Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

March 31, 2006

[Full-disclosure] Kazaa, Ruiz, Rolando, 22:15
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking, botan, 19:33
DbbS<=2.0-alpha SQL injection, dabdoub-mosikar, 18:02
[Full-disclosure] Buffer-overflow and in-game crash in Zdaemon 1.08.01, Luigi Auriemma, 17:11
Re: Re: Cantv/Movilnet's Web SMS vulnerability., rrecabarren, 16:51
RE: Sudo tricks, Burton Strauss, 16:31
RE: recursive DNS servers DDoS as a growing DDoS problem, Geo., 16:00
EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability., Mustafa Can Bjorn IPEKCI, 16:00
Re: On classifying attacks, Gadi Evron, 15:40
Re: Sudo tricks, Javor Ninov, 15:40
Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow, vuln, 15:40
OSSTMM Security Analyst Training Live Stream on the Web, Pete Herzog, 15:30
RE: WebVulnCrawl searching excluded directories for hackable web servers, Michael Scheidell, 15:20
[security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 13:39
Black Hat Call for Papers and Registration now open, Jeff Moss, 13:09
MonAlbum 0.8.7 SQL Injection, undefined1, 13:09
Oxygen<=1.x.x SQL injection, dabdoub-mosikar, 12:59
Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow, Michal Zalewski, 05:43
Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow, michaelslists, 05:12
[Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow, vuln, 05:02

March 30, 2006

MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability, simo64, 18:26
Re: recursive DNS servers DDoS as a growing DDoS problem, Geo., 16:45
Re: recursive DNS servers DDoS as a growing DDoS problem, Stephen Samuel, 16:35
Re: recursive DNS servers DDoS as a growing DDoS problem, gboyce, 16:35
Re: recursive DNS servers DDoS as a growing DDoS problem, mike davis, 16:25
[security bulletin] HPSBUX02102 SSRT051078 rev.2 - HP-UX usermod(1M) Local Unauthorized Access., security-alert, 16:05
[security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS), security-alert, 16:05
[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files, Gerald (Jerry) Carter, 14:44
Smurfable Linux Kernel, Tomasz Chomiuk, 14:03
Re: On classifying attacks, David M Chess, 13:43
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio, 13:23
Buffer overflows in Dia XFig import, lars, 13:23
X-Changer <=v0.2 Demo SQL injection, dabdoub-mosikar, 13:13
[ MDKSA-2006:061 ] - Updated mailman packages fix DoS from badly formed mime multipart messages., security, 13:03

March 29, 2006

[Full-disclosure] EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability., Mustafa Can Bjorn IPEKCI, 22:06
[Full-disclosure] strip_tags() but not only vulnerability, Tõnu Samuel, 21:56
[Full-disclosure] Re: [MPlayer-users] [xfocus-SD-060329]MPlayer: Multiple integer overflows, Attila Kinali, 21:56
[Full-disclosure] [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd, Stefan Cornelius, 17:33
Full path disclosure in Webcalendar 1.1.0-CVS, crasher, 17:13
Re: Cantv/Movilnet's Web SMS vulnerability., raven, 16:52
PhxContacts <= 0.93.1 beta Multiple SQL injection & xss, dabdoub-mosikar, 16:20
Re: Re: phpBB 2.06 search.php SQL injection, fritz-li, 16:10
Re: Sudo tricks, Krzysztof Halasa, 16:00
[eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection, alex, 15:19
[eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability, alex, 15:09
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Jeff Rosowski, 15:09
Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation, Moritz Muehlenhoff, 14:38
XSS in PHPKIT Version 1.6.03, badnet_xoopiter, 14:28
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data, Tõnu Samuel, 14:17
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Tõnu Samuel, 05:43
[Full-disclosure] [HV-INFO] Enova hardware encryption: false sense of security, vuln, 05:03
[Full-disclosure] [xfocus-SD-060329]MPlayer: Multiple integer overflows, XFOCUS Security Team, 04:43
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Jasper Bryant-Greene, 01:51

March 28, 2006

Re: Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution, edubp2002, 22:59
Re: PHP-Stats <= 0.1.9.1 remote commands execution, nomail, 21:18
Re: Sudo tricks, Steven M. Christey, 20:58
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 20:28
Cantv/Movilnet's Web SMS vulnerability., Bugtraq @ SNSecurity, 19:27
Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution), Determina Secure, 18:47
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Tõnu Samuel, 18:47
[Full-disclosure] Resource to Report and Stop Phishing Scams, Paul Laudanski, 18:16
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Stefan Esser, 18:16
Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation, Matthew R. Dempsky, 18:06
Announcement: The Web Hacking Incidents Database, contact, 17:46
Re: On classifying attacks, Gadi Evron, 17:26
Re: SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons, secure, 17:16
Re: Sudo tricks, Thomas M. Payerle, 17:06
ArabPortal 2.0 Stable CrossSiteScripting, o . y . 6, 16:55
[Full-disclosure] Re: Critical PHP bug - act ASAP if you are runningweb with sensitive data, FuntKlakow, 16:55
Re: Microsoft Windows XP SP2 Firewall issue, Thor (Hammer of God), 16:55
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Casper . Dik, 16:35
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Tõnu Samuel, 16:25
Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability, Secunia Research, 16:25
XSS in AL-Caricatier, xx_hack_xx_2004, 16:15
Genius VideoCAM NB Local Privilege Escalation, beford, 16:05
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Geo., 16:05
[eVuln] Maian Support Authentication Bypass, alex, 15:55
[eVuln] Maian Events SQL Injection Vulnerability, alex, 15:35
VWar <= 1.5.0 R11 Remote Code Execution Exploit, uid0, 15:25
EEYE: Temporary workaround for IE createTextRange vulnerability, Marc Maiffret, 15:15
[Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Tõnu Samuel, 13:13

March 27, 2006

PHPLiveHelper 1.8 remote command execution (include) Xploit (perl), stormhacker, 23:17
SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons, secure, 22:37
Re: recursive DNS servers DDoS as a growing DDoS problem, Geo., 21:47
Re: Sudo tricks, Kyle Wheeler, 21:36
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Florian Weimer, 21:26
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Kurt Seifried, 21:16
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Pim van Riezen, 21:06
XSS & SQL Injection in Music Box v2.3, xx_hack_xx_2004, 20:56
Microsoft Windows XP SP2 Firewall issue, edubp2002, 20:46
Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov, 20:36
Re: PasswordSafe 3.0 weak random number generator allows key recovery attack, ronys, 20:26
Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection, dabdoub_mosikar, 20:06
[Full-disclosure] ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow, zdi-disclosures, 18:55
[Full-disclosure] ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow, zdi-disclosures, 18:55
[Full-disclosure] TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability, zdi-disclosures, 18:55
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Coleman Kane, 17:14
[Full-disclosure] [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl, Stefan Cornelius, 16:23
[eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities, alex, 14:43
[eVuln] DSLogin Authentication Bypass Vulnerability, alex, 14:33
HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS, h4cky0u . org, 14:12
HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities, h4cky0u . org, 14:02
CanfTool v1.1 Cross Site Scripting Attack, botan, 13:51
nuked-klan<=1.7.5 SQL Injection, dabdoub_mosikar, 13:30
SQL injection in VGM Forbin., mfoxhacker, 13:20
AkoComment SQL injection vulnerability, Stefan Keller, 13:10
HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution, Security Alert, 13:00
SQL Injection in SaphpLesson2.0, xx_hack_xx_2004, 12:50
[Full-disclosure] [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities, Matteo Beccati, 06:06

March 26, 2006

[Full-disclosure] [ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability, Matthias Geerdsen, 19:22

March 25, 2006

UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection, dabdoub_mosikar, 22:24
Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron, 21:13
Re: recursive DNS servers DDoS as a growing DDoS problem, MaddHatter, 21:13
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Eric Allman, 21:02
Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), bifta04, 20:52
Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll), dgtlscrm, 20:42
[eVuln] DSDownload Multiple SQL Injection Vulnerabilities, alex, 20:22
[eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability, alex, 20:22
Systrace 1.6: Phoenix Release, Niels Provos, 20:12
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 20:02
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), D.F.Russell, 20:01
Re: Sudo tricks, Dave Korn, 19:41
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Casper . Dik, 09:27
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Todd Burroughs, 07:16
Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 01:03

March 24, 2006

[Full-disclosure] RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Michael A Fusaro II, 22:53
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, Tavis Ormandy, 22:22
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Theo de Raadt, 21:42
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 21:32
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Theo de Raadt, 21:01
Re: Vulnerability Alert Services - Independent List, Juha-Matti Laurio, 20:51
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Theo de Raadt, 20:20
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, Chris Gianelloni, 20:00
VihorDesing Script Remote Command Exucetion And Cross Scripting Attack, botan, 19:50
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Martin Schulze, 19:30
HeffnerCMS Remote Command Exucetion And Cross Scripting Attack, botan, 19:20
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 17:58
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 17:48
Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities], Gadi Evron, 17:48
Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 17:48
[Full-disclosure] RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Andrew Florjancic, 17:48
Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability, Secunia Research, 15:17
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, neeko, 15:07
[Full-disclosure] [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro, D.Snezhkov, 15:07
[security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS), security-alert, 14:57
[eVuln] DSNewsletter SQL Injection Vulnerability, alex, 14:47
[eVuln] DSPoll Multiple SQL Injection Vulnerabilities, alex, 14:37
On product vulnerability history and vulnerability complexity, Steven M. Christey, 14:26
[eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities, alex, 14:06
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Eric Allman, 13:46
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Claus Assmann, 13:26
[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability, security, 13:06
Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities], Valdis . Kletnieks, 08:34
w3wp remote DoS, Debasis Mohanty, 03:32
Re: recursive DNS servers DDoS as a growing DDoS problem, Chris Thompson, 03:11
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Tim, 03:01
Vulnerabilitiy found in comodo hacker guardian free scan., sk8boardkid, 03:01
Digital Armaments April-2006 Hacking Challenge: Oracle Database, info, 02:41
Re: PHP-Stats <= 0.1.9.1 remote commands execution, freesitealessandro, 02:31
Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), purplebag, 02:31
Re: Linux zero IP ID vulnerability?, GomoR, 02:31
[Full-disclosure] [FLSA-2006:186277] Updated sendmail packages fix security issues, Jesse Keating, 02:21
[Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Theo de Raadt, 02:21
Sudo tricks, John Richard Moser, 02:11
Popup Blocker Bypass Script, James C. Slora, Jr., 02:01
Re: PasswordSafe 3.0 weak random number generator allows key recovery attack, Dave Korn, 01:51
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0, Kyle Sallee, 01:41
ArabPortal 2.0 Stable [ Full Patch Disclosure ], o . y . 6, 01:31
Re: Linux zero IP ID vulnerability?, Marco Ivaldi, 01:31
Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability, Secunia Research, 01:00
Secunia Research: Microsoft Internet Explorer "createTextRange()" Code Execution, Secunia Research, 00:50

March 23, 2006

[Full-disclosure] iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability, labs-no-reply, 21:19
[Full-disclosure] iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability, labs-no-reply, 21:19
Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution, advisories, 20:48
[SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities, Moritz Muehlenhoff, 20:38
[Full-disclosure] [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation, Sune Kloppenborg Jeppesen, 20:38
Vulnerability Alert Services - Independent List, Andy Cuff, 20:28
Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Dragos Ruiu, 18:36
PasswordSafe 3.0 weak random number generator allows key recovery attack, info, 18:16
[KAPDA::#37] - CoMoblog XSS, farhadkey, 16:45
Re: sendmail vuln advisories (CVE-2006-0058), Michal Zalewski, 14:43
[Full-disclosure] Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability, Renaud Lifchitz, 14:23
[ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities, security, 13:42
[ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability, security, 13:02
sendmail vuln advisories (CVE-2006-0058), Marc Bejarano, 12:51
[Full-disclosure] [USN-265-1] cairo/Evolution library vulnerability, Martin Pitt, 12:11
[Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities], Gadi Evron, 09:10
[Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Gadi Evron, 08:10
[Full-disclosure] Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow, Stefan Esser, 06:28

March 22, 2006

[Full-disclosure] [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities, Sune Kloppenborg Jeppesen, 21:34
[OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail), OpenPKG, 20:13
[Full-disclosure] [HV-PAPER] Security Product Evaluation Tips, vuln, 20:03
SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017), Thomas Biege, 18:32
[Full-disclosure] [ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals, Sune Kloppenborg Jeppesen, 18:22
Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail, Jose Nazario, 18:12
PHP Live! XSS status_image.php, kspecial, 17:22
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0, Alan Coopersmith, 16:51
FW: [Full-disclosure] IE crash, Terminal Entry, 16:41
cutenews 1.4.1 Arbitrary File Access, h e, 16:21
WinHKI 1.6x Archive Extraction Directory traversal, h e, 16:11
DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack', KF (lists), 15:51
[eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability, alex, 15:30
FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec, FreeBSD Security Advisories, 15:20
[Full-disclosure] Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses, Suport Account, 15:10
FreeBSD Security Advisory FreeBSD-SA-06:12.opie, FreeBSD Security Advisories, 15:10
FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail, FreeBSD Security Advisories, 15:00
[Full-disclosure] IE crash, Stelian Ene, 07:37

March 21, 2006

Mini-Nuke<=1.8.2 SQL injection (6), dabdoub_mosikar, 21:43
Free Articles Directory Remote Command Exucetion, botan, 20:12
[Full-disclosure] [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution, Sune Kloppenborg Jeppesen, 19:41
[Full-disclosure] ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities, nukedx, 19:11
[Full-disclosure] [ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs, Matthias Geerdsen, 19:11
Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks., Hugo Fortier, 15:48
Cisco Aironet 1300 DoS condition, Alex, 15:38
XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others), alfy, 15:27
[Full-disclosure] [ GLSA 200603-18 ] Pngcrush: Buffer overflow, Sune Kloppenborg Jeppesen, 11:45
[Full-disclosure] [ GLSA 200603-17 ] PeerCast: Buffer overflow, Sune Kloppenborg Jeppesen, 11:35

March 20, 2006

CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script, CORE Security Technologies Advisories, 23:51
[ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability, security, 23:30
Re: Invision Power Board v2.1.4 - session hijacking, Hans Wolters, 21:49
Perverting Unix Processes, Pluf, 21:39
[ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln, security, 21:19
Re: Invision Power Board v2.1.4 - session hijacking, Bill Nash, 20:39
RE: Generically Determining the Prescence of Virtual Machines, Thomas Guyot-Sionnest, 20:18
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0, H D Moore, 19:58
Symantec Security Advisory, SYM06-005, secure, 19:48
Re: Invision Power Board v2.1.4 - session hijacking, exon, 19:28
Re: Invision Power Board v2.1.4 - session hijacking, exon, 19:17
Re: Re: Invision Power Board v2.1.4 - session hijacking, matt, 19:07
RE: Generically Determining the Prescence of Virtual Machines, Burton Strauss, 18:57
Re: recursive DNS servers DDoS as a growing DDoS problem, Michael Sierchio, 18:47
[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0, Daniel Stone, 17:16
Re: Latest MS patches kill wireless networking?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 16:46
Re: Generically Determining the Prescence of Virtual Machines, Jeff Epler, 16:36
Re: Remote overflow in MSIE script action handlers (mshtml.dll), c0redump, 16:06
Re: CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior, Jan Schneider, 15:55
Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000, justint, 15:45
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Bram Matthys (Syzop), 15:35
Re: Remote overflow in MSIE script action handlers (mshtml.dll), Steve Shockley, 15:35
Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll), Phil Frederick, 15:25
Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck, 14:45
phpWebsite <= SQL Injection (friend.php) & (article.php), dabdoub_mosikar, 14:35
[security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access, security-alert, 13:34
[security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert, 13:14
[security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access, security-alert, 13:04
ExtCalendar v1.0 Multiple Xss Vuln, Soothackers, 12:34

March 18, 2006

[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Manuel Moreno Leiva, 21:49
Re: Latest MS patches kill wireless networking?, Phil Frederick, 19:08
Re: WebVulnCrawl searching excluded directories for hackable web servers, Peter Conrad, 17:57
Re: Latest MS patches kill wireless networking?, Matt Ostiguy, 17:47
Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities, nukedx, 17:06
[Full-disclosure] Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities, nukedx, 17:06
Xss in Wbb 2.3.4, r57shell, 15:25
Contrexx CMS Xss Vuln, Soothackers, 15:05
[Full-disclosure] IMF 2006 - 2nd Call for Papers, Oliver Goebel, 11:04
[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Konstantine, 04:11
MyBB 1.10 Full Path Disclosure, o . y . 6, 03:01
Microsoft Commerce Server 2002: Logon as known user with a false password, Dimitri, 02:51
Re: Linux zero IP ID vulnerability?, Marco Ivaldi, 01:50
[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities, alex, 01:20
Oxynews Sql İnjection, r00t3rr0r, 01:00
Re: Remote overflow in MSIE script action handlers (mshtml.dll), Jamie Riden, 00:29

March 17, 2006

Re: Remote overflow in MSIE script action handlers (mshtml.dll), Master Phoxpherus, 23:29
Re: Remote overflow in MSIE script action handlers (mshtml.dll), Michal Zalewski, 23:19
Re: recursive DNS servers DDoS as a growing DDoS problem, Robert Story, 22:48
[Full-disclosure] DNS Amplification Attacks, Gadi Evron, 22:38
Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll), Nazca, 22:28
Re: Remote overflow in MSIE script action handlers (mshtml.dll), c0redump, 21:58
Generically Determining the Prescence of Virtual Machines, valsmith, 20:06
Symantec Security Advisory SYM06-004, secure, 19:26
XSS IN Invision Power Board, ???? ????, 19:16
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Robert Story, 18:46
Re: GnuPG weak as one guy with a spare laptop., Forrest J. Cavalier III, 18:26
[Full-disclosure] [ GLSA 200603-16 ] Metamail: Buffer overflow, Stefan Cornelius, 16:55
[Full-disclosure] [ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector, Stefan Cornelius, 16:35
[Full-disclosure] [ GLSA 200603-14 ] Heimdal: rshd privilege escalation, Stefan Cornelius, 16:15
Re: GnuPG weak as one guy with a spare laptop., obnoxious, 16:05
[Full-disclosure] [ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass, Stefan Cornelius, 16:05
[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Hariharan, 14:18
[Full-disclosure] RE: Remote overflow in MSIE script action handlers (mshtml.dll), David Schenz, 14:08
[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Tomasz Onyszko, 14:08
[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Daniel Bonekeeper, 14:08
[Full-disclosure] XCon2006 Call For Paper, XFOCUS Security Team, 08:45
[Full-disclosure] Re: Remote overflow in MSIE script action handlers (mshtml.dll), Michal Zalewski, 06:14
[Full-disclosure] Fedora Legacy Server Outage, Marc Deslauriers, 02:53

March 16, 2006

[Full-disclosure] [FLSA-2006:178606] Updated kdelibs packages fix security issues, Marc Deslauriers, 23:30
[Full-disclosure] [FLSA-2006:174479] Updated libungif packages fix security issues, Marc Deslauriers, 23:30
[Full-disclosure] [FLSA-2006:175404] Updated xpdf package fixes security issues, Marc Deslauriers, 23:20
[Full-disclosure] [FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues, Marc Deslauriers, 23:20
[Full-disclosure] [FLSA-2006:157459-3] Updated kernel packages fix security issues, Marc Deslauriers, 23:20
[Full-disclosure] [FLSA-2006:157459-4] Updated kernel packages fix security issues, Marc Deslauriers, 23:20
[Full-disclosure] [FLSA-2006:157459-2] Updated kernel packages fix security issues, Marc Deslauriers, 23:20
[Full-disclosure] [FLSA-2006:157459-1] Updated kernel packages fix security issues, Marc Deslauriers, 23:20
Re: Remote overflow in MSIE script action handlers (mshtml.dll), Daniel Bonekeeper, 20:17
Re: Remote overflow in MSIE script action handlers (mshtml.dll), Michal Zalewski, 20:07
Remote overflow in MSIE script action handlers (mshtml.dll), Michal Zalewski, 19:16
Re: Invision Power Board v2.1.4 - session hijacking, Hans Wolters, 18:35
Re: Linux zero IP ID vulnerability?, Andrea Purificato - bunker, 18:25
Re: Invision Power Board v2.1.4 - session hijacking, matt, 15:42
Re: Invision Power Board v2.1.4 - session hijacking, Peter Conrad, 15:22
[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution, Moritz Muehlenhoff, 15:12
[Full-disclosure] [ GLSA 200603-12 ] zoo: Buffer overflow, Stefan Cornelius, 08:28
[Full-disclosure] [ GLSA 200603-11 ] Freeciv: Denial of Service, Stefan Cornelius, 08:18
Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability, ad@heapoverflow.com, 07:28
Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability, eyas, 03:55
[Full-disclosure] Milkeyway Multiple Vulnerabilities, ascii, 00:44

March 15, 2006

[Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability, Thierry Zoller, 22:23
[Full-disclosure] Vulnerability fixed in E-gold, 3APA3A, 20:42
Vulnerability in e-gold, shurik . f, 20:22
Re: Sasser variant that effects 2k3 SP1 completely updated?, Robert J. Stull, 20:12
Re: Latest MS patches kill wireless networking?, James Garrison, 20:02
Latest MS patches kill wireless networking?, James Garrison, 19:52
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit, anonymous, 19:42
Re: Linux zero IP ID vulnerability?, Marco Ivaldi, 19:21
Invision Power Board v2.1.4 - session hijacking, Hans Wolters, 19:14
GnuPG weak as one guy with a spare laptop., Forrest J. Cavalier III, 19:04
Re: Purple Paper: Exegesis Of Virtual Hosts Hacking, Anders Henke, 18:54
[KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection, addmimistrator, 18:44
[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login, addmimistrator, 18:34
[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details, addmimistrator, 18:24
Sasser variant that effects 2k3 SP1 completely updated?, Andrew Weaver, 18:14
FW: call for speakers and thoughts on VoIP Security - there's a long way to go!, Ken Kousky, 18:14
Secunia Research: Adobe Document/Graphics Server File URI Resource Access, Secunia Research, 17:43
[eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities, alex, 16:32
CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior, CodeScan Labs, 15:12
CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net, CodeScan Labs, 14:01
Re: histhost v1.0.0 xss and possible rmdir, Chris Kuethe, 13:10
[Full-disclosure] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability, XFOCUS Security Team, 03:05
SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata, CS_Advisories Mailbox, 00:54

March 14, 2006

[Full-disclosure] [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution, vuln, 23:33
[Full-disclosure] WLSI - Windows Local Shellcode Injection - Paper, Cesar, 22:32
Fortinet Security Advisory: FSA-2006-08, Fortinet Research, 20:39
Fortinet Security Advisory: FSA-2006-09, Fortinet Research, 20:29
Re: histhost v1.0.0 xss and possible rmdir, Steven M. Christey, 19:58
High Risk Vulnerability in Microsoft Excel, NGSSoftware Insight Security Research, 19:37
[Full-disclosure] ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability, zdi-disclosures, 19:07
[eVuln] CyBoards PHP Lite SQL Injection Vulnerability, alex, 18:26
Linux zero IP ID vulnerability?, Marco Ivaldi, 18:16
DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow', KF (lists), 14:53
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem, Keith Morgan, 14:13
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, MÃns Nilsson, 02:47
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Keith T. Morgan, 02:47
[Full-disclosure] [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue, Uwe Hermann, 00:26
[Full-disclosure] [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue, Uwe Hermann, 00:26
[Full-disclosure] [DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue, Uwe Hermann, 00:26
[Full-disclosure] [DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue, Uwe Hermann, 00:26

March 13, 2006

[ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability, security, 22:32
Re: Coppermine exploit used by a Chase Phish?, Nexus, 15:55
[INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability, dong-hun you, 15:45
[Full-disclosure] ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability, zdi-disclosures, 15:35
WMNews Cross Site Scripting, exalibur33, 15:24
Secunia Research: Dwarf HTTP Server Source Disclosure and Cross-Site Scripting, Secunia Research, 15:14
Secunia Research: unalz Filename Handling Directory Traversal Vulnerability, Secunia Research, 15:04
Kerio MailServer bugfun, Evgeny Legerov, 14:34
[eVuln] Vegas Forum SQL Injection Vulnerability, alex, 14:34
directory traversal Fixed in DirectContact 0.3c, lionel, 13:54
[Full-disclosure] [USN-264-1] gnupg vulnerability, Martin Pitt, 11:53
[Full-disclosure] [USN-263-1] Linux kernel vulnerabilities, Martin Pitt, 08:01

March 12, 2006

[Full-disclosure] [USN-262-1] Ubuntu 5.10 installer password disclosure, Martin Pitt, 21:56
[Full-disclosure] [ GLSA 200603-10 ] Cube: Multiple vulnerabilities, Stefan Cornelius, 21:46
[Full-disclosure] Buffer Overflow and Installation Script Error in Firebird 1.5.3, Joxean Koret, 18:55
[Full-disclosure] [ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection, Stefan Cornelius, 18:35
[Full-disclosure] Multiple vulnerabilities in ENet library (Jul 2005), Luigi Auriemma, 17:55

March 11, 2006

Jupiter CMS <= 1.1.5 multiple XSS attack vectors., zerogue, 19:30
AntiVir PersonalEdition Classic: Local Privilige Escalation, Ramon 'ports' Kukla, 19:20
SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit, rod hedor, 19:10
Copy protection scheme SafeDisc allows privilege escalation, yourname, 19:10
XSS in vCard, xx_hack_xx_2004, 19:00
Coppermine exploit used by a Chase Phish?, Paul Laudanski, 19:00
[Full-disclosure] Re: Dropbear SSH server Denial of Service, Damien Miller, 01:23
CoreNews 2.0.1 Remote Command Exucetion, botan, 00:13

March 10, 2006

Re: Dropbear SSH server Denial of Service, il80r, 20:01
[Full-disclosure] [ GLSA 200603-08 ] GnuPG: Incorrect signature verification, Thierry Carrez, 19:00
[Full-disclosure] [ GLSA 200603-07 ] flex: Potential insecure code generation, Thierry Carrez, 18:30
[KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability, alireza hassani, 17:29
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit, Don Voita, 17:19
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit, scaturan, 17:09
Re: recursive DNS servers DDoS as a growing DDoS problem, Ventsislav Genchev, 16:48
RE: Purple Paper: Exegesis Of Virtual Hosts Hacking, Craig Wright, 16:38
Re: Thomson SpeedTouch 500 modems vulnerable to XSS, dford, 16:38
GnuPG does not detect injection of unsigned data, Werner Koch, 16:08
[Full-disclosure] [ GLSA 200603-06 ] GNU tar: Buffer overflow, Thierry Carrez, 16:08
[eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities, alex, 15:48
Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm, Zone Labs Product Security, 14:37
[ MDKSA-2006:035-1 ] - Updated php packages fix vulnerability, security, 14:27
[Full-disclosure] Re: Dropbear SSH server Denial of Service, Matt Johnston, 14:17
[KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow, Dirk Mueller, 13:57
[Full-disclosure] [USN-261-1] PHP vulnerabilities, Martin Pitt, 12:16

March 09, 2006

Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit, scaturan, 20:18
n8cms 1.1 & 1.2 version Sql İnjection And XSS, liz0, 19:58
PHP Advanced Transfer Manager Download users password hashes, liz0, 19:38
PHP Upload Center Download users password hashes And phpshell Upload, liz0, 19:28
DVguestbook 1.0 And 1.2.2 Cross Site Scripting, liz0, 19:18
UnrealIRCd3.2.3 Server-Link Denial of Service, admin, 19:08
[Full-disclosure] Advisory: Jiros Banner Experience Pro Remote Privilege Escalation., nukedx, 18:37
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8, omega13a, 18:07
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8, omega13a, 17:57
Aluria/WhenU Troubled Past and Whitewashing History, Paul Laudanski, 17:57
Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000, reedarvin, 17:36
Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, no_reply, 17:26
RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit, securma, 17:06
Re: a worm for mediaWiki??, Michael Rice, 16:56
txtForum: Script Injection Vulnerability, enji, 16:46
txtForum: Multiple XSS Vulnerabilities, enji, 16:26
MyBloggie: Multiple XSS Vulnerabilities, enji, 16:16
DCP Portal: Multiple XSS Vulnerabilities, enji, 15:56
ADP Forum 2.0,* script İnjection, liz0, 15:35
Remote access to NeuSecure/Netcool backend database via web interface credentials leakage, D.Snezhkov, 15:35
M-Phorum Cross Site Scripting, codexploder, 15:15
INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow, infocus, 14:55
HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit, h4cky0u . org, 14:45
Easy File Sharing Web Server Multiple Vulnerablilities, revnic, 14:45
[SECURITY] [DSA 989-1] New zoph packages fix SQL injection, Moritz Muehlenhoff, 14:25
nCipher Advisory #14: Presence of flaws in firmware security, nCipher Support, 14:15
nCipher Advisory #13: CBC-MAC IV misleading programming interface, nCipher Support, 14:05
nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys, nCipher Support, 13:55
Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000, 3APA3A, 13:34
[Full-disclosure] Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities, 0o_zeus_o0 security-mx.org, 01:19

March 08, 2006

H&R Block contact - SOLVED, Fixer, 21:07
[ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities, security, 20:57
18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000, Reed Arvin, 20:37
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Mark Senior, 20:17
Re: a worm for mediaWiki??, jredmond, 20:17
a worm for mediaWiki??, \"vitamona\", 19:36
[KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities, 3nitro, 17:35
RE: [Full-disclosure] PHP-based CMS mass-exploitation, hchemin, 17:35
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, gboyce, 17:25
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Security Lists, 16:14
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem, Geo., 15:54
[Full-disclosure] Cisco PIX embryonic state machine 1b data DoS, Konstantin V. Gavrilenko, 15:44
[Full-disclosure] Re: PHP-based CMS mass-exploitation, Paul Laudanski, 15:44
textfileBB <= 1.0 Multiple XSS, retard, 15:34
[Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoS problem, Ventsislav Genchev, 15:34
[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage, D.Snezhkov, 15:24
Re: AVG 7 granting Everyone Full Control to updated files... even its drivers, Matti Haack, 15:24
Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, no_reply, 15:14
[eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities, alex, 14:53
[security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS), security-alert, 14:43
CanSecWest/core06 Vancouver April 3-7, Dragos Ruiu, 14:23
[ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities, security, 14:03
RE: Cisco PIX embryonic state machine 1b data DoS, Randy Ivener (rivener), 13:02

March 07, 2006

[Full-disclosure] announcement: reporting and mitigating malicious websites and phishing, Gadi Evron, 22:05
Dropbear SSH server Denial of Service, Pablo Fernandez, 21:05
[Full-disclosure] [FLSA-2006:176751] Updated gpdf package fixes security issues, Marc Deslauriers, 21:05
[Full-disclosure] [FLSA-2006:168516] Updated pcre packages fix a security issue, Marc Deslauriers, 21:05
[Full-disclosure] [FLSA-2006:168264-2] Updated X.org packages fix security issue, Marc Deslauriers, 21:05
[Full-disclosure] [FLSA-2006:168264-1] Updated XFree86 packages fix security issues, Marc Deslauriers, 20:55
[Full-disclosure] capi4hylafax insecure manipulation with tmp files, Javor Ninov, 18:54
IE iFrame + Sun JVM + JS bug. Exploitable?, drguile, 17:33
[eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities, alex, 17:23
Loudblog 0.41 SQL Injection, Local file read/include, tzitaroth, 17:03
Purple Paper: Exegesis Of Virtual Hosts Hacking, unknown . pentester, 16:12
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Daniel Veditz, 15:52
Cpanel Path Disclosure Vulnerability, Silversmith, 15:42
[Full-disclosure] Cisco PIX embryonic state machine 1b data DoS, Konstantin V. Gavrilenko, 15:32
[Full-disclosure] Cisco PIX embryonic state machine TTL(n-1) DoS, Konstantin V. Gavrilenko, 15:32
Re: Various router DoS, bugtraq, 15:21
[Full-disclosure] Multiple vulnerabilities in Alien Arena 2006 GE 5.00, Luigi Auriemma, 15:11
IM Lock 2006 - Insecure Registry Permission Vulnerability, unsecure, 15:10
Re: SQL injection in Invision Power Board v2.1.5, mattmecham, 15:00
[SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution, Moritz Muehlenhoff, 14:59
PHP-based CMS mass-exploitation, Daniel Bonekeeper, 14:38
phpBannerExchange 2.0 Directory Traversal Vulnerability, h4cky0u . org, 14:28
link bank code execution and xss, retard, 14:18
RE: linksys router + irc DoS, Daniel Ramirez Valdez, 14:07
histhost v1.0.0 xss and possible rmdir, retard, 13:57
[Full-disclosure] [USN-260-1] flex vulnerability, Martin Pitt, 08:53

March 06, 2006

SQL injection in Invision Power Board v2.1.5, ???? ????, 20:47
SQL injection & XSS IN vbzoom v1.11, ???? ????, 20:27
Re: linksys router + irc DoS, Cade Cairns, 19:36
[Full-disclosure] [ GLSA 200603-05 ] zoo: Stack-based buffer overflow, Thierry Carrez, 18:45
[Full-disclosure] [ GLSA 200603-04 ] IMAP Proxy: Format string vulnerabilities, Thierry Carrez, 18:35
[Full-disclosure] Multiple vulnerabilities in Sauerbraten engine 2006_02_28, Luigi Auriemma, 17:54
[Full-disclosure] Multiple vulnerabilities in Cube engine 2005_08_29, Luigi Auriemma, 17:54
[Full-disclosure] Multiple vulnerabilities in Liero Xtreme 0.62b, Luigi Auriemma, 17:54
[Full-disclosure] Out of memory crash in Freeciv 2.0.7, Luigi Auriemma, 17:54
htpasswd bufferoverflow and command execution in thttpd-2.25b., Larry Cashdollar, 15:13
Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit, kozan, 15:13
FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability, sikik, 14:53
Announcement: WASC Threat Classification in German, contact, 14:53
[eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability, alex, 14:33
[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php, roozbeh_afrasiabi, 14:33
Re: linksys router + irc DoS, bugtraq, 14:23
evoBlog Remote Name tag Script injection, sikik, 14:12
Game-Panel <= 2.1.6 XSS, retard, 14:02
vulnerability in the IE Java applet initialization engine, porkythepig, 13:52
Re: Wbb 2.3. xss, Adrian, 13:42
Re: Various router DoS, znx, 13:32
[OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar), OpenPKG, 12:22
[Full-disclosure] Re: Re: Arin.net XSS, Dave Korn, 11:21
SyScan'06 Call For Papers, organiser@syscan.org, 00:57

March 05, 2006

[Full-disclosure] HITBSecConf2006 - Malaysia: Call for Papers, Praburaajan, 02:58

March 04, 2006

linksys router + irc DoS, Cade Cairns, 17:45
Critical Risk Vulnerability in L-Soft Listserv, NGSSoftware Insight Security Research, 17:25
Simplog <= 1.0.2 Vulnerabilities, retard, 17:14
Re: Kaspersky Memory/CPU Usage Leak by design, Teodor Cimpoesu, 16:54
Visual Studio 6.0 Buffer Overflow Vulnerability, kozan, 16:54
Wbb 2.3. xss, r57shell, 16:44
AVG 7 granting Everyone Full Control to updated files... even its drivers, redxii1234, 16:34
PHP-Stats <= 0.1.9.1 remote commands execution, rgod, 16:34
[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability, roozbeh_afrasiabi, 16:24
Pixel Post Multiple Vulnerabilities, paisterist . nst, 16:04
phpBB <= 2.0.19 Multiple DoS vulnerabilities, paisterist . nst, 16:04
[eVuln] Easy Forum XSS Vulnerability, alex, 15:54
Various router DoS, ryanmeyer14, 15:34
phpArcadeScript XSS Injections, retard, 15:24
[Full-disclosure] [ GLSA 200603-03 ] MPlayer: Multiple integer overflows, Thierry Carrez, 14:53
[Full-disclosure] [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code, Thierry Carrez, 13:53
[Full-disclosure] Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability., nukedx, 13:33
[Full-disclosure] [ GLSA 200603-01 ] WordPress: SQL injection vulnerability, Thierry Carrez, 13:13
Re: [Full-disclosure] DSplit - Tiny AV signatures Detector, Alexander Hristov, 10:01
Re: [Full-disclosure] DSplit - Tiny AV signatures Detector, ad@heapoverflow.com, 09:41
Re: [Full-disclosure] DSplit - Tiny AV signatures Detector, ad@heapoverflow.com, 09:31
Re: [Full-disclosure] DSplit - Tiny AV signatures Detector, Alexander Hristov, 00:17

March 03, 2006

Kaspersky Memory/CPU Usage Leak by design, Michael . Lang, 19:05
Re: [Full-disclosure] Arin.net XSS, Simon Smith, 18:35
Re: [Full-disclosure] Arin.net XSS, Steven, 17:54
[Full-disclosure] DSplit - Tiny AV signatures Detector, ad@heapoverflow.com, 16:03
Re: [Full-disclosure] Re: Arin.net XSS, J u a n, 16:03
Re: [Full-disclosure] Re: Arin.net XSS, Alexander Hristov, 15:13
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, David Rasch, 15:13
Re: Guestbox XSS/an admin bypass, micuel, 15:03
AZTEK forums 4.0 multiple vulnerabilities (PoC), billy, 14:53
XST-Strikes-Back vulnerability in Netcache, Nite Sprite, 14:43
[eVuln] Skate Board Multimple Vulnerabilities, alex, 14:32
RE: [Full-disclosure] Re: Arin.net XSS, Terminal Entry, 14:22
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities, tzitaroth, 14:22
Gallery 2 Multiple Vulnerabilities, GulfTech Security Research, 14:12
MyBB 1.04 Perl Exploit, o . y . 6, 14:02
[Full-disclosure] Re: Arin.net XSS, Dave Korn, 13:22
[Full-disclosure] Arin.net XSS, Terminal Entry, 09:30
RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Jay Stapleton, 05:08
sql in Dawaween V 1.03, shereba_2007, 03:58
MyBB 1.0.4 New SQL Injection, o . y . 6, 02:27

March 02, 2006

[Full-disclosure] iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability, labs-no-reply@idefense.com, 20:44
[Full-disclosure] iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification, labs-no-reply@idefense.com, 20:44
vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack, addmimistrator, 20:44
[Full-disclosure] iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability, labs-no-reply@idefense.com, 19:54
Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron, 19:54
[ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability, security, 19:34
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability, alex, 18:33
Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, Jimmy Latouche, 18:03
JOOMLA CMS 1.0.7 DoS & path disclosing, ghc, 17:53
PluggedOut Nexus SQL injection, h e, 17:53
Re: FW: WordPress 2.0.1 Multiple Vulnerabilities, Chris Hajer, 17:33
[Full-disclosure] ProtoVer Sample IMAP testsuite release, Evgeny Legerov, 15:41
[KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS, addmimistrator, 14:10
Re: recursive DNS servers DDoS as a growing DDoS problem, v9, 14:00
[OSX]: /usr/bin/passwd local root exploit., v9, 13:50
Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability, roozbeh_afrasiabi, 13:39
[Full-disclosure] [USN-259-1] irssi vulnerability, Martin Pitt, 07:16
Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability, nukedx, 05:05
Re: Evil side of Firefox extensions, Michael Ekstrand, 04:55
Re: WordPress 2.0.1 Multiple Vulnerabilities, ad@heapoverflow.com, 04:55
Re: WordPress 2.0.1 Multiple Vulnerabilities, Daniele Muscetta, 04:45
RE: Evil side of Firefox extensions, salexander, 04:35
FW: WordPress 2.0.1 Multiple Vulnerabilities, Michael.Wade, 04:25
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Matthew Schiros, 04:15
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], L. Adrian Griffis, 04:15
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Matthew Schiros, 04:05
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], L. Adrian Griffis, 03:55
Re: [Full-disclosure] Quarantine your infected users spreading malware, Dana Hudes, 03:45

March 01, 2006

[Full-disclosure] FusionPHP Multiple Vulnerabilities, 0o_zeus_o0 security-mx.org, 23:53
[Full-disclosure] PHP-NUKE Submit_News Cross-Site Scripting Vulnerability, 0o_zeus_o0 security-mx.org, 23:53
[Full-disclosure] Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities., nukedx, 23:53
[Full-disclosure] Re: Fedex Kinkos Smart Card Authentication Bypass, Lance James, 23:53
SMBlog Remote Command Exucetion, botan, 22:42
[Full-disclosure] [FLSA-2006:178989] Updated perl-DBI package fixes security issue, Marc Deslauriers, 22:42
Re: (PHP) mb_send_mail security bypass, Yasuo Ohgaki, 22:12
Fwd: APPLE-SA-2006-03-01 Security Update 2006-001, Dave McKinney, 21:32
NCP VPN/PKI Client - various Bugs, Ramon 'ports' Kukla, 21:01
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Nick Boyce, 20:31
Re: Evil side of Firefox extensions, Dave Korn, 20:01
Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability, Secunia Research, 20:01
Re: Evil side of Firefox extensions, azurIt, 19:10
Re: Evil side of Firefox extensions, Mike Owen, 19:00
Re: Evil side of Firefox extensions, Ben, 18:40
Re: recursive DNS servers DDoS as a growing DDoS problem, v9, 18:30
4images <=1.7.1 remote code execution, rgod, 18:20
Re: Evil side of Firefox extensions, Henri Cook, 17:19
Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability, abuse, 17:09
Evil side of Firefox extensions, azurIt, 16:39
Re: ArGoSoft FTP server remote heap overflow, Jerome Athias, 16:19
Evolution Emailer DoS, Alan Cox, 15:59
Re: WordPress 2.0.1 Multiple Vulnerabilities, Javor Ninov, 15:28
SAP Web Application Server http request url parsing vulnerability, arnold . grossmann, 14:48
[eVuln] Leif M. Wright's Blog Multiple Vulnerabilities, alex, 14:38
Re: Knowledgebases Remote Command Exucetion, security curmudgeon, 14:38
Secunia Research: Lighttpd Script Source Disclosure Vulnerability, Secunia Research, 14:28
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED], FreeBSD Security Advisories, 13:47
Updated Noah Classifieds Component for Joomla!/Mambo, noahsec1, 13:47
FreeBSD Security Advisory FreeBSD-SA-06:10.nfs, FreeBSD Security Advisories, 13:27
Re: ArGoSoft FTP server remote heap overflow, Steven M. Christey, 13:17
Limbo CMS code execution, Alexander Hristov, 13:07
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh, FreeBSD Security Advisories, 12:57
Re: [Full-disclosure] Ebay XSS, ad@heapoverflow.com, 06:14
[Full-disclosure] Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Steve Shockley, 05:13
[Full-disclosure] Re: Fedex Kinkos Smart Card Authentication Bypass, Eric B, 05:13
[Full-disclosure] Re: Fedex Kinkos Smart Card Authentication Bypass, Lance James, 05:03
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, nodialtone, 00:21
[Full-disclosure] Ebay XSS, Aaron Horst, 00:11
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Daniel Veditz, 00:01