Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

April 30, 2006

RE: Poll: Emerging Threats, H Alsaleh, 07:03

April 29, 2006

TextFileBB 1.0.16 Multiple XSS, r0xes . ratm, 20:49
TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability, mfoxhacker, 20:29
XSS Attack On DirectAdmin Hosting Managment, outlaw, 20:19
W-Agora 4.20 XSS, r0xes . ratm, 19:59
poll.pl<--remote commands execution exploit, CrAzY . CrAcKeR, 19:49
RE: Invision Vulnerabilities, including remote code execution, Mike Weller, 19:39
Invision Power Board 2.1.5 POC, Javier Olascoaga, 19:29
Re: phpMyForum Cross Site Scripting & CRLF injection, chris, 19:19
Re: Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield, 19:09
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Ian MacPhedran, 18:58
Re: VWar Path Disclosure, spic, 18:48

April 28, 2006

Poll: Emerging Threats, Jon R. Kibler, 23:10
[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability, botan, 20:08
Re: Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield, 19:38
Neomail.pl Local Cross Site Scripting, outlaw, 19:28
RE: Recent Oracle exploit is _actually_ an 0day with no patch, Kornbrust, Alexander, 18:58
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability, botan, 18:27
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP), botan, 18:17
Re: Recent Oracle exploit is _actually_ an 0day with no patch, Cesar, 17:57
[Full-disclosure] [ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez, 17:07
[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar, 16:26
Cireos Portal Cross Site Scripting, outlaw, 16:16
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day, 16:06
Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 15:36
Re: Recent Oracle exploit is _actually_ an 0day with no patch, Steven M. Christey, 15:06
BL4's SMTP server BufferOverflow Vulnerable, the_day, 04:21
[Full-disclosure] WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability, Sowhat, 02:40

April 27, 2006

Re: Instant Photo Gallery <= Multiple XSS, Steven M. Christey, 21:48
[Full-disclosure] [USN-275-1] Mozilla vulnerabilities, Martin Pitt, 21:07
SQL injection exploit IPB <= 2.1.4, satanchild123, 19:57
[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006, security-alert, 19:36
Re: Instant Photo Gallery <= Multiple XSS, security curmudgeon, 17:46
[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access, security-alert, 17:15
[security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 16:15
Land Down Under 802 and below version Path Disclosure Vulnerability, Advisory, 15:54
, Yannick von Arx, 15:04
MyBB 1.1.1 Local SQL Injections, o . y . 6, 14:53
Re: Invision Vulnerabilities, including remote code execution, mattmecham, 14:43
[Full-disclosure] [USN-274-1] MySQL vulnerability, Martin Pitt, 14:03
[Full-disclosure] [ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors, Sune Kloppenborg Jeppesen, 04:38

April 26, 2006

Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Aaron Phillips, 20:54
Re: Invision Vulnerabilities, including remote code execution, Steven M. Christey, 20:03
Re: XV multiple buffer overflows (update), kvea, 19:53
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, jens, 19:33
[Full-disclosure] [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow, eEye Advisories, 18:52
Open Bulletin Board < Multiple Vulnerability, qex, 18:01
Local XXS Attack On CuteNews, outlaw, 17:51
XXS Attack On FarsiNews, outlaw, 17:41
SQL Injection On DUportal, outlaw, 17:31
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities, alex, 17:11
Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow, Secunia Research, 16:40
DevBB <= 1.0.0 XSS, qex, 16:30
MySmartBB<---v 1.1.x SQL Injection/XSS, BoNy-m, 16:20
[Full-disclosure] [ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen, 16:20
[Full-disclosure] [ GLSA 200604-15 ] xine-ui: Format string vulnerabilities, Sune Kloppenborg Jeppesen, 16:20
[ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability, security, 15:09
[ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities, security, 14:59
[ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities, security, 14:49
[ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities, security, 14:39
Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield, 14:29
[Full-disclosure] Recent Oracle exploit is _actually_ an 0day with no patch, David Litchfield, 13:48
[Full-disclosure] ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability, zdi-disclosures, 04:24

April 25, 2006

DCForumLite V 3.0<--XSS/SQL Injection, Breeeeh, 23:02
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Billy Bues, 22:52
Instant Photo Gallery <= Multiple XSS, qex, 22:32
Instant Photo Gallery <= Multiple XSS, qex, 22:22
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 21:01
Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability., nukedx, 21:01
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Sean Scott, 20:51
Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance, Moonen, Ralph, 20:41
Multiple browsers Windows mailto protocol Office 2003 file attachment exploit, inge . henriksen, 20:31
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Duncan Simpson, 20:21
PowerPoint Phishing Trojan, Lance James, 20:11
Fenice - Open Media Streaming Server remote BOF exploit, Kaveh Razavi, 19:10
Re: NASL 'Split' function Buffer overflow Vulnerability, Renaud Deraison, 17:39
Re: NASL 'Split' function Buffer overflow Vulnerability, Renaud Deraison, 17:29
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Tom Ferris, 16:28
Invision Vulnerabilities, including remote code execution, spam, 16:18
Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, Andreas Beck, 16:08
Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, fabio, 15:58
NASL 'Split' function Buffer overflow Vulnerability, OS2A BTO, 15:48
PhpWebFtp Cross Site Scripting Vulnerability, arko . dhar, 15:27
[ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities, security, 15:17
NextAge Shopping Cart Software XSS, AminRayden, 15:07
photokorn 1.53 , 1.542 << Sql, Dr-Jr7, 14:57
[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability, security, 14:47
[ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities., security, 14:37

April 24, 2006

Re: vbulletin<--3.0.x SQL Injection, scott, 22:04
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Colin Keigher, 21:34
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow, Kaveh Razavi, 20:23
RE: [BULK] - Websense Filter Bypass, John E. Fleming, 20:02
ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS, ntwak0, 19:12
Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 18:51
vbulletin<--3.0.x SQL Injection, CrAzY . CrAcKeR, 18:41
VWar Path Disclosure, arko . dhar, 18:31
Apple Mac OS X Safari 2.0.3 Vulnerability, , 17:40
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability, admin, 17:10
Firefox Remote Code Execution and DoS 1.5.0.2, chris, 17:00
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability., Mustafa Can Bjorn IPEKCI, 16:40
Multiple PHP4/PHP5 vulnerabilities, infocus, 16:20
Re: evoBlog Remote Name tag Script injection, daniel, 15:49
RIblog Remote SQL Injection Exploit, omnipresent, 15:39
[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability, admin, 15:19
BK Forum <= 4.0 Remote SQL Injection, n0m3rcy, 15:09
XSS Bug in OpenGear Server Website, Aditya, 14:59
FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility, n0m3rcy, 14:49
[eVuln] RateIt SQL Injection Vulnerability, alex, 14:39
Scry Gallery XSS Vulnerability, arko . dhar, 13:59
NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability, NSFOCUS Security Team, 13:28
NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability, NSFOCUS Security Team, 13:28
[Full-disclosure] [USN-273-1] Ruby vulnerability, Martin Pitt, 13:18
[Full-disclosure] [USN-272-1] cyrus-sasl2 vulnerability, Martin Pitt, 11:57
Newslist about security conference, newslist@security-briefings.com, 03:34

April 23, 2006

[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability., Mustafa Can Bjorn IPEKCI, 23:32
[Full-disclosure] RE: Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities., Ashcraft, Jeremy, 23:22
Yahoo! Mail XSS Vulnerability, Cheng Peng Su, 22:11
Re: redirection vuln crawlers breed & security through obscurity, Thomas Hochstein, 22:11
FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection, o . y . 6, 22:01
Re: Strengthen OpenSSH security?, Bob Goodman, 21:51
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 21:41
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, John Biederstedt, 21:41
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Geo., 21:31
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 21:21
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 21:11
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, John Biederstedt, 21:11
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 21:01
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 20:51
[Full-disclosure] [ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import, Sune Kloppenborg Jeppesen, 19:20
[Full-disclosure] [ GLSA 200604-13 ] fbida: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 19:10
[Full-disclosure] [ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 19:10
[Full-disclosure] Format string bug in Skulltag 0.96f, Luigi Auriemma, 18:19
[Full-disclosure] Denial of service bugs in OpenTTD 0.4.7, Luigi Auriemma, 18:19
[Full-disclosure] Buffer-overflow and crash in Fenice OMS 1.10, Luigi Auriemma, 18:19
[Full-disclosure] Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 13:07

April 22, 2006

[Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski, 22:51
[Full-disclosure] [ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution, Thierry Carrez, 19:40
Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 17:49
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 17:39
vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 17:29
dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI, 17:29
VWar <= ver 1.21 Remote Code Execution Exploit, ali, 17:19
Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error, advisory, 09:36

April 21, 2006

[Full-disclosure] Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 22:21
[Full-disclosure] Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 22:21
[Full-disclosure] vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 22:21
[Full-disclosure] dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI, 22:21
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities, secure, 22:11
Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows, advisory, 21:00
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability, advisory, 20:50
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key, advisory, 20:00
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites, simo64, 19:10
Re: Mini-NUKE v2.3<<--- SQL Injection, nukedx, 18:59
RE: [BULK] - Websense Filter Bypass, Hubbard, Dan, 18:49
bloggage Remote SQL Injection, omnipresent, 16:07
r57shell.php <= 1.3 XSS, qex, 15:57
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities, alex, 15:37
Re: Strengthen OpenSSH security?, Theo de Raadt, 15:27
BK Forum <<--V.4.0 SQL Injection, CrAzY . CrAcKeR, 15:07
[Full-disclosure] [ GLSA 200604-10 ] zgv, xzgv: Heap overflow, Sune Kloppenborg Jeppesen, 04:02
[Full-disclosure] [ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service, Sune Kloppenborg Jeppesen, 04:02
[Full-disclosure] [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI, François Harvey, 02:41
Mini-NUKE v2.3<<--- SQL Injection, CrAzY . CrAcKeR, 01:11
Re: Strengthen OpenSSH security?, c0redump, 01:01
Websense Filter Bypass, qex, 01:01
4images <= 1.7 XSS, qex, 00:50
Re: Re[3]: Bypassing ISA Server 2004 with IPv6, offtopic, 00:20
Re: Strengthen OpenSSH security?, Damien Miller, 00:20
Re: Strengthen OpenSSH security?, MaddHatter, 00:10

April 20, 2006

Re: Re[3]: Bypassing ISA Server 2004 with IPv6, Thor (Hammer of God), 23:50
Re: Strengthen OpenSSH security?, Kd, 23:40
Re: Strengthen OpenSSH security?, Carson Gaspar, 23:20
Re: Strengthen OpenSSH security?, Mike Hoskins, 23:09
RE: (addendum) redirection vuln crawlers breed & security through obscurity, Evans, Arian, 22:39
Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability, kim, 22:29
Ad-Aware Revisited, Roy . Batty, 21:49
[security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS), security-alert, 17:23
[security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access, security-alert, 17:13
Re: CuteNews 1.4.1 <= Cross Site Scripting, Steven M. Christey, 16:23
axoverzicht.cgi<==Remote File Inclusion, CrAzY . CrAcKeR, 15:12
ThWboard 3 Beta 2.84 Cross Site Scripting, CrAzY . CrAcKeR, 15:02
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn, rgod, 14:42
[eVuln] MWGuest XSS Vulnerability, alex, 14:32
[Full-disclosure] RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Nick FitzGerald, 07:28
ASPSitem <= 1.83 Remote SQL Injection Vulnerability, Mustafa Can Bjorn IPEKCI, 03:57
Strengthen OpenSSH security?, Brett Glass, 02:06
New site about security conferences : www.security-briefings.com, newslist@security-briefings.com, 01:15
PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn, rgod, 00:25
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities, alex, 00:15
SQL Injection in incredibleindia.org, susam_pal, 00:05

April 19, 2006

Re: Re[2]: Bypassing ISA Server 2004 with IPv6, Christine Kronberg, 23:44
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities, alex, 23:34
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Jamie Riden, 23:34
[Full-disclosure] [Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure, Cesar, 23:24
Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, somerandomaddress99, 23:14
Re[3]: Bypassing ISA Server 2004 with IPv6, Christine Kronberg, 23:04
Re: Re[2]: Bypassing ISA Server 2004 with IPv6, Thor (Hammer of God), 22:54
EasyGallery Cross-Site Scripting, botan, 22:24
Confixx SQL Injection exploit (confixx_exploit.pl), defa, 22:14
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Geo., 21:53
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Nate Eldredge, 21:23
Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, somebody, 21:03
RE: redirection vuln crawlers breed & security through obscurity, Evans, Arian, 21:03
Tlen.PL e-mail XSS vulnerability., koper, 20:43
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, no . spam, 20:33
Re: Multiple Vulnerabilities in LucidCMS, zachofalltrades, 20:33
WWWThread RC 3 MultBugs, o . y . 6, 19:52
Fortinet28 box does not resist has small synflood!, testx444, 19:42
ContentBoxx Login.php Cross-Site Scripting, botan, 19:32
Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, john, 19:22
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, robsekeris, 18:51
Shbablek Mail Vulnerablitiy - Cross-Site Scripting, n0m3rcy, 18:51
redirection vuln crawlers breed & security through obscurity, Ivan Sergio Borgonovo, 18:31
Re: phpBB Admin command execution, dave . de, 18:21
[Full-disclosure] ASPSitem <= 1.83 Remote SQL Injection Vulnerability, Mustafa Can Bjorn IPEKCI, 18:21
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Paul Wouters, 18:01
Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo, 17:41
ThWboard <= 3 Beta 2.84 SQL Injection, Qex, 17:00
RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities, info, 16:50
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Mario Contestabile, 16:40
Re: Multiple vulnerabilities in Linux based Cisco products, Ilker Temir, 16:30
Multiple vulnerabilities in Linux based Cisco products, assurance.com.au, 16:30
[security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 16:20
Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability, rey . gigataras, 16:10
Re: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000, office, 15:49
XSS Vulnerability in Guest-book script powered by Community Architect, susam . pal, 15:19
[Full-disclosure] [USN-271-1] Firefox vulnerabilities, Martin Pitt, 14:59
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability, admin, 14:59
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu, FreeBSD Security Advisories, 14:28
SQL Injection in package SYS.DBMS_LOGMNR_SESSION, ak, 14:08
CuteNews 1.4.1 <= Cross Site Scripting, sn4k3 . 23, 13:38
Re: [Full-disclosure] GMail, Google Groups XSS Vulnerability, Steven Rakick, 01:31

April 18, 2006

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Gabor Gombas, 23:39
[Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation, Secure, 23:19
Multiple critical and high risk issues in Oracle's database server, NGSSoftware Insight Security Research, 22:59
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Michael Chamberlain, 22:39
[KAPDA::#41] - Mambo/Joomla rss component vulnerability, alireza hassani, 22:19
[ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities, security, 20:58
phpLister v. 0.4.1 XSS Attacking, botan, 20:27
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Florian Weimer, 19:47
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Ansgar -59cobalt- Wiechers, 18:57
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, jat-public01, 18:37
blur6ex Local File Inclusion and SQL injection ., h e, 17:46
axoverzicht.cgi <= XSS, qex, 17:36
Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -, JiM / aEGIS, 17:26
Another flaw in Firefox 1.5.0.2: to open files from remote, miky, 17:06
Remote Xine Format String Vulnerability, c0ntexb, 16:15
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Alexander Klimov, 15:55
Linpha 1.1.0 - XSS Vulnerabilities, d4igoro, 15:25
RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Michael Wojcik, 15:05
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Forrest J. Cavalier III, 14:55
[Full-disclosure] Re: [Argeniss] Alert - Yahoo! Webmail XSS, Dave \"No, not that one\" Korn, 12:43
Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS, Morning Wood, 02:59

April 17, 2006

[SA-03] Example of Grsecurity protection avoid., adam, 23:28
[eVuln] Wire Plastik wpBlog SQL Injection Vulnerability, alex, 21:07
gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Felix von Leitner, 20:57
Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS, Morning Wood, 19:16
Neon Responder (Dos,Exploit), Stefan Lochbihler, 19:06
FlexBB 0.5.5 Bypass Exploit, o . y . 6, 18:56
[Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS, Cesar, 18:26
AnimeGenesis <= XSS, qex, 17:35
Tiny PHP forum - vulns, hessam, 17:25
[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities, alex, 17:15
[Full-disclosure] [ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability, Thierry Carrez, 16:55
Neuron Blog <= 1.1 XSS, qex, 16:55
ShoutBOOK <= 1.1 XSS, qex, 16:45
- PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -, rgod, 16:35
PhpWebFTP 3.2 Login Script, arko . dhar, 16:14
[Full-disclosure] ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability, zdi-disclosures, 16:04
BetaBoard Cross Site Scripting vulnerability, easy . mask, 16:04
MyEvent Remote File Execution And XSS Attacking, botan, 15:54
Re: Snipe Gallery <= 3.1.4 Multiple XSS, nobody, 15:44
Calendarix "yearcal.php" XSS Attacking, botan, 15:34
FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass], kr4ch, 15:24
Xss In bMachine 2٫7, W3 . _, 15:14
Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack, Dariusz Kolasinski, 15:04
DbbS<=2.0-alpha Multiple Vulnerabilities, yamcho, 14:54
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God), 14:44
[Full-disclosure] Reminder: HITBSecConf2006 CFP is closing in 2 weeks, Praburaajan, 00:28

April 16, 2006

Re: Vulnerabilities in MOD, Victor Brilon, 01:19
Snipe Gallery <= 3.1.4 Multiple XSS, qex, 00:59
phpFaber TopSites Script Cross-Site Scripting, botan, 00:58
Boardsolution <= 1.12 XSS, qex, 00:48
FlexBB <= 0.5.7 BETA XSS, qex, 00:38
PhpGuestbook <= 1.0 XSS, qex, 00:28
Tiny Web Gallery <= 1.4 XSS, qex, 00:18
RE: osCommerce "extras/" information/source code disclosure, Michael Scheidell, 00:18
PHP Album <= 0.3.2.3 remote commnads execution, rgod, 00:08

April 15, 2006

Re[3]: Bypassing ISA Server 2004 with IPv6, 3APA3A, 23:58
[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities, alex, 23:38
Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure, Eliah Kagan, 23:28
[KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack, addmimistrator, 23:28
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting, addmimistrator, 23:18
Re: QuickBlogger v1.4 Cross-Site Scripting, Steven M. Christey, 23:08
manila.userland cross site scriptable, Aaron Kaplan, 22:57
Dokeos 1.6.4 SQL Injection Vulnerability, Alvaro Olavarria, 04:51
Re[2]: Bypassing ISA Server 2004 with IPv6, Christine Kronberg, 04:51
a Yahoo Vulnerability, r57shell, 04:31
Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?, iovdin, 04:20
Re: SAXoPRESS - directory traversal aka Saxotech Online, securiteam, 04:20
Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion, robert, 03:40
planetSearch+ - XSS Vulnerabilities, d4igoro, 03:30
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Derek Soeder, 03:20
Xss In ar-blog v 5.2, W3 . _, 03:10
PAJAX Remote Code Injection and File Inclusion Vulnerability, RedTeam Pentesting, 03:00
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, tranceformer, 02:40
Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit, Kevin Wilcox, 02:29
Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure, franz, 02:09
Avast Linux Home Edition (vulnerability on a temporary folder creation), Julien L., 01:59
Re: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2, sp3x, 01:49
phpBB template file code execution, noch22, 01:39
Serendipity Blog vuln, moep, 01:29
phpBB Admin command execution, noch22, 01:19
Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS, n0m3rcy, 01:09
Re: phpMyAdmin 2.7.0-pl1, Kevin Waterson, 00:59
osCommerce "extras/" information/source code disclosure, rgod, 00:58
Farsinews Cross-Site Scripting & Path disclosure vulnerability, aminrayden, 00:48
Vulnerabilities in MODx, crasher, 00:38
Vulnerabilities in Papoo, crasher, 00:28
[Full-disclosure] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability, zdi-disclosures, 00:28
Vulnerabilities in lifetype, crasher, 00:18
[eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities, alex, 00:18
Re: Simplog <=0.9.2 multiple vulnerabilities, Jeremy Ashcraft, 00:08

April 14, 2006

PowerClan 1.14 - SQL Injection, d4igoro, 23:58
Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability, izimask, 23:58
[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities, alex, 23:48
Re: RE: IBM, Juha-Matti Laurio, 23:38
[Full-disclosure] [ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb, Thierry Carrez, 19:56
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, J.A. Terranson, 02:57

April 13, 2006

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Joachim Schipper, 23:35
TalentSoft Web+Shop Path Disclosure, revnic, 23:05
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, dumdidumdideldey, 23:05
Re: IBM, stend, 22:15
Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities, Secunia Research, 19:23
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit, selfar2002, 19:13
MyBB 1.10 New CrossSiteScripting ' member.php ', o . y . 6, 18:53
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2, Michal Zalewski, 18:53
Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors., anonss, 18:43
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, A . L . M . Buxey, 18:33
phpMyAdmin 2.7.0-pl1, kr4ch, 18:23
RE: IBM, Michael Scheidell, 18:23
[Full-disclosure] Re: Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Dave Korn, 18:23
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Stan Bubrouski, 18:23
QuickBlogger v1.4 Cross-Site Scripting, botan, 18:13
MyBB 1.10 New XSS ' member.php ', o . y . 6, 17:22
Re: Confixx 3.1.2 <= SQL Injection, iovdin, 17:22
Recon 2006: speaker lineup announcement, Recon, 17:02
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Brandon S. Allbery KF8NH, 17:02
Re: google xss, Vladimir Levijev, 17:02
[Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup, Dave Korn, 16:52
RevoBoard [email] tag XSS, r0xes . ratm, 16:52
Re: Multiple vulnerabilities in Blur6ex, Steven M. Christey, 16:32
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit, selfar2002, 16:32
[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2, bugtraq, 16:21
Remote File Inclusion in VBulletin ImpEx, dr . jr7, 16:11
Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow, Thierry Zoller, 16:01
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2, bugtraq, 16:01
[eVuln] qliteNews SQL Injection Vulnerability, alex, 15:51
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4, bugtraq, 15:41
[Full-disclosure] ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow, zdi-disclosures, 15:31
[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1, bugtraq, 15:31
SimpleBBS v1.1(posts.php) remote command execution, stormhacker, 15:11
Windows Help Heap Overflow, c0ntexb, 15:01
PatroNet CMS Xss Vuln, Soothackers, 15:01
Re: phpWebsite <= SQL Injection (friend.php) & (article.php), shaun, 14:50
Clansys Multiple Xss Vulnerabilities, Soothackers, 14:30
[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 13:30
[Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow, Bernhard Mueller, 11:49
[Full-disclosure] [USN-270-1] xpdf vulnerabilities, Martin Pitt, 06:57

April 12, 2006

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting, Esteban Martinez Fayo, 21:13
Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2], 86400s, 19:53
Simplog <=0.9.2 multiple vulnerabilities, rgod, 13:39
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2, Steven M. Christey, 13:29
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities, alex, 13:19
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC, phaas, 04:16
2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (Comp), 02:55
Re: google xss, pagvac, 02:25
SAXoPRESS - directory traversal, securiteam, 02:15
[Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability, Sowhat, 01:04
IT Underground, London 2006 - call for papers, it_underground, 00:54
[Full-disclosure] Autogallery Multiple Cross-Site Scripting Vulnerabilitie, 0o_zeus_o0 elitemexico.org, 00:44

April 11, 2006

Old issue- MS NT PPTP/RAS DoS, SanjayR, 23:54
[ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability, security, 23:34
[ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability, security, 23:14
Re: Bypassing ISA Server 2004 with IPv6, noreply, 23:04
AzDGVote File inclusion, selfar2002, 22:54
[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access, SRC Telindus, 22:43
Re: google xss, Jim Ley, 22:23
Re: Re: PHPList <= 2.10.2 remote commands execution, rg . viza, 22:23
Confixx 3.1.2 <= SQL Injection, sn4k3 . 23, 21:13
IBM, ptt, 21:02
[eVuln] VNews Multiple Vulnerabilities, alex, 21:02
Tritanium Bulletin Board 1.2.3 - XSS, d4igoro, 20:52
Manila <= 9.5 - XSS Vulnerabilities, d4igoro, 20:22
[Full-disclosure] ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability, zdi-disclosures, 17:20
[eVuln] [V]Book Multiple Vulnerabilities, alex, 17:00
phpListPro <= 2.0 - Remote File Include Vulnerability, admin, 16:29
Multiple vulnerabilities in Blur6ex, crasher, 15:59
[ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability, security, 15:39
INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit, selfar2002, 15:29
Confixx 3.1.2 <= Cross Site Scripting Vuln, sn4k3 . 23, 15:19
[Full-disclosure] IMF 2006 - Submission Deadline Extension, Oliver Goebel, 15:09
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2, Michal Zalewski, 14:59
Re: PHPList <= 2.10.2 remote commands execution, secfoc, 14:49
[Full-disclosure] [USN-269-1] xscreensaver vulnerability, Martin Pitt, 12:57
[Full-disclosure] Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities, Sowhat, 11:06
[Full-disclosure] JetPhoto Multiple Cross-Site Scripting Vulnerabilitie, 0o_zeus_o0 elitemexico.org, 01:22
[Full-disclosure] Dokeos 1.6.4 SQL Injection Vulnerability, Alvaro Olavarria, 01:12

April 10, 2006

PHPWebGallery Multiple Cross Site Scripting Vulnerabilities, root__, 19:58
phpMyForum Cross Site Scripting & CRLF injection, root__, 19:48
Jbook Cross Site Scripting, root__, 19:38
[eVuln] phpNewsManager Multiple SQL Injections, alex, 19:28
PHPList <= 2.10.2 remote commands execution, rgod, 19:18
Vegadns blind sql injection and cross site scripting, king_purba, 18:58
Re: Bypassing ISA Server 2004 with IPv6, Thor (Hammer of God), 18:48
RE: google xss, Andy Meyers, 18:38
Re: Bypassing ISA Server 2004 with IPv6, Thor (Hammer of God), 18:17
Myspace.com - Intricate Script Injection, silentproducts, 17:57
MyBB 1.10 'newthread.php' < CrossSiteScripting >, o . y . 6, 17:47
copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2, cxib, 17:27
tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2, cxib, 17:07
Re[2]: Bypassing ISA Server 2004 with IPv6, 3APA3A, 16:46
function *() php/apache Crash PHP 4.4.2 and 5.1.2, cxib, 16:46
phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2, cxib, 16:26
TUGZip Archive Extraction Directory traversal, h e, 16:26
PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection, rgod, 16:16
Vulnerabilities in SPIP, crasher, 15:56
Oracle read-only user can insert/update/delete data via specially crafted views, ak, 15:56
XMB Forum 1.9.5-Final XSS, r0xes . ratm, 15:16
Re: IE6 Crash, H D Moore, 15:05
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration), Damian Put, 12:24
IE6 Crash, tel, 11:34
RE: recursive DNS servers DDoS as a growing DDoS problem, Geo., 11:24
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution, Martin Schulze, 11:03
[security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access, security-alert, 10:53
[security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS), security-alert, 10:33
Re: Bios Information Leakage, darmawan_salihun, 10:13
[SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution, Martin Schulze, 09:53
[SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution, Moritz Muehlenhoff, 09:13
Multiple vulnerability in jupiter CMS, king_purba, 08:53
Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities, Cisco Systems Product Security Incident Response Team, 08:02
Virtual War File İnclusion, liz0, 07:52
Google Reader "preview" and "lens" script improper feed validation, Debasis Mohanty, 07:32
XSS Bug in Cherokee Webserver, rubengarrote, 07:02
[SECURITY] [DSA 1027-1] New mailman packages fix denial of service, Martin Schulze, 06:52
Re: Flaw in commonly used bash random seed method, Steve VanDevender, 06:32
Re: Another Internet Explorer Address Bar Spoofing Vulnerability, sh0rtie, 06:22
Shadowed Portal Cross Site Scripting, liz0, 05:31
[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability, alex, 04:51
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities, Moritz Muehlenhoff, 04:31
Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov, 04:21
MAXDEV CMS Multiple vulnerabilities, king_purba, 03:51
[ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities, security, 03:20
[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure, eufrato, 03:00
Re: SQL injection in Invision Power Board v2.1.5, optix_prorat100, 02:40
Re: Re: Bypassing ISA Server 2004 with IPv6, Romain . Le-Guen, 02:40
PHPMyChat <= 0.14.5 remote commands execution, rgod, 02:40
LayerOne 2006 - Finalized Speaker Line-Up Announced, Layer One, 02:40
[eVuln] vCounter - sourceworkshop SQL Injection Vulnerability, alex, 02:40
Matt Wright Guestbook Xss Script İnjection, liz0, 02:40
[ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability, security, 02:40
PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions), rgod, 02:40
[eVuln] VSNS Lemon Multiple Vulnerabilities, alex, 02:40
Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability, pc . tech2, 02:40
[KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack, addmimistrator, 02:40
[security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 02:40
[ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities, security, 02:40
Re: recursive DNS servers DDoS as a growing DDoS problem, Erwan David, 02:40
RE: Another way to spoof Internet Explorer Address Bar, Memisyazici, Aras, 02:40
SQL Injection in Chipmunk Guestbook, dr . jr7, 02:40
google xss, almfnod, 02:40
[eVuln] phpNewsManager Multiple SQL Injections, alex, 02:40
Re: Bypassing ISA Server 2004 with IPv6, Christine Kronberg, 02:40
Welcome to XCon2006 in China!, xcon, 02:40
Re: Bypassing ISA Server 2004 with IPv6, offtopic, 02:40
Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking, Steven M. Christey, 02:40
Re: recursive DNS servers DDoS as a growing DDoS problem, Ross Wheeler, 02:40
Re: recursive DNS servers DDoS as a growing DDoS problem, Geo., 02:40
Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron, 02:40
Black Hat Call for Papers and Registration now open, Jeff Moss, 02:40
[Kaffeine Security Advisory] Heap based buffer overflow in http_peek(), Dirk Mueller, 02:40
Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload, simo64, 02:40
Re: recursive DNS servers DDoS as a growing DDoS problem, Jim Pingle, 02:40
[eVuln] Null news SQL Injection Vulnerability, alex, 02:39
[ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty, security, 02:39
Xss In SaphpLesson3.0, w3 . _, 02:39
Autonomous LAN party File iNclusion, codexploder, 02:39
Cisco Security Advisory: Cisco 11500 Content Services Switch HTTP Request Vulnerability, Cisco Systems Product Security Incident Response Team, 02:39
Linux Kernel Local DoS vulnerability., fingerout, 02:39
[Full-disclosure] [ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 02:39
IP cloaking using mod_rewrite, RSnake, 02:39
[Full-disclosure] Re: Format string in Doomsday 1.8.6, Alexey Dobriyan, 02:39

April 06, 2006

[Full-disclosure] [USN-268-1] Kaffeine vulnerability, Martin Pitt, 16:25
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Moriyoshi Koizumi, 02:09
[Full-disclosure] [ GLSA 200604-05 ] Doomsday: Format string vulnerability, Stefan Cornelius, 01:58

April 05, 2006

[Full-disclosure] [ GLSA 200604-04 ] Kaffeine: Buffer overflow, Sune Kloppenborg Jeppesen, 20:56
[Full-disclosure] Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server, Luigi Auriemma, 15:23
[Full-disclosure] Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server, jalvare7, 09:07
Re: Flaw in commonly used bash random seed method, Dave Korn, 07:47
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion, eufrato, 06:26
Re: Flaw in commonly used bash random seed method, Dave English, 05:46
Re: recursive DNS servers DDoS as a growing DDoS problem, Simon Boulet, 05:36
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion, eufrato, 05:15
Re: recursive DNS servers DDoS as a growing DDoS problem, Tim, 04:45
Re: recursive DNS servers DDoS as a growing DDoS problem, Jim Pingle, 04:05
[Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security, Jean-Sébastien Guay-Leroux, 02:54
Black Hat Call for Papers and Registration now open, Jeff Moss, 02:44
Re: Limbo CMS code execution, gergero, 02:04
Re: recursive DNS servers DDoS as a growing DDoS problem, Marco Ivaldi, 01:33
Another way to spoof Internet Explorer Address Bar, hainamluke, 00:53
NOD32 local privilege escalation vulnerability, visitbipin, 00:23
[Full-disclosure] [Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue, Marc Deslauriers, 00:23
[Full-disclosure] [FLSA-2006:184098] Updated libc-client packages fixes security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:184074] Updated pine package fixes security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:180159] Updated unzip package fixes security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:183571-2] Updated tar package fixes security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:183571-1] Updated tar package fixes security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:170411] Updated imap packages fix security issue, Marc Deslauriers, 00:13
[Full-disclosure] [FLSA-2006:156290] Updated cyrus-imapd packages fix security issues, Marc Deslauriers, 00:03
[Full-disclosure] [FLSA-2006:156139] Updated tcpdump packages fix security issues, Marc Deslauriers, 00:03
Re: Flaw in commonly used bash random seed method, Matthijs, 00:03
[Full-disclosure] [FLSA-2006:152896] Updated mod_python package fixes a security issue, Marc Deslauriers, 00:03
[Full-disclosure] [FLSA-2006:152873] Updated xine package fixes security issues, Marc Deslauriers, 00:03

April 04, 2006

ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz, o . y . 6, 23:43
Re: Another Internet Explorer Address Bar Spoofing Vulnerability, franz, 23:02
RE: recursive DNS servers DDoS as a growing DDoS problem, Geo., 22:52
Re: Flaw in commonly used bash random seed method, Matthijs, 22:32
RE: recursive DNS servers DDoS as a growing DDoS problem, Thomas Guyot-Sionnest, 21:01
[Full-disclosure] Buffer-overflow in Ultr@VNC 1.0.1 viewer and server, Luigi Auriemma, 18:50
[security bulletin] HPSBPI2109 SSRT061141 rev.1 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information, security-alert, 18:30
[Full-disclosure] [ GLSA 200604-03 ] FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module, Matthias Geerdsen, 18:20
Re: recursive DNS servers DDoS as a growing DDoS problem, Tim, 18:19
[Full-disclosure] [ GLSA 200604-02 ] Horde Application Framework: Remote code execution, Stefan Cornelius, 17:59
Re: DoS-ing sysklogd?, Christophe Garault, 17:09
Re: DoS-ing sysklogd?, Bernhard Fischer, 16:59
RE: recursive DNS servers DDoS as a growing DDoS problem, MÃns Nilsson, 15:38
Re: On product vulnerability history and vulnerability complexity, Javor Ninov, 15:28
Re: On product vulnerability history and vulnerability complexity, Steven M. Christey, 15:07
RE: recursive DNS servers DDoS as a growing DDoS problem, Geo., 14:47
Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov, 14:37
SMART Technologies SynchronEyes Remote Denial of Services, dennis, 14:37
Re: On product vulnerability history and vulnerability complexity, Gadi Evron, 14:27
Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov, 14:16
RUXCON 2006 Call for Papers, cfp, 13:56
Re: Bypassing ISA Server 2004 with IPv6, 3APA3A, 13:46
[Full-disclosure] [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability, Richard Horsman, 13:15
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, John Bond, 12:55
[Full-disclosure] [ GLSA 200604-01 ] MediaWiki: Cross-site scripting vulnerability, Stefan Cornelius, 11:25
Bypassing ISA Server 2004 with IPv6, Romain . Le . Guen, 02:30
SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability, CS_Advisories Mailbox, 02:20
ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution, rgod, 01:50
Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov, 00:49
Phpwebgallery <= 1.4.1 SQL injection Vulnerability, t4h4, 00:29

April 03, 2006

[ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities, security, 23:49
[ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability, security, 23:39
[Full-disclosure] Barracuda LHA archiver security bug leads to remote compromise, Jean-Sébastien Guay-Leroux, 23:19
[Full-disclosure] Barracuda ZOO archiver security bug leads to remote compromise, Jean-Sébastien Guay-Leroux, 23:18
[Full-disclosure] PIRANA exploitation framework and SMTP content filter security, Jean-Sébastien Guay-Leroux, 22:48
Re: On product vulnerability history and vulnerability complexity, Forrest J. Cavalier III, 22:28
Re: On product vulnerability history and vulnerability complexity, ArkanoiD, 22:08
Re: recursive DNS servers DDoS as a growing DDoS problem, Geo., 21:57
Re: On classifying attacks, john mullee, 21:47
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Jasper Bryant-Greene, 21:37
Re: Cantv/Movilnet's Web SMS vulnerability., raven, 21:27
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Jasper Bryant-Greene, 21:27
Re: On product vulnerability history and vulnerability complexity, Gadi Evron, 21:27
Re: WebVulnCrawl searching excluded directories for hackable web servers, Dennis Brown, 21:17
SQL Injection in Softbiz Image Gallery, xx_hack_xx_2004, 20:57
Re: On product vulnerability history and vulnerability complexity, Steven M. Christey, 20:57
RE: recursive DNS servers DDoS as a growing DDoS problem, Geo., 20:37
Re: Flaw in commonly used bash random seed method, Matthijs, 20:07
MyBB 1.10 New CrossSiteScripting, o . y . 6, 19:46
[Full-disclosure] Format string in Doomsday 1.8.6, Luigi Auriemma, 19:46
Multiple Vulnerabilities in LucidCMS, crasher, 19:36
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sen, mailinglist mailinglist, 19:26
VWar <= 1.5.0 R12 Remote File Inclusion Exploit, uid0, 19:16
RE: DoS-ing sysklogd?, Justin Shore, 19:06
Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature, cxib, 18:45
Flaw in commonly used bash random seed method, coderpunk, 18:35
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC), paolo . difebbo, 18:25
Another Internet Explorer Address Bar Spoofing Vulnerability, hainamluke, 18:05
[Full-disclosure] [USN-267-1] mailman vulnerability, Martin Pitt, 15:03
Re: On product vulnerability history and vulnerability complexity, Crispin Cowan, 14:53
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, Moriyoshi Koizumi, 14:43
Secunia Research: AN HTTPD Script Source Disclosure Vulnerability, Secunia Research, 14:43
[Full-disclosure] [USN-266-1] dia vulnerabilities, Martin Pitt, 12:01

April 01, 2006

SiteMan <= All version SQL injection in admin_login.asp, ali, 22:16
GeSWall 2.2 – Free Intrusion Prevention System for Windows, GentleSecurity Team, 21:56
Re: recursive DNS servers DDoS as a growing DDoS problem, Paul Stepowski, 21:56
Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow, Nick FitzGerald, 21:36
PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit, uid0, 21:25
DoS-ing sysklogd?, Milen Rangelov, 21:14
Re: Re: Re: phpBB 2.06 search.php SQL injection, theguywhocouldwipeyourphpBB, 21:04
Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature, Siegfried, 20:54
SQuery <= 4.5 Remote File Inclusion Exploit, uid0, 20:44
Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron, 20:24
FleXiBle Development Script Remote Command Exucetion And XSS Attacking, botan, 20:24
RE: recursive DNS servers DDoS as a growing DDoS problem, gboyce, 20:24
Re: [Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature, Siegfried, 20:14
linksubmit <= All version Html Tag Injector in index.php, ali, 20:04
Re: [Full-disclosure] Kazaa, James_gmail-ij, 14:22
[Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature, Steven M. Christey, 06:39