrAcKeR
Bytehoard 2.1 Remote File Include,
beford
PHP ManualMaker v1.0,
luny
Weblog Oggi v1.0,
luny
VMSA-2006-0002 - VMware Server sensitive information lifetime issue,
VMware Security Team
SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability,
Jessica Hope
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities,
Yannick von Arx
Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues,
Arne Vidstrom
CA Forum Remote SQL Injection,
omnipresent
[ MDKSA-2006:094 ] - Updated evolution packages fix DoS (crash) vulnerability on certain messages.,
security
Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue,
advisories
[SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities,
Martin Schulze
SyScan'06 - The Hackers' Conference in Asia,
thomas48
Squirrelmail local file inclusion,
brokejunker
Snort HTTP Inspect Pre-Processor Uricontent Bypass,
Christian Swartzbaugh
TAL RateMyPic v1.0,
luny
ishopcart cgi 0day and multiple vulnerabilities,
bugtraq
FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs,
FreeBSD Security Advisories
multiple file inclusion exploits in ovidentia v5.8.0,
black code
rPSA-2006-0087-1 kernel,
Justin M. Forbes
SUSE Security Announcement: rug (SUSE-SA:2006:029),
Thomas Biege
Internet explorer Vulnerbility,
Mr . Niega
[security bulletin] HPSBUX02122 SSRT061158 rev.1 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution,
Steve Kemp
New SecurityFocus mailing list: Focus-Apple,
Marc Fossi
Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability,
Secunia Research
Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities,
Secunia Research
file include exploit in Support Cards v1,
black code
toendaCMS 0.7.0 Cross Site Scripting,
kubasx
[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution,
Martin Schulze
QontentOneCMS v1.0,
luny
# MHG Security Team --- PHP NUKE All version Remote File Inc.,
erne
pppBlog <= 0.3.8 administrative credentials/system disclosure,
rgod
Xss exploit in Chipmunk directory,
black code
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities,
enji
WebCalendar-1.0.3 reading of any files,
socsam
[ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities,
Stefan Cornelius
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities.,
security
[ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability,
Stefan Cornelius
Fire fox dos exploit,
co296
Backdoor in RelevantKnowledge adware (What are we fighting for?),
3APA3A
OaBoard 1.0 Remote File inclusion,
hessamx
WBB<--v2.3.4"misc.php" SQL injection Vulnerability,
CrAzY . CrAcKeR
NorthStudio Cross Site Scripting Vulnerability,
CrAzY . CrAcKeR
Bratpack Cross Site Scripting Vulnerability,
CrAzY . CrAcKeR
phpMyDesktop|arcade 1.0 FINAL Code Execution,
darkgod . xsf
4nNukeWare<--V 0.91 SQL Injection exploits,
CrAzY . CrAcKeR
Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.,
Robert
[KAPDA::#46] - Nukedit Unauthorized Admin Add,
farhadkey
multiple Xss exploits in : vCard 2.9,
black code
RE: Multiple Xss exploits in coolphp magazine,
black code
Multiple Xss exploits in Chipmunk Board,
black code
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities,
Moritz Muehlenhoff
WikiNi Persistent Cross Site Scripting Vulnerability,
raphael . huck
New SMB and DCERPC features on Impacket released with doc,
Gerardo Richarte
Foing Remote File Include Vulnerability [PHPBB],
s3rv3r_hack3r
UBBThreads 5.x,6.x md5 hash disclosure,
chris
[KAPDA::#45] - geeklog multiple vulnerabilities,
alireza hassani
Xss exploit in Photoalbum B&W v1.3,
black-cod3
VARIOMAT(advanced cms tool)SQL injection/XSS,
CrAzY . CrAcKeR
Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability,
Mustafa Can Bjorn IPEKCI
Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities.,
Mustafa Can Bjorn IPEKCI
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.,
Mustafa Can Bjorn IPEKCI
Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.,
Mustafa Can Bjorn IPEKCI
Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability.,
Mustafa Can Bjorn IPEKCI
Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities,
Mustafa Can Bjorn IPEKCI
Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities.,
Mustafa Can Bjorn IPEKCI
Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities,
Mustafa Can Bjorn IPEKCI
Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities.,
Mustafa Can Bjorn IPEKCI
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability,
Mustafa Can Bjorn IPEKCI
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities,
Mustafa Can Bjorn IPEKCI
JAMES 2.2.0 <-- Denial Of Service,
y3dips
multiple file include exploits in EzUpload Pro v2.10,
black-cod3
Buffer overflow in QuickTime 7.0.4?,
John Richard Moser
[USN-288-1] PostgreSQL server/client vulnerabilities,
Martin Pitt
[USN-287-1] Nagios vulnerability,
Martin Pitt
[SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal,
Steve Kemp
[SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities,
Martin Schulze
html Guest Gear,
pieisgdvgd
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING,
thesinoda
D-Link DSA-3100 Cross-Site Scripting,
jaime . blasco
[SECURITY] [DSA 1078-1] New tiff packages fix denial of service,
Martin Schulze
Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit,
ajannhwt
sql injection in PHPcafe.net Tutorial Manager,
black-cod3
Multiple Xss exploits in ar-blog v 5.2,
black-cod3
Xss exploit in Chipmunk guestbook,
black-cod3
Critical sql injection in saphplesson 2.0,
black-cod3
InternerExplorer error: ECMAScript interpreter stack overflow,
sehato
Symantec antivirus software exposes computers,
Michael Scheidell
rPSA-2006-0083-1 enscript,
Justin M. Forbes
Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password,
Cemil Degirmenci
rPSA-2006-0084-1 fetchmail,
Justin M. Forbes
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4,
cxib
LM hashes in a hot-desking environment,
feedb4ck
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability.,
security
Morris Guestbook v1,
luny
Smile Guestbook v1,
luny
Pretty Guestbook v1,
luny
MyYearBook.com - XSS,
luny
Vacation Retal Script v1.0,
luny
Super Link Exchange Script v1.0,
luny
PHPSimple Choose v0.3,
luny
iBoutique.MALL - Directory Traversal,
luny
XSS Vulnerability on Vodafone,
try_og
rPSA-2006-0080-1 postgresql postgresql-server,
Justin M. Forbes
On the Recent PGP and Truecrypt Posting,
jon
[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils),
OpenPKG
XSS Vulnerability on www.my6d.com Connection Work System,
spymeta
Seditio Cross Site Scripting Vulnerability,
mail
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities,
ajannhwt
Assetman <= 2.4a XSS,
zerogue
ByteHoard <= 2.1 multiple vulnerabilities,
zerogue
PHP AGTC-Membership system <= v1.1a XSS,
zerogue
PHPResidence <= 0.6 XSS,
zerogue
Plume CMS Remote File Include,
beford
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x,
blwood
my Web Server << v-1.0 Denial of Service Exploit,
s3rv3r_hack3r
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities,
ajannhwt
[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability,
admin
qjForum(member.asp) SQL Injection Vulnerability,
ajannhwt
phpjobboard Authecnical admin byPass,
alp_eren
Toasts Forums 1.6.44 in Xss,
ajannhwt
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities,
ajannhwt
XSS in Monster Top List | MTL 1.4,
V8f3
Docebo LMS 2.05 Remote File Include,
beford
XSS in Omegasoft's Insel,
MC Iglo
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution,
Martin Schulze
ASLR now built into Vista,
David Litchfield
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2,
bugtraq
[BuHa-Security] DoS Vulnerability in MS IE 6 SP2,
bugtraq
V-Webmail 1.6.4 Remote File Include,
beford
[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service,
Martin Schulze
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service,
Martin Schulze
TSLSA-2006-0030 - multi,
Trustix Security Advisor
Addendum,
ennead@xxxxxxxxxxxxx
Wordpress <=2.0.2 'cache' shell injection,
rgod
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15,
PostgreSQL Security
Hackernetwork Mail Xss[Search] Vulnerability,
ajannhwt
iFlance v1.1,
luny
rPSA-2006-0082-1 vixie-cron,
Justin M. Forbes
Drupal <= 4.7 attachment/mod_mime remote code execution,
rgod
Pre News Manager v1.0,
luny
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie,
farhadkey
Pre Shopping Mall v1.0,
luny
CMS Mundo V1.0,
luny
GuestbookXL 1.3,
luny
[USN-286-1] Dia vulnerabilities,
Martin Pitt
Bulletin Board Elite-Board v.1.1,
luny
Realty Pro One Property Listing Script,
luny
iFdate v1.2,
luny
sql injection in phpWebSite 0.8.3,
help-users
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
thesinoda
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
3APA3A
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
Alexander Klimov
- RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
phugo
- <Possible follow-ups>
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
ennead@xxxxxxxxxxxxx
- Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
ahariri
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
thesinoda
- Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.,
visitbipin
ChatPat v1.0,
luny
AZ Photo Album Script Pro,
luny
phpFoX All Version Login Exploit,
mx
Kaspersky antivirus 6: POP3 state machine error,
bug . registrator
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other.,
support
VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow,
advisories
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities,
security
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability,
security
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc,
security
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability,
security
[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption,
security
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1074-1] New mpg123 packages fix arbitrary code execution,
Martin Schulze
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting,
jaime . blasco
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)",
Amit Klein (AKsecurity)
Diesel Joke Site SQL INJECTION,
a_linuxer
NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability,
info
Vodafone.de XSS Vulnerability,
try_og
Default Screen Saver Vulnerability in Microsoft Windows,
susam . pal
YLZH(right.php)Cross Site Scripting,
Breeeeh
Mambo <= 4.6. RC1 xss,
rgod
Publicist v0.95 - XSS And Full Path Errors,
luny
AlstraSoft Web Host Directory v1.2,
luny
Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229),
Luigi Auriemma
Server termination in netPanzer 0.8 (rev 952),
Luigi Auriemma
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation,
security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution,
security-alert
[USN-285-1] awstats vulnerability,
Martin Pitt
DGbook v1.0 - XSS,
luny
[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access,
security-alert
Alstrasoft Article Manager Pro v1.6,
luny
AlstraSoft E-Friends - XSS,
luny
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!),
ajannhwt
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege,
security-alert
Nucleus CMS <= 3.22 arbitrary remote inclusion,
rgod
Non eXecutable Stack Lovin on OSX86,
KF (lists)
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap),
OpenPKG
Kaspersky antivirus 6: HTTP monitor bypassing,
john
SkyeShoutbox <= v.1.2.0 XSS,
zerogue
Russcom Ping Remote code execution,
zerogue
Russcom PHPImages lack of validation,
zerogue
QBv14 XSS,
zerogue
IpLogger <= 1.7 XSS,
zerogue
DSChat <= 1.0 XSS,
zerogue
Chatty improper input sanitizing,
zerogue
Circumventing quarantine control in Windows 2003 and ISA 2004,
Memet Anwar
Hackernetwork.Com Mail XSS Vulnerability,
TeufeL Online
Microsoft Internet Explorer - Crash on mouse button click,
mac68k
Message not available
RE: Microsoft Internet Explorer - Crash on mouse button click,
Jain, Siddhartha
Re: Microsoft Internet Explorer - Crash on mouse button click,
mac68k
Remote Code Execution in artmedic Newsletter 4.1 [log.php],
c . j . schmitz
TSLSA-2006-0028 - multi,
Trustix Security Advisor
phpRaid "view.php" XSS Vulnerability,
TeufeL Online
Beoped Portal XSS,
outlaw
SOE's implementation of Lithium Forums Software allows users to log on as each other.,
john
ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service,
ACROS Security
CANews Multiple Vulnerabilities,
omnipresent
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution,
Martin Schulze
mybb v1.1.1(rss.php) SQL Injection Exploit,
Breeeeh
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities,
Martin Schulze
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability,
zdi-disclosures
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS),
security-alert
BitZipper Archive Extraction Directory traversal,
h e
Prodder Remote Arbitrary Command Execution,
RedTeam Pentesting
Perlpodder Remote Arbitrary Command Execution,
RedTeam Pentesting
[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities,
Martin Schulze
Skype - URI Handler Command Switch Parsing,
Brett Moore
[KAPDA::#43] - phpwcms multiple vulnerabilities,
alireza hassani
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06,
Marc Schoenefeld
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user,
EitanCaspi@xxxxxxxxx
[ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities,
Stefan Cornelius
[ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows,
Stefan Cornelius
[TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart,
Thierry Zoller
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit,
rgod
Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions,
milw0rm
PHP Easy Galerie Index.PHP Remote File Include Vulnerability,
craziest
Captivate 1.0 - XSS Vuln,
luny
[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities,
Moritz Muehlenhoff
Destiney Links Script v2.1.2,
luny
Destiney Rated Images Script v0.5.0 - XSS Vulnv,
luny
PunBB 1.2.11 Cross site scripting,
k4p0k4p0
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities,
Moritz Muehlenhoff
Hiox Guestbook 3.1,
luny
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service,
Moritz Muehlenhoff
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability,
i6d
cPanel OpenBaseDir Bypass,
i6d
[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution,
Moritz Muehlenhoff
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2,
fredck
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities,
Moritz Muehlenhoff
Xtremescripts Topsites v1.1,
luny
Interlink "news_information.php" XSS,
Mster-X
RaceEventManagement <--v0.7.6 SQL injection & XSS,
Mster-X
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability,
i6d
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service,
Moritz Muehlenhoff
Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC,
fredck
phpBazar <= 2.1.0 Multiple vulnerabilites,
i6d
[SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code,
Moritz Muehlenhoff
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code,
Moritz Muehlenhoff
CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command,
Leandro Meiners
[SECURITY] [DSA 1061-1] New popfile packages fix denial of service,
Moritz Muehlenhoff
[SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation,
Moritz Muehlenhoff
Jemscripts Download Control v1.0,
luny
Yourfreeworld.com Short Url & Url Tracker Script,
luny
[SECURITY] [DSA 1062-1] New kphone packages fix information disclosure,
Moritz Muehlenhoff
Yourfreeworld Styleish Text Ads Script,
luny
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities,
Martin Schulze
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities,
security
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code,
security-alert
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability,
Secunia Research
Sun single-CPU DOS,
Doug Hughes
Code Injection via Hidden Form Field Manipulation,
mtoren
Myspace Friend Train v2.8,
luny
POC exploit for freeFTPd 1.0.10,
Tauqeer Ahmad
FrontRange iHeat Vulnerability,
mcdanielar
XSS in orkut.com,
Rohin Koul
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution,
Martin Schulze
Gmail/Gtalk web client DoS,
dan
AspBB Forum "profile.asp & default.asp" XSS Vulnerability,
TeufeL Online
[Info Disclosure] Diesel PHP Job Site Latest Version,
Matt Gibson
[cosmoshop again] sql injection + view all files as admin user,
innate
Multiple Vulns in Bitrix CMS,
Gogi The Georgian
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload,
CodeScan Labs
Gawab.com Register Xss Bugtraq,
rootter
Wargamming Network..,
Dusty
RadLance Local Inclusion Exploit,
Hussain Salim
HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection,
h4cky0u . org
OpenWiki<--v0.78 Cross-Site Scripting,
LiNuX_rOOt1
Boastmachine Cross Site Scripting Vulnerability,
mail
Mobotix IP Network Cameras Multiple XSS,
jaime . blasco
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability,
Secunia Research
Two heap overflow in libextractor 0.5.13 (rev 2832),
Luigi Auriemma
DIMVA 2006 - Call For Participation,
Thomas Biege
Firefox (with IETab Plugin) Null Pointer Dereferences Bug,
Debasis Mohanty
What's Up Professional Spoofing Authentication Bypass,
Kenneth F. Belva
VNC_bypauth: vnc scanner multithreaded linux & windows,
ad@xxxxxxxxxxxxxxxx
iDefense Q2 2006 Vulnerability Challenge,
labs-no-reply@xxxxxxxxxxxx
Newsportal <= 0.36 Remote File Inclusion Vulnerability,
philipp . niedziela
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability,
Secunia Research
Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability.,
Mustafa Can Bjorn IPEKCI
Maksymilian Arciemowicz,
cxib
ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow,
Sune Kloppenborg Jeppesen
DeluxeBB <= v1.06 attachment mod_mime exploit,
rgod
UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage,
Sune Kloppenborg Jeppesen
vulnerability details,
Arnold Grossmann
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure,
rgod
The Weakness of Windows Impersonation Model,
Brian L. Walche
Caucho Resin Windows Directory Traversal Vulnerability,
advisory
Checkpoint SYN DoS Vulnerability,
sanjay naik
ScanAlert Security Advisory,
Joseph Pierini
Newsportal: code injection vulnerability,
newsportal
IceWarp Cross-Site Scripting(XSS),
LiNuX_rOOt1
Sphider Multiple Xss Vulnerabilities,
Soothackers
PhpRemoteView Multiple Xss Vulnerabilities,
Soothackers
DeluxeBB 1.06 Remote SQL Injection Exploit,
kingofska
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability,
geinblues
Confixx 3.1.2 <= Code Injection,
Snake_23
[USN-284-1] Quagga vulnerabilities,
Martin Pitt
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability,
Secunia Research
Novell NDPS Remote Vulnerability (Server & Client),
Ryan Smith
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise,
Juha-Matti Laurio
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector),
Leandro Meiners
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector),
Leandro Meiners
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability,
Secunia Research
tyree[at]users.sourceforge.net,
tyree
Azboard <= 1.0 Multiple Sql Injections,
geinblues
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit,
rgod
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
