Bugtraq

Date Index

[Prev Page][Next Page]

PeopleSoft (Oracle) PSCipher Encryption Weakness, info
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team
- Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team
Announcement: Domain Contamination By Amit Klein, contact
[SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service, Martin Schulze
DarkStarlings.com XSS Vulnerability, Will Boyce
- <Possible follow-ups>
- Re: DarkStarlings.com XSS Vulnerability, webmaster
[ GLSA 200602-01 ] GStreamer FFmpeg plugin: Heap-based buffer overflow, Stefan Cornelius
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under., chinchilla
ProtoVer LDAP vs CommuniGate Pro 5.0.7, Evgeny Legerov
cleartext passwords get into log files, innate
- Re: cleartext passwords get into log files, Ben Wheeler
- Re: cleartext passwords get into log files, Damien Miller
mwcollect Alliance Launch, Georg Wicherski
[eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities, alex
- <Possible follow-ups>
- Re: [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities, tachyon
Issues with security software: orbicule.com "Undercover", Maximillian Dornseif
VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability, VSR Advisories
PluggedOut Blog SQL injection and XSS, h e
[KAPDA::#26] - MyTopix Sql Injection & Path Disclosure, alireza hassani
sql injection in ASP Survey, mfoxhacker
LoudBlog <= 0.4 arbitrary remote inclusion, rgod
Internet Explorer remotely exploitable vulnerability in JScript's document.write() method, porkythepig
- <Possible follow-ups>
- Re: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method, temp
CyberShop Ultimate E-commerce Script Cross Site Scripting, B3g0k
[eVuln] MyQuiz Arbitrary Command Execution Vulnerability, alex
Outblaze Cross Site Scripting Vulnerability, simo
Blacklist defenses as a breeding ground for vulnerability variants, Steven M. Christey
AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, shell
- Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, Stan Bubrouski
- Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, Stan Bubrouski
Exchangepop3 rcpt buffer overflow vulnerability, securma
[SECURITY] [DSA 964-1] New gnocatan packages fix denial of service, Martin Schulze
cPanel Multiple Cross Site Scripting Vulnerability, simo
- RE: cPanel Multiple Cross Site Scripting Vulnerability, Hamish Stanaway
IronMail-5.0.1-Denial of-Service-Protection-Lets-Remote-Users-Deny-Service, mark
Neomail Cross Site Scripting Vulnerability, simo
[KDE Security Advisory] kpdf/xpdf heap based buffer overflow, Dirk Mueller
- Re: [KDE Security Advisory] kpdf/xpdf heap based buffer overflow, Dirk Mueller
Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Mert Sarıca
- Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Henrik Krohns
- Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Hugo van der Kooij
- RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Prashant Meswani
  - Message not available
    - Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Mert SARICA
[ MDKSA-2006:033 ] - Updated OpenOffice.org packages fix issue with disabled hyperlinks, security
[ MDKSA-2006:029 ] - Updated libast packages fixes buffer overflow vulnerability, security
[ MDKSA-2006:032 ] - Updated xpdf packages fixes heap-based buffer overflow vulnerability, security
[ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability, security
[ MDKSA-2006:030 ] - Updated poppler packages fixes heap-based buffer overflow vulnerability, security
[SLAB] NetBSD / OpenBSD kernfs_xread patch evasion, SecurityLab Research
The History of the Oracle PLSQL Gateway Flaw, David Litchfield
CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities, Williams, James K
security contact @lycos.com, Spiros Antonatos
- Re: security contact @lycos.com, while
- Re: security contact @lycos.com, sheeponhigh
  - Re: security contact @lycos.com, Greg Rubin
Bug for libs in php link directory 2.0, Mario Oyorzabal Salgado
SoftMaker Shop is vulnerable to XSS, preben
Black Hat USA CFP opens, Europe early bird reminder, Federal news, Jeff Moss
[SECURITY] [DSA 963-1] New mydns packages fix denial of service, Martin Schulze
[ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities, security
Daffodil CRM - vulnerable to SQL-injection., preben
Fcrontab - memory corruption on heap., pi3ki31ny
FreeBSD Security Advisory FreeBSD-SA-06:08.sack, FreeBSD Security Advisories
iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Database Manager Default pass, fireboynet
Verified evasion in Snort, at
- Re: Verified evasion in Snort, Thierry Zoller
- <Possible follow-ups>
- Re: Verified evasion in Snort, mwatchinski
- Re: Re: Verified evasion in Snort, anonpoet
  - Re: Re: Verified evasion in Snort, Dave Korn
DISIT - OPEN SOURCE DISASSEMBLER ENGINE, Piotr Bania
[security bulletin] SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access, security-alert
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution, Martin Schulze
ZRCSA-200601: SPIP - Multiple Vulnerabilities, research
[eVuln] SZUserMgnt Authentication Bypass, alex
Blackboard Authentication Error, jdo24
- Re: Blackboard Authentication Error, George
- Re: Blackboard Authentication Error, Johan A.van Zanten
  - Re: Blackboard Authentication Error, Joshua Ogle
- <Possible follow-ups>
- Re: Blackboard Authentication Error, security-alerts
- Re: Blackboard Authentication Error, jeremy
[eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities, alex
Windows Access Control Demystified, sudhakar+bugtraq
[SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use, Martin Schulze
Xmame 0.102 local vulnerability proof-of-concept, Rafael San Miguel Carrasco
Nmap 4.00 Released, Fyodor
[SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use, Martin Schulze
FarsiNews 2.1 PHP Remote File Inclusion, h e
[SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution, Martin Schulze
MyCO multiple vulnerabilities, revnic
- <Possible follow-ups>
- Re: MyCO multiple vulnerabilities, office
Proof of concept for CommuniGate Pro Server vulnerability, Evgeny Legerov
Cerberus Helpdesk vulnerable to XSS, preben
BrowserCRM vulnerable for XSS, preben
Etomite followup information, security curmudgeon
[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows, Sune Kloppenborg Jeppesen
[ GLSA 200601-16 ] MyDNS: Denial of Service, Sune Kloppenborg Jeppesen
[ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities, security
New worm crawling trough blogs?!, blog . worm
- Re: New worm crawling trough blogs?!, Nick FitzGerald
[ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities, security
Etomite CMS "Backdoored", [at]
[SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution, Martin Schulze
CME-24 (BlackWorm) Users' FAQ, Gadi Evron
- <Possible follow-ups>
- Re: CME-24 (BlackWorm) Users' FAQ, Gadi Evron
MyBB 1.2 Local File Incusion, o . y . 6
XSS flaw in MG2 Image Gallery (v.0.5.1), preben
BlackWorm: statistics and numbers, Gadi Evron
gnome evolution mail client inline text file DoS issue, Mike Davis
Nuked-klaN Cross-Site Scripting Vulnerability, [at]
sPaiz-Nuke Cross-Site Scripting Vulnerability, [at]
Arescom NetDSL-1000 DoS atack source, framirez
- Re: Arescom NetDSL-1000 DoS atack source, Pim van Riezen
Winamp 5.12 - 0day exploit - code execution through playlist, Process
- Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal
  - Re: Winamp 5.12 - 0day exploit - code execution through playlist, bart sikkes
- <Possible follow-ups>
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist, Juha-Matti Laurio
[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >, hessam
[SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting, Martin Schulze
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ), o . y . 6
EasyCMS vulnerable to XSS injection., preben
- <Possible follow-ups>
- Re: EasyCMS vulnerable to XSS injection., kim
- Re: Re: EasyCMS vulnerable to XSS injection., kim
TSLSA-2006-0004 - multi, Trustix Security Advisor
[ GLSA 200601-15 ] Paros: Default administrator password, Sune Kloppenborg Jeppesen
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Yvan Boily
UebiMiau Webmail System Security Vulnerability, M.Neset KABAKLI
[ GLSA 200601-14 ] LibAST: Privilege escalation, Sune Kloppenborg Jeppesen
Cross Site Cooking, Michal Zalewski
- Re: Cross Site Cooking, Yngve Nysaeter Pettersen
  - Re: Cross Site Cooking, Glynn Clements
    - Re: Cross Site Cooking, Tim Nelson
- <Possible follow-ups>
- RE: Cross Site Cooking, Michal Zalewski
zbattle.net, c_lispfedora
[SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting, Martin Schulze
[ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability, Williams, James K
BlackWorm technical information, Gadi Evron
[FLSA-2006:152845] Updated perl packages fix security issues, Marc Deslauriers
[eVuln] Pixelpost Photoblog XSS Vulnerability, alex
BlackWorm naming confusing [CME entry now available], Gadi Evron
- Re: BlackWorm naming confusing [CME entry now available], Jose Nazario
[USN-246-1] imagemagick vulnerabilities, Martin Pitt
LibAST 0.7 Release Fixes Security Vulnerability, Michael Jennings
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi
- <Possible follow-ups>
- Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, no_reply
- Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, no_reply
Multiple vulnerabilities in CommuniGate Pro Server, Evgeny Legerov
Ege Internet Web Desing Remote Command Exucetion, botan
The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns), cvh
Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi
[ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities, security
Shareaza P2P Remote Vulnerability, Ryan Smith
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1], Williams, James K
[ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities, security
[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities, Martin Schulze
[Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}, Cesar
[ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability, security
hello, code . shell
[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution, Martin Schulze
BitComet URI Proof of Concept, nick58
iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
[ Rosiello Security ] Eterm-LibAST Advisory, angelo
[ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability, security
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution, Martin Schulze
Buffer Overflow /Font on mIRC, Crowdat Kurobudetsu
- <Possible follow-ups>
- RE: Buffer Overflow /Font on mIRC, Krpata, Tyler
  - Re: Buffer Overflow /Font on mIRC, D.C. van Moolenbroek
Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Gadi Evron
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle
[SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution, Martin Schulze
[eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex
Windows mem leakage, endrazine
[HSC] Multiple transversal bug in vis, spher3
[eVuln] AndoNET Blog SQL Injection Vulnerability, alex
[ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat, ISecAuditors Security Advisories
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack, Cisco Systems Product Security Incident Response Team
SamiFTPd buffer overflow, admin
BlackWorm: 2 million infected? ISP notifications., Gadi Evron
SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005), Marcus Meissner
HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities, h4cky0u . org
SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004), Ludwig Nussel
[security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006, security-alert
[ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability, Stefan Cornelius
[SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities, Martin Schulze
Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting, iNETstore Support
Updated mozilla-thunderbird packages fix vulnerability, security
MyBB 1.0.2 XSS attack in search.php redirection, addmimistrator
What A Click! [Internet Explorer], mikx
- Re: [security] What A Click! [Internet Explorer], yossarian
  - Re: [security] What A Click! [Internet Explorer], Lance James
    - Re: [security] What A Click! [Internet Explorer], yossarian
[eVuln] Text Rider Sensitive Information Disclosure, alex
Newsphp Multiple SQL Injection Vulnerabilities, at
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting, roozbeh_afrasiabi
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting, Martin Schulze
[eVuln] miniBloggie Authentication Bypass, alex
[security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege, security-alert
FreeBSD Security Advisory FreeBSD-SA-06:06.kmem, FreeBSD Security Advisories
Rosiello Security - Eterm-LibAST Advisory, angelo
[SECURITY] [DSA 947-2] New clamav packages fix heap overflow, Michael Stone
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability, alex
Updated ipsec-tools packages fix vulnerability, security
FreeBSD Security Advisory FreeBSD-SA-06:07.pf, FreeBSD Security Advisories
HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u . org
[eVuln] CheesyBlog XSS Vulnerability, alex
Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield
- <Possible follow-ups>
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, x
  - More on the workaround for the unpatched Oracle PLSQL Gateway flaw, David Litchfield
  - Re: Workaround for unpatched Oracle PLSQL Gateway flaw, ad@xxxxxxxxxxxxxxxx
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, a
  - Re: Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield
Technical Note by Amit Klein: "XST Strikes Back", Amit Klein (AKsecurity)
[SECURITY] [DSA 955-1] New mailman packages fix denial of service, Michael Stone
Call For Paper - SyScan'06 Singapore, organiser@xxxxxxxxxx
[SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution, Martin Schulze
[ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability, Sune Kloppenborg Jeppesen
ANN: New release of CORE FORCE free endpoint security package, Core FORCE team
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure, alex
[eVuln] e-moBLOG SQL Injection Vulnerability, alex
fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321), ma+bt
High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server, NGSSoftware Insight Security Research
[USN-245-1] KDE library vulnerability, Martin Pitt
CodeCon program announced, early registration deadline nearing, Len Sassaman
[SECURITY] [DSA 949-1] New crawl packages fix potential group games execution, Martin Schulze
BlogPHP config.php SQL injection login bypassed, addmimistrator
Tumbleweed EMF 6.x Processing Issues, jcary2543
- <Possible follow-ups>
- Re: Tumbleweed EMF 6.x Processing Issues, support
MDKSA-2006:019 - Updated kdelibs packages fix vulnerability, Mandriva Security Team
MyBB 1.0.2 Sniffing table perfix bug in search.php, addmimistrator
[ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation, Thierry Carrez
[eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities, alex
[eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities, alex
[eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure, alex
[SECURITY] [DSA 946-1] New sudo packages fix privilege escalation, Martin Schulze
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow, Michael Stone
MySQL 5.0 information leak?, Bernd Wurst
- RE: MySQL 5.0 information leak?, Burton Strauss
  - Re: MySQL 5.0 information leak?, Johan De Meersman
- Re: MySQL 5.0 information leak?, Stephen Frost
- <Possible follow-ups>
- Re: MySQL 5.0 information leak?, Lance James
  - RE: MySQL 5.0 information leak?, Burton Strauss
- Re: MySQL 5.0 information leak?, Duncan Simpson
SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003), Ludwig Nussel
[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow, Michael Stone
BlogPHP config.php SQL injection login bypass, addmimistrator
- <Possible follow-ups>
- BlogPHP config.php SQL injection login bypass, addmimistrator
Claroline 1.7.2, sso identification vulnerability, karmaguedon
DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow', KF (lists)
MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities, Mandriva Security Team
[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow, Dirk Mueller
phpXplorer file inclusion biyosecurity.be, liz0
iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, ak
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, ak
Change passwd 3.1 (SquirrelMail plugin ), rod hedor
Critical security advisory #006 tftpd32 Format string, admin
FreeBSD Security Advisory FreeBSD-SA-06:05.80211, FreeBSD Security Advisories
MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability, Mandriva Security Team
[security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS), security-alert
Google's Blogger.com classic HTTP response splitting vulnerability, Meder Kydyraliev
-2- [XSS] in ar-blog v 5.2, s3ude
CAID 33756 - DM Deployment Common Component Vulnerabilities, Williams, James K
Cisco Security Advisory: Cisco Call Manager Privilege Escalation, Cisco Systems Product Security Incident Response Team
Land Down Under Signature HTML Code Injection, [at]
[eVuln] WebspotBlogging Authentication Bypass Vulnerability, alex
IRM 015: File system path disclosure on TYPO3 Web Content Manager, Advisories
- Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager, Michael Shigorin
Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability, Fortinet Research
HITBSecConf2005 Videos Released, Praburaajan
MyBB Signature HTML Code Injection, [at]
- <Possible follow-ups>
- MyBB Signature HTML Code Injection, n
[USN-244-1] Linux kernel vulnerabilities, Martin Pitt
ICQ Cross Site Scripting Vulnerability, simo
XMB Forum HTML Code Injection, [at]
Cisco Security Advisory: Cisco Call Manager Denial of Service, Cisco Systems Product Security Incident Response Team
[eVuln] geoBlog SQL Injection Vulnerability, alex
WEP-Client-Communication-Dumbdown (WCCD) Vulnerability, Michael.Wade
Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS, Cisco Systems Product Security Incident Response Team
[eVuln] aoblogger Multiple Vulnerabilities, alex
[eVuln] Flog Information Disclosure Vulnerability, alex
Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at]
- <Possible follow-ups>
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at]
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess(), Thierry Zoller
Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA, ak
Oracle Reports - Read parts of files via customize(fixed after 875 days), ak
Oracle Critical Patch Update - January 2006, NGSSoftware Insight Security Research
Oracle Reports - Overwrite any application server file via desname (fixed after 889 days), ak
Oracle Reports - Read parts of files via desname (fixed after 874 days), ak
Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext, ak
Oracle DBMS Access Control Bypass in Login, shulman
Attacking Automatic Wireless Network Selection, Dino A. Dai Zovi
Cerberus FTP Server 2.32 Denial of Service, cvh
[eVuln] CaLogic Calendars Multiple XSS Vulnerabilities, alex
[HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1, zinho
White Album Sql İnjection biyosecurity.be, liz0
[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation, Martin Schulze
[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities, Martin Schulze
PowerPortal Cross-Site Scripting Vulnerability, night_warrior771
Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability, Secunia Research
[eVuln] microBlog BBCode XSS Vulnerability, alex
[eVuln] microBlog SQL Injection Vulnerability, alex
[eVuln] BlogPHP Authentication Bypass, alex
[SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution, Martin Schulze
XSS in WBNews < = v1.1.0, dragonjar
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements, inge . henriksen
ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen
IndonesiaHack Advisory HTML injection in PHP Fusebox, king_purba
- <Possible follow-ups>
- Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, brian428
- Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire
MDKSA-2006:016 - Updated clamav packages fix vulnerability, Mandriva Security Team
[USN-243-1] tuxpaint vulnerability, Martin Pitt
MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities, Mandriva Security Team
MDKSA-2006:014 - Updated wine packages fix WMF vulnerability, Mandriva Security Team
Announcement: The Web Application Firewall Evaluation Criteria v1 Released, contact
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released, Gadi Evron
Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, info
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Florian Weimer
  - Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Stan Bubrouski
PunBB BBCode URL Tag Script Injection Vulnerability, night_warrior771
- Re: PunBB BBCode URL Tag Script Injection Vulnerability, Rickard Andersson
EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability, Josh Zlatin
Microsoft knew about the WMF flaw for years, Richard M. Smith
- Re: Microsoft knew about the WMF flaw for years, Gadi Evron
- <Possible follow-ups>
- Re: Microsoft knew about the WMF flaw for years, Steven M. Christey
Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, patrickthomassen
- Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, Dave Korn
[eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability, alex
[eVuln] Benders Calendar SQL Injection, alex
Reverse Proxy Cross Site Scripting, Shalom Carmel
- Re: Reverse Proxy Cross Site Scripting, Amit Klein (AKsecurity)
iWar 0.07 PSTN auditing tool released..., Da Beave
[USN-242-1] mailman vulnerabilities, Martin Pitt
Homeftp r1.0.7 Denial of Service, cvh
WehnTrust - When you have to trust Wehntrust, Thierry Zoller
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust, H D Moore
CounterPath eyeBeam Handing SIP header Vulnerabilities, zwell
- <Possible follow-ups>
- Re: CounterPath eyeBeam Handing SIP header Vulnerabilities, support
[eVuln] Bit 5 Blog JavaScript Insertion Vulnerability, alex
[SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation, Martin Schulze
Directory traversal in phpXplorer, Oriol Torrent
- Re: Directory traversal in phpXplorer, Stan Bubrouski
  - Re: Directory traversal in phpXplorer, Stan Bubrouski
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities, oliver karow
DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal', KF (lists)
[SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution, Martin Schulze
MDKSA-2006:013 - Updated kolab packages fix vulnerability, Mandriva Security Team
Visual Studio Remote Code Execution, priest
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server, ISecAuditors Security Advisories
DDSN CMS Admin Panel SQL Injection Vulnerability, khc
TSL-2006-0001 - postgresql, Trustix Security Advisor
TSLSA-2006-0002 - multi, Trustix Security Advisor
DIMVA 2006 Call for Papers, Thomas Biege
Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
- <Possible follow-ups>
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
[eVuln] Light Weight Calendar PHP Code Execution, alex
AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability, night_warrior771
DCP Portal Cross-Site Scripting Vulnerability, night_warrior771
MyBB 1.0.2 SQL injection, addmimistrator
WMF vulnerability was a deliberate backdoor?, Brooks, Shane
- Re: WMF vulnerability was a deliberate backdoor?, Denis Jedig
- Re: WMF vulnerability was a deliberate backdoor?, Steve Friedl
- Re: WMF vulnerability was a deliberate backdoor?, Mike Ely
- Re: WMF vulnerability was a deliberate backdoor?, Gadi Evron
- <Possible follow-ups>
- RE: WMF vulnerability was a deliberate backdoor?, Alex Eckelberry
[EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability, Advisories
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution, Martin Schulze
FreeBSD Security Advisory FreeBSD-SA-06:02.ee, FreeBSD Security Advisories
[NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops, Advisories
Hacking With The Google Search Engine, Paul Laudanski
MyBB 1.0.2 SQL injection in usercp.php, addmimistrator
- <Possible follow-ups>
- Re: MyBB 1.0.2 SQL injection in usercp.php, o . y . 6
[KAPDA::#21] - HomeFtp v1.1 Denial of Service, [a]
FullPath disclosure in Xaraya 1.0.1, king_purba
ezDatabase 2.0 and below, none
Helm XSS Vulnerability, M.Neset KABAKLI
[eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities, alex
PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski
FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw, FreeBSD Security Advisories
Serial Line Sniffer 0.4.4 Buffer Overflow, Sintigan
MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities, Mandriva Security Team
[FLSA-2006:152803] Updated lesstif packages fix security issues, Marc Deslauriers
[ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities, Stefan Cornelius
FreeBSD Security Advisory FreeBSD-SA-06:03.cpio, FreeBSD Security Advisories
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow, Advisories
mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation, xwings
Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, secresearch
iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow, labs-no-reply@xxxxxxxxxxxx
Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch
[ GLSA 200601-08 ] Blender: Heap-based buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities, Mandriva Security Team
SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002), Marcus Meissner
[ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service, Martin Schulze
Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability, secresearch
[USN-240-1] bogofilter vulnerability, Martin Pitt
[eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities, alex
[eVuln] Wordcircle Authentication Bypass, alex
[eVuln] ACal Authentication Bypass & PHP Code Insertion, alex
[eVuln] TankLogger SQL Injection Vulnerability, alex
ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability, zdi-disclosures
Interspire TrackPoint NX XSS Vulnerability, M.Neset KABAKLI
Multiple PHP Toolkit for PayPal Vulnerabilities, uinC Team
Cisco, haven't we learned anything? (technician reset), Gadi Evron
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution, Martin Schulze
FogBugz Cross Site Scripting Vulnerability, M.Neset KABAKLI
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx
- <Possible follow-ups>
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx
  - Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit, nukedx
[SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification, Martin Schulze
Session data pollution vulnerabilities in web applications, Alla Bezroutchko
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, Frank Knobbe
[USN-241-1] Apache vulnerabilities, Adam Conrad
EUSecWest papers and CanSecWest CFP, Dragos Ruiu
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution, Martin Schulze
Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks, Cisco Systems Product Security Incident Response Team
Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability, Stefan Esser
Advisory 02/2006: PHP ext/mysqli Format String Vulnerability, Stefan Esser
H-Sphere Security Vulnerability, M.Neset KABAKLI
BSD Securelevels: Circumventing protection of files flagged immutable, RedTeam Pentesting
Advisory: XSS attack on Superonline.com email service., nukedx
MDKSA-2006:010 - Updated cups packages fix several vulnerabilities, Mandriva Security Team
[FLSA-2006:167803] Updated mysql packages fix security issues, Marc Deslauriers
[EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow, Advisories
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex, FreeBSD Security Advisories
[USN-235-2] sudo vulnerability, Martin Pitt
[eVuln] MyPhPim Arbitrary File Upload, alex
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp), nukedx
eStara Softphone SIP stack Buffer Overflow Vulnerability, zwell
SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001), Ludwig Nussel
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED], FreeBSD Security Advisories
PostgreSQL security releases 8.0.6 and 8.1.2, PostgreSQL Security
[ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow, Stefan Cornelius
[RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server, bugzilla
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow, Advisories
[EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow, Advisories
Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Systems Product Security Incident Response Team
Updated Advisories - Incorrect CVE Information, Advisories
Microsoft Outlook Critical Vulnerability, NGSSoftware Insight Security Research
Microsoft Exchange Critical Vulnerability, NGSSoftware Insight Security Research
New PEAR / Apache2Triad Exploit, jd2k2000
[FLSA-2006:168375] Updated mozilla packages fix security issues, Marc Deslauriers
Malware - future trends, Dancho Danchev
[FLSA-2006:152922] Updated ethereal packages fix security issues, Marc Deslauriers
Time modification flaw in BSD securelevels on NetBSD and Linux, RedTeam Pentesting
[FLSA-2006:152907] Updated htdig packages fix security issues, Marc Deslauriers
[FLSA-2006:136323] Updated gettext package fixes security issues, Marc Deslauriers
[USN-236-2] xpdf vulnerabilities in kword, kpdf, Martin Pitt
[security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert
[USN-239-1] libapache2-mod-auth-pgsql vulnerability, Martin Pitt
iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Multiple Vulnerabilities in Hummingbird Collaboration, luca . carettoni
[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution, Michael Stone
[SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability, Michael Stone
[SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities, Michael Stone
[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution, Michael Stone
Research: Malware Action Detection and Protection, Arman Nayyeri
MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities, Mandriva Security Team
[eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS), alex
Xoops Pool Module IMG Tag Cross Site Scripting, night_warrior771
Php-Nuke Pool and News Module IMG Tag Cross Site, night_warrior771
iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability, labs-no-reply@xxxxxxxxxxxx
Orjinweb E-commerce, serxwebun
AIM Multiple Cross Site Scripting Vulnerability, simo
Html_Injection in vBulletin 3.5.2, the_bekir
- <Possible follow-ups>
- Re: Html_Injection in vBulletin 3.5.2, Steven M. Christey
- Re: Html_Injection in vBulletin 3.5.2, info
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team
- <Possible follow-ups>
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team
AOL Multiple Cross Site Scripting Vulnerability, simo
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution, Martin Schulze
Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability, info
[eVuln] Venom Board SQL Injection Vulnerability, alex
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution, Martin Schulze
[eVuln] Foxrum BBCode XSS Vulnerabilty, alex
NetBSD Security Advisory 2006-002: settimeofday() time wrap, NetBSD Security Officer
NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure, NetBSD Security Officer
[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability, Michael Stone
[SECURITY] [DSA 929-1] New petris packages fix buffer overflow, Michael Stone
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities, frankruder
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities, frankruder
xorg server 6.8.2 and below on 64bit arch, serj
Recon2006 - Call for papers, Hugo Fortier
Survey on Vuln Disclosure: Request for Participation, Richard Forno
[eVuln] NavBoard BBcode XSS Vulnerability, alex
[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking, Sune Kloppenborg Jeppesen
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team
- <Possible follow-ups>
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team
[ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
SysCP WebFTP local file inclusion vulnerability, Thomas Henlich
[ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code, Sune Kloppenborg Jeppesen
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team
- <Possible follow-ups>
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team
[eVuln] Proyecto Domus 'email' XSS Vulnerability, alex
[USN-237-1] nbd vulnerability, Martin Pitt
- Re: [USN-237-1] nbd vulnerability, Florian Weimer
[USN-238-1] Blender vulnerability, Martin Pitt
- [USN-238-2] Blender vulnerability, Martin Pitt
MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team
- <Possible follow-ups>
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team
Did MS pull an Ilfak? (MS patch bindiff results), Gadi Evron
- Re: Did MS pull an Ilfak? (MS patch bindiff results), Brett Glass
  - Re: Did MS pull an Ilfak? (MS patch bindiff results), Joe Polk
    - Re: Did MS pull an Ilfak? (MS patch bindiff results), Denis Jedig
- <Possible follow-ups>
- RE: Did MS pull an Ilfak? (MS patch bindiff results), Greg Wroblewski
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team
- <Possible follow-ups>
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team
[eVuln] TheWebForum Script Insertion and Authentication Bypass, alex
[security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access, security-alert
APPLE-SA-2006-01-05 AirPort firmware update, noreply
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
[eVuln] ADNForum Multiple Vulnerabilities, alex
MS released a patch today - MS06-001, Duran, Jason IT0
- Re: MS released a patch today - MS06-001, Anthony R. Nemmer
Interview: Ilfak Guilfanov, Matthew Murphy
- MD5s of Unofficial patches and other mistakes, Forrest J. Cavalier III
- Re: Interview: Ilfak Guilfanov, Randal L. Schwartz
  - Re: Interview: Ilfak Guilfanov, Denis Jedig
Windows PHP 4.x "0-day" buffer overflow, mercenary
[USN-235-1] sudo vulnerability, Martin Pitt
[USN-236-1] xpdf vulnerabilities, Martin Pitt
Uninformed Journal Release Announcement: Volume 3, Uninformed
Contact information for Symantec Vulnerability Management, secure
HylaFAX Security advisory - fixed in HylaFAX 4.2.4, Aidan Van Dyk
iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
[eVuln] TinyPHPForum Multiple Vulnerabilities, alex
What is sbininitd port 65534 ???, waltdnes
CyberShop User Login Sql Injection, night_warrior771
[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1, eufrato
MD:Pro - Malware Distribution Project, anthony . aykut
- Re: MD:Pro - Malware Distribution Project, Rembrandt
what we REALLY learned from WMF, Gadi Evron
- Re: what we REALLY learned from WMF, Thor (Hammer of God)
  - industry standards - current status [was: what we REALLY learned from WMF], Gadi Evron
    - Re: industry standards - current status [was: what we REALLY learned from WMF], D. Hazelton
Open Letter on the Interpretation of "Vulnerability Statistics", Steven M. Christey
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
WMF: New Metasploit Framework Module, H D Moore
Mapping and Remote manipulation of databases, Gandalf The White
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability, Mandriva Security Team
Dumb IE6/XP denial of service found on the web, 8ux1fpd02
- RE: Dumb IE6/XP denial of service found on the web, Mario Contestabile
- Re: Dumb IE6/XP denial of service found on the web, Kim Christensen
- Re: Dumb IE6/XP denial of service found on the web, Francois Labreque
- <Possible follow-ups>
- Re: Dumb IE6/XP denial of service found on the web, rebornrebel
New from the MS Advisory, Larry Seltzer
- Re: New from the MS Advisory, Damaged Industries
[eVuln] Lizard Cart CMS SQL Injection Vulnerability, alex
Download Accelerator Plus can be tricked to download malicious file, visitbipin
- RE: Download Accelerator Plus can be tricked to download malicious file, NaPa
- <Possible follow-ups>
- Re: Download Accelerator Plus can be tricked to download malicious file, visitbipin
  - Re: Download Accelerator Plus can be tricked to download malicious file, Dave Korn
Another WMF exploit workaround, Ivan Arce
[eVuln] PHPenpals SQL Injection Vulnerabilit, alex
WSJ: The new "metasploit" computer virus, Richard M. Smith
[eVuln] phpBook PHP Code Execution, alex
Recruitment Software allows MySQL credentials disclosure, Rafael San Miguel Carrasco
[eVuln] VEGO Links Builder Authentication Bypass, alex
WMF SETABORTPROC exploit, SanjayR
WMF round-up, updates and de-mystification, Gadi Evron
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, Nancy Kramer
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH
  - RE: [Full-disclosure] WMF round-up, updates and de-mystification, Larry Seltzer
- Re: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne
  - Re: WMF round-up, updates and de-mystification, Gadi Evron
  - RE: [funsec] WMF round-up, updates and de-mystification, Larry Seltzer
    - Re[2]: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne
- Re: WMF round-up, updates and de-mystification, Adam Shostack
- <Possible follow-ups>
- RE: WMF round-up, updates and de-mystification, Krpata, Tyler
Winrar 3.30 Local Buffer Overflow, Alpha_Programmer
[eVuln] VEGO Web Forum SQL Injection Vulnerability, alex
[eVuln] oaBoard PHP Code Execution, alex
[eVuln] ScozBook "adminname" Authentication Bypass, alex
[eVuln] B-net Software Multiple XSS Vulnerabilities, alex
- <Possible follow-ups>
- Re: [eVuln] B-net Software Multiple XSS Vulnerabilities, anon
Drupal all versiyon xss cehennem.org, liz0
- Re: Drupal all versiyon xss cehennem.org, RSnake
- <Possible follow-ups>
- Re: Drupal all versiyon xss cehennem.org, security
[eVuln] inTouch Authentication Bypass, alex
NicoFTP Stack Overflow, k4p0k4p0
[ GLSA 200512-18 ] XnView: Privilege escalation, Thierry Carrez
[eVuln] Chimera Web Portal System Multiple Vulnerabilities, alex
[eVuln] Chipmunk Guestbook XSS Vulnerability, alex
[eVuln] PHPjournaler SQL Injection Vulnerability, alex
[USN-233-1] fetchmail vulnerability, Martin Pitt
[KAPDA::#19] - Html Injection in vBulletin 3.5.2, alireza hassani
[USN-234-1] cpio vulnerability, Martin Pitt
[ GLSA 200601-01 ] pinentry: Local privilege escalation, Thierry Carrez
[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities, XFOCUS Security Team
MyBB 1.0 SQL injection in uploading file, addmimistrator
MyBB XSS cross-site scripting, addmimistrator
- SCO Openserver 5.0.x exploit, rod hedor
[KAPDA::#18] - WebWiz Products SQL Injection, advisory
WMF browser-ish exploit vectors, Evans, Arian
- Re: WMF browser-ish exploit vectors, Nick FitzGerald
- Re: WMF browser-ish exploit vectors, Dave Korn
  - RE: WMF browser-ish exploit vectors, James C Slora Jr
Yahoo mail Cross Site Scripting vulnerability, simo
WTF??, veil_of_darkness
- Re: WTF??, Nick FitzGerald
- <Possible follow-ups>
- Re: WTF??, anthony . aykut
Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research
phpbb2.0.19 fixes security issues, Paul Laudanski
rssh: root privilege escalation flaw, Derek Martin
[ GLSA 200512-17 ] scponly: Multiple privilege escalation issues, Thierry Carrez
Black Hat Federal and Europe Call for Papers, Jeff Moss
Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass, contact . removethis
[SECURITY] [DSA 927-2] New tkdiff packages fix insecure temporary file creation, Martin Schulze
PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion, retrogod
WMF Exploit, davidribyrne
- <Possible follow-ups>
- WMF Exploit, davidribyrne
- RE: WMF Exploit, Hayes, Bill
  - RE: WMF Exploit, Bill Busby
    - Re: WMF Exploit, Paul Laudanski
      - Re: WMF Exploit, Justin Myers
      - Re: WMF Exploit, Frank Knobbe
      - RE: WMF Exploit, Paul
- WMF exploit, ninjapicook
- RE: WMF Exploit, Derick Anderson
- Re: RE: WMF Exploit, grasshopa
  - Re: WMF Exploit, Joshua
- WMF exploit, Andreas Marx
- Re: WMF Exploit, Paul Laudanski
- RE: WMF Exploit, Discussion Lists
[ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library, Thierry Carrez
RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Paul
- RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Jim Serino
[BUGZILLA] Security advisory for Bugzilla < 2.16.11, David Miller
Exploitation of Windows WMF on the web, Daniel Bonekeeper
- <Possible follow-ups>
- Re: Exploitation of Windows WMF on the web, psgw
MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability, Mandriva Security Team
Is this a new exploit?, noemailpls
- Re: Is this a new exploit?, H D Moore
- <Possible follow-ups>
- Re: Is this a new exploit?, redxii1234
- Re: Is this a new exploit?, Andreas Marx
- RE: Is this a new exploit?, Portz, Jon
Malware sample site, mvalsmith
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio
[SECURITY] [DSA 927-1] New tkdiff packages fix insecure temporary file creation, Martin Schulze
Secunia Research: IceWarp Web Mail Multiple File Inclusion Vulnerabilities, Secunia Research
[ GLSA 200512-15 ] rssh: Privilege escalation, Stefan Cornelius
Cerberus Helpdesk multiple vulnerabilities., A. Ramos
Obsidis n1 released!, angelo
Multiple Translation websites Cross Site Scripting vulnerability: Google, Altavista, IBM, freetranslation, worldlingo, etc, simo
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #3, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #2, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #1, bugtraq
[SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation, Martin Schulze
Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure, contact . removethis
[ GLSA 200512-13 ] Dropbear: Privilege escalation, Stefan Cornelius
Found new bug, hackeriri
CFP - IT Underground 2006, Prague, Czech Republic, Piotr Sobolewski
Dev web management system <= 1.5 SQL injection / cross site scripting, retrogod
MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64, Mandriva Security Team
MDKSA-2005:236 - Updated fetchmail packages fix vulnerability, Mandriva Security Team

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]