Bugtraq

Date Index

[Prev Page][Next Page]

RealVNC 4.1.1 Remote Compromise, James Evans
- Message not available
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Joachim Schipper
- <Possible follow-ups>
- re: RealVNC 4.1.1 Remote Compromise, plato
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop', KF (lists)
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak, Martin Schulze
POC exploit for freeSSHd version 1.0.9, Tauqeer Ahmad
- Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9, David Maciejak
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection, bonsite
90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- <Possible follow-ups>
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., Kamil Sienicki
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Marc Schoenefeld
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, William Starling
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Leif Erik Andersen (at Seven)
Is MS06-018 a DoS or a system compromise ?, Nick Boyce
- RE: Is MS06-018 a DoS or a system compromise ?, Maxime Ducharme
- <Possible follow-ups>
- RE: Is MS06-018 a DoS or a system compromise ?, Hayes, Bill
  - Re: Is MS06-018 a DoS or a system compromise ?, Nick Boyce
[USN-274-2] MySQL vulnerability, Martin Pitt
[SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting, Martin Schulze
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid), rgod
SQL-Injection in e107 allows attacker to become a site admininstrator, socsam
[FLSA-2006:164512] Updated fetchmail packages fix security issues, Marc Deslauriers
Server crash in Empire 4.3.2, Luigi Auriemma
[FLSA-2006:152923] Updated xloadimage package fixes security issues, Marc Deslauriers
[FLSA-2006:152904] Updated ncpfs package fixes security issues, Marc Deslauriers
Gphotos Directory Traversal and Cross Site Scripting, doz
Socket unreachable in GNUnet rev 2780, Luigi Auriemma
[FLSA-2006:185355] Updated gnupg package fixes security issues, Marc Deslauriers
Multiple vulnerabilities in Raydium rev 309, Luigi Auriemma
Multiple vulnerabilities in Outgun 1.0.3 bot 2, Luigi Auriemma
[FLSA-2006:152868] Updated tetex packages fix security issues, Marc Deslauriers
Buffer-overflow and NULL pointer crash in Genecys 0.2, Luigi Auriemma
[FLSA-2006:152898] Updated emacs packages fix a security issue, Marc Deslauriers
# MHG Security Team --- Gallery Upload Vulnerabilities, Dj_ReMix_20
PHP Live Helper ASP(chat.php) XSS, mster-X
Several flaws in e-business designer (eBD), Pedro Andújar
- <Possible follow-ups>
- Re: Several flaws in e-business designer (eBD), ebd . soporte
Dovecot IMAP: Mailbox names list disclosure with mboxes, Timo Sirainen
SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure, Bernhard Mueller
Dokeos LDAP hole fixed, thomas . depraetere
PHPBB 2.0.20 persistent issues with avatars, rgod
- Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
- <Possible follow-ups>
- Re: PHPBB 2.0.20 persistent issues with avatars, s89df987 s9f87s987f
  - Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
[EEYEB-20060307] Apple QuickTime FPX Integer Overflow, eEye Advisories
TSLSA-2006-0026 - kernel, Trustix Security Advisor
Apple QuickDraw/QuickTime Multiple Vulnerabilities, Avert
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB], botan
How secure is software X?, David Litchfield
- Re: How secure is software X?, Adam Shostack
- Re: How secure is software X?, Tim Newsham
- Re: [Full-disclosure] How secure is software X?, Michael Silk
  - Re: [Full-disclosure] How secure is software X?, David Litchfield
- Re: How secure is software X?, Paul B. Saitta
- Re: How secure is software X?, Fabian Becker
  - Re: How secure is software X?, Matt . Carpenter
    - Re: How secure is software X?, Duncan Simpson
  - Re: How secure is software X?, Crispin Cowan
- <Possible follow-ups>
- RE: How secure is software X?, Ferguson, Justin (IARC)
  - Re: How secure is software X?, David Litchfield
ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability, zdi-disclosures
yet more XSS in older versions of ColdFusion, zuxncwaruio
Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability, jason . gerfen
Apple QuickTime udta ATOM Heap Overflow, Sowhat
Ipswitch WhatsUp Professional multiple flaws, David Maciejak
[ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen
phpBB "charts.php" XSS and SQL-Injection, sn4k3 . 23
- <Possible follow-ups>
- Re: phpBB "charts.php" XSS and SQL-Injection, g30rg3x
- Re: phpBB "charts.php" XSS and SQL-Injection, phpbb
Verizon Voicewing and Linksys PAP2-VN, securityfocus
Microsoft MSDTC NdrAllocate Validation Vulnerability, avert
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion, rgod
[SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution, Martin Schulze
[TZO-042006] Insecure Auto-Update and File execution (2), Thierry Zoller
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities, security
Cisco Security Advisory: AVS TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, Greg owens
- <Possible follow-ups>
- RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, John Stuppi (jstuppi)
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability, zdi-disclosures
Kerio WinRoute Firewall Protocol Inspection Denial, SnoBMSN
[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL, 48Bits.com [I+D Team]
vbulletin security Alert, aura
- <Possible follow-ups>
- Re: vbulletin security Alert, scott
PhpListPro 2.01 Remote File Include Vulnerability, SnoBMSN
- <Possible follow-ups>
- Re: PhpListPro 2.01 Remote File Include Vulnerability, not
[TZO-042006] Insecure Auto-Update and File execution, Thierry Zoller
mybb v1.1.1(showthread.php) SQL Injection Exploit, Breeeeh
Firefox 1.5.0.3 - DoS, p4 . werterxyz
- Re: Firefox 1.5.0.3 - DoS, Chris Horry
  - Re: Firefox 1.5.0.3 - DoS, RSnake
- Re: Firefox 1.5.0.3 - DoS, Flavio Visentin
- Re: Firefox 1.5.0.3 - DoS, Ronald van den Blink
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 - DoS, marrob
- Re: Re: Firefox 1.5.0.3 - DoS, Ronald
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities, security
UBlog Remote XSS Exploit, SnoBMSN
Oracle - the last word, David Litchfield
- <Possible follow-ups>
- Re: Oracle - the last word, Steven M. Christey
  - RE: Oracle - the last word, Lee Kelly
    - RE: Oracle - the last word, Iggy E
  - Re: Oracle - the last word, Stefano Di Paola
Hackmaster Group DMCounter Remote File Include, c-w-m
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability, security
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code, Brian Gallagher
[ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution, Sune Kloppenborg Jeppesen
[ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow, Sune Kloppenborg Jeppesen
[ GLSA 200605-11 ] Ruby: Denial of Service, Sune Kloppenborg Jeppesen
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities, Dj_ReMix_20
IBM Websphere Application Server Multiple Vulnerabilities, SnoBmsn
[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution, Martin Schulze
[Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
- <Possible follow-ups>
- Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, marco . correnti
  - Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, Thilo Schulz
- <Possible follow-ups>
- Re: Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, P0ndera
- Re: Re: Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, houkouonchi
ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability, zdi-disclosures
IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Thierry Zoller
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Hugo van der Kooij
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Felipe openglx
- <Possible follow-ups>
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
[EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow, eEye Advisories
[EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service, eEye Advisories
# MHG Security Team --- DuGallery V2.x SQL Injection, Dj_ReMix_20
[SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution, Martin Schulze
plaNetStat Admin ByPass, alp_eren
# MHG Security Team --- OzzyWork Gallery SQL Injection, Dj_ReMix_20
ICQ Client Cross-Application Scripting (XAS), 3APA3A
tseekdir.cgi<--Local File Include, BoNy-m
- Re: tseekdir.cgi<--Local File Include, security curmudgeon
- <Possible follow-ups>
- Re: tseekdir.cgi<--Local File Include, Steven M. Christey
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability, Secunia Research
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities, rgod
SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, research
- Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, Matthew Cerha
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability, admin
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago
- Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity)
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, VSR Advisories
- <Possible follow-ups>
- VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, Matthew Cerha
ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability, zdi-disclosures
[ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Thierry Carrez
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
[USN-283-1] MySQL vulnerabilities, Martin Pitt
[USN-282-1] Nagios vulnerability, Martin Pitt
[Kurdish Security # 5] phpRaid Remote File Include [SMF], botan
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB), botan
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, infocus
- Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, Andrea Rimicci
singapore v0.9.7 XSS Vulnerabilities, alp_eren
Claroline Open Source e-Learning 1.7.5 Remote File Include, beford
Multiple Vulnerabilities In IdealBB ASP Bulletin Board, CodeScan Labs
Dokeos Learning Management System 1.6.4 Remote File Include, beford
CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability, Williams, James K
[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution, Martin Schulze
AngelineCMS Multiple Vulnerabilities, admin
[ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen
[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack, addmimistrator
OpenEngine (PHP CMS), ck
Phil's Bookmark script admin By-pass, alp_eren
- <Possible follow-ups>
- Re: Phil's Bookmark script admin By-pass, Steven M. Christey
- Re: Re: Phil's Bookmark script admin By-pass, theproffx
Limbo CMS (option=weblinks) SQL injection exploit, SnoBMSN
X-POLL admin By-Pass, alp_eren
URL Bug On 1ASPHost and DomainDLX Hosting Services, spymeta
Idle scan rediscovered!!!, Joel Jose
Firefox 1.5.0.3 code execution exploit, yesn
- Re: Firefox 1.5.0.3 code execution exploit, James_gmail-ij
- Re: Firefox 1.5.0.3 code execution exploit, Flavio Visentin
- Re: Firefox 1.5.0.3 code execution exploit, Daniel Veditz
- Re: Firefox 1.5.0.3 code execution exploit, Ismail Donmez
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 code execution exploit, Juha-Matti Laurio
phpBB 2.0.20 Full Path Disclosure and SQL Errors, cxib
- Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
  - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Maksymilian Arciemowicz
    - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
Intel wireless service s24evmon.exe confidential information disclosure., ruben
Alexadex.com players.py XSS Exploit, skinnypuppy
X7Chat <= 2.0.2 avatar XSS injection, zerogue
WebsiteBaker CMS lack of sanitizing, zerogue
- <Possible follow-ups>
- Re: WebsiteBaker CMS lack of sanitizing, ryan
VisionSource CMS <= 0.6 XSS vectors, zerogue
[ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution, Thierry Carrez
PassMasterFlex (and PassMasterFlex+) XSS injection, zerogue
myBloggie <= 2.1.3 XSS, zerogue
FlexCustomer <= 0.0.4 sql injection, zerogue
ChipmunkBoard Multiple Attack vectors, zerogue
ChipmunkBlogger improper input sanitizing, zerogue
JetBox CMS Remote File Include, beford
OpenFAQ - HTML injection and XSS (Cross Site Scripting), Kamil Sienicki
[ GLSA 200605-05 ] rsync: Potential integer overflow, Sune Kloppenborg Jeppesen
TSLSA-2006-0024 - multi, Trustix Security Advisor
Cryptomathic ActiveX Buffer Overflow (TDC Digital signature), CIRT.DK Advisory
SaPHPLesson 3.0 Multbugs, o . y . 6
Invision Community Blog .. Bugs, o . y . 6
- <Possible follow-ups>
- Re: Invision Community Blog .. Bugs, mattmecham
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability, security
CuteNews 1.4.1 Multiple vulnerabilities, k4p0k4p0
modules name(Downloads)SQL Injection Exploit, Mster-X
- Re: modules name(Downloads)SQL Injection Exploit, Paul Laudanski
  - Re: modules name(Downloads)SQL Injection Exploit, znx
modules name(Sections)SQL Injection Exploit, Mster-X
- Re: modules name(Sections)SQL Injection Exploit, security curmudgeon
- <Possible follow-ups>
- RE: modules name(Sections)SQL Injection Exploit, Evans, Arian
WebCalendar User Account Enumeration Weakness, David Maciejak
- Re: WebCalendar User Account Enumeration Weakness, David Maciejak
bigwebmaster guestbook multiply XSS, Javor Ninov
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability, rewterz
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret
libero.it XSS vulnerability - HTML injection, Davide Denicolo
[USN-280-1] X.org server vulnerability, Martin Pitt
321soft PhP Gallery 0.9 - directory travel & XSS, d4igoro
[USN-281-1] Linux kernel vulnerabilities, Martin Pitt
Fast Click <= 2.3.8 Remote File Inclusion, Aminrayden
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion, Aminrayden
zawhttpd - Buffer Overflow, Kamil Sienicki
PunBB 1.2.11 Cross-Site Scripting, o . y . 6
CuteGuestbook XSS attack, omnipresent
[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability, rewterz
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
ISA Server 2004 Log Manipulation, beSIRT
- <Possible follow-ups>
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
  - Re: ISA Server 2004 Log Manipulation, beSIRT
    - Re: ISA Server 2004 Log Manipulation, Thor (Hammer of God)
- Re: ISA Server 2004 Log Manipulation, Shaun Colley
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities, security
[USN-279-1] libnasl/nessus vulnerability, Martin Pitt
BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park
- <Possible follow-ups>
- Re: BankTown's ActiveX Buffer Overflow Vulnerability, lkh1348
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, David F. Skoll
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Joachim Schipper
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Kurt Seifried
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
    - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Giancarlo Razzolini
Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication., gdehanot
[USN-278-1] gdm vulnerability, Martin Pitt
Quagga RIPD unauthenticated route injection, Konstantin V. Gavrilenko
- Re: Quagga RIPD unauthenticated route injection, Paul Jakma
[USN-277-1] TIFF library vulnerabilities, Martin Pitt
[SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution, Martin Schulze
Quagga RIPD unauthenticated route table broadcast, Konstantin V. Gavrilenko
Dynamic Evaluation Vulnerabilities in PHP applications, Steven M. Christey
- Re: Dynamic Evaluation Vulnerabilities in PHP applications, Michael Schlenker
SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023), Ludwig Nussel
[USN-276-1] Thunderbird vulnerabilities, Martin Pitt
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability, security
[ GLSA 200605-04 ] phpWebSite: Local file inclusion, Sune Kloppenborg Jeppesen
[ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam, Sune Kloppenborg Jeppesen
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension, Sune Kloppenborg Jeppesen
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution., Stefano Di Paola
MySQL Anonymous Login Handshake - Information Leakage., Stefano Di Paola
Oracle, where are the patches???, David Litchfield
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???), Michael Shigorin
- <Possible follow-ups>
- RE: Oracle, where are the patches???, Kornbrust, Alexander
  - Re: [Full-disclosure] RE: Oracle, where are the patches???, Cesar
Invision Gallery 2.0.6 ( SQL Injection ), o . y . 6
- <Possible follow-ups>
- Re: Invision Gallery 2.0.6 ( SQL Injection ), mattmecham
- Re: Re: Invision Gallery 2.0.6 ( SQL Injection ), an0n
TyroCms beta V1.0 multiple XSS injections, zerogue
Russcom.net Loginphp multiple vulnerabilties, zerogue
FileProtection Express <= 1.0.1 authentification bypass, zerogue
SF-Users V1.0 XSS injection, zerogue
Cmscout <= V1.10 multiple XSS attack vectors, zerogue
sBlog SQL Injection and Path Disclosure Vulnerability, admin
geoBlog Mutiple XSS Vulnerability, admin
Ejabberd : Symlink vulnerability during installation process, Julien L.
- <Possible follow-ups>
- Re: Ejabberd : Symlink vulnerability during installation process, mickael . remond
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck
- <Possible follow-ups>
- zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck
[SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities, Martin Schulze
X7 Chat <=2.0 remote commands execution, rgod
Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation, Cisco Systems Product Security Incident Response Team
JSBoard XSS vulnerability, Alexander Klink
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability, security
VHCS --- Virtual Hosting Control System Cross Site Scripting, outlaw
FTP Fuzzer, infocus
- Re: FTP Fuzzer, Alexey Biznya
Blog Mod <= 0.2.x SQL Injection, qex
XINE format string bugs when handling non existen file, king_purba
CoolMenus Event Remote File Inclusion exploit, AminRayden
- <Possible follow-ups>
- Re: CoolMenus Event Remote File Inclusion exploit, Steven M. Christey
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N, AminRayden
Poll: Emerging Threats, Jon R. Kibler
- <Possible follow-ups>
- RE: Poll: Emerging Threats, H Alsaleh
OpenBB 1.0.8 Full Path Disclosure, o . y . 6
Invision Power Board v2.1.5 Remote SQL Injection, o . y . 6
- <Possible follow-ups>
- Re: Invision Power Board v2.1.5 Remote SQL Injection, mattmecham
4images<-- 1.7.1 SQL Injection, CrAzY . CrAcKeR
Thyme 1.3 Cross Site Scripting, outlaw
Image file crashes Finder, Safari and other apps, cmertes
[SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access, Martin Schulze
[SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution, Martin Schulze
Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability, Secunia Research
free-php.net Poll 1.0 admin login, tugr
planetGallery admin login, tugr
JMK's Picture Gallery admin login, alp_eren
[ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow, Sune Kloppenborg Jeppesen
DMCounter Remote File Include, beford
TextFileBB 1.0.16 Multiple XSS, r0xes . ratm
TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability, mfoxhacker
XSS Attack On DirectAdmin Hosting Managment, outlaw
W-Agora 4.20 XSS, r0xes . ratm
poll.pl<--remote commands execution exploit, CrAzY . CrAcKeR
Invision Power Board 2.1.5 POC, Javier Olascoaga
[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability, botan
Neomail.pl Local Cross Site Scripting, outlaw
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability, botan
[ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP), botan
[Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar
Cireos Portal Cross Site Scripting, outlaw
WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability, Sowhat
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day
Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability, Secunia Research
BL4's SMTP server BufferOverflow Vulnerable, the_day
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution, Martin Schulze
[USN-275-1] Mozilla vulnerabilities, Martin Pitt
SQL injection exploit IPB <= 2.1.4, satanchild123
[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006, security-alert
[ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors, Sune Kloppenborg Jeppesen
[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access, security-alert
[security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
Land Down Under 802 and below version Path Disclosure Vulnerability, Advisory
[USN-274-1] MySQL vulnerability, Martin Pitt
, Yannick von Arx
MyBB 1.1.1 Local SQL Injections, o . y . 6
[EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow, eEye Advisories
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, jens
- Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Aaron Phillips
  - Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Ian MacPhedran
    - Re: Apple Mac OS X Safari 2.0.3 Vulnerability, buggy
ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability, zdi-disclosures
Open Bulletin Board < Multiple Vulnerability, qex
Local XXS Attack On CuteNews, outlaw
XXS Attack On FarsiNews, outlaw
SQL Injection On DUportal, outlaw
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities, alex
[ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution, Martin Schulze
[ GLSA 200604-15 ] xine-ui: Format string vulnerabilities, Sune Kloppenborg Jeppesen
Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow, Secunia Research
DevBB <= 1.0.0 XSS, qex
MySmartBB<---v 1.1.x SQL Injection/XSS, BoNy-m
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
- <Possible follow-ups>
- [SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
[ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability, security
[ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities, security
[ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities, security
[ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities, security
Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield
- <Possible follow-ups>
- Re: Recent Oracle exploit is _actually_ an 0day with no patch, Steven M. Christey
  - Re: Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield
    - Re: Recent Oracle exploit is _actually_ an 0day with no patch, Cesar
- RE: Recent Oracle exploit is _actually_ an 0day with no patch, Kornbrust, Alexander
  - Re: Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield
DCForumLite V 3.0<--XSS/SQL Injection, Breeeeh
Instant Photo Gallery <= Multiple XSS, qex
- <Possible follow-ups>
- Instant Photo Gallery <= Multiple XSS, qex
  - Re: Instant Photo Gallery <= Multiple XSS, security curmudgeon
- Re: Instant Photo Gallery <= Multiple XSS, Steven M. Christey
Multiple browsers Windows mailto protocol Office 2003 file attachment exploit, inge . henriksen
Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance, Moonen, Ralph
PowerPoint Phishing Trojan, Lance James
Fenice - Open Media Streaming Server remote BOF exploit, Kaveh Razavi
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service, Martin Schulze
Invision Vulnerabilities, including remote code execution, spam
- <Possible follow-ups>
- Re: Invision Vulnerabilities, including remote code execution, Steven M. Christey
  - RE: Invision Vulnerabilities, including remote code execution, Mike Weller
- Re: Invision Vulnerabilities, including remote code execution, mattmecham
- Re: RE: Invision Vulnerabilities, including remote code execution, mattmecham
NASL 'Split' function Buffer overflow Vulnerability, OS2A BTO
- Re: NASL 'Split' function Buffer overflow Vulnerability, Renaud Deraison
  - Re: NASL 'Split' function Buffer overflow Vulnerability, Renaud Deraison
[SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution, Martin Schulze
PhpWebFtp Cross Site Scripting Vulnerability, arko . dhar
[ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities, security
NextAge Shopping Cart Software XSS, AminRayden
photokorn 1.53 , 1.542 << Sql, Dr-Jr7
[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability, security
[ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities., security
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow, Kaveh Razavi
ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, ntwak0
- Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, fabio
- Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, Andreas Beck
Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
vbulletin<--3.0.x SQL Injection, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: vbulletin<--3.0.x SQL Injection, scott
VWar Path Disclosure, arko . dhar
- <Possible follow-ups>
- Re: VWar Path Disclosure, spic
Apple Mac OS X Safari 2.0.3 Vulnerability,
- Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Colin Keigher
  - Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Tom Ferris
    - Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Billy Bues
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability, admin
Firefox Remote Code Execution and DoS 1.5.0.2, chris
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability., Mustafa Can Bjorn IPEKCI
- <Possible follow-ups>
- Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability., nukedx
Format string bug in Skulltag 0.96f, Luigi Auriemma
Multiple PHP4/PHP5 vulnerabilities, infocus
Denial of service bugs in OpenTTD 0.4.7, Luigi Auriemma
Buffer-overflow and crash in Fenice OMS 1.10, Luigi Auriemma
- <Possible follow-ups>
- Re: Buffer-overflow and crash in Fenice OMS 1.10, giampaolo . mancini
RIblog Remote SQL Injection Exploit, omnipresent
[USN-273-1] Ruby vulnerability, Martin Pitt
[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability, admin
BK Forum <= 4.0 Remote SQL Injection, n0m3rcy
XSS Bug in OpenGear Server Website, Aditya
FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility, n0m3rcy
[ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez
[eVuln] RateIt SQL Injection Vulnerability, alex
[ GLSA 200604-13 ] fbida: Insecure temporary file creation, Sune Kloppenborg Jeppesen
[ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import, Sune Kloppenborg Jeppesen
Scry Gallery XSS Vulnerability, arko . dhar
[SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1040-1] New gdm packages fix local root exploit, Martin Schulze
NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability, NSFOCUS Security Team
NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability, NSFOCUS Security Team
[USN-272-1] cyrus-sasl2 vulnerability, Martin Pitt
MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski
Yahoo! Mail XSS Vulnerability, Cheng Peng Su
FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection, o . y . 6
[ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution, Thierry Carrez
Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI
VWar <= ver 1.21 Remote Code Execution Exploit, ali
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution, Martin Schulze
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities, secure
Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows, advisory
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability, advisory
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key, advisory
Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error, advisory
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites, simo64
RE: [BULK] - Websense Filter Bypass, Hubbard, Dan
- <Possible follow-ups>
- RE: [BULK] - Websense Filter Bypass, John E. Fleming
[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution, Martin Schulze
bloggage Remote SQL Injection, omnipresent
r57shell.php <= 1.3 XSS, qex
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities, alex
BK Forum <<--V.4.0 SQL Injection, CrAzY . CrAcKeR
[SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI, François Harvey
[ GLSA 200604-10 ] zgv, xzgv: Heap overflow, Sune Kloppenborg Jeppesen
[ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service, Sune Kloppenborg Jeppesen
Mini-NUKE v2.3<<--- SQL Injection, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: Mini-NUKE v2.3<<--- SQL Injection, nukedx
Websense Filter Bypass, qex
4images <= 1.7 XSS, qex
[Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure, Cesar
RE: (addendum) redirection vuln crawlers breed & security through obscurity, Evans, Arian
Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability, kim
New site about security conferences : www.security-briefings.com, newslist@xxxxxxxxxxxxxxxxxxxxxx
- <Possible follow-ups>
- Re: New site about security conferences : www.security-briefings.com, John
Ad-Aware Revisited, Roy . Batty
[security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access, security-alert
axoverzicht.cgi<==Remote File Inclusion, CrAzY . CrAcKeR
ThWboard 3 Beta 2.84 Cross Site Scripting, CrAzY . CrAcKeR
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn, rgod
[eVuln] MWGuest XSS Vulnerability, alex
Tlen.PL e-mail XSS vulnerability., koper
ASPSitem <= 1.83 Remote SQL Injection Vulnerability, Mustafa Can Bjorn IPEKCI
Strengthen OpenSSH security?, Brett Glass
- Re: Strengthen OpenSSH security?, Mike Hoskins
- Re: Strengthen OpenSSH security?, Carson Gaspar
  - Re: Strengthen OpenSSH security?, Theo de Raadt
- Re: Strengthen OpenSSH security?, Kd
- Re: Strengthen OpenSSH security?, MaddHatter
- Re: Strengthen OpenSSH security?, Damien Miller
- Re: Strengthen OpenSSH security?, c0redump
- <Possible follow-ups>
- Re: Strengthen OpenSSH security?, Bob Goodman
[USN-271-1] Firefox vulnerabilities, Martin Pitt
PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn, rgod
- <Possible follow-ups>
- Re: PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn, k . reznichak
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities, alex
SQL Injection in incredibleindia.org, susam_pal
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities, alex
Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, somerandomaddress99
Confixx SQL Injection exploit (confixx_exploit.pl), defa
EasyGallery Cross-Site Scripting, botan
Fortinet28 box does not resist has small synflood!, testx444
ContentBoxx Login.php Cross-Site Scripting, botan
WWWThread RC 3 MultBugs, o . y . 6
Shbablek Mail Vulnerablitiy - Cross-Site Scripting, n0m3rcy
redirection vuln crawlers breed & security through obscurity, Ivan Sergio Borgonovo
- Re: redirection vuln crawlers breed & security through obscurity, Thomas Hochstein
- <Possible follow-ups>
- RE: redirection vuln crawlers breed & security through obscurity, Evans, Arian
Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance, Cisco Systems Product Security Incident Response Team
ThWboard <= 3 Beta 2.84 SQL Injection, Qex
RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities, info
Multiple vulnerabilities in Linux based Cisco products, assurance.com.au
- Re: Multiple vulnerabilities in Linux based Cisco products, Ilker Temir
[security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities, Cisco Systems Product Security Incident Response Team
XSS Vulnerability in Guest-book script powered by Community Architect, susam . pal
Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo
- <Possible follow-ups>
- RE: Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability, admin
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu, FreeBSD Security Advisories
SQL Injection in package SYS.DBMS_LOGMNR_SESSION, ak
CuteNews 1.4.1 <= Cross Site Scripting, sn4k3 . 23
- <Possible follow-ups>
- Re: CuteNews 1.4.1 <= Cross Site Scripting, Steven M. Christey
[Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation, Secure
Multiple critical and high risk issues in Oracle's database server, NGSSoftware Insight Security Research
[KAPDA::#41] - Mambo/Joomla rss component vulnerability, alireza hassani
- <Possible follow-ups>
- Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability, rey . gigataras
phpLister v. 0.4.1 XSS Attacking, botan
[ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities, security
blur6ex Local File Inclusion and SQL injection ., h e
axoverzicht.cgi <= XSS, qex
Another flaw in Firefox 1.5.0.2: to open files from remote, miky
Remote Xine Format String Vulnerability, c0ntexb
Linpha 1.1.0 - XSS Vulnerabilities, d4igoro
[SA-03] Example of Grsecurity protection avoid., adam
[eVuln] Wire Plastik wpBlog SQL Injection Vulnerability, alex
gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Felix von Leitner
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Forrest J. Cavalier III
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Alexander Klimov
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Florian Weimer
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Michael Chamberlain
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Gabor Gombas
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Nate Eldredge
- <Possible follow-ups>
- RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Michael Wojcik
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, jat-public01
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, leonleon77
  - Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Tonnerre Lombard
[Argeniss] Alert - Yahoo! Webmail XSS, Cesar
- Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS, Morning Wood
- Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS, Morning Wood
Neon Responder (Dos,Exploit), Stefan Lochbihler
FlexBB 0.5.5 Bypass Exploit, o . y . 6
[ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability, Thierry Carrez
ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability, zdi-disclosures
AnimeGenesis <= XSS, qex
Tiny PHP forum - vulns, hessam
[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities, alex
Neuron Blog <= 1.1 XSS, qex
ShoutBOOK <= 1.1 XSS, qex
- PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -, rgod
- Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -, JiM / aEGIS
[SECURITY] [DSA 1036-1] New bsdgames packages fix local privilege escalation, Moritz Muehlenhoff
PhpWebFTP 3.2 Login Script, arko . dhar
BetaBoard Cross Site Scripting vulnerability, easy . mask
MyEvent Remote File Execution And XSS Attacking, botan
Calendarix "yearcal.php" XSS Attacking, botan
FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass], kr4ch
Xss In bMachine 2٫7, W3 . _
DbbS<=2.0-alpha Multiple Vulnerabilities, yamcho
Snipe Gallery <= 3.1.4 Multiple XSS, qex
- <Possible follow-ups>
- Re: Snipe Gallery <= 3.1.4 Multiple XSS, nobody
phpFaber TopSites Script Cross-Site Scripting, botan
Boardsolution <= 1.12 XSS, qex
FlexBB <= 0.5.7 BETA XSS, qex
PhpGuestbook <= 1.0 XSS, qex
Tiny Web Gallery <= 1.4 XSS, qex
- <Possible follow-ups>
- Re: Tiny Web Gallery <= 1.4 XSS, tinywebgallery
PHP Album <= 0.3.2.3 remote commnads execution, rgod
[SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation, Moritz Muehlenhoff
[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities, alex
[KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack, addmimistrator
- Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack, Dariusz Kolasinski
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting, addmimistrator
ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability, zdi-disclosures
manila.userland cross site scriptable, Aaron Kaplan
Dokeos 1.6.4 SQL Injection Vulnerability, Alvaro Olavarria
a Yahoo Vulnerability, r57shell
Re: SAXoPRESS - directory traversal aka Saxotech Online, securiteam
planetSearch+ - XSS Vulnerabilities, d4igoro
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Derek Soeder
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Ansgar -59cobalt- Wiechers
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Paul Wouters
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Geo.
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
      - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Geo.
        
        Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
- <Possible follow-ups>
- Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, john
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, John Biederstedt
      - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
        
        Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, John Biederstedt
        
        Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, no . spam
- Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, somebody
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, robsekeris
- RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Sean Scott
Xss In ar-blog v 5.2, W3 . _
PAJAX Remote Code Injection and File Inclusion Vulnerability, RedTeam Pentesting
[Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Dave Korn
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Brandon S. Allbery KF8NH
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Stan Bubrouski
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Jamie Riden
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, A . L . M . Buxey
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, dumdidumdideldey
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Joachim Schipper
  - RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Mario Contestabile
    - RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Nick FitzGerald
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Duncan Simpson
Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure, franz
- Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure, Eliah Kagan
[ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb, Thierry Carrez
Avast Linux Home Edition (vulnerability on a temporary folder creation), Julien L.
phpBB template file code execution, noch22
[SECURITY] [DSA 1034-1] New horde2 packages fix several vulnerabilities, Moritz Muehlenhoff
Serendipity Blog vuln, moep
phpBB Admin command execution, noch22
- <Possible follow-ups>
- Re: phpBB Admin command execution, dave . de
Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS, n0m3rcy
osCommerce "extras/" information/source code disclosure, rgod
- <Possible follow-ups>
- RE: osCommerce "extras/" information/source code disclosure, Michael Scheidell
Farsinews Cross-Site Scripting & Path disclosure vulnerability, aminrayden
Vulnerabilities in MODx, crasher
- Re: Vulnerabilities in MOD, Victor Brilon
Vulnerabilities in Papoo, crasher
Vulnerabilities in lifetype, crasher
[eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities, alex
PowerClan 1.14 - SQL Injection, d4igoro
Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability, izimask
[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities, alex
TalentSoft Web+Shop Path Disclosure, revnic
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow, zdi-disclosures
SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow, Bernhard Mueller
- Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow, Thierry Zoller
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit, selfar2002
Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities, Secunia Research
MyBB 1.10 New CrossSiteScripting ' member.php ', o . y . 6
phpMyAdmin 2.7.0-pl1, kr4ch
- Re: phpMyAdmin 2.7.0-pl1, Kevin Waterson
QuickBlogger v1.4 Cross-Site Scripting, botan
- <Possible follow-ups>
- Re: QuickBlogger v1.4 Cross-Site Scripting, Steven M. Christey
MyBB 1.10 New XSS ' member.php ', o . y . 6
Recon 2006: speaker lineup announcement, Recon
RevoBoard [email] tag XSS, r0xes . ratm
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit, selfar2002
- Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit, Kevin Wilcox
[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2, bugtraq
Remote File Inclusion in VBulletin ImpEx, dr . jr7
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2, bugtraq
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4, bugtraq
[eVuln] qliteNews SQL Injection Vulnerability, alex
[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1, bugtraq
SimpleBBS v1.1(posts.php) remote command execution, stormhacker
Windows Help Heap Overflow, c0ntexb
PatroNet CMS Xss Vuln, Soothackers
Clansys Multiple Xss Vulnerabilities, Soothackers
[USN-270-1] xpdf vulnerabilities, Martin Pitt
[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting, Esteban Martinez Fayo
[SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities, Moritz Muehlenhoff
Simplog <=0.9.2 multiple vulnerabilities, rgod
- Re: Simplog <=0.9.2 multiple vulnerabilities, Jeremy Ashcraft
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities, alex
[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation, Moritz Muehlenhoff
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC, phaas
Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability, Sowhat
2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (Comp)

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]