Bugtraq (date)
February 28, 2006
- Re: Bypass Fortinet anti-virus using FTP, Mathieu Dessus, 21:29
- bttlxeForum 2.* XSS Vulnerability, stormhacker, 21:19
- PEHEPE Membership Management System Multiple Vulnerabilities, mail, 20:49
- [ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities, security, 20:39
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Renaud Lifchitz, 20:19
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Daniel Veditz, 19:59
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Daniel Veditz, 19:38
- Virex on-access scanning unreliable, hahn, 18:18
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, Adam Chesnutt, 17:47
- [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access, security-alert, 17:37
- (PHP) mb_send_mail security bypass, ced . clerget, 16:37
- [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Renaud Lifchitz, 16:27
- (PHP) imap functions bypass safemode and open_basedir restrictions, ced . clerget, 16:27
- QwikiWiki v1.4 XSS Vulnerability, drdeath_2006, 15:16
- MyBB 1.3 NewSQL Injection, o . y . 6, 15:16
- EJ3 TOPo - Cross Site Scripting Vulnerability, mail, 14:55
- FarsiNews 2.5Pro Exploit, hessamx, 14:45
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, James Garrison, 14:25
- Sourceforge XSS, liz0, 14:05
- WordPress 2.0.1 Multiple Vulnerabilities, k4p0k4p0, 13:14
- [ MDKSA-2005:050 ] - Updated unzip packages fix vulnerabilities, security, 12:04
- [Full-disclosure] Fedex Kinkos Smart Card Authentication Bypass, Lance James, 10:33
- [Full-disclosure] recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron, 08:32
February 27, 2006
- Re: URL filter bypass in Fortinet, VulnWatch, 23:17
- [Full-disclosure] [FLSA-2006:181014] Updated gnutls packages fix a security issue, Marc Deslauriers, 22:27
- [Full-disclosure] [FLSA-2006:177694] Updated auth_ldap package fixes security issue, Marc Deslauriers, 22:27
- [Full-disclosure] [FLSA-2006:177326] Updated mod_auth_pgsql package fixes security issue, Marc Deslauriers, 22:17
- [Full-disclosure] [FLSA-2006:175818] Updated udev packages fix a security issue, Marc Deslauriers, 22:17
- [Full-disclosure] [FLSA-2006:157366] Updated PostgreSQL packages fix security issues, Marc Deslauriers, 22:17
- NETGEAR WGT624 Wireless DSL Firewall/Router vulnerability, info, 20:35
- NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, info, 19:55
- [ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities, security, 19:45
- [eVuln] PerlBlog Multiple Vulnerabilities, alex, 19:35
- Re: Bypass Fortinet anti-virus using FTP, VulnWatch, 19:15
- PixelArtKingdom TopSites Remote Command Exucetion, botan, 18:14
- [Full-disclosure] directory traversal in DirectContact 0.3b, Donato Ferrante, 16:53
- 2 SQL Injection in d3jeeb, S3ude, 16:13
- [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail, ISecAuditors Security Advisories, 16:13
- Knowledgebases Remote Command Exucetion, botan, 15:42
- Secunia Research: ArGoSoft Mail Server Pro viewheaders Script Insertion, Secunia Research, 15:32
- Re: [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities, tachyon, 15:12
- CGI Calendar XSS Vulnerability, revnic, 15:01
- Mail Transport System Professional--Open Relay Hole, Craig Morrison, 14:51
- 2 SQL Injection in Fantastic News, S3ude, 14:41
- phpRPC Library Remote Code Execution, GulfTech Security Research, 14:31
- [eVuln] Quirex Arbitrary File Disclosure Vulnerability, alex, 14:11
- Thomson SpeedTouch 500 modems vulnerable to XSS, preben, 14:01
- Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion, kingofska, 14:00
- Re: PwsPHP Injection SQL on Index.php, zeta_2_, 13:50
- Norton Monitoring Systems funny problems, Alexander Hristov, 13:50
- Archive_Zip (Zip file management class) Directory traversal, h e, 12:39
- [Full-disclosure] [USN-258-1] PostgreSQL vulnerability, Martin Pitt, 07:07
- Re: [Full-disclosure] Quarantine your infected users spreading malware, Dana Hudes, 06:57
February 26, 2006
- Research paper on covert channels, matthijs, 23:03
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Matthew Schiros, 23:03
- Re: Vulnerabilites in new laws on computer hacking, Jure Koren, 22:53
- Re: [Full-disclosure] WebEx, A-d-F, 22:53
- [Full-disclosure] WebEx, Terminal Entry, 22:43
- Re: Amazon phishing scam on Yahoo servers, Elizabeth Zwicky, 22:33
- Re: Amazon phishing scam on Yahoo servers, Stefan Kelm, 22:33
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jamie Riden, 22:33
- Re: H&R Block contact, Stan Bubrouski, 22:23
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Thomas M. Payerle, 22:23
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 22:23
- Re: DarkStarlings.com XSS Vulnerability, webmaster, 22:02
- Re: Amazon phishing scam on Yahoo servers, Vincent Archer, 21:52
- [Full-disclosure] [ GLSA 200602-14 ] noweb: Insecure temporary file creation, Thierry Carrez, 13:49
- [Full-disclosure] [ GLSA 200602-13 ] GraphicsMagick: Format string vulnerability, Thierry Carrez, 13:18
February 25, 2006
- SQL Injection in DCI-Taskeen, xx_hack_xx_2004, 18:11
- PwsPHP Injection SQL on Index.php, papipsycho, 18:01
- [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8, come2waraxe, 17:51
- ArGoSoft FTP server remote heap overflow, Jerome Athias, 17:41
- [Full-disclosure] Re: [funsec] SSH bypassing in Phishing, Florian Weimer, 14:49
- NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3, NSA Group, 14:39
- NSA Group Security Advisory NSAG-№201-25.02.2006 Vulnerability SPiD v1.3.1, NSA Group, 14:09
- [ MDKSA-2005:048 ] - Updated mplayer packages fix integer overflow vulnerabilities, security, 13:59
- [Full-disclosure] Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability, nukedx, 12:48
- [Full-disclosure] Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability, nukedx, 12:38
- [Full-disclosure] Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability, nukedx, 12:38
- [Full-disclosure] Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability, nukedx, 12:38
- [Full-disclosure] [FLSA-2006:176731] Updated perl packages fix security issue, Marc Deslauriers, 12:28
- [Full-disclosure] [FLSA-2006:158543] Updated gaim package fixes security issues, Marc Deslauriers, 12:18
- [Full-disclosure] [FLSA-2006:138098] Updated nfs-utils package fixes security issues, Marc Deslauriers, 12:18
February 24, 2006
- fwd: SuSE Security Announcement: heimdal (SUSE-SA:2006:011), Dave McKinney, 21:42
- RE: Vulnerabilites in new laws on computer hacking, dave, 20:21
- [eVuln] Guestex XSS Vulnerability, alex, 18:30
- Mambo Multiple Vulnerabilities, GulfTech Security Research, 18:00
- Re: Vulnerabilites in new laws on computer hacking, Ansgar -59cobalt- Wiechers, 17:39
- TSLSA-2006-0010 - multi, Trustix Security Advisor, 17:29
- TSLSA-2006-0008 - multi, Trustix Security Advisor, 17:19
- [Full-disclosure] iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability, labs-no-reply, 16:19
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Kevin Waterson, 15:58
- [Full-disclosure] SSH bypassing in Phishing, Gadi Evron, 15:38
- Re: Quarantine your infected users spreading malware, Marcus Aurelius, 15:38
- Re: Vulnerabilites in new laws on computer hacking, Casper . Dik, 15:27
- Re: Vulnerabilites in new laws on computer hacking, Davi Anabuki, 15:07
- IRM 018: Winamp 5.13 m3u Playlist Buffer Overflow, Advisories, 14:47
- Re: Vulnerabilites in new laws on computer hacking, Casper . Dik, 14:47
- SuSE Security Announcement: heimdal (SUSE-SA:2006:010), Thomas Biege, 14:27
- [Full-disclosure] Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities, nukedx, 14:07
- [Full-disclosure] Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities, nukedx, 14:07
- Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability, nukedx, 13:57
- SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal, h e, 13:26
- StuffIt and ZipMagic Family of products Directory traversal, h e, 13:16
- WinAce Archiver v2.6 Directory traversal, h e, 13:06
- Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal, h e, 12:56
- [eVuln] Guestex Shell Command Execution Vulnerability, alex, 12:46
- NSA Group Security Advisory NSAG-№200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP, NSA Group, 12:36
- NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability ArGoSoft Mail Server Pro, NSA Group, 12:26
- Vulnerability in Crypt::CBC Perl module, versions <= 2.16, Lincoln Stein, 12:16
- [Full-disclosure] announcement: reporting and mitigating botnets, Gadi Evron, 10:05
- Re: [Full-disclosure] Quarantine your infected users spreading malware, 499nag, 04:22
- [Full-disclosure] RE: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, Craig Wright, 02:12
February 23, 2006
- [Full-disclosure] [FLSA-2006:180036-2] Updated firefox package fixes security issues, Marc Deslauriers, 21:39
- [Full-disclosure] [FLSA-2006:180036-1] Updated mozilla packages fix security issues, Marc Deslauriers, 21:29
- [Full-disclosure] [FLSA-2006:162750] Updated sudo packages fix security issue, Marc Deslauriers, 21:29
- Administrivia: New Bugtraq moderator, David Ahmad, 20:59
- RE: Amazon phishing scam on Yahoo servers, Alex Eckelberry, 20:39
- NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07, NSA Group, 20:29
- NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC, NSA Group, 20:19
- [Full-disclosure] Re: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, Jason Coombs, 20:09
- NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2, NSA Group, 19:48
- NSA Group Security Advisory NSAG-№197-23.02.2006 Vulnerability CubeCart 3.0.0 – 3.0.6, NSA Group, 19:38
- Re: [Full-disclosure] Re: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, Simon Smith, 19:28
- HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection, h4cky0u . org, 18:58
- Event Speaker, Pete Herzog, 18:48
- [Full-disclosure] Re: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, Jason Coombs, 18:38
- RE: Amazon phishing scam on Yahoo servers, Paul Laudanski, 18:28
- Re: Amazon phishing scam on Yahoo servers, Paul Laudanski, 18:28
- RE: Amazon phishing scam on Yahoo servers, Geoff Vass, 18:17
- Re: H&R Block contact, Fixer, 18:07
- Re: H&R Block contact, Rory A. Savage, 17:57
- Re: Amazon phishing scam on Yahoo servers, Steve Friedl, 17:47
- Re: new linux malware, Jamie Riden, 17:37
- ZDI-06-002: Adobe Macromedia ShockWave Code Execution, zdi-disclosures, 16:26
- Secunia Research: WinACE ARJ Archive Handling Buffer Overflow, Secunia Research, 15:46
- [eVuln] Teca Diary PE SQL Injection Vulnerability, alex, 15:26
- Secunia Research: Visnetic AntiVirus Plug-in for MailServer Privilege Escalation, Secunia Research, 15:16
- NOCC Webmail <= 1.0 multiple vulnerabilities, rgod, 14:55
- NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability, NSFOCUS Security Team, 14:35
- zoo contains exploitable buffer overflows, Jean-Sébastien Guay-Leroux, 14:25
- [ MDKSA-2006:047 ] - Updated metamail packages fix vulnerability, security, 14:05
- Re: Internet Explorer Phishing mouseover issue, Steven M. Christey, 13:55
- DEF CON 14 is now in effect! The Call for Papers is open., The Dark Tangent, 13:55
- [Full-disclosure] [USN-257-1] tar vulnerability, Martin Pitt, 11:34
- [ MDKSA-2006:045 ] - Updated MySQL packages fix temporary file vulnerability, security, 01:20
February 22, 2006
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 23:08
- Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module, Benjamin R. Ginter, 21:07
- Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module, Matt Van Gundy, 19:16
- South River WebDrive Buffer Overflow Vulnerability, Adrian Castro, 18:56
- [INetCop Security Advisory] Global Hauri Virobot cookie exploit, dong-hun you, 18:36
- Multiple Injection Vulnerabilities in PHP PEAR::Auth Module, Matt Van Gundy, 17:25
- InqTana Through the eyes of Dr. Frankenstein., KF (lists), 17:05
- [KAPDA::#29]Noah's classifieds multiple vulnerabilities, alireza hassani, 16:55
- Mozilla Thunderbird : Remote Code Execution & Denial of Service, Renaud Lifchitz, 16:05
- Re: Vulnerabilites in new laws on computer hacking, ArkanoiD, 15:44
- [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability, roozbeh_afrasiabi, 15:34
- Re: Vulnerabilites in new laws on computer hacking, Radoslav Dejanović, 15:34
- [ MDKSA-2006:046 ] - Updated tar packages fix vulnerability, security, 15:04
- IRM 017: Multiple Vulnerabilities in Infovista Portal SE, Advisories, 15:04
- [Full-disclosure] IpSwitch WhatsUp Professional 2006 DoS, Josh Zlatin, 14:24
- [Full-disclosure] Re: Quarantine your infected users spreading malware, Bob Beck, 14:04
- [Full-disclosure] The Domain Name Service as an IDS, Gadi Evron, 09:52
- [Full-disclosure] Re: Quarantine your infected users spreading malware, Radoslav Dejanović, 07:51
- PHP as a secure language? PHP worms? [was: Re: new linux malware], Gadi Evron, 07:51
- Invision Power Board 2.1.4 Multiple Vulnerabilities, paisterist . nst, 07:10
- Re: Vulnerabilites in new laws on computer hacking, FocusHacks, 05:30
- Re: Java script exploit, Andreas Beck, 04:28
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 04:08
- Re: Vulnerabilites in new laws on computer hacking, Ansgar -59cobalt- Wiechers, 03:57
- PEAR LiveUser File Access Vulnerabilities, GulfTech Security Research, 03:17
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 03:07
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Christine Kronberg, 02:37
- H&R Block contact, Fixer, 02:27
- RE: Vulnerabilites in new laws on computer hacking, Benson, Sean M, 02:17
- Re: Vulnerabilites in new laws on computer hacking, Crispin Cowan, 02:07
- Amazon phishing scam on Yahoo servers, Paul Laudanski, 01:46
- RE: Vulnerabilites in new laws on computer hacking, Bigby Findrake, 01:36
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 01:26
- Re: Vulnerabilites in new laws on computer hacking, ArkanoiD, 01:06
- [Full-disclosure] RE: First WMF mass mailer ItW (phishing Trojan) - think singularities, Ken Kousky, 00:16
- [Full-disclosure] Re: First WMF mass mailer ItW (phishing Trojan) - think singularities, Lance James, 00:16
February 21, 2006
- Not completely fixed? (was: False positive signature verification in GnuPG), Marcus Meissner, 21:34
- Re: [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8, sp3x, 19:33
- PunBB 1.2.10 Multiple DoS Vulnerabilities, k4p0k4p0, 19:03
- [eVuln] BirthSys SQL Injection Vulnerability, alex, 18:23
- [ MDKSA-2006:044 ] - Updated kernel packages fix multiple vulnerabilities, security, 17:52
- [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4, mkanat, 17:42
- Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit, Angelos D. Keromytis, 17:32
- [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack, addmimistrator, 16:52
- [eVuln] Magic Downloads Unauthorized Data Modification, alex, 16:32
- Re: new linux malware, Christine Kronberg, 15:41
- Mozila Thunderbird 1.5 Address Book DoS, Javor Ninov, 15:41
- MiniNuke CMS System all versions (pages.asp) SQL Injection, nukedx, 15:21
- grab cookie information with Melange Chat Server 1.10, Nexus, 15:21
- Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit, Crispin Cowan, 15:01
- [eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification, alex, 15:01
- [Full-disclosure] [ GLSA 200602-12 ] GPdf: Heap overflows in included Xpdf code, Thierry Carrez, 15:01
- Re: Not completely fixed?, Werner Koch, 14:51
- Whitepaper by Amit Klein: "HTTP Response Smuggling", Amit Klein (AKsecurity), 14:51
- how to crash apache/php in cpanel, Ed Wiget, 14:41
- [BuHa-Security] DoS Vulnerability in Firefox <= 1.0.7, bugtraq, 14:20
- [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability, João Antunes, 14:00
- SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009), Marcus Meissner, 13:50
- [Full-disclosure] [USN-255-1] openssh vulnerability, Martin Pitt, 13:00
- [Full-disclosure] [USN-254-1] noweb vulnerability, Martin Pitt, 13:00
- [Full-disclosure] [USN-256-1] bluez-hcidump vulnerability, Martin Pitt, 13:00
- Re: [Full-disclosure] Quarantine your infected users spreading malware, Simon Richter, 09:28
February 20, 2006
- [Full-disclosure] MiniNuke CMS System all versions (pages.asp) SQL Injection, nukedx, 23:53
- [Full-disclosure] Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection vulnerability, nukedx, 23:53
- [Full-disclosure] Re: update on the linux worm, Stephen J. Smoogen, 23:53
- [Full-disclosure] Re: new linux malware, Marco Monicelli, 23:43
- [Full-disclosure] Quarantine your infected users spreading malware, Gadi Evron, 19:11
- [Full-disclosure] [ GLSA 200602-11 ] OpenSSH, Dropbear: Insecure use of system() call, Thierry Carrez, 17:31
- [Full-disclosure] Re: new linux malware, Gadi Evron, 17:31
- [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8, come2waraxe, 15:30
- Re: Vulnerability in WinRAR - Phishing based, Andreas Beck, 15:20
- Geeklog Remote Code Execution, GulfTech Security Research, 15:20
- [eVuln] Time Tracking Software Multiple Vulnerabilities, alex, 15:10
- [TZO-062006] Safe'nVulnerable, Thierry Zoller, 15:00
- Re: First WMF mass mailer ItW (phishing Trojan), Lance James, 14:50
- Secunia Research: NJStar Word Processor Font Name Buffer Overflow, Secunia Research, 14:39
- Guestbox XSS/an admin bypass, innate, 14:29
- More info: gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities, mkproductions, 14:19
- [eVuln] Magic Calendar Lite Authentication Bypass, alex, 14:09
- [OpenPKG-SA-2006.004] OpenPKG Security Advisory (postgresql), OpenPKG, 13:49
- [OpenPKG-SA-2006.005] OpenPKG Security Advisory (tin), OpenPKG, 13:29
February 19, 2006
- [Full-disclosure] update on the linux worm, Gadi Evron, 03:06
- RE: Vulnerabilites in new laws on computer hacking, Anthony Cicalla, 02:46
- Re: Vulnerabilites in new laws on computer hacking, Sysmin Sys73m47ic, 01:35
- Re: Vulnerabilites in new laws on computer hacking, Max Ashton, 01:15
- Re: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method, temp, 01:15
- Re: Vulnerabilites in new laws on computer hacking, Ansgar -59cobalt- Wiechers, 00:55
- Re: Vulnerabilites in new laws on computer hacking, ArkanoiD, 00:45
- Re: Vulnerabilites in new laws on computer hacking, Seth Breidbart, 00:35
- Re: Vulnerabilites in new laws on computer hacking, dave, 00:25
- Vulnerability in WinRAR - Phishing based, preben, 00:15
- Re: Vulnerabilites in new laws on computer hacking, Jon Gucinski, 00:05
February 18, 2006
- Malware that breaks SSL via Pharming {Emerging Threat}, Lance James, 23:44
- [Full-disclosure] The New Face of Phishing, Gadi Evron, 21:44
- [operational update] Looking behind the smoke screen of the Internet, Gadi Evron, 20:43
- [Full-disclosure] new linux malware, Gadi Evron, 20:03
- [Full-disclosure] [FLSA-2006:175406] Updated Apache httpd packages fix security issues, Marc Deslauriers, 16:42
- [Full-disclosure] [FLSA-2006:168935] Updated openssh packages fix security issues, Marc Deslauriers, 16:42
- [Full-disclosure] [FLSA-2006:152809] Updated squid package fixes security issues, Marc Deslauriers, 16:42
- SLQ Injection vulnerability in WPCeasy, murfie, 16:31
- ADOdb Library Cross Site Scripting, GulfTech Security Research, 16:21
- [waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9, come2waraxe, 16:21
- RCblog exploit [fun], hessam, 16:11
- [OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh), OpenPKG, 16:01
- [OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo), OpenPKG, 15:51
- Tasarim Rehberi Index.PHP Remote Command Exucetion, botan, 15:51
- e107 CMS 0.7.2 Chatbox plugin XSS vulnerability, ssteam . pl, 15:41
- Coppermine Photo Gallery <=1.4.3 remote code execution, rgod, 15:31
- Re: Internet Explorer Phishing mouseover issue, Paul Szabo, 15:21
- [ MDKSA-2006:043 ] - Updated gnupg packages fix signature file verification vulnerability, security, 15:11
- [ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability, security, 15:11
- [ MDKSA-2006:041 ] - Updated bluez-hcidump packages fix buffer overflow vulnerability, security, 15:01
- Re: dotproject <= 2.0.1 remote code execution, milw0rm Inc., 14:51
- Re: Java script exploit, Jose Nazario, 14:41
- Re: Java script exploit, Jose Nazario, 14:31
- Re: Java script exploit, 3APA3A, 14:31
- Re: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines., 3APA3A, 14:20
- [Full-disclosure] RE: Latest wu-ftpd exploit :-s, Ronald van der Westen, 13:30
- [Full-disclosure] [ GLSA 200602-10 ] GnuPG: Incorrect signature verification, Thierry Carrez, 10:09
- [ MDKSA-2006:040 ] - Updated kernel packages fix multiple vulnerabilities, security, 03:26
- Java script exploit, gandalf, 02:36
- BCS Asia 2006 - Call for Papers, Jim Geovedi, 01:36
- Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines., porkythepig, 00:45
- [eVuln] CALimba Authentication Bypass Vulnerability, alex, 00:15
February 17, 2006
- Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability, pagvac, 23:45
- Sending exact replicas of Distributed.net's worked OGR project files could increase individual's stats., spoilt . jesus, 22:14
- [OpenPKG-SA-2006.001] OpenPKG Security Advisory (gnupg), OpenPKG, 20:54
- [eVuln] SmE GB Host Authentication Bypass Vulnerability, alex, 18:53
- [eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities, alex, 18:32
- Re: dotproject <= 2.0.1 remote code execution, Adam Donnison, 17:52
- [Full-disclosure] Re: First WMF mass mailer ItW (phishing Trojan), Lance James, 17:42
- Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution, Bharat Mediratta, 17:22
- [security bulletin] SSRT051023 rev.6 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, security-alert, 16:52
- Re: memory leak in IE?, bcrawfordjr, 16:01
- Bugs/Security issues with PatchLink's Update Server, Brian Boner, 15:51
- Internet Explorer Phishing mouseover issue, gandalf, 15:01
- RUNCMS 1.3a SQL injection, h e, 14:51
- SNORT Incorrect fragmented packet reassembly, siouxsie, 14:31
- False positive signature verification in GnuPG, Werner Koch, 14:11
- Re: Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability, federico . alice, 13:50
- [eVuln] Scriptme products BBCode 'url' XSS Vulnerability, alex, 13:30
- [Full-disclosure] [USN-253-1] heimdal vulnerability, Martin Pitt, 12:40
- [Full-disclosure] [USN-252-1] gnupg vulnerability, Martin Pitt, 12:40
- Re: Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., Paul Laudanski, 09:07
- Re: Vulnerabilites in new laws on computer hacking, Glynn Clements, 08:47
February 16, 2006
- [Full-disclosure] Soldier of Fortune II format string through PunkBuster 1.180, Luigi Auriemma, 19:31
- RE: Vulnerabilites in new laws on computer hacking, Craig Wright, 19:21
- PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions), rgod, 18:51
- [Full-disclosure] [ GLSA 200602-09 ] BomberClone: Remote execution of arbitrary code, Thierry Carrez, 18:10
- Winamp .m3u fun again ;), Sowhat, 18:00
- [Full-disclosure] [ GLSA 200602-08 ] libtasn1, GNU TLS: Security flaw in DER decoding, Thierry Carrez, 17:50
- Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability, federico . alice, 17:40
- [Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform, D.Snezhkov, 17:20
- [eVuln] PHP Event Calendar XSS & User's Data Corruption Vulnerabilities, alex, 15:39
- Critical SQL Injection PHPNuke <= 7.8 - Your_Account module, sp3x, 15:29
- D-Link DWL-G700AP httpd DoS, innate, 15:19
- RE: Vulnerabilites in new laws on computer hacking, Marcus J. Ranum, 15:09
- [Full-disclosure] [USN-251-1] libtasn vulnerability, Martin Pitt, 14:59
- Re: Vulnerabilites in new laws on computer hacking, Radoslav DejanoviÄ, 14:59
- What is the state of vulnerability research?, Steven M. Christey, 14:18
- Re: MyBB 1.03 Multible xss and sql injections, security, 14:08
- [Full-disclosure] Critical SQL Injection PHPNuke <= 7.8 - Your_Account module, SecurityReason - sp3x, 13:58
- Re: Vulnerabilites in new laws on computer hacking, Paul Schmehl, 13:58
- Windows Media Player BMP Heap Overflow (MS06-005), atmaca, 13:48
- Openwall GNU/*/Linux (Owl) 2.0 release, Solar Designer, 13:28
- [Full-disclosure] First WMF mass mailer ItW (phishing Trojan), Gadi Evron, 12:07
- Re: [Full-disclosure] Internet Explorer drag&drop 0day, Markus, 11:26
- Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0, Rainer Duffner, 08:45
- [Full-disclosure] Winamp .m3u fun again ;), Sowhat, 06:14
- [myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS, addmimistrator, 01:42
- Security advisory: Windows IME Vulnerability (MS06-009), Ryan Lee, 01:32
- Re: [Full-disclosure] Internet Explorer drag&drop 0day, Markus, 01:02
February 15, 2006
- Re: Everyone's loginName variable Cross Site Scripting Vulnerability, btn, 23:31
- [myimei]MyBB 1.0.3~private.php~multiple SqlInjection, addmimistrator, 21:00
- Re: dotproject <= 2.0.1 remote code execution, Adam Donnison, 20:30
- [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities, alex, 20:10
- [Full-disclosure] Re: What can a Remote Vulnerability Scanner do in Future?, Aaron, 20:10
- honeyd security advisory: remote detection, Niels Provos, 19:49
- [security bulletin] SSRT051045 rev.2 - HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access, security-alert, 19:49
- MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS, addmimistrator, 19:39
- [security bulletin] SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal, security-alert, 19:09
- Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0, Aaron, 18:49
- [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities, alex, 18:28
- [eVuln] My Blog BBCode XSS Vulnerabilities, alex, 18:08
- XMB Forums Multiple Vulnerabilities, GulfTech Security Research, 17:38
- Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT, edubp2002, 17:07
- Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution, info, 16:36
- Re: Latest wu-ftpd exploit :-s, Ragnar Paulson, 16:16
- Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit, Cristian Stoica, 16:06
- Re: Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., sudd3n_death, 15:55
- CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC, Leandro Meiners, 15:45
- Vulnerabilites in new laws on computer hacking, self-destruction, 15:25
- CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC, Leandro Meiners, 14:55
- [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4, bugtraq, 14:55
- [myimei]WordPress2.0.0~autorswebsite~XSS attack, addmimistrator, 14:35
- PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14, PostgreSQL Security, 13:54
- [Full-disclosure] [USN-248-2] unzip regression fix, Martin Pitt, 11:03
- [Full-disclosure] Kadu Remote Denial Of Service Fun, Piotr Bania, 10:12
- [Full-disclosure] [ Secuobs - Advisory ] Another kind of DoS on Nokia cell phones, Infratech Research, 06:27
- [Full-disclosure] [USN-250-1] Linux kernel vulnerability, Martin Pitt, 06:07
- [Full-disclosure] [USN-249-1] xpdf/poppler/kpdf vulnerabilities, Martin Pitt, 06:07
- [Full-disclosure] [USN-248-1] unzip vulnerability, Martin Pitt, 06:07
February 14, 2006
- [Full-disclosure] [ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation, Stefan Cornelius, 23:34
- [Full-disclosure] [EEYEB-20051017] Windows Media Player BMP Heap Overflow, eEye Advisories, 20:13
- MyBB 1.03 Multible xss and sql injections, s2b, 16:41
- memory leak in IE?, David Cross, 16:31
- XSS bugs and SQL injection in sNews, Alexander Hristov, 16:21
- dotproject <= 2.0.1 remote code execution, r . verton, 16:11
- [waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions, come2waraxe, 16:00
- SQL injection in PHP Classifieds 6.20, audun . larsen, 15:50
- [Full-disclosure] iDefense Security Advisory 02.14.06: Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 15:40
- [Full-disclosure] iDefense Labs Quarterly Hacking Challenge, labs-no-reply@idefense.com, 14:50
- [ MDKSA-2006:039 ] - Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities, security, 14:39
- eStara SIP softphone several message-processing vulnerabilities, zwell, 14:19
- [Full-disclosure] Re: On the "0-day" term, Gadi Evron, 09:17
- [Full-disclosure] Re: Latest wu-ftpd exploit :-s, Marco Monicelli, 07:06
- Re: [Full-disclosure] On the "0-day" term, Jason Coombs, 04:04
- Re: [Full-disclosure] Internet Explorer drag&drop 0day, Markus, 04:04
- [Full-disclosure] On the "0-day" term, Steven M. Christey, 03:44
February 13, 2006
- Re: [Full-disclosure] Latest wu-ftpd exploit :-s, John Smith, 23:42
- [Full-disclosure] Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd), Matthew Murphy, 22:11
- [Full-disclosure] Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd), Matthew Murphy, 22:01
- Re: Folder Guard password protection bypass, Stan Bubrouski, 22:01
- EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution, rgod, 21:41
- New winamp m3u/pls .WMA & .M3U Extension overflows, b0fnet, 21:31
- XSS vulnerability in guestbook-php-script, Micha Borrmann, 19:19
- Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability, federico . alice, 19:19
- Folder Guard password protection bypass, ShadowBeast, 17:49
- [Full-disclosure] [ GLSA 200602-06 ] ImageMagick: Format string vulnerability, Thierry Carrez, 17:38
- Everyone's loginName variable Cross Site Scripting Vulnerability, simo, 17:08
- Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit, unsecure, 16:47
- [eVuln] phpstatus Authentication Bypass, alex, 16:37
- Re: Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:, please-use-the-support-forum, 16:27
- [eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities, alex, 15:47
- [eVuln] phphd Multiple Vulnerabilities, alex, 15:37
- DB_eSession deleteSession() SQL injection, GulfTech Security Research, 15:16
- DocMGR <= 0.54.2 arbitrary remote inclusion, rgod, 14:46
- Re: [Full-disclosure] Internet Explorer drag&drop 0day, Gadi Evron, 11:55
- Re: [Full-disclosure] Internet Explorer drag&drop 0day, Thierry Zoller, 10:24
- [Full-disclosure] Internet Explorer drag&drop 0day, Gadi Evron, 10:24
- [Full-disclosure] Latest wu-ftpd exploit :-s, Mark Heiligen, 09:44
- [Full-disclosure] URL filter bypass in Fortinet, Mathieu Dessus, 05:32
- [Full-disclosure] Bypass Fortinet anti-virus using FTP, Mathieu Dessus, 05:32
- Re: [Full-disclosure] Comment Spam: new trends, failing counter-measures and why it's a big deal, Michael Silk, 02:11
February 12, 2006
- [Full-disclosure] Comment Spam: new trends, failing counter-measures and why it's a big deal, Gadi Evron, 23:40
- [Full-disclosure] Re: What can a Remote Vulnerability Scanner do in Future?, Tim Nelson, 22:39
- [Full-disclosure] [ GLSA 200602-05 ] KPdf: Heap based overflow, Thierry Carrez, 15:06
- [Full-disclosure] [ GLSA 200602-04 ] Xpdf, Poppler: Heap overflow, Thierry Carrez, 14:46
February 11, 2006
- imageVue16.1 upload vulnerability, zjieb, 21:08
- [Full-disclosure] RS-2006-1: Multiple flaws in VHCS 2.x, Roman Medina-Heigl Hernandez, 18:37
- [eVuln] phphg Guestbook Multiple Vulnerabilities, alex, 18:27
- [eVuln] phpht Topsites Multiple Vulnerabilities, alex, 18:17
- [Full-disclosure] RR Donnelley & Sons - Security Contact, Terminal Entry, 16:57
- HiveMail <= 1.3 Multiple Vulnerabilities, GulfTech Security Research, 16:46
- Linpha <= 1.0 multiple arbitrary local inclusion, rgod, 16:36
- Corrupt Word file may cause buffer overflow in the Blackberry Attachment Service, lukew, 16:26
- [security bulletin] SSRT061108 rev.2 - HP Systems Insight Manager Remote Unauthorized Access - Directory Traversal, security-alert, 07:43
- SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007), Ludwig Nussel, 07:23
- [Full-disclosure] [USN-247-1] Heimdal vulnerability, Martin Pitt, 07:02
- Secunia Research: Lotus Notes Multiple Archive Handling Directory Traversal, Secunia Research, 06:22
- FarsiNews 2.5 Multiple Vulnerabilities, h e, 06:12
- [eVuln] GuestBookHost Authentication Bypass, alex, 04:52
- Secunia Research: Lotus Notes HTML Speed Reader Link Buffer Overflows, Secunia Research, 04:11
- runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package, rgod, 01:00
February 10, 2006
- TSLSA-2006-0006 - multi, Trustix Security Advisor, 23:50
- Secunia Research: Lotus Notes UUE File Handling Buffer Overflow, Secunia Research, 23:29
- RE: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0, Amin Tora, 21:18
- LayerOne 2006 - Event Update and Announcement, Layer One, 20:58
- Re: mailback script exploit, erik, 20:48
- [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities, alex, 20:18
- [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on Nokia cell phones, Infratech Research, 19:37
- [Full-disclosure] ARIN Security Contact, Terminal Entry, 19:27
- [Full-disclosure] iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability, labs-no-reply@idefense.com, 18:37
- CPAINT AJAX Library Cross Site Scripting, GulfTech Security Research, 18:27
- Secunia Research: Lotus Notes TAR Reader File Extraction Buffer Overflow, Secunia Research, 18:17
- Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0, Solar Designer, 16:46
- Re: CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion, noreply, 15:15
- Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow, Secunia Research, 14:54
- [security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol, security-alert, 14:34
- Secunia Research: IBM Lotus Domino iNotes Client Script Insertion Vulnerabilities, Secunia Research, 14:24
- [Full-disclosure] ProtoVer Sample LDAP testsuite release, Evgeny Legerov, 08:52
- Re: security contact @lycos.com, Greg Rubin, 02:29
- Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Mert SARICA, 01:49
February 09, 2006
- [security bulletin] SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access, security-alert, 21:07
- [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion, eufrato, 17:55
- John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0, Solar Designer, 17:25
- [ MDKSA-2006:038 ] - Updated groff packages fix temporary file vulnerabilities, security, 16:55
- [Full-disclosure] ProtoVer SSL: GnuTLS, Evgeny Legerov, 16:14
- CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion, rgod, 15:03
- [ MDKSA-2006:036 ] - Updated mozilla packages to address DoS vulnerability, security, 05:39
February 08, 2006
- WiredRed EPOP XSS Vulnerability, Adrian Castro, 23:05
- Re: Re: EasyCMS vulnerable to XSS injection., kim, 21:04
- [eVuln] PHP iCalendar File Inclusion Vulnerability, alex, 20:34
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield, 17:53
- Whomp Real Estate Manager XP 2005 Sql Injection, night_warrior771, 16:42
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, a, 15:52
- Re: [myimei]MyBB 1.0.2 XSS attack in search.php, Steven M. Christey, 15:11
- [ MDKSA-2006:037 ] - Updated mozilla-firefox packages to address DoS vulnerability, security, 14:01
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libAp ABLPATH Buffer Overflow Vulnerability, vendor-disclosure, 07:51
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS fontsleuth Command Format String Vulnerability, vendor-disclosure, 07:51
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS crttrap Arbitrary Library Loading Vulnerability, vendor-disclosure, 07:51
February 07, 2006
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS passwd Command Buffer Overflow, labs-no-reply@idefense.com, 21:26
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability, labs-no-reply@idefense.com, 21:16
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS su Command Buffer Overflow, labs-no-reply@idefense.com, 21:16
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 Local Denial of Service Vulnerability, labs-no-reply@idefense.com, 21:16
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phgrafx Command Buffer Overflow, labs-no-reply@idefense.com, 21:16
- [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts, addmimistrator, 21:16
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phfont Race Condition Vulnerability, labs-no-reply@idefense.com, 21:16
- [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libph PHOTON_PATH Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 21:06
- [myimei]MyBB 1.0.2 XSS attack in search.php, addmimistrator, 21:06
- Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., scott, 20:56
- Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., Paul Laudanski, 20:46
- eyeOS <= 0.8.9 Remote Code Execution, GulfTech Security Research, 20:35
- Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., Paul Laudanski, 20:35
- [ MDKSA-2006:035 ] - Updated php packages fix vulnerability, security, 20:15
- Arbitrary code execution via OProfile, Luís Miguel Silva, 20:15
- Re: High Risk Vulnerability in Lexmark Printer Sharing Service, KF (lists), 20:05
- High Risk Vulnerability in Lexmark Printer Sharing Service, NGSSoftware Insight Security Research, 15:32
- MyQuiz Arbitrary Command Execution Exploit (perl), irc0d3r, 15:22
- crypt_blowfish 1.0, Solar Designer, 15:12
- Re: security contact @lycos.com, sheeponhigh, 06:06
- [Full-disclosure] Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team, 02:04
- Re: Cross Site Cooking, Tim Nelson, 01:13
February 06, 2006
- [ MDKSA-2006:034 ] - Updated openssh packages fix vulnerability, security, 23:32
- [Full-disclosure] Re: CAIDA analysis on CME-24/BlackWorm, Nick FitzGerald, 22:42
- RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Prashant Meswani, 22:12
- (OLD) Eudora WorldMail 3.0 Windows 2000 Remote System Exploit, markus magnus, 21:51
- Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4)., h . z, 21:31
- mailback script exploit, coderpunk, 21:21
- Re: [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones, Stan Bubrouski, 20:41
- RE: cPanel Multiple Cross Site Scripting Vulnerability, Hamish Stanaway, 20:40
- Re: cleartext passwords get into log files, Damien Miller, 20:40
- cPanel 10 handle.html XSS Vulnerability, shell, 19:50
- Re: cleartext passwords get into log files, Ben Wheeler, 19:30
- Re: [KDE Security Advisory] kpdf/xpdf heap based buffer overflow, Dirk Mueller, 17:18
- [Full-disclosure] CAIDA analysis on CME-24/BlackWorm, Gadi Evron, 17:08
- PeopleSoft (Oracle) PSCipher Encryption Weakness, info, 15:57
- [Full-disclosure] [ GLSA 200602-03 ] Apache: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 15:37
- [Full-disclosure] [ GLSA 200602-02 ] ADOdb: PostgresSQL command injection, Sune Kloppenborg Jeppesen, 15:37
- [Full-disclosure] SECURITY.NNOV: The Bat! 2.x message headers spoofing, 3APA3A, 15:27
- Announcement: Domain Contamination By Amit Klein, contact, 15:17
- [Full-disclosure] [ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer, Research Infratech, 14:57
- DarkStarlings.com XSS Vulnerability, Will Boyce, 14:57
- [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones, Research Infratech, 14:46
- [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC, Research Infratech, 14:46
- Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under., chinchilla, 14:26
- [Full-disclosure] [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team, 11:34
- [Full-disclosure] What can a Remote Vulnerability Scanner do in Future?, Alice Bryson, 05:02
February 04, 2006
- Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, Stan Bubrouski, 17:51
- Re: Cross Site Cooking, Glynn Clements, 17:41
- cleartext passwords get into log files, innate, 17:31
- mwcollect Alliance Launch, Georg Wicherski, 17:31
- Re: security contact @lycos.com, while, 17:21
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, ad@heapoverflow.com, 17:11
- [Full-disclosure] ProtoVer LDAP vs CommuniGate Pro 5.0.7, Evgeny Legerov, 17:01
- [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities, alex, 17:01
- Issues with security software: orbicule.com "Undercover", Maximillian Dornseif, 16:51
- VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability, VSR Advisories, 15:30
- PluggedOut Blog SQL injection and XSS, h e, 14:10
- [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure, alireza hassani, 14:00
- sql injection in ASP Survey, mfoxhacker, 13:50
- LoudBlog <= 0.4 arbitrary remote inclusion, rgod, 13:40
- Internet Explorer remotely exploitable vulnerability in JScript's document.write() method, porkythepig, 12:49
- CyberShop Ultimate E-commerce Script Cross Site Scripting, B3g0k, 09:58
- Re: Blackboard Authentication Error, jeremy, 09:18
- Bug for libs in php link directory 2.0, Mario Oyorzabal Salgado, 06:47
February 03, 2006
- [eVuln] MyQuiz Arbitrary Command Execution Vulnerability, alex, 20:26
- Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, Stan Bubrouski, 20:06
- Re: Winamp 5.12 - 0day exploit - code execution through playlist, bart sikkes, 18:55
- Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Hugo van der Kooij, 18:35
- Outblaze Cross Site Scripting Vulnerability, simo, 18:15
- Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Henrik Krohns, 17:44
- [Full-disclosure] Blacklist defenses as a breeding ground for vulnerability variants, Steven M. Christey, 17:34
- Database Manager Default pass, fireboynet, 17:14
- AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability, shell, 17:14
- Exchangepop3 rcpt buffer overflow vulnerability, securma, 15:23
- Re: Cross Site Cooking, Yngve Nysaeter Pettersen, 15:03
- cPanel Multiple Cross Site Scripting Vulnerability, simo, 14:23
- Re: Re: Verified evasion in Snort, Dave Korn, 14:12
- Neomail Cross Site Scripting Vulnerability, simo, 14:02
- IronMail-5.0.1-Denial of-Service-Protection-Lets-Remote-Users-Deny-Service, mark, 14:02
- Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan., Mert Sarıca, 13:52
- [KDE Security Advisory] kpdf/xpdf heap based buffer overflow, Dirk Mueller, 13:42
- [ MDKSA-2006:033 ] - Updated OpenOffice.org packages fix issue with disabled hyperlinks, security, 13:31
- Re: New worm crawling trough blogs?!, Nick FitzGerald, 12:09
February 02, 2006
- [ MDKSA-2006:029 ] - Updated libast packages fixes buffer overflow vulnerability, security, 20:52
- [ MDKSA-2006:032 ] - Updated xpdf packages fixes heap-based buffer overflow vulnerability, security, 19:40
- [ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability, security, 19:30
- Re: Re: Verified evasion in Snort, anonpoet, 19:10
- Re: [Full-disclosure] Re: More on the workaround for the unpatched Oracle PLSQL Gateway flaw, Frank Knobbe, 18:39
- [SLAB] NetBSD / OpenBSD kernfs_xread patch evasion, SecurityLab Research, 18:39
- [Full-disclosure] Re: More on the workaround for the unpatched Oracle PLSQL Gateway flaw, Thor \(Hammer of God\), 18:39
- [ MDKSA-2006:030 ] - Updated poppler packages fixes heap-based buffer overflow vulnerability, security, 18:29
- CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities, Williams, James K, 17:31
- security contact @lycos.com, Spiros Antonatos, 16:40
- [Full-disclosure] More on the workaround for the unpatched Oracle PLSQL Gateway flaw, David Litchfield, 15:49
- [Full-disclosure] The History of the Oracle PLSQL Gateway Flaw, David Litchfield, 15:49
- Re: Blackboard Authentication Error, security-alerts, 14:49
- Re: Blackboard Authentication Error, Joshua Ogle, 14:18
- SoftMaker Shop is vulnerable to XSS, preben, 13:58
- Re: Blackboard Authentication Error, Johan A.van Zanten, 13:48
- Re: Buffer Overflow /Font on mIRC, D.C. van Moolenbroek, 13:28
- Black Hat USA CFP opens, Europe early bird reminder, Federal news, Jeff Moss, 12:57
- [ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities, security, 12:07
- Daffodil CRM - vulnerable to SQL-injection., preben, 02:13
February 01, 2006
- Fcrontab - memory corruption on heap., pi3ki31ny, 20:20
- FreeBSD Security Advisory FreeBSD-SA-06:08.sack, FreeBSD Security Advisories, 18:59
- Re: Verified evasion in Snort, mwatchinski, 18:29
- Re: MyCO multiple vulnerabilities, office, 18:19
- Re: Verified evasion in Snort, Thierry Zoller, 17:29
- RE: Buffer Overflow /Font on mIRC, Krpata, Tyler, 16:38
- [Full-disclosure] AshWebStudio AshNews Multiple Vulnerabilities, zeus olimpusklan, 16:38
- Re: Blackboard Authentication Error, George, 16:08
- Verified evasion in Snort, at, 15:27
- [Full-disclosure] iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability, labs-no-reply@idefense.com, 14:57
- [Full-disclosure] iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 14:57
- Re: Workaround for unpatched Oracle PLSQL Gateway flaw, x, 14:57
- [security bulletin] SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access, security-alert, 14:07
- ZRCSA-200601: SPIP - Multiple Vulnerabilities, research, 13:16
- [eVuln] SZUserMgnt Authentication Bypass, alex, 13:16
- Blackboard Authentication Error, jdo24, 12:56
- [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities, alex, 12:46