Bugtraq (date)
January 31, 2006
- Windows Access Control Demystified, sudhakar+bugtraq, 22:19
- [Full-disclosure] CME-24/BlackWorm email notifications + top-7 unreachable AS's, Gadi Evron, 21:18
- Xmame 0.102 local vulnerability proof-of-concept, Rafael San Miguel Carrasco, 18:17
- Nmap 4.00 Released, Fyodor, 16:56
- FarsiNews 2.1 PHP Remote File Inclusion, h e, 16:36
- MyCO multiple vulnerabilities, revnic, 15:46
- [Full-disclosure] Re: DISIT - OPEN SOURCE DISASSEMBLER ENGINE, Robert Kim Wireless Internet Advisor, 15:16
- [Full-disclosure] DISIT - OPEN SOURCE DISASSEMBLER ENGINE, Piotr Bania, 15:16
- Re: EasyCMS vulnerable to XSS injection., kim, 14:55
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist, Juha-Matti Laurio, 12:44
- Cerberus Helpdesk vulnerable to XSS, preben, 12:34
- BrowserCRM vulnerable for XSS, preben, 12:24
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, DanB-FD, 12:24
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, DanB-FD, 08:02
- [Full-disclosure] Proof of concept for CommuniGate Pro Server vulnerability, Evgeny Legerov, 05:11
January 30, 2006
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, George A. Theall, 23:59
- Etomite followup information, security curmudgeon, 22:48
- [ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities, security, 22:08
- Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, Dan B UK, 22:08
- New worm crawling trough blogs?!, blog . worm, 21:17
- Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal, 20:57
- [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities, security, 19:47
- [Full-disclosure] [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows, Sune Kloppenborg Jeppesen, 19:36
- Etomite CMS "Backdoored", [at], 19:26
- [Full-disclosure] [ GLSA 200601-16 ] MyDNS: Denial of Service, Sune Kloppenborg Jeppesen, 18:46
- XSS flaw in MG2 Image Gallery (v.0.5.1), preben, 18:26
- Re: Arescom NetDSL-1000 DoS atack source, Pim van Riezen, 18:16
- MyBB 1.2 Local File Incusion, o . y . 6, 18:16
- [Full-disclosure] Re: CME-24 (BlackWorm) Users' FAQ, Gadi Evron, 17:45
- [Full-disclosure] CME-24 (BlackWorm) Users' FAQ, Gadi Evron, 17:15
- Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), orambaldini, 15:54
- EasyCMS vulnerable to XSS injection., preben, 15:44
- Nuked-klaN Cross-Site Scripting Vulnerability, [at], 15:34
- MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ), o . y . 6, 15:24
- sPaiz-Nuke Cross-Site Scripting Vulnerability, [at], 15:14
- Winamp 5.12 - 0day exploit - code execution through playlist, Process, 15:04
- Arescom NetDSL-1000 DoS atack source, framirez, 14:54
- [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >, hessam, 14:33
- TSLSA-2006-0004 - multi, Trustix Security Advisor, 14:03
- [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, zeus olimpusklan, 14:03
- UebiMiau Webmail System Security Vulnerability, M.Neset KABAKLI, 13:33
- Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire, 13:13
- Re: MySQL 5.0 information leak?, Duncan Simpson, 12:52
- zbattle.net, c_lispfedora, 12:42
- [Full-disclosure] RE: Cross Site Cooking, Michal Zalewski, 07:20
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Yvan Boily, 00:26
January 29, 2006
- [SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting, Martin Schulze, 20:35
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability, Williams, James K, 18:34
- [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Sune Kloppenborg Jeppesen, 18:14
- [Full-disclosure] Re: BlackWorm naming confusing [CME entry now available], Gadi Evron, 13:42
- [Full-disclosure] Re: BlackWorm naming confusing [CME entry now available], Jose Nazario, 13:02
- [Full-disclosure] [ GLSA 200601-14 ] LibAST: Privilege escalation, Sune Kloppenborg Jeppesen, 11:31
- [eVuln] Pixelpost Photoblog XSS Vulnerability, alex, 09:00
January 28, 2006
- Cross Site Cooking, Michal Zalewski, 23:26
- [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi, 15:23
- LibAST 0.7 Release Fixes Security Vulnerability, Michael Jennings, 15:03
- Ege Internet Web Desing Remote Command Exucetion, botan, 13:22
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Charles Cala, 09:10
- [Full-disclosure] gnome evolution mail client inline text file DoS issue, Mike Davis, 09:10
- The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns), cvh, 09:00
- [Full-disclosure] Multiple vulnerabilities in CommuniGate Pro Server, Evgeny Legerov, 04:29
- Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi, 03:18
- [Full-disclosure] Re: What A Click! [Internet Explorer], Robert Kim Wireless Internet Advisor, 01:07
January 27, 2006
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle, 22:06
- [Full-disclosure] Re: [security] What A Click! [Internet Explorer], yossarian, 19:04
- [ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities, security, 18:24
- Re: [security] What A Click! [Internet Explorer], Lance James, 17:03
- Shareaza P2P Remote Vulnerability, Ryan Smith, 15:52
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1], Williams, James K, 15:22
- [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities, security, 14:52
- [ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability, security, 13:52
- hello, code . shell, 13:31
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Holger van Lengerich, 08:39
- [Full-disclosure] RE: [funsec] BlackWorm: statistics and numbers, Gary Funck, 07:18
- [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution, Martin Schulze, 02:56
January 26, 2006
- [Full-disclosure] BlackWorm: statistics and numbers, Gadi Evron, 23:04
- RE: MySQL 5.0 information leak?, Burton Strauss, 22:24
- BitComet URI Proof of Concept, nick58, 21:43
- [Full-disclosure] Re: [security] What A Click! [Internet Explorer], yossarian, 21:43
- [ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability, security, 21:03
- [ Rosiello Security ] Eterm-LibAST Advisory, angelo, 20:43
- Re: MySQL 5.0 information leak?, Johan De Meersman, 20:23
- [SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution, Martin Schulze, 20:02
- [Full-disclosure] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}, Cesar, 19:42
- Buffer Overflow /Font on mIRC, Crowdat Kurobudetsu, 19:12
- Re: MySQL 5.0 information leak?, Lance James, 17:51
- [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex, 17:11
- Windows mem leakage, endrazine, 16:41
- [Full-disclosure] [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius, 16:30
- [eVuln] AndoNET Blog SQL Injection Vulnerability, alex, 16:10
- [HSC] Multiple transversal bug in vis, spher3, 16:00
- [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat, ISecAuditors Security Advisories, 15:40
- SamiFTPd buffer overflow, admin, 14:39
- HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities, h4cky0u . org, 13:59
- SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005), Marcus Meissner, 13:59
- SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004), Ludwig Nussel, 13:38
- [security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006, security-alert, 13:18
- Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting, iNETstore Support, 12:48
- Updated mozilla-thunderbird packages fix vulnerability, security, 12:38
- MyBB 1.0.2 XSS attack in search.php redirection, addmimistrator, 12:28
- Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, brian428, 11:07
- [Full-disclosure] [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability, Stefan Cornelius, 10:57
- [eVuln] Text Rider Sensitive Information Disclosure, alex, 10:17
- Newsphp Multiple SQL Injection Vulnerabilities, at, 09:36
- [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting, roozbeh_afrasiabi, 08:56
- [eVuln] miniBloggie Authentication Bypass, alex, 07:36
- [security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege, security-alert, 06:15
- Re: Tumbleweed EMF 6.x Processing Issues, support, 05:35
- FreeBSD Security Advisory FreeBSD-SA-06:06.kmem, FreeBSD Security Advisories, 01:03
January 25, 2006
- Rosiello Security - Eterm-LibAST Advisory, angelo, 20:40
- [Full-disclosure] BlackWorm: 2 million infected? ISP notifications., Gadi Evron, 20:20
- [eVuln] ExpressionEngine 'Referer' XSS Vulnerability, alex, 19:10
- Updated ipsec-tools packages fix vulnerability, security, 19:00
- FreeBSD Security Advisory FreeBSD-SA-06:07.pf, FreeBSD Security Advisories, 18:09
- [eVuln] CheesyBlog XSS Vulnerability, alex, 16:28
- Technical Note by Amit Klein: "XST Strikes Back", Amit Klein (AKsecurity), 16:18
- HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u . org, 16:08
- Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield, 15:47
- [Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u, 11:55
- Re: [Full-disclosure] BlackWorm naming confusing [CME entry now available], greybrimstone, 11:25
- Call For Paper - SyScan'06 Singapore, organiser@syscan.org, 02:11
- ANN: New release of CORE FORCE free endpoint security package, Core FORCE team, 00:10
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released, Gadi Evron, 00:00
- [eVuln] Note-A-Day Weblog Sensitive Information Disclosure, alex, 00:00
January 24, 2006
- [eVuln] e-moBLOG SQL Injection Vulnerability, alex, 23:39
- fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321), ma+bt, 23:39
- High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server, NGSSoftware Insight Security Research, 23:19
- [Full-disclosure] [FLSA-2006:152845] Updated perl packages fix security issues, Marc Deslauriers, 20:48
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), Exibar, 19:48
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), mjcarter, 19:48
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), Exibar, 16:46
- [Full-disclosure] What A Click! [Internet Explorer], mikx, 16:26
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle, 16:06
- RE: [Full-disclosure] BlackWorm naming confusing [CME entry nowavailable], Eric Sites, 16:06
- Re: [Full-disclosure] BlackWorm naming confusing [CME entry now available], b . hines, 15:56
- [Full-disclosure] BlackWorm naming confusing [CME entry now available], Gadi Evron, 15:46
- [Full-disclosure] BlackWorm technical information, Gadi Evron, 14:35
- [Full-disclosure] [USN-246-1] imagemagick vulnerabilities, Martin Pitt, 13:44
- [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Gadi Evron, 13:34
January 22, 2006
- [Full-disclosure] [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability, Sune Kloppenborg Jeppesen, 09:40
- BlogPHP config.php SQL injection login bypassed, addmimistrator, 02:37
- Critical security advisory #006 tftpd32 Format string, admin, 02:07
- Re: Directory traversal in phpXplorer, Stan Bubrouski, 00:56
- RE: MySQL 5.0 information leak?, Burton Strauss, 00:56
- Tumbleweed EMF 6.x Processing Issues, jcary2543, 00:36
- MDKSA-2006:019 - Updated kdelibs packages fix vulnerability, Mandriva Security Team, 00:26
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Stan Bubrouski, 00:16
January 21, 2006
- MyBB Signature HTML Code Injection, n, 20:55
- MyBB 1.0.2 Sniffing table perfix bug in search.php, addmimistrator, 20:14
- Re: WMF vulnerability was a deliberate backdoor?, Gadi Evron, 19:34
- [eVuln] geoBlog SQL Injection Vulnerability, alex, 18:44
- [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities, alex, 01:37
- [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities, alex, 00:26
January 20, 2006
- [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure, alex, 21:24
- MySQL 5.0 information leak?, Bernd Wurst, 20:34
- SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003), Ludwig Nussel, 20:04
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Florian Weimer, 19:34
- BlogPHP config.php SQL injection login bypass, addmimistrator, 19:23
- BlogPHP config.php SQL injection login bypass, addmimistrator, 19:13
- Claroline 1.7.2, sso identification vulnerability, karmaguedon, 19:03
- MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities, Mandriva Security Team, 18:53
- DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow', KF (lists), 18:53
- [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow, Dirk Mueller, 16:02
- phpXplorer file inclusion biyosecurity.be, liz0, 09:29
- [Full-disclosure] [USN-245-1] KDE library vulnerability, Martin Pitt, 08:38
- Re: Microsoft knew about the WMF flaw for years, Steven M. Christey, 06:07
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, ak, 05:07
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, ak, 04:17
- Change passwd 3.1 (SquirrelMail plugin ), rod hedor, 03:56
- MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability, Mandriva Security Team, 03:36
- FreeBSD Security Advisory FreeBSD-SA-06:05.80211, FreeBSD Security Advisories, 03:36
- [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS), security-alert, 02:46
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at], 02:35
- Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager, Michael Shigorin, 02:15
- -2- [XSS] in ar-blog v 5.2, s3ude, 01:15
January 19, 2006
- CAID 33756 - DM Deployment Common Component Vulnerabilities, Williams, James K, 23:24
- Re: Re: MSN Messenger Password Decrypter for WinXP/2003, null, 22:31
- HITBSecConf2005 Videos Released !, Praburaajan, 19:19
- Land Down Under Signature HTML Code Injection, [at], 16:20
- [eVuln] WebspotBlogging Authentication Bypass Vulnerability, alex, 15:59
- IRM 015: File system path disclosure on TYPO3 Web Content Manager, Advisories, 15:39
- Re: [DCC SPAM] Hacking With The Google Search Engine, Paul Laudanski, 15:29
- HITBSecConf2005 Videos Released, Praburaajan, 15:19
January 18, 2006
- MyBB Signature HTML Code Injection, [at], 22:00
- Re: MSN Messenger Password Decrypter for WinXP/2003, frank boldewin, 21:10
- XMB Forum HTML Code Injection, [at], 21:00
- ICQ Cross Site Scripting Vulnerability, simo, 20:50
- WEP-Client-Communication-Dumbdown (WCCD) Vulnerability, Michael.Wade, 19:29
- [Full-disclosure] Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability, Fortinet Research, 19:19
- Re: Directory traversal in phpXplorer, Stan Bubrouski, 19:09
- Cerberus FTP Server 2.32 Denial of Service, cvh, 18:39
- [eVuln] aoblogger Multiple Vulnerabilities, alex, 18:39
- [eVuln] Flog Information Disclosure Vulnerability, alex, 18:18
- Re: PunBB BBCode URL Tag Script Injection Vulnerability, Rickard Andersson, 18:08
- [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities, alex, 17:58
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 17:47
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at], 17:37
- Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA, ak, 17:07
- Oracle Reports - Read parts of files via customize(fixed after 875 days), ak, 16:57
- Oracle Critical Patch Update - January 2006, NGSSoftware Insight Security Research, 16:47
- Oracle Reports - Overwrite any application server file via desname (fixed after 889 days), ak, 16:27
- Oracle Reports - Read parts of files via desname (fixed after 874 days), ak, 16:17
- [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1, zinho, 16:06
- Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext, ak, 16:06
- Oracle DBMS Access Control Bypass in Login, shulman, 15:56
- Attacking Automatic Wireless Network Selection, Dino A. Dai Zovi, 15:26
- [Full-disclosure] Google's Blogger.com classic HTTP response splitting vulnerability, Meder Kydyraliev, 08:53
- [Full-disclosure] [USN-244-1] Linux kernel vulnerabilities, Martin Pitt, 05:35
January 17, 2006
- White Album Sql İnjection biyosecurity.be, liz0, 22:22
- Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements, inge . henriksen, 22:01
- Re: Hacking With The Google Search Engine, Ryan McGeehan, 21:51
- [Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability, labs-no-reply@idefense.com, 20:50
- [Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability, labs-no-reply@idefense.com, 20:40
- [Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe Heap Overflow Vulnerability, labs-no-reply@idefense.com, 20:40
- [Full-disclosure] iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability, labs-no-reply@idefense.com, 20:40
- Re: Fullpath disclosure in roundcube webmail, roundcube, 19:39
- [Full-disclosure] [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess(), Thierry Zoller, 18:59
- Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, Dave Korn, 18:49
- PowerPortal Cross-Site Scripting Vulnerability, night_warrior771, 18:18
- Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability, Secunia Research, 17:58
- Re: Microsoft knew about the WMF flaw for years, Gadi Evron, 17:38
- [eVuln] microBlog BBCode XSS Vulnerability, alex, 17:18
- [eVuln] microBlog SQL Injection Vulnerability, alex, 17:07
- [eVuln] BlogPHP Authentication Bypass, alex, 16:37
- [Full-disclosure] Re: WehnTrust - When you have to trust Wehntrust, Dave Korn, 16:37
- XSS in WBNews < = v1.1.0, dragonjar, 16:27
- [Full-disclosure] Reverse Engineering WMF Exploit Code, Gadi Evron, 16:07
- Re: Reverse Proxy Cross Site Scripting, Amit Klein (AKsecurity), 16:07
- IndonesiaHack Advisory HTML injection in PHP Fusebox, king_purba, 15:27
- MDKSA-2006:016 - Updated clamav packages fix vulnerability, Mandriva Security Team, 14:56
- MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities, Mandriva Security Team, 14:36
- MDKSA-2006:014 - Updated wine packages fix WMF vulnerability, Mandriva Security Team, 14:06
- [Full-disclosure] Re: WehnTrust - When you have to trust Wehntrust, Dave Korn, 11:45
- Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, info, 10:54
- Announcement: The Web Application Firewall Evaluation Criteria v1 Released, contact, 10:24
- Re: Hacking With The Google Search Engine, Jean-Jacques Halans, 09:23
- RE: Hacking With The Google Search Engine, Matt Fisher, 09:23
- PunBB BBCode URL Tag Script Injection Vulnerability, night_warrior771, 09:13
- Re: [DCC SPAM] Hacking With The Google Search Engine, Lance James, 08:13
- Re: MSN Messenger Password Decrypter for WinXP/2003, James_gmail-ij, 06:52
- [Full-disclosure] ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen, 04:41
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 04:21
- Microsoft knew about the WMF flaw for years, Richard M. Smith, 03:30
- Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, patrickthomassen, 02:50
- [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability, alex, 02:10
- Re: WMF vulnerability was a deliberate backdoor?, Mike Ely, 01:40
- [eVuln] Benders Calendar SQL Injection, alex, 00:09
January 16, 2006
- Re: MyBB 1.0.2 SQL injection in usercp.php, o . y . 6, 23:38
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust, H D Moore, 22:48
- Reverse Proxy Cross Site Scripting, Shalom Carmel, 22:08
- iWar 0.07 PSTN auditing tool released..., Da Beave, 21:57
- Re: WMF vulnerability was a deliberate backdoor?, Steve Friedl, 21:37
- [Full-disclosure] Sun Java Update Scheduler gets placed in autostart without absolute path quotes, Paul, 21:37
- Re: WMF vulnerability was a deliberate backdoor?, Denis Jedig, 20:47
- Homeftp r1.0.7 Denial of Service, cvh, 20:17
- CounterPath eyeBeam Handing SIP header Vulnerabilities, zwell, 19:36
- RE: WMF vulnerability was a deliberate backdoor?, Alex Eckelberry, 18:56
- [eVuln] Bit 5 Blog JavaScript Insertion Vulnerability, alex, 18:26
- [Full-disclosure] WehnTrust - When you have to trust Wehntrust, Thierry Zoller, 18:05
- Directory traversal in phpXplorer, Oriol Torrent, 17:15
- Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities, oliver karow, 16:55
- [Full-disclosure] RE: Session data pollution vulnerabilities in web applications, Keenan Smith, 16:24
- DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal', KF (lists), 16:14
- [Full-disclosure] [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation, Thierry Carrez, 10:52
- [Full-disclosure] [USN-243-1] tuxpaint vulnerability, Martin Pitt, 09:11
- [Full-disclosure] [USN-242-1] mailman vulnerabilities, Martin Pitt, 08:01
- [Full-disclosure] Virata-EmWeb DSL modems, Dinos, 07:00
- MDKSA-2006:013 - Updated kolab packages fix vulnerability, Mandriva Security Team, 01:47
- Visual Studio Remote Code Execution, priest, 01:17
- [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server, ISecAuditors Security Advisories, 00:57
- DDSN CMS Admin Panel SQL Injection Vulnerability, khc, 00:37
- TSL-2006-0001 - postgresql, Trustix Security Advisor, 00:16
January 15, 2006
- TSLSA-2006-0002 - multi, Trustix Security Advisor, 23:56
- DIMVA 2006 Call for Papers, Thomas Biege, 23:36
- Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 20:45
- Re: MSN Messenger Password Decrypter for WinXP/2003, kuku, 20:04
- [eVuln] Light Weight Calendar PHP Code Execution, alex, 19:24
- AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability, night_warrior771, 18:44
- DCP Portal Cross-Site Scripting Vulnerability, night_warrior771, 18:14
- MyBB 1.0.2 SQL injection, addmimistrator, 17:44
- WMF vulnerability was a deliberate backdoor?, Brooks, Shane, 17:03
- [Full-disclosure] EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability, Josh Zlatin, 12:31
- MyBB 1.0.2 SQL injection in usercp.php, addmimistrator, 02:48
January 14, 2006
- [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution, Martin Schulze, 22:36
- FreeBSD Security Advisory FreeBSD-SA-06:02.ee, FreeBSD Security Advisories, 21:45
- [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops, Advisories, 18:24
- Hacking With The Google Search Engine, Paul Laudanski, 17:54
- RE: Did MS pull an Ilfak? (MS patch bindiff results), Greg Wroblewski, 17:54
- [KAPDA::#21] - HomeFtp v1.1 Denial of Service, [a], 17:34
- FullPath disclosure in Xaraya 1.0.1, king_purba, 17:24
- ezDatabase 2.0 and below, none, 17:13
- Helm XSS Vulnerability, M.Neset KABAKLI, 16:23
- [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities, alex, 13:12
- FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw, FreeBSD Security Advisories, 10:51
- Serial Line Sniffer 0.4.4 Buffer Overflow, Sintigan, 10:31
- MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities, Mandriva Security Team, 09:50
- FreeBSD Security Advisory FreeBSD-SA-06:03.cpio, FreeBSD Security Advisories, 03:38
- mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation, xwings, 01:27
January 13, 2006
- [Full-disclosure] Re: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Austin Murkland, 16:53
- [Full-disclosure] iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow, labs-no-reply@idefense.com, 15:53
- MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities, Mandriva Security Team, 15:13
- SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002), Marcus Meissner, 15:02
- RE: [Full-disclosure] Fortinet Advisory - Apple QuickTime PlayerStripByteCounts Buffer Overflow Vulnerability, Tom Ferris, 13:42
- Re: [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, virus, 09:40
- Re: industry standards - current status [was: what we REALLY learned from WMF], D. Hazelton, 04:58
- [Full-disclosure] [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen, 04:28
- [Full-disclosure] [ GLSA 200601-08 ] Blender: Heap-based buffer overflow, Sune Kloppenborg Jeppesen, 04:28
- [Full-disclosure] [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen, 04:18
- RE: [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, Paul, 02:17
January 12, 2006
- [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, secresearch, 23:15
- [Full-disclosure] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow, Fortinet Research, 22:55
- [Full-disclosure] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability", Fortinet Research, 22:45
- [Full-disclosure] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability", Fortinet Research, 22:45
- [Full-disclosure] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability, Fortinet Research, 22:35
- [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces, Fortinet Research, 22:25
- [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, Fortinet Research, 22:15
- [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities, alex, 21:34
- [eVuln] Wordcircle Authentication Bypass, alex, 21:24
- [eVuln] ACal Authentication Bypass & PHP Code Insertion, alex, 21:14
- [Full-disclosure] Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability, secresearch, 21:14
- [Full-disclosure] Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx, 21:14
- [eVuln] TankLogger SQL Injection Vulnerability, alex, 21:14
- [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch, 21:04
- [Full-disclosure] Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit, nukedx, 21:04
- FogBugz Cross Site Scripting Vulnerability, M.Neset KABAKLI, 20:34
- Multiple PHP Toolkit for PayPal Vulnerabilities, uinC Team, 20:24
- Interspire TrackPoint NX XSS Vulnerability, M.Neset KABAKLI, 20:24
- Cisco, haven't we learned anything? (technician reset), Gadi Evron, 20:03
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx, 19:03
- [Full-disclosure] ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability, zdi-disclosures, 18:02
- Re: [Full-disclosure] Re: Session data pollution vulnerabilities inweb applications, Frank Knobbe, 17:52
- EUSecWest papers and CanSecWest CFP, Dragos Ruiu, 17:42
- H-Sphere Security Vulnerability, M.Neset KABAKLI, 16:41
- [Full-disclosure] Re: Session data pollution vulnerabilities inweb applications, Dave Korn, 16:41
- Re: [Full-disclosure] Re: what we REALLY learned from WMF, wac, 15:31
- [Full-disclosure] Advisory 02/2006: PHP ext/mysqli Format String Vulnerability, Stefan Esser, 14:20
- [Full-disclosure] Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability, Stefan Esser, 14:20
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, mailinglist mailinglist, 14:10
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, Frank Knobbe, 14:10
- [Full-disclosure] [USN-241-1] Apache vulnerabilities, Adam Conrad, 08:37
- [Full-disclosure] Session data pollution vulnerabilities in web applications, Alla Bezroutchko, 08:17
- Re: PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski, 04:05
- BSD Securelevels: Circumventing protection of files flagged immutable, RedTeam Pentesting, 02:04
- Advisory: XSS attack on Superonline.com email service., nukedx, 01:24
- MDKSA-2006:010 - Updated cups packages fix several vulnerabilities, Mandriva Security Team, 00:54
- [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server, bugzilla, 00:43
January 11, 2006
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex, FreeBSD Security Advisories, 23:43
- [eVuln] MyPhPim Arbitrary File Upload, alex, 22:53
- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp), nukedx, 22:22
- Re: Did MS pull an Ilfak? (MS patch bindiff results), Denis Jedig, 21:42
- eStara Softphone SIP stack Buffer Overflow Vulnerability, zwell, 19:50
- SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001), Ludwig Nussel, 19:30
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED], FreeBSD Security Advisories, 19:20
- PostgreSQL security releases 8.0.6 and 8.1.2, PostgreSQL Security, 19:10
- [Full-disclosure] Updated Advisories - Incorrect CVE Information, Advisories, 15:07
- [Full-disclosure] [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow, Advisories, 14:57
- [Full-disclosure] [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow, Advisories, 14:57
- [Full-disclosure] [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow, Advisories, 14:57
- [Full-disclosure] [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow, Advisories, 14:47
- [Full-disclosure] [USN-240-1] bogofilter vulnerability, Martin Pitt, 14:27
- Re: [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow, virus, 13:36
- [Full-disclosure] Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability, Paul Starzetz, 13:06
- [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow, CIRT.DK Advisory, 13:06
- Microsoft Outlook Critical Vulnerability, NGSSoftware Insight Security Research, 12:26
- Microsoft Exchange Critical Vulnerability, NGSSoftware Insight Security Research, 12:06
- Re: PayPal Phishing Site Exploits Google XSS Vulnerability, Stelian Ene, 09:45
- PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski, 08:24
- Re: Dumb IE6/XP denial of service found on the web, rebornrebel, 08:14
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team, 04:32
- New PEAR / Apache2Triad Exploit, jd2k2000, 01:00
January 10, 2006
- [Full-disclosure] [FLSA-2006:167803] Updated mysql packages fix security issues, Marc Deslauriers, 22:09
- Malware - future trends, Dancho Danchev, 18:47
- [Full-disclosure] [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow, Stefan Cornelius, 18:27
- Time modification flaw in BSD securelevels on NetBSD and Linux, RedTeam Pentesting, 18:06
- [Full-disclosure] [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability, Advisories, 17:46
- Re: Did MS pull an Ilfak? (MS patch bindiff results), Joe Polk, 17:23
- [Full-disclosure] [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities, Stefan Cornelius, 17:13
- Re: Html_Injection in vBulletin 3.5.2, info, 17:02
- [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert, 16:42
- Multiple Vulnerabilities in Hummingbird Collaboration, luca . carettoni, 14:41
- Re: Html_Injection in vBulletin 3.5.2, Steven M. Christey, 14:11
- [Full-disclosure] iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 12:20
- industry standards - current status [was: what we REALLY learned from WMF], Gadi Evron, 00:55
- Research: Malware Action Detection and Protection, Arman Nayyeri, 00:45
January 09, 2006
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team, 23:44
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team, 23:34
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team, 23:24
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team, 23:14
- MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities, Mandriva Security Team, 22:54
- [Full-disclosure] [FLSA-2006:168375] Updated mozilla packages fix security issues, Marc Deslauriers, 22:54
- [Full-disclosure] [FLSA-2006:152922] Updated ethereal packages fix security issues, Marc Deslauriers, 22:54
- [Full-disclosure] [FLSA-2006:152907] Updated htdig packages fix security issues, Marc Deslauriers, 22:44
- [Full-disclosure] [FLSA-2006:152803] Updated lesstif packages fix security issues, Marc Deslauriers, 22:44
- [Full-disclosure] [FLSA-2006:136323] Updated gettext package fixes security issues, Marc Deslauriers, 22:44
- [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS), alex, 22:44
- Xoops Pool Module IMG Tag Cross Site Scripting, night_warrior771, 22:34
- Re: Interview: Ilfak Guilfanov, Denis Jedig, 22:24
- Php-Nuke Pool and News Module IMG Tag Cross Site, night_warrior771, 22:14
- Orjinweb E-commerce, serxwebun, 21:33
- AIM Multiple Cross Site Scripting Vulnerability, simo, 21:23
- AOL Multiple Cross Site Scripting Vulnerability, simo, 21:13
- Html_Injection in vBulletin 3.5.2, the_bekir, 21:13
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team, 21:03
- Re: Did MS pull an Ilfak? (MS patch bindiff results), Brett Glass, 20:33
- [Full-disclosure] iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability, labs-no-reply@idefense.com, 18:41
- Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability, info, 17:51
- [eVuln] Venom Board SQL Injection Vulnerability, alex, 17:31
- [eVuln] Foxrum BBCode XSS Vulnerabilty, alex, 17:01
- NetBSD Security Advisory 2006-002: settimeofday() time wrap, NetBSD Security Officer, 16:50
- NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure, NetBSD Security Officer, 16:30
- [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities, frankruder, 15:49
- Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities, frankruder, 15:39
- xorg server 6.8.2 and below on 64bit arch, serj, 15:29
- [Full-disclosure] [USN-235-2] sudo vulnerability, Martin Pitt, 08:46
- [Full-disclosure] [USN-236-2] xpdf vulnerabilities in kword, kpdf, Martin Pitt, 05:44
- [Full-disclosure] [USN-239-1] libapache2-mod-auth-pgsql vulnerability, Martin Pitt, 05:34
January 07, 2006
- [eVuln] NavBoard BBcode XSS Vulnerability, alex, 19:10
- Re: Interview: Ilfak Guilfanov, Randal L. Schwartz, 19:00
- [Full-disclosure] [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking, Sune Kloppenborg Jeppesen, 18:30
- [Full-disclosure] RE: Windows PHP 4.x "0-day" buffer overflow, LE Backup, 15:49
- Re: MD:Pro - Malware Distribution Project, Rembrandt, 14:48
- Re: [Full-disclosure] Re: what we REALLY learned from WMF, dudevanwinkle@gmail.com, 09:36
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team, 08:46
- Re: Dumb IE6/XP denial of service found on the web, Francois Labreque, 08:15
- SysCP WebFTP local file inclusion vulnerability, Thomas Henlich, 04:34
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team, 04:04
- HylaFAX Security advisory - fixed in HylaFAX 4.2.4, Aidan Van Dyk, 02:53
- [eVuln] TinyPHPForum Multiple Vulnerabilities, alex, 02:12
- Re: Dumb IE6/XP denial of service found on the web, Kim Christensen, 01:10
- CyberShop User Login Sql Injection, night_warrior771, 00:49
January 06, 2006
- [eVuln] Proyecto Domus 'email' XSS Vulnerability, alex, 20:37
- Re: what we REALLY learned from WMF, Thor (Hammer of God), 19:36
- MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team, 18:35
- [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1, eufrato, 18:25
- Re: Download Accelerator Plus can be tricked to download malicious file, Dave Korn, 18:15
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team, 18:04
- Did MS pull an Ilfak? (MS patch bindiff results), Gadi Evron, 17:54
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team, 17:44
- [Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability, zeus olimpusklan, 17:34
- Re: MS released a patch today - MS06-001, Anthony R. Nemmer, 17:24
- [Full-disclosure] Re: what we REALLY learned from WMF, Dave Korn, 17:24
- [eVuln] TheWebForum Script Insertion and Authentication Bypass, alex, 17:14
- MD5s of Unofficial patches and other mistakes, Forrest J. Cavalier III, 17:03
- Re: [Full-disclosure] Re: what we REALLY learned from WMF, Devdas Bhagat, 16:53
- [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access, security-alert, 16:53
- [Full-disclosure] Re: what we REALLY learned from WMF, Matt . Carpenter, 16:33
- [Full-disclosure] Re: what we REALLY learned from WMF, Gavin Conway, 16:33
- [Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 12:11
- [Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 12:11
- Re: New from the MS Advisory, Damaged Industries, 11:20
- APPLE-SA-2006-01-05 AirPort firmware update, noreply, 11:10
- [Full-disclosure] [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 11:00
- [Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 09:39
- Re: [Full-disclosure] what we REALLY learned from WMF, Florian Weimer, 09:29
- [Full-disclosure] Re: [USN-237-1] nbd vulnerability, Florian Weimer, 07:28
- [Full-disclosure] [USN-238-2] Blender vulnerability, Martin Pitt, 07:08
- [Full-disclosure] [USN-237-1] nbd vulnerability, Martin Pitt, 06:28
- [Full-disclosure] [USN-238-1] Blender vulnerability, Martin Pitt, 06:28
- [eVuln] ADNForum Multiple Vulnerabilities, alex, 02:16
- MS released a patch today - MS06-001, Duran, Jason IT0, 02:16
- RE: WMF browser-ish exploit vectors, James C Slora Jr, 01:36
- Re: Download Accelerator Plus can be tricked to download malicious file, visitbipin, 01:26
- [Full-disclosure] RE: what we REALLY learned from WMF, Donald N Kenepp, 00:45
- Interview: Ilfak Guilfanov, Matthew Murphy, 00:35
January 05, 2006
- Uninformed Journal Release Announcement: Volume 3, Uninformed, 23:35
- RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 23:15
- Contact information for Symantec Vulnerability Management, secure, 22:54
- What is sbininitd port 65534 ???, waltdnes, 22:24
- [Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:24
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, Scott Renna, 22:24
- [Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:14
- [Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 22:14
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, Anthony R. Nemmer, 22:14
- [Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:14
- [Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:14
- [Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:14
- RE: Dumb IE6/XP denial of service found on the web, Mario Contestabile, 22:04
- [Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:04
- [Full-disclosure] Mozilla Firefox image Buffer Overflow Vulnerability, zeus olimpusklan, 22:04
- [Full-disclosure] so, who is going to bindiff the WMF patch first? Already done, Gadi Evron, 22:04
- MD:Pro - Malware Distribution Project, anthony . aykut, 21:43
- WMF Exploit Patch Released, Matthew Schiros, 20:19
- [Full-disclosure] what we REALLY learned from WMF, Gadi Evron, 19:19
- [Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability, labs-no-reply@idefense.com, 18:58
- [Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability, labs-no-reply@idefense.com, 18:58
- [Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability, labs-no-reply@idefense.com, 18:48
- Re: [Full-disclosure] RE: Download Accelerator Plus can be tricked to download malicious file, Bipin Gautam, 18:28
- [VulnWatch] RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 18:28
- Re: [Full-disclosure] MS Patch Release for WMF Issue, Stan Bubrouski, 18:08
- [Full-disclosure] MS Patch Release for WMF Issue, Geoff.Shatz, 17:37
- [Full-disclosure] RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 16:47
- [Full-disclosure] [USN-236-1] xpdf vulnerabilities, Martin Pitt, 15:16
- [Full-disclosure] [USN-235-1] sudo vulnerability, Martin Pitt, 13:55
- Re: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, Josh Zlatin, 12:44
- Re: WMF Exploit, Joshua, 11:14
- [Full-disclosure] Open Letter on the Interpretation of "Vulnerability Statistics", Steven M. Christey, 10:33
- Re: WMF browser-ish exploit vectors, Dave Korn, 10:13
- [Full-disclosure] Re: Re[2]: [funsec] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:43
- Re: [Full-disclosure] RE: WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
- Re: [Full-disclosure] Re: WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
- [Full-disclosure] Re: [funsec] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
- Re: WTF??, anthony . aykut, 08:53
- WMF: New Metasploit Framework Module, H D Moore, 07:42
- Mapping and Remote manipulation of databases, Gandalf The White, 06:42
- Re: WTF??, Nick FitzGerald, 05:41
- Re: WMF browser-ish exploit vectors, Nick FitzGerald, 04:51
- RE: WMF Exploit, Discussion Lists, 04:00
- MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability, Mandriva Security Team, 03:10
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, Eloy A. Paris, 02:09
- [Full-disclosure] Windows PHP 4.x "0-day" buffer overflow, mercenary, 01:29
- Dumb IE6/XP denial of service found on the web, 8ux1fpd02, 01:09
- Recruitment Software allows MySQL credentials disclosure, Rafael San Miguel Carrasco, 00:49
January 04, 2006
- Re[2]: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne, 22:48
- New from the MS Advisory, Larry Seltzer, 21:46
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, Crist J. Clark, 20:05
- [Full-disclosure] [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code, Sune Kloppenborg Jeppesen, 19:25
- Re: WMF Exploit, Paul Laudanski, 18:35
- RE: [Full-disclosure] RE: WMF round-up, updates and de-mystification, Krpata, Tyler, 17:44
- [Full-disclosure] RE: WMF round-up, updates and de-mystification, Mario Contestabile, 17:24
- [eVuln] Lizard Cart CMS SQL Injection Vulnerability, alex, 17:24
- [Full-disclosure] RE: WMF round-up, updates and de-mystification, Brance Amussen, 17:14
- Re[2]: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, 3APA3A, 16:23
- Download Accelerator Plus can be tricked to download malicious file, visitbipin, 16:03
- Another WMF exploit workaround, Ivan Arce, 15:53
- WMF exploit, Andreas Marx, 15:33
- Re: WMF SETABORTPROC exploit, Alexander Sotirov, 14:53
- Re: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, Stan Bubrouski, 14:22
- [Full-disclosure] Rockliffe Mailsite User Enumeration Flaw, Josh Zlatin, 13:21
- [Full-disclosure] Rockliffe Directory Transversal Vulnerability, Josh Zlatin, 13:21
- [Full-disclosure] Re: WMF round-up, updates and de-mystification, Adam Shostack, 04:17
January 03, 2006
- [eVuln] PHPenpals SQL Injection Vulnerabilit, alex, 22:05
- WSJ: The new "metasploit" computer virus, Richard M. Smith, 21:14
- [eVuln] phpBook PHP Code Execution, alex, 21:04
- RE: WMF Exploit, Paul, 20:43
- RE: [funsec] WMF round-up, updates and de-mystification, Larry Seltzer, 20:33
- RE: [Full-disclosure] Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected], Paul, 20:33
- Re: WMF round-up, updates and de-mystification, Gadi Evron, 20:12
- [eVuln] VEGO Links Builder Authentication Bypass, alex, 20:02
- RE: [Full-disclosure] WMF round-up, updates and de-mystification, Larry Seltzer, 19:52
- [Full-disclosure] RE: WMF round-up, updates and de-mystification, Krpata, Tyler, 19:52
- Re: Drupal all versiyon xss cehennem.org, RSnake, 19:42
- Re: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne, 19:42
- [eVuln] VEGO Web Forum SQL Injection Vulnerability, alex, 19:21
- [eVuln] Chimera Web Portal System Multiple Vulnerabilities, alex, 19:11
- Re: Drupal all versiyon xss cehennem.org, security, 19:01
- WMF SETABORTPROC exploit, SanjayR, 19:01
- Winrar 3.30 Local Buffer Overflow, Alpha_Programmer, 18:30
- RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau, 18:20
- [eVuln] oaBoard PHP Code Execution, alex, 17:59
- SCO Openserver 5.0.x exploit, rod hedor, 17:59
- [eVuln] ScozBook "adminname" Authentication Bypass, alex, 17:49
- [eVuln] inTouch Authentication Bypass, alex, 17:39
- [eVuln] B-net Software Multiple XSS Vulnerabilities, alex, 17:29
- [eVuln] Chipmunk Guestbook XSS Vulnerability, alex, 17:29
- Drupal all versiyon xss cehennem.org, liz0, 17:19
- [eVuln] PHPjournaler SQL Injection Vulnerability, alex, 17:09
- NicoFTP Stack Overflow, k4p0k4p0, 17:09
- [KAPDA::#19] - Html Injection in vBulletin 3.5.2, alireza hassani, 17:09
- Re: WMF Exploit, Frank Knobbe, 16:38
- Re: RE: WMF Exploit, grasshopa, 16:38
- Re: WMF Exploit, Justin Myers, 16:18
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, gat0r, 14:37
- RE: [Full-disclosure] WMF round-up, updates and de-mystification, Peter Ferrie, 14:27
- [Full-disclosure] [ GLSA 200601-01 ] pinentry: Local privilege escalation, Thierry Carrez, 12:06
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 08:54
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 08:54
- Re: [Full-disclosure] WMF round-up, updates and de-mystification, Nancy Kramer, 07:14
- [Full-disclosure] WMF round-up, updates and de-mystification, Gadi Evron, 05:43