Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

December 31, 2005

MyBB 1.0 SQL injection in uploading file, addmimistrator, 14:37
MyBB XSS cross-site scripting, addmimistrator, 14:27
[Full-disclosure] PHPDocumentor Cross-Site Scripting, zeus olimpusklan, 01:22

December 30, 2005

Re: WMF Exploit, Paul Laudanski, 19:49
[KAPDA::#18] - WebWiz Products SQL Injection, advisory, 17:18
RE: WMF Exploit, Bill Busby, 17:08
WMF browser-ish exploit vectors, Evans, Arian, 16:58
Yahoo mail Cross Site Scripting vulnerability, simo, 16:48
RE: WMF Exploit, Derick Anderson, 16:38
WTF??, veil_of_darkness, 16:38
Re: Exploitation of Windows WMF on the web, psgw, 16:28
Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research, 15:17
phpbb2.0.19 fixes security issues, Paul Laudanski, 15:17
[Full-disclosure] rssh: root privilege escalation flaw, Derek Martin, 15:06
[Full-disclosure] [ GLSA 200512-18 ] XnView: Privilege escalation, Thierry Carrez, 10:04

December 29, 2005

Black Hat Federal and Europe Call for Papers, Jeff Moss, 19:46
[Full-disclosure] Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser, 18:26
Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass, contact . removethis, 17:55
WMF exploit, ninjapicook, 17:55
RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Jim Serino, 17:55
RE: WMF Exploit, Hayes, Bill, 17:54
PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion, retrogod, 17:54
[Full-disclosure] [ GLSA 200512-17 ] scponly: Multiple privilege escalation issues, Thierry Carrez, 17:54
WMF Exploit, davidribyrne, 17:54
WMF Exploit, davidribyrne, 17:54
Re: [Full-disclosure] Someone wasted a nice bug on spyware..., Tomasz Kokowski, 17:53

December 28, 2005

RE: Is this a new exploit?, Portz, Jon, 17:22
Re: Is this a new exploit?, Andreas Marx, 17:12
Re: Is this a new exploit?, redxii1234, 17:01
[BUGZILLA] Security advisory for Bugzilla < 2.16.11, David Miller, 16:31
Re: Is this a new exploit?, H D Moore, 16:21
Exploitation of Windows WMF on the web, Daniel Bonekeeper, 16:11
MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability, Mandriva Security Team, 16:01
[Full-disclosure] [ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library, Thierry Carrez, 13:19
RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Paul, 03:44

December 27, 2005

Is this a new exploit?, noemailpls, 21:41
[Full-disclosure] Juniper NSM remote Denial Of Service, David Maciejak, 21:01
[Full-disclosure] bug in oscomerce, zeus olimpusklan, 19:00
Malware sample site, mvalsmith, 17:39
Obsidis n1 released!, angelo, 16:28
Secunia Research: IceWarp Web Mail Multiple File Inclusion Vulnerabilities, Secunia Research, 16:18
Cerberus Helpdesk multiple vulnerabilities., A. Ramos, 15:58
CFP - IT Underground 2006, Prague, Czech Republic, Piotr Sobolewski, 15:27
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #3, bugtraq, 15:27
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #2, bugtraq, 15:07
Found new bug, hackeriri, 14:57
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #1, bugtraq, 14:57
Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure, contact . removethis, 14:37
Dev web management system <= 1.5 SQL injection / cross site scripting, retrogod, 14:27
[Full-disclosure] [ GLSA 200512-15 ] rssh: Privilege escalation, Stefan Cornelius, 12:46
MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64, Mandriva Security Team, 11:45
MDKSA-2005:236 - Updated fetchmail packages fix vulnerability, Mandriva Security Team, 11:35

December 25, 2005

[Full-disclosure] Yahoo mail Cross Site Scripting vulnerability, simo, 15:17
[Full-disclosure] Multiple Translation websites Cross Site Scripting vulnerability: Google, Altavista, IBM, freetranslation, worldlingo, etc, simo, 10:55

December 23, 2005

Electric Sheep window-id stack overflow, MichaelAiello, 19:30
Multiple Network-related Vulnerabilities in Electric Sheep, MichaelAiello, 17:59
[Full-disclosure] [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB, tk, 16:48
[Full-disclosure] [ GLSA 200512-14 ] NBD Tools: Buffer overflow in NBD server, Thierry Carrez, 16:08
[Full-disclosure] RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau, 16:08
New site location, shadown, 15:48
[Full-disclosure] html in simpbook, zeus olimpusklan, 13:57
[Full-disclosure] Blind MySQL injection database stressing tool.. for hackers!, kanutron (lists), 13:37
[Full-disclosure] New site location, shadown, 11:46
[Full-disclosure] [USN-232-1] PHP vulnerabilities, Martin Pitt, 10:05
[Full-disclosure] [ GLSA 200512-13 ] Dropbear: Privilege escalation, Stefan Cornelius, 08:55
[Full-disclosure] SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet, Johannes Greil, 05:43
[Full-disclosure] SEC Consult SA-20051223-0 :: Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet, Johannes Greil, 05:43
[Full-disclosure] dtSearch DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio, 03:02
Re: [Full-disclosure] Privilege escalation in McAfee VirusScanEnterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Steven Rakick, 01:22

December 22, 2005

[Full-disclosure] [ GLSA 200512-12 ] Mantis: Multiple vulnerabilities, Stefan Cornelius, 18:48
XSS&Sql injection attack in PHP-Fusion 6.00.3 Released, krasza, 18:38
[Full-disclosure] Webwasher CSM Appliance Script Security Restriction Bypass, d0t v0rt3x, 17:58
Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Reed Arvin, 17:58
Re: [Full-disclosure] Privilege escalation in McAfee VirusScanEnterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Steven Rakick, 17:47
Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, 3APA3A, 17:47
CYBSEC - Security Advisory: httprint Multiple Vulnerabilities, Mariano Nuñez Di Croce, 17:37
fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348), ma+bt, 17:17
MDKSA-2005:235 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team, 16:57
[Full-disclosure] Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Reed Arvin, 15:26
[Full-disclosure] iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability, labs-no-reply@idefense.com, 14:56
[Full-disclosure] [USN-231-1] Linux kernel vulnerabilities, Martin Pitt, 12:35

December 21, 2005

Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, ovt, 21:58
XSS vulnerabilities in Google.com, Watchfire Research, 21:48
VMware vulnerability in NAT networking, vmware-security-alert, 19:37
WinRAR - Processing Filename Incorrectly Vulnerability, agoanywhere, 19:27
[Full-disclosure] iDefense Security Advisory 12.21.05: Macromedia JRun 4 Web Server URL Parsing Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 18:56
Cisco Security Response: DoS in Cisco Clean Access, Clayton Kossmeyer, 18:46
Re: XSS bypass in PHPNuke - FIX ?, Paul Laudanski, 18:16
[KAPDA::#17] - beehiveforum Script Injection, alireza hassani, 18:06
mIRC buffer overflow, Crowdat Kurobudetsu, 17:56
[Security-Advisories@acs-inc.com: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others], Andrew Griffiths, 17:46
[ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day@echo.or.id, 17:36
Tolva PHP website system Remote File Include, beford, 17:26
Re: Symantec Antivirus Library Remote Heap Overflows, ltr, 17:26
[ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day, 17:16
security patch for Linux Kernel 2.6, breno, 17:05
Workshop "Dependability Aspects in DWH and Mining applications"Deadline:15-01-06, Manh Tho, 16:55
Call for Paper - VI National Computer and Information Security Conference - COLOMBIA, Jeimy José Cano Martínez, 16:35
[Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy, service, 16:35
[VulnWatch] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others, Security Advisories, 16:15
Re: [Full-disclosure] Re: Guidance, J.A. Terranson, 02:38
Re: [Full-disclosure] Re: Guidance, Jason Coombs, 01:16
[Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others, Security Advisories, 00:55

December 20, 2005

Re: [Full-disclosure] Re: Guidance, J.A. Terranson, 23:34
[Full-disclosure] Re: Guidance, Jason Coombs, 21:13
MDKSA-2005:234 - Updated sudo packages fix vulnerability, Mandriva Security Team, 19:22
IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack, Advisories, 18:52
IRM 013: Ultraapps Issue Manager is vulnerable to Privilege Escalation, Advisories, 18:41
IRM 014: Sygate Protection Agent 5.0 vulnerability - A low privileged user can disable the security agent, Advisories, 18:21
Secunia Research: Pegasus Mail Buffer Overflow and Off-by-One Vulnerabilities, Secunia Research, 18:11
[Overflow.pl] Blender BlenLoader Integer Overflow, Damian Put, 18:01
PHPGedView <= 3.3.7 remote code execution, retrogod, 17:51
Acidcat ASP CMS Multiple Vulnerabilities, h e, 17:31
Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability, info, 17:21
[security bulletin] SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access, security-alert, 17:00
Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass, darkz . gsa, 16:40
[Full-disclosure] iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability, labs-no-reply@idefense.com, 15:59
[Full-disclosure] iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite, labs-no-reply@idefense.com, 15:29
Re: [Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 13:58
[Full-disclosure] Symantec Antivirus Library Remote Heap Overflows, list, 11:16
[Full-disclosure] [ GLSA 200512-11 ] CenterICQ: Multiple vulnerabilities, Thierry Carrez, 08:15
[Full-disclosure] [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow, Security Advisories, 07:25
[Full-disclosure] [ACSSEC-2005-11-25-0x6] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow, Security Advisories, 07:15
[Full-disclosure] [ACSSEC-2005-11-25-0x5] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow, Security Advisories, 07:15
[Full-disclosure] [ACSSEC-2005-11-25-0x3] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Cr oss Site Scripting Vulnerability, Security Advisories, 06:55
[Full-disclosure] [ACSSEC-2005-11-27-0x1] Eudora Qualcomm WorldMail 3.0 IMAP4 Servi ce 6.1.19.0, Security Advisories, 06:55
[Full-disclosure] [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7, Security Advisories, 06:45
[Full-disclosure] Vulnerability in Metadot portal server allows users to gain administrative privileges, Gerry Chng, 05:44

December 19, 2005

[Full-disclosure] RE: Authenticated EIGRP DoS / Information leak, Paul Oxman \(poxman\), 23:32
[Full-disclosure] Re: Unauthenticated EIGRP DoS, Paul Oxman \(poxman\), 23:22
MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM, Mandriva Security Team, 21:00
[security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS), security-alert, 20:40
about phpMyAdmin's server_privileges.php announced vulnerability, Marc Delisle, 20:30
Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., michal, 20:10
[Full-disclosure] Re: Making unidirectional VLAN and PVLAN jumping bidirectional, Clayton Kossmeyer, 19:50
[Full-disclosure] Making unidirectional VLAN and PVLAN jumping bidirectional, Andrew A. Vladimirov, 15:37
[Full-disclosure] Authenticated EIGRP DoS / Information leak, Andrew A. Vladimirov, 15:27
[Full-disclosure] Unauthenticated EIGRP DoS, Andrew A. Vladimirov, 15:17
[Full-disclosure] RE: RLA ("Remote LanD Attack"), alessandroa, 10:54
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 09:53

December 18, 2005

Re: [Full-disclosure] Re: Guidance Software Customer Database Hacked?, J.A. Terranson, 22:36
[Full-disclosure] Re: Guidance Software Customer Database Hacked?, Jason Coombs, 17:34
[Full-disclosure] [ GLSA 200512-10 ] Opera: Command-line URL shell command injection, Thierry Carrez, 12:22
[Full-disclosure] [FLSA-2005:168326] Updated util-linux and mount packages fix security issue, Marc Deslauriers, 03:08
[Full-disclosure] [FLSA-2005:152870] Updated a2ps package fixes security issue, Marc Deslauriers, 03:08
[Full-disclosure] [FLSA-2005:166939] Updated openssl packages fix security issues, Marc Deslauriers, 02:38
[Full-disclosure] [FLSA-2005:155510] Updated gtk2 packages fixes security issues, Marc Deslauriers, 02:38
[Full-disclosure] [FLSA-2005:152892] Updated enscript package fixes security issues, Marc Deslauriers, 02:38
[Full-disclosure] [FLSA-2005:152832] Updated lynx package fixes security issues, Marc Deslauriers, 02:28
[Full-disclosure] [FLSA-2005:152787] Updated redhat-config-nfs package fixes security issue, Marc Deslauriers, 02:28

December 17, 2005

phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., Alice Bryson, 21:56
Re: Fullpath disclosure in roundcube webmail, Steven M. Christey, 21:46
Re: Bypass XSS filter in PHPNUKE 7.9=>x, Paul Laudanski, 21:15
Fullpath disclosure in roundcube webmail, king_purba, 20:35
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit, inge . henriksen, 20:05
Bug in HC, hackeriri, 08:00

December 16, 2005

RE: RLA ("Remote LanD Attack"), Patrick Galligan, 21:05
Update on the PGP NTFS File Wipe Issue, 16 Dec 2005, Jon Callas, 20:45
exploit (html) for Advanced Guestbook 2.2, irc0d3r, 20:35
Re: Bios Information Leakage, Ron van Daal, 19:54
[Full-disclosure] Advisory: XSS in WebCal (v1.11-v3.04), Stan Bubrouski, 18:24
DoS in Cisco Clean Access, alex, 17:03
DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping', Kevin Finisterre, 16:13
[Full-disclosure] iDefense Security Advisory 12.16.05: Citrix Program Neighborhood Name Heap Corruption Vulnerability, labs-no-reply@idefense.com, 16:03
Re: Patches available for IBM AIX flaws, David Litchfield, 15:52
phpCOIN-1.2.2-Full-2005 SQL Injection, stranger-killer, 15:32
ZRCSA-200505: libremail - "pop.c" Format String Vulnerability, deepfear, 15:32
Re: Patches available for IBM AIX flaws, Shiva Persaud, 15:01
[Full-disclosure] [ GLSA 200512-09 ] cURL: Off-by-one errors in URL handling, Sune Kloppenborg Jeppesen, 14:21
Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler, 11:55
[Full-disclosure] [USN-230-2] ffmpeg/xine-lib vulnerability, Martin Pitt, 10:04
Bios Information Leakage, Jonathan Brossard, 05:42
[Full-disclosure] [ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 04:12

December 15, 2005

AIX Heap Overflow paper, David Litchfield, 21:59
[security bulletin] SSRT4728 rev.1 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert, 21:49
MarmaraWeb E-commerce Script Cross Site Scripting, B3g0k, 21:18
MarmaraWeb E-commerce Remote Command Exucetion, B3g0k, 21:08
CYBSEC - Security Advisory: Watchfire AppScan QA Remote Code Execution, Mariano Nuñez Di Croce, 20:58
Notacon Call for Proposals open, Paul Schneider, 20:38
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 19:58
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 19:38
Patches available for IBM AIX flaws, NGSSoftware Insight Security Research, 17:36
[Full-disclosure] RE: RLA ("Remote LanD Attack"), Roger A. Grimes, 16:46
Metasploit Framework v3.0 Alpha Release 1, H D Moore, 16:15
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 15:55
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team, 15:45
MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team, 15:25
MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability, Mandriva Security Team, 15:15
MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability, Mandriva Security Team, 15:05
MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability, Mandriva Security Team, 14:44
Re: Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler, 14:34
MDKSA-2005:227 - Updated ethereal packages fix vulnerability, Mandriva Security Team, 14:24
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 13:34
[Full-disclosure] Re: RLA ("Remote LanD Attack"), Synister Syntax, 13:13
[Full-disclosure] [ GLSA 200512-07 ] OpenLDAP, Gauche: RUNPATH issues, Thierry Carrez, 09:32
[Full-disclosure] [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting, Marc Ruef, 08:51
Re: Countering Trusting Trust through Diverse Double-Compiling, Mike Lisanke, 07:31
Re: Re: Re: [KAPDA::#16] - SMF SQL Injection, grudge, 05:20
Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability, Secunia Research, 04:59
CodeCon submission deadline reminder, Len Sassaman, 03:59
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:068), Marcus Meissner, 03:39

December 14, 2005

Business Objects WebIntelligence 6.5x Account Lockout and System DoS, mkemp4, 21:46
SUSE Security Announcement: php4, php5 (SUSE-SA:2005:069), Ludwig Nussel, 20:35
Re: IMOEL CMS Sql password discovery, Steven M. Christey, 20:05
DIMVA 2006 - 2nd Call for Papers, Thomas Biege, 19:45
Bypass XSS filter in PHPNUKE 7.9=>x, max, 19:24
Re: [PHP-CHECKER] 99 potential SQL injection vulnerabilities, Andy Lindeman, 18:54
[OpenPKG-SA-2005.029] OpenPKG Security Advisory (apache), OpenPKG, 18:44
[PHP-CHECKER] 99 potential SQL injection vulnerabilities, Yichen Xie, 18:34
[Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability, labs-no-reply@idefense.com, 17:13
[Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability, labs-no-reply@idefense.com, 17:13
[Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow, labs-no-reply@idefense.com, 17:03
[Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure, labs-no-reply@idefense.com, 17:03
[Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability, labs-no-reply@idefense.com, 17:03
[Full-disclosure] Disclosure timelines from vendors - a promising practice?, Steven M. Christey, 16:53
LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution, retrogod, 16:23
[Full-disclosure] [ GLSA 200512-06 ] Ethereal: Buffer overflow in OSPF protocol dissector, Thierry Carrez, 15:12
[Full-disclosure] [ GLSA 200512-05 ] Xmail: Privilege escalation through sendmail, Thierry Carrez, 14:52
[Full-disclosure] [USN-230-1] ffmpeg vulnerability, Martin Pitt, 12:41
[Full-disclosure] Business Objects WebIntelligence 6.5x Account Lockout and System DoS, Michael M Kemp, 10:10
[Full-disclosure] Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation, Thierry Carrez, 09:29
[Full-disclosure] Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, VANHULLEBUS Yvan, 07:49
[Full-disclosure] RLA ("Remote LanD Attack"), Synister Syntax, 04:07

December 13, 2005

ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug, liz0, 19:54
Secunia Research: Internet Explorer Suppressed "Download Dialog" Vulnerability, Secunia Research, 19:13
RE: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Marc Maiffret, 19:03
Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Tom Ferris, 18:43
[Full-disclosure] Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, Paul Wouters, 18:23
MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail, Mandriva Security Team, 18:13
phpCOIN 1.2.2 multiple vulnerabilities, retrogod, 17:52
[Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Dave Korn, 17:22
Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Ron, 16:01
Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Joshua Russel, 15:49
[Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Advisories, 15:39
[Full-disclosure] [USN-229-1] Zope vulnerability, Martin Pitt, 14:38
Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability, Owen Dhu, 13:25
[Full-disclosure] Re: [scip_Advisory] NetGear RP114 Flooding Denial of Service, Thierry Zoller, 06:52

December 12, 2005

Re: Re: [KAPDA::#16] - SMF SQL Injection, Steven M. Christey, 23:49
[OpenPKG-SA-2005.028] OpenPKG Security Advisory (curl), OpenPKG, 22:58
Status on PGP NTFS File Wipe issue, 11 Dec 2005, Jon Callas, 22:48
[PHP-CHECKER] 99 potential SQL injection vulnerabilities, php-checker, 22:18
Arab Portal v2 Beta2 SQL Injections, stranger-killer, 21:26
Re: Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, ryan, 21:15
Re: Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service, JHannah01, 20:24
Re: Re: [KAPDA::#16] - SMF SQL Injection, polnby, 19:23
oracle not only offeder - researchers NOT responsible?, Gadi Evron, 19:13
Re: Re: [KAPDA::#16] - SMF SQL Injection, retrogod, 19:03
Guestserver guestbook system vulnerabilities, jaakko, 18:43
IMOEL CMS Sql password discovery, silversmith, 18:03
BTGrup Admin WebController Script SQL injection, khc, 17:53
[Full-disclosure] [USN-228-1] curl library vulnerability, Martin Pitt, 16:01
[Full-disclosure] iDEFENSE Security Advisory 12.12.05: SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 15:01
[Full-disclosure] [USN-222-2] Perl vulnerability, Martin Pitt, 12:40
[Full-disclosure] [USN-227-1] xpdf vulnerabilities, Martin Pitt, 12:19
[Full-disclosure] [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation, Thierry Carrez, 11:59
Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService, Morning Wood, 07:07
[Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial of Service, Marc Ruef, 06:17
[Full-disclosure] SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution, SEC Consult Research, 05:16

December 11, 2005

[Full-disclosure] [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 18:52
[Full-disclosure] SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook, Johannes Greil, 17:21
[Full-disclosure] Re: [KAPDA::#16] - SMF SQL Injection, ascii, 14:00

December 10, 2005

[Full-disclosure] Re: [DCG] DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, racerx, 17:11
Torrential 1.2 Directory Traversal, Shell, 16:00
DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, Major Malfunction, 15:40
MDKSA-2005:206-1 - Updated openvpn packages fix multiple vulnerabilities, Mandriva Security Team, 15:30
Flatnuke 2.5.6 privilege escalation / remote commands execution exploit, retrogod, 15:10
Re: [KAPDA::#16] - SMF SQL Injection, grudge, 15:00
Apani Network Response to ISAKMP cert-fi:7710 Alert, mkuch, 14:50

December 09, 2005

TSLSA-2005-0070 - multi, Trustix Security Advisor, 20:42
MDKSA-2005:225 - Updated perl package fixes format string vulnerability, Mandriva Security Team, 19:52
PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer, H D Moore, 19:42
Re: 3com product security hole, Nicob, 19:32
Motorola SB5100E Cable Modem DoS, Алексей Синцов, 19:22
[VulnWatch] Milliscript 1.4 Multiple Vulnerabilities, NaPa, 19:12
[Full-disclosure] iDefense Security Advisory 12.09.05: Ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 18:52
MDKSA-2005:224 - Updated curl package fixes format string vulnerability, Mandriva Security Team, 18:31
Milliscript 1.4 Multiple Vulnerabilities, NaPa, 18:11
[KAPDA::#16] - SMF SQL Injection, alireza hassani, 18:01
Re: 3com product security hole, Juha-Matti Laurio, 17:51
[Full-disclosure] Milliscript 1.4 Multiple Vulnerabilities, NaPa, 17:31
[Full-disclosure] [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB, tk, 17:01
[security bulletin] SSRT051069 - HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code, security-alert, 16:30
[Full-disclosure] [USN-226-1] Courier vulnerability, Martin Pitt, 14:19

December 08, 2005

[Full-disclosure] New Project Started, NaPa, 20:58
= 1.2.6d blind SQL injection / remote commands execution:, retrogod, 20:58
Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, retrogod, 20:47
3com product security hole, jaime . blasco, 20:37
-Exploiting Freelist[0] On Windows XP Service Pack 2-, Brett Moore, 20:17
Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), contact . removethis, 15:04

December 07, 2005

[security bulletin] SSRT051037 HP-UX Running IPSec Remote Unauthorized Access, security-alert, 22:26
[security bulletin] SSRT5954 Revised - HP-UX TCP/IP Remote Denial of Service (DoS), security-alert, 21:56
[KDE Security Advisory] multiple buffer overflows in kpdf/koffice, Dirk Mueller, 20:55
[Full-disclosure] iDefense Security Advisory 12.07.05: Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability, labs-no-reply@idefense.com, 20:14
[security bulletin] SSRT4884 HP-UX TCP/IP Remote Denial of Service (DoS), security-alert, 18:33
[Full-disclosure] [ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability, Sune Kloppenborg Jeppesen, 17:42
[Full-disclosure] [ GLSA 200512-01 ] Perl: Format string errors can lead to code execution, Sune Kloppenborg Jeppesen, 17:32
Journal of Computer Virology-Call for Papers, Saeed Abu Nimeh, 16:41
DRZES HMS XSS and SQL Injection Vulnerabilities, vipsta, 16:31
Mobile Antivirus Researchers Assoc. Call for White Papers, contact . removethis, 16:21
SugarSuite Open Source <= 4.0beta Remote code execution, retrogod, 15:08
SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew, unitedasia, 14:57
[KAPDA::#15] - ThWboard multiple vulnerabilities, alireza hassani, 14:47
Critical Myspace.com Vulnerabilites, silentproducts, 14:17
[Full-disclosure] Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability, Stefan Esser, 07:43
[Full-disclosure] Advisory 24/2005: libcurl URL parsing vulnerability, Stefan Esser, 06:31

December 06, 2005

[Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch IMail IMAP List Command DoS Vulnerability, labs-no-reply@idefense.com, 20:27
[Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability, labs-no-reply@idefense.com, 20:27
[Full-disclosure] IMF 2006- Call for Papers, Oliver Goebel, 16:15
[Full-disclosure] iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow, iDEFENSE Labs, 15:34
[Full-disclosure] iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability, iDEFENSE Labs, 15:34
[Full-disclosure] iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability, iDEFENSE Labs, 15:04
[Full-disclosure] iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability, iDEFENSE Labs, 15:04
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067), Marcus Meissner, 15:04
[Full-disclosure] [USN-225-1] Apache 2 vulnerability, Martin Pitt, 13:53
Re: [Full-disclosure] Horde IMP Webmail Client XSS all versions, Jan Schneider, 11:22
[Full-disclosure] Horde IMP Webmail Client XSS all versions, Igor, 10:21
[Full-disclosure] [USN-224-1] Kerberos vulnerabilities, Martin Pitt, 06:20

December 05, 2005

Outpost24 Public Security Note: Linux/Elxbot, David Jacoby, 21:16
Re: [Full-disclosure] Bug with .php extension?, Ron, 20:55
[security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd Local Unauthorized Access, security-alert, 20:35
Blog System v1.2 Multiple SQL Injection Vulnerabilities, vipsta, 20:05
have you ever been BluePIMped?, KF (lists), 15:50
[Full-disclosure] Buffer Overflow in MultiTech VoIP Implementations, SecurityLab Research, 15:39
[Full-disclosure] [USN-180-2] MySQL 4.1 vulnerability, Martin Pitt, 10:27
Re: [Full-disclosure] Bug with .php extension?, Michael Ligh, 10:17
[Full-disclosure] [USN-223-1] Inkscape vulnerability, Martin Pitt, 10:17
Re: [Full-disclosure] Bug with .php extension?, Simon Richter, 07:56
[Full-disclosure] [scip_Advisory] e107 v0.6 rate.php manipulation, Marc Ruef, 06:25
Re: [Full-disclosure] Bug with .php extension?, Chris Umphress, 02:44
[Full-disclosure] Bug with .php extension?, Ron, 01:53

December 04, 2005

Re: [Full-disclosure] Format String Vulnerabilities in Perl Programs, Steven M. Christey, 17:19
Re: [Full-disclosure] Re: Format String Vulnerabilities in Perl Programs, Steven M. Christey, 12:38
Re: [Full-disclosure] Format String Vulnerabilities in Perl Programs, Chris Umphress, 05:05
Re: [Full-disclosure] Re: Format String Vulnerabilities in Perl Programs, Stan Bubrouski, 04:04
[Full-disclosure] Re: Format String Vulnerabilities in Perl Programs, Michael J. Pomraning, 01:13

December 03, 2005

more MD5 colliding examples, Gerardo Richarte, 21:01
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1, 21:01
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:, retrogod, 20:21
[Full-disclosure] RE: QNX 4.25 suided dhcp.client binary, Dan Drinnon, 19:31
PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure, xer0x . west, 19:01
[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php), OpenPKG, 18:30
DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability', KF (lists), 18:10
MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities, Mandriva Security Team, 17:29
Re: WebCalendar, Louis Wang, 17:09
Alisveristr E-Commerce Admin Login SQL İnjection, B3g0k, 16:59
[OpenPKG-SA-2005.025] OpenPKG Security Advisory (perl), OpenPKG, 16:49
[Full-disclosure] QNX 4.25 suided dhcp.client binary, lms, 16:39
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1, 16:29
Re: Re: Microsoft Windows CreateRemoteThread Exploit, warl0ck, 16:19
MDKSA-2005:221 - Updated spamassassin packages fixes vulnerability, Mandriva Security Team, 16:09
[OpenPKG-SA-2005.026] OpenPKG Security Advisory (lynx), OpenPKG, 15:58
MDKSA-2005:223 - Updated webmin package fixes format string vulnerability, Mandriva Security Team, 15:48
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Mike Caudill, 04:44

December 02, 2005

[Full-disclosure] [Updated] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers, 22:49
RE: Microsoft Windows CreateRemoteThread Exploit, Michael Wojcik, 20:06
Re: Microsoft Windows CreateRemoteThread Exploit, Anton, 20:06
Re: Sunbelt set to acquire Kerio Personal Firewall, Nick Boyce, 19:56
phpMyChat Multiple XSS vulnerabilities., secresearch, 18:46
[Full-disclosure] 22nd CCC conference in Berlin, Harry Behrens, 13:03
[Full-disclosure] SEC Consult SA-XXXXXXXXXXX, Bernhard Mueller, 12:43
[Full-disclosure] SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs, Sec Consult Research, 12:43
[Full-disclosure] SEC Consult SA-20051202-1 :: GMX Webmail XSS, Sec Consult Research, 12:43
[Full-disclosure] [USN-222-1] Perl vulnerability, Martin Pitt, 10:42
[Full-disclosure] Re: [DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue, Amit Klein (AKsecurity), 08:41
[Full-disclosure] Format String Vulnerabilities in Perl Programs, Steven M. Christey, 06:20
Perl format string integer wrap vulnerability, robert, 04:19
[Full-disclosure] WinEggDropShell Multiple Remote Stack Overflow, Sowhat, 03:08
[Full-disclosure] [xfocus-SD-051202]openMotif libUil Multiple vulnerability, alert7@xfocus.org, 00:16

December 01, 2005

Edgewall Trac SQL Injection Vulnerability, David Maciejak, 22:25
Microsoft Windows CreateRemoteThread Exploit, q7x, 20:55
WebCalendar Multiple Vulnerabilities., lwang, 20:45
[security bulletin] SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS), security-alert, 20:24
Re: Opera 8.50 DoS with simple java applet, Yngve N. Pettersen (Developer Opera Software ASA), 19:04
Re: DNS query spam, Piotr Kamisiski, 18:54
Sunbelt set to acquire Kerio Personal Firewall, Paul Laudanski, 18:43
Re: WebCalendar Multiple Vulnerabilities, craig, 15:01
[Full-disclosure] [DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue, Uwe Hermann, 13:10
[Full-disclosure] [DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue, Uwe Hermann, 13:10
[Full-disclosure] [DRUPAL-SA-2005-007] Drupal 4.6.4 / 4.5.6 fixes XSS issue, Uwe Hermann, 13:10
PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution, retrogod, 11:49
Re: What is wrong with these people?, Steve Shockley, 11:28
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Florian Weimer, 10:28
Re: DNS query spam, fugi, 10:08
[Full-disclosure] [USN-221-1] racoon vulnerability, Martin Pitt, 09:58
[Full-disclosure] [USN-220-1] w3c-libwww vulnerability, Martin Pitt, 09:58