Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

May 31, 2006

Re: New SecurityFocus mailing list: Focus-Apple, Marc Fossi, 22:16
New SecurityFocus mailing list: Focus-Apple, Marc Fossi, 18:34
[Full-disclosure] rPSA-2006-0087-1 kernel, Justin M. Forbes, 17:03
Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 15:12
Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities, Secunia Research, 15:02
toendaCMS 0.7.0 Cross Site Scripting, kubasx, 14:42
Re: Fire fox dos exploit, Josh Zlatin-Amishav, 14:32
QontentOneCMS v1.0, luny, 14:02
Re: [Info Disclosure] Diesel PHP Job Site Latest Version, GulfTech Security Research, 13:52
# MHG Security Team --- PHP NUKE All version Remote File Inc., erne, 13:42
pppBlog <= 0.3.8 administrative credentials/system disclosure, rgod, 13:32
Re: Re[2]: The Weakness of Windows Impersonation Model, Cesar, 13:21

May 30, 2006

Re: V-Webmail 1.6.4 Remote File Include, Ventsislav Genchev, 20:05
Re: [Info Disclosure] Diesel PHP Job Site Latest Version, support, 19:55
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities, enji, 19:44
WebCalendar-1.0.3 reading of any files, socsam, 19:24
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities., security, 18:44
Fire fox dos exploit, co296, 18:24
OaBoard 1.0 Remote File inclusion, hessamx, 18:04
Re: On the Recent PGP and Truecrypt Posting, Andreas Beck, 17:53
WBB<--v2.3.4"misc.php" SQL injection Vulnerability, CrAzY . CrAcKeR, 17:33
NorthStudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR, 17:23
Bratpack Cross Site Scripting Vulnerability, CrAzY . CrAcKeR, 17:13
phpMyDesktop|arcade 1.0 FINAL Code Execution, darkgod . xsf, 17:03
Re: On the Recent PGP and Truecrypt Posting, Jon Callas, 16:53
4nNukeWare<--V 0.91 SQL Injection exploits, CrAzY . CrAcKeR, 16:43
[Full-disclosure] [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities, Stefan Cornelius, 15:42
Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., Robert, 14:42
[Full-disclosure] Re: Backdoor in RelevantKnowledge adware (What are wefighting for?), Dave \"No, not that one\" Korn, 13:41
[Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability, Stefan Cornelius, 12:31
[Full-disclosure] Backdoor in RelevantKnowledge adware (What are we fighting for?), 3APA3A, 09:39

May 29, 2006

Re: LM hashes in a hot-desking environment, The Little Prince, 20:55
[KAPDA::#46] - Nukedit Unauthorized Admin Add, farhadkey, 20:45
WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck, 19:54
New SMB and DCERPC features on Impacket released with doc, Gerardo Richarte, 19:44
Foing Remote File Include Vulnerability [PHPBB], s3rv3r_hack3r, 19:34
Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, Andreas Beck, 19:24
UBBThreads 5.x,6.x md5 hash disclosure, chris, 18:33
[KAPDA::#45] - geeklog multiple vulnerabilities, alireza hassani, 18:23
Xss exploit in Photoalbum B&W v1.3, black-cod3, 18:13
VARIOMAT(advanced cms tool)SQL injection/XSS, CrAzY . CrAcKeR, 18:03
[Full-disclosure] RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Egg, 17:13
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability, Mustafa Can Bjorn IPEKCI, 16:32
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI, 16:22
JAMES 2.2.0 <-- Denial Of Service, y3dips, 16:12
multiple file include exploits in EzUpload Pro v2.10, black-cod3, 16:12
Re: On the Recent PGP and Truecrypt Posting, Jon Callas, 16:02
Buffer overflow in QuickTime 7.0.4?, John Richard Moser, 15:52
[Full-disclosure] RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability, austin best, 12:10
[Full-disclosure] [USN-288-1] PostgreSQL server/client vulnerabilities, Martin Pitt, 07:58
[Full-disclosure] [USN-287-1] Nagios vulnerability, Martin Pitt, 07:48
[Full-disclosure] Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI, 01:26

May 28, 2006

[Full-disclosure] Advisory: UBBThreads 5.x, 6.x Multiple File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities., Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 14:12
[Full-disclosure] Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities, Mustafa Can Bjorn IPEKCI, 14:02
[Full-disclosure] Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 14:02

May 27, 2006

html Guest Gear, pieisgdvgd, 21:25
RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., phugo, 21:15
Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin, 21:15
RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda, 21:05
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda, 20:55
Re: On the Recent PGP and Truecrypt Posting, John Pettitt, 20:45
D-Link DSA-3100 Cross-Site Scripting, jaime . blasco, 20:35
Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit, ajannhwt, 20:25
RE: LM hashes in a hot-desking environment, Roger A. Grimes, 20:15
sql injection in PHPcafe.net Tutorial Manager, black-cod3, 20:05
Multiple Xss exploits in ar-blog v 5.2, black-cod3, 19:55
Xss exploit in Chipmunk guestbook, black-cod3, 19:45
Re: LM hashes in a hot-desking environment, Ansgar -59cobalt- Wiechers, 19:35
Re: LM hashes in a hot-desking environment, 3APA3A, 19:35
Critical sql injection in saphplesson 2.0, black-cod3, 19:25
InternerExplorer error: ECMAScript interpreter stack overflow, sehato, 19:14
Symantec antivirus software exposes computers, Michael Scheidell, 19:04
Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password, Cemil Degirmenci, 18:54
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib, 18:34
Re: my Web Server << v-1.0 Denial of Service Exploit, str0ke, 02:58
Re: Sun single-CPU DOS, Doug Hughes, 02:18
LM hashes in a hot-desking environment, feedb4ck, 02:08
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability., security, 01:58
Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ahariri, 01:37
Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., Alexander Klimov, 01:37
Re: Wordpress <=2.0.2 'cache' shell injection, pokley, 01:17
Morris Guestbook v1, luny, 01:07
Smile Guestbook v1, luny, 00:57
Pretty Guestbook v1, luny, 00:47
MyYearBook.com - XSS, luny, 00:37
Re: Microsoft Internet Explorer - Crash on mouse button click, mac68k, 00:17
Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 00:07

May 26, 2006

Vacation Retal Script v1.0, luny, 23:57
Super Link Exchange Script v1.0, luny, 23:37
PHPSimple Choose v0.3, luny, 23:26
iBoutique.MALL - Directory Traversal, luny, 23:16
XSS Vulnerability on Vodafone, try_og, 23:06
[Full-disclosure] rPSA-2006-0084-1 fetchmail, Justin M. Forbes, 22:56
Re: Kaspersky antivirus 6: HTTP monitor bypassing, dmitryp . spm, 22:46
Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 22:36
On the Recent PGP and Truecrypt Posting, jon, 21:36
[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils), OpenPKG, 21:05
XSS Vulnerability on www.my6d.com Connection Work System, spymeta, 20:35
Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 20:35
Re: Sun single-CPU DOS, Doug Hughes, 20:25
Seditio Cross Site Scripting Vulnerability, mail, 20:15
Re: PhpListPro 2.01 Remote File Include Vulnerability, not, 20:05
Re: Kaspersky antivirus 6: HTTP monitor bypassing, denisov_vit, 19:55
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities, ajannhwt, 19:45
Assetman <= 2.4a XSS, zerogue, 19:35
ByteHoard <= 2.1 multiple vulnerabilities, zerogue, 19:25
PHP AGTC-Membership system <= v1.1a XSS, zerogue, 19:25
PHPResidence <= 0.6 XSS, zerogue, 19:15
Plume CMS Remote File Include, beford, 19:05
[Full-disclosure] rPSA-2006-0083-1 enscript, Justin M. Forbes, 19:05
Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2, ad@heapoverflow.com, 18:54
RE: Realty Pro One Property Listing Script, Krpata, Tyler, 18:44
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood, 18:34
Re[2]: [Full-disclosure] ASLR now built into Vista, 3APA3A, 18:34
my Web Server << v-1.0 Denial of Service Exploit, s3rv3r_hack3r, 18:34
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities, ajannhwt, 18:24
[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability, admin, 18:14
qjForum(member.asp) SQL Injection Vulnerability, ajannhwt, 18:04
phpjobboard Authecnical admin byPass, alp_eren, 17:54
Toasts Forums 1.6.44 in Xss, ajannhwt, 17:44
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities, ajannhwt, 17:34
XSS in Monster Top List | MTL 1.4, V8f3, 17:34
Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., 3APA3A, 17:24
Docebo LMS 2.05 Remote File Include, beford, 17:14
XSS in Omegasoft's Insel, MC Iglo, 17:03
Re: Sun single-CPU DOS, Mike O'Connor, 16:53
Re: Sun single-CPU DOS, Mike O'Connor, 16:43
Re: Kaspersky antivirus 6: POP3 state machine error, denisov_vit, 16:43
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 16:02
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2, bugtraq, 16:02
[Full-disclosure] Re: [apwg] Graph analysis of stolen credit cards, Lance James, 15:52
[BuHa-Security] DoS Vulnerability in MS IE 6 SP2, bugtraq, 15:52
V-Webmail 1.6.4 Remote File Include, beford, 15:42
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, Steven M. Christey, 15:32
[Full-disclosure] Re: [apwg] Graph analysis of stolen credit cards, glennhall, 15:22
TSLSA-2006-0030 - multi, Trustix Security Advisor, 15:12
RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ennead@truecrypt.org, 15:01
Addendum, ennead@truecrypt.org, 14:51
Re: [Full-disclosure] ASLR now built into Vista, 0x80, 11:08
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, James Eaton-Lee, 11:08
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, James Eaton-Lee, 11:08
[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Justin Mason, 10:48
[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 07:57
[Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 07:57
[Full-disclosure] Graph analysis of stolen credit cards, Lance James, 07:57
Re: [Full-disclosure] ASLR now built into Vista, c0ntex, 06:26
[Full-disclosure] ASLR now built into Vista, David Litchfield, 02:45

May 25, 2006

Wordpress <=2.0.2 'cache' shell injection, rgod, 21:23
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15, PostgreSQL Security, 20:22
Hackernetwork Mail Xss[Search] Vulnerability, ajannhwt, 20:22
iFlance v1.1, luny, 20:02
[Full-disclosure] rPSA-2006-0082-2 vixie-cron, Justin M. Forbes, 19:32
[Full-disclosure] rPSA-2006-0082-1 vixie-cron, Justin M. Forbes, 18:52
RE: modules name(Sections)SQL Injection Exploit, Evans, Arian, 18:41
Drupal <= 4.7 attachment/mod_mime remote code execution, rgod, 18:31
Pre News Manager v1.0, luny, 18:21
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie, farhadkey, 18:11
Pre Shopping Mall v1.0, luny, 18:01
CMS Mundo V1.0, luny, 18:01
Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar, 17:51
GuestbookXL 1.3, luny, 17:41
Bulletin Board Elite-Board v.1.1, luny, 17:21
Realty Pro One Property Listing Script, luny, 17:11
iFdate v1.2, luny, 17:11
sql injection in phpWebSite 0.8.3, help-users, 17:01
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda, 16:51
ChatPat v1.0, luny, 16:40
Re: IpLogger <= 1.7 XSS, thrasher . basher, 16:30
RE: Microsoft Internet Explorer - Crash on mouse button click, Jain, Siddhartha, 16:20
AZ Photo Album Script Pro, luny, 16:20
Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, phpnuke, 16:10
phpFoX All Version Login Exploit, mx, 16:00
Kaspersky antivirus 6: POP3 state machine error, bug . registrator, 15:50
Re: mybb v1.1.1(rss.php) SQL Injection Exploit, Steven M. Christey, 15:30
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other., support, 15:20
Re: Default Screen Saver Vulnerability in Microsoft Windows, Jason V. Miller, 15:10
VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow, advisories, 15:00
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities, security, 14:49

May 24, 2006

[Full-disclosure] rPSA-2006-0080-1 postgresql postgresql-server, Justin M. Forbes, 22:22
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability, security, 19:51
Re: Default Screen Saver Vulnerability in Microsoft Windows, Ansgar -59cobalt- Wiechers, 19:31
Re: Default Screen Saver Vulnerability in Microsoft Windows, Eliah Kagan, 19:21
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc, security, 19:11
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability, security, 19:11
[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption, security, 18:51
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting, jaime . blasco, 17:50
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)", Amit Klein (AKsecurity), 17:40
Diesel Joke Site SQL INJECTION, a_linuxer, 17:30
Re: How secure is software X?, Duncan Simpson, 17:20
NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability, info, 17:10
Vodafone.de XSS Vulnerability, try_og, 16:59
Default Screen Saver Vulnerability in Microsoft Windows, susam . pal, 16:49
YLZH(right.php)Cross Site Scripting, Breeeeh, 16:39
Mambo <= 4.6. RC1 xss, rgod, 16:29
Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Andreas Beck, 16:29
Publicist v0.95 - XSS And Full Path Errors, luny, 16:19
Re: Checkpoint SYN DoS Vulnerability, Niranjan S Patil, 16:09
AlstraSoft Web Host Directory v1.2, luny, 15:59
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, webmaster, 15:49
Re: Sun single-CPU DOS, Mike O'Connor, 15:39
Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Mark Senior, 14:58
Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 14:38
[Full-disclosure] [USN-286-1] Dia vulnerabilities, Martin Pitt, 06:45
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation, security-alert, 03:13
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert, 03:03
DGbook v1.0 - XSS, luny, 02:53
Re: How secure is software X?, Crispin Cowan, 02:43
RE: Circumventing quarantine control in Windows 2003 and ISA 2004, Roger A. Grimes, 02:33
Re: Sun single-CPU DOS, Doug Hughes, 02:23

May 23, 2006

[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access, security-alert, 20:31
Alstrasoft Article Manager Pro v1.6, luny, 20:00
AlstraSoft E-Friends - XSS, luny, 19:50
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!), ajannhwt, 19:40
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege, security-alert, 19:19
Nucleus CMS <= 3.22 arbitrary remote inclusion, rgod, 19:09
Non eXecutable Stack Lovin on OSX86, KF (lists), 18:49
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap), OpenPKG, 18:38
Kaspersky antivirus 6: HTTP monitor bypassing, john, 18:28
SkyeShoutbox <= v.1.2.0 XSS, zerogue, 18:18
Russcom Ping Remote code execution, zerogue, 18:08
Russcom PHPImages lack of validation, zerogue, 17:58
QBv14 XSS, zerogue, 17:48
IpLogger <= 1.7 XSS, zerogue, 17:38
DSChat <= 1.0 XSS, zerogue, 17:28
Re: Circumventing quarantine control in Windows 2003 and ISA 2004, 3APA3A, 17:18
Chatty improper input sanitizing, zerogue, 17:08
[Full-disclosure] Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229), Luigi Auriemma, 16:37
[Full-disclosure] Server termination in netPanzer 0.8 (rev 952), Luigi Auriemma, 16:37
[Full-disclosure] [USN-285-1] awstats vulnerability, Martin Pitt, 06:42

May 22, 2006

Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar, 22:18
Hackernetwork.Com Mail XSS Vulnerability, TeufeL Online, 22:18
Microsoft Internet Explorer - Crash on mouse button click, mac68k, 22:08
Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., Kamil Sienicki, 21:58
Re: POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 21:48
Re: POC exploit for freeFTPd 1.0.10, Sanjay Rawat, 21:48
Remote Code Execution in artmedic Newsletter 4.1 [log.php], c . j . schmitz, 21:28
TSLSA-2006-0028 - multi, Trustix Security Advisor, 21:28
phpRaid "view.php" XSS Vulnerability, TeufeL Online, 21:18
Re: Sun single-CPU DOS, Mike O'Connor, 21:07
Beoped Portal XSS, outlaw, 20:57
SOE's implementation of Lithium Forums Software allows users to log on as each other., john, 20:47
ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service, ACROS Security, 20:37
Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja, 20:37
Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat, 20:27
Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, Roman Drahtmueller, 20:17
CANews Multiple Vulnerabilities, omnipresent, 20:07
mybb v1.1.1(rss.php) SQL Injection Exploit, Breeeeh, 19:37
Re: Checkpoint SYN DoS Vulnerability, Jim Clausing, 19:26
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS), security-alert, 17:56
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS), security-alert, 17:46
Re: WebsiteBaker CMS lack of sanitizing, ryan, 17:46
BitZipper Archive Extraction Directory traversal, h e, 17:35
Prodder Remote Arbitrary Command Execution, RedTeam Pentesting, 17:25
[Full-disclosure] ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability, zdi-disclosures, 17:15
Perlpodder Remote Arbitrary Command Execution, RedTeam Pentesting, 17:15
Re: tseekdir.cgi<--Local File Include, security curmudgeon, 16:55
Re: modules name(Sections)SQL Injection Exploit, security curmudgeon, 16:45
Skype - URI Handler Command Switch Parsing, Brett Moore, 16:35
[KAPDA::#43] - phpwcms multiple vulnerabilities, alireza hassani, 16:25
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06, Marc Schoenefeld, 16:15
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, EitanCaspi@yahoo.com, 16:05
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit, rgod, 15:14
Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions, milw0rm, 15:14
PHP Easy Galerie Index.PHP Remote File Include Vulnerability, craziest, 15:04
Captivate 1.0 - XSS Vuln, luny, 14:54
Destiney Links Script v2.1.2, luny, 14:34
Destiney Rated Images Script v0.5.0 - XSS Vulnv, luny, 14:24
PunBB 1.2.11 Cross site scripting, k4p0k4p0, 14:14
Hiox Guestbook 3.1, luny, 13:54
Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, farhadkey, 13:43

May 21, 2006

[Full-disclosure] PBNJ 1.14 released, Joshua D. Abraham, 18:25
[Full-disclosure] [ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities, Stefan Cornelius, 16:44
[Full-disclosure] [ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows, Stefan Cornelius, 16:34
[Full-disclosure] [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart, Thierry Zoller, 16:14

May 20, 2006

Re: XSS in orkut.com, Google Security Team, 18:05
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, i6d, 17:14
cPanel OpenBaseDir Bypass, i6d, 17:04
Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski, 16:44
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2, fredck, 16:24
Xtremescripts Topsites v1.1, luny, 15:44
Interlink "news_information.php" XSS, Mster-X, 15:34
RaceEventManagement <--v0.7.6 SQL injection & XSS, Mster-X, 15:24
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability, i6d, 14:53
Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC, fredck, 14:43
phpBazar <= 2.1.0 Multiple vulnerabilites, i6d, 14:23
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Matt Venzke, 00:07

May 19, 2006

CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command, Leandro Meiners, 19:05
Jemscripts Download Control v1.0, luny, 18:35
Yourfreeworld.com Short Url & Url Tracker Script, luny, 18:25
Yourfreeworld Styleish Text Ads Script, luny, 18:15
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities, security, 17:49
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert, 17:49
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS), security-alert, 17:39
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert, 17:19
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 17:09
Re: Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Roman Daszczyszak, 16:59
RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Krpata, Tyler, 12:31
Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity), 04:18
Re: phpBB "charts.php" XSS and SQL-Injection, phpbb, 02:17
Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 02:17
Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Leif Erik Andersen (at Seven), 02:17
Sun single-CPU DOS, Doug Hughes, 02:17
Code Injection via Hidden Form Field Manipulation, mtoren, 02:17
Re: PHPBB 2.0.20 persistent issues with avatars, s89df987 s9f87s987f, 02:17
Re: Checkpoint SYN DoS Vulnerability, Erick Mechler, 02:17
Myspace Friend Train v2.8, luny, 02:17
Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability, gyzmo77, 02:17
Re:POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 02:16
Re: Is MS06-018 a DoS or a system compromise ?, Nick Boyce, 02:16
RE: Checkpoint SYN DoS Vulnerability, Sterling, Chuck, 02:16
Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 02:16
Re: Re: Checkpoint SYN DoS Vulnerability, jrh57, 02:16
POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 02:16
FrontRange iHeat Vulnerability, mcdanielar, 02:16
XSS in orkut.com, Rohin Koul, 02:16
Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, William Starling, 02:16
Gmail/Gtalk web client DoS, dan, 02:16
AspBB Forum "profile.asp & default.asp" XSS Vulnerability, TeufeL Online, 02:16
[Info Disclosure] Diesel PHP Job Site Latest Version, Matt Gibson, 02:16
[cosmoshop again] sql injection + view all files as admin user, innate, 02:16
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload, CodeScan Labs, 02:16
Re: Maksymilian Arciemowicz, frantisek holop, 02:16
[Full-disclosure] Multiple Vulns in Bitrix CMS, Gogi The Georgian, 02:16
Gawab.com Register Xss Bugtraq, rootter, 02:16
Wargamming Network.., Dusty, 02:16
RadLance Local Inclusion Exploit, Hussain Salim, 02:16
Re: The Weakness of Windows Impersonation Model, David Litchfield, 02:15
HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, h4cky0u . org, 02:15
OpenWiki<--v0.78 Cross-Site Scripting, LiNuX_rOOt1, 02:15
Boastmachine Cross Site Scripting Vulnerability, mail, 02:15
Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass, David Maciejak, 02:15
Mobotix IP Network Cameras Multiple XSS, jaime . blasco, 02:15
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 02:15
Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche, 02:15
DIMVA 2006 - Call For Participation, Thomas Biege, 02:15
[Full-disclosure] Two heap overflow in libextractor 0.5.13 (rev 2832), Luigi Auriemma, 02:15
Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Debasis Mohanty, 02:15
Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche, 02:15
VNC_bypauth: vnc scanner multithreaded linux & windows, ad@heapoverflow.com, 02:15
Newsportal <= 0.36 Remote File Inclusion Vulnerability, philipp . niedziela, 02:15
Re: Zen Cart login.php SQL Injection Vulnerability, noreply, 02:15
Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja, 02:15
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 02:15
Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 02:14
Maksymilian Arciemowicz, cxib, 02:14
[Full-disclosure] What's Up Professional Spoofing Authentication Bypass, Kenneth F. Belva, 02:14
Re: [Full-disclosure] security open source tools require, subhag ghosh, 02:14
[Full-disclosure] security open source tools require, adnan habib, 02:14
[Full-disclosure] iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@idefense.com, 02:14
[Full-disclosure] Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 02:14
vulnerability details, Arnold Grossmann, 02:14
Re: Checkpoint SYN DoS Vulnerability, Chris Brenton, 02:14
[Full-disclosure] ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen, 02:14
DeluxeBB <= v1.06 attachment mod_mime exploit, rgod, 02:14
Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 02:14
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure, rgod, 02:14
Re: Checkpoint SYN DoS Vulnerability, Pawel Worach, 02:14
[Full-disclosure] UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen, 02:14
The Weakness of Windows Impersonation Model, Brian L. Walche, 02:14
Caucho Resin Windows Directory Traversal Vulnerability, advisory, 02:14
Checkpoint SYN DoS Vulnerability, sanjay naik, 02:14
ScanAlert Security Advisory, Joseph Pierini, 02:14
Newsportal: code injection vulnerability, newsportal, 02:13
IceWarp Cross-Site Scripting(XSS), LiNuX_rOOt1, 02:13
Sphider Multiple Xss Vulnerabilities, Soothackers, 02:13
PhpRemoteView Multiple Xss Vulnerabilities, Soothackers, 02:13
[Full-disclosure] Re: RealVNC 4.1.1 Remote Compromise, Dave \"No, not that one\" Korn, 02:13
[Full-disclosure] re: RealVNC 4.1.1 Remote Compromise, plato, 02:13
RE: Is MS06-018 a DoS or a system compromise ?, Maxime Ducharme, 02:12
DeluxeBB 1.06 Remote SQL Injection Exploit, kingofska, 02:12
RE: Is MS06-018 a DoS or a system compromise ?, Hayes, Bill, 02:12
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability, geinblues, 02:12
Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9, David Maciejak, 02:12
Confixx 3.1.2 <= Code Injection, Snake_23, 02:12
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 02:12
Re: How secure is software X?, Matt . Carpenter, 02:12
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector), Leandro Meiners, 02:12
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector), Leandro Meiners, 02:12
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 02:12
tyree[at]users.sourceforge.net, tyree, 02:12
Azboard <= 1.0 Multiple Sql Injections, geinblues, 02:12
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit, rgod, 02:12
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop', KF (lists), 02:12
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection, bonsite, 02:12
90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat, 02:12
Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski, 02:12
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Joachim Schipper, 02:12
[Full-disclosure] [USN-284-1] Quagga vulnerabilities, Martin Pitt, 02:12
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Marc Schoenefeld, 02:12
Is MS06-018 a DoS or a system compromise ?, Nick Boyce, 02:12
[Full-disclosure] Novell NDPS Remote Vulnerability (Server & Client), Ryan Smith, 02:12
[Full-disclosure] [USN-274-2] MySQL vulnerability, Martin Pitt, 02:12
RE: Oracle - the last word, Iggy E, 02:11
Re: Firefox 1.5.0.3 - DoS, Ronald van den Blink, 02:11
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid), rgod, 02:11
Re: How secure is software X?, Fabian Becker, 02:11
Re: Re: Firefox 1.5.0.3 - DoS, Ronald, 02:11
RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Dixon, Wayne, 02:11
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Juha-Matti Laurio, 02:11
[Full-disclosure] RealVNC 4.1.1 Remote Compromise, James Evans, 02:11
[Full-disclosure] POC exploit for freeSSHd version 1.0.9, Tauqeer Ahmad, 02:10
Soho firewall - OpenWRT -WhiteRussian Question, jfvanmeter, 02:10
SQL-Injection in e107 allows attacker to become a site admininstrator, socsam, 02:10
[Full-disclosure] Re: How secure is software X?, Mike Hoskins, 02:10
Gphotos Directory Traversal and Cross Site Scripting, doz, 02:10

May 13, 2006

[Full-disclosure] Re: How secure is software X?, David Litchfield, 10:36
Re: Firefox 1.5.0.3 - DoS, marrob, 03:13
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Felipe openglx, 02:43
Re: modules name(Downloads)SQL Injection Exploit, znx, 01:43
Re: Oracle - the last word, Stefano Di Paola, 01:13
# MHG Security Team --- Gallery Upload Vulnerabilities, Dj_ReMix_20, 01:02
PHP Live Helper ASP(chat.php) XSS, mster-X, 00:42
Several flaws in e-business designer (eBD), Pedro AndÃjar, 00:32
Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski, 00:22
[Full-disclosure] [FLSA-2006:185355] Updated gnupg package fixes security issues, Marc Deslauriers, 00:12
[Full-disclosure] [FLSA-2006:164512] Updated fetchmail packages fix security issues, Marc Deslauriers, 00:12
[Full-disclosure] [FLSA-2006:152923] Updated xloadimage package fixes security issues, Marc Deslauriers, 00:12
[Full-disclosure] [FLSA-2006:152904] Updated ncpfs package fixes security issues, Marc Deslauriers, 00:12
[Full-disclosure] [FLSA-2006:152898] Updated emacs packages fix a security issue, Marc Deslauriers, 00:02
[Full-disclosure] [FLSA-2006:152868] Updated tetex packages fix security issues, Marc Deslauriers, 00:02
Ipswitch WhatsUp Professional multiple flaws, David Maciejak, 00:02

May 12, 2006

Re: Firefox 1.5.0.3 - DoS, Flavio Visentin, 23:42
Dovecot IMAP: Mailbox names list disclosure with mboxes, Timo Sirainen, 23:21
[Full-disclosure] Re: How secure is software X?, Paul B. Saitta, 22:21
Re: Re: Phil's Bookmark script admin By-pass, theproffx, 22:21
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba, 22:11
Dokeos LDAP hole fixed, thomas . depraetere, 21:40
RE: Oracle - the last word, Lee Kelly, 21:10
Re: phpBB "charts.php" XSS and SQL-Injection, g30rg3x, 21:00
[Full-disclosure] Socket unreachable in GNUnet rev 2780, Luigi Auriemma, 20:50
[Full-disclosure] Multiple vulnerabilities in Outgun 1.0.3 bot 2, Luigi Auriemma, 20:50
[Full-disclosure] Buffer-overflow and NULL pointer crash in Genecys 0.2, Luigi Auriemma, 20:40
[Full-disclosure] Server crash in Empire 4.3.2, Luigi Auriemma, 20:40
[Full-disclosure] Multiple vulnerabilities in Raydium rev 309, Luigi Auriemma, 20:40
PHPBB 2.0.20 persistent issues with avatars, rgod, 20:40
[Full-disclosure] RE: How secure is software X?, Ferguson, Justin (IARC), 20:19
Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode, 20:19
TSLSA-2006-0026 - kernel, Trustix Security Advisor, 19:19
[Full-disclosure] Re: How secure is software X?, Tim Newsham, 18:18
[Full-disclosure] Re: How secure is software X?, Adam Shostack, 18:18
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB], botan, 18:08
Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, marco . correnti, 18:08
Apple QuickDraw/QuickTime Multiple Vulnerabilities, Avert, 17:48
yet more XSS in older versions of ColdFusion, zuxncwaruio, 17:07
Re: Firefox 1.5.0.3 - DoS, RSnake, 16:47
Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability, jason . gerfen, 16:37
[Full-disclosure] SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure, Bernhard Mueller, 06:53
[Full-disclosure] Apple QuickTime udta ATOM Heap Overflow, Sowhat, 02:20
Re: [Full-disclosure] How secure is software X?, David Litchfield, 01:50
Re: [Full-disclosure] How secure is software X?, Michael Silk, 01:30
[Full-disclosure] How secure is software X?, David Litchfield, 01:20
[Full-disclosure] Kenshoto Report: IIS 6.0 Remote Exploit PoC, Kenshoto CTF, 01:10

May 11, 2006

[Full-disclosure] ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability, zdi-disclosures, 22:28
phpBB "charts.php" XSS and SQL-Injection, sn4k3 . 23, 21:58
[Full-disclosure] [EEYEB-20060307] Apple QuickTime FPX Integer Overflow, eEye Advisories, 21:48
Verizon Voicewing and Linksys PAP2-VN, securityfocus, 21:28
Microsoft MSDTC NdrAllocate Validation Vulnerability, avert, 19:27
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 18:36
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion, rgod, 17:56
RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, John Stuppi (jstuppi), 16:45
Re: Oracle - the last word, Steven M. Christey, 16:45
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities, security, 16:25
Re: vbulletin security Alert, scott, 16:25
[Full-disclosure] [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen, 15:35
[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution (2), Thierry Zoller, 13:43
[Full-disclosure] RE: Oracle - the last word, Joseph Finley, 07:50
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, Greg owens, 01:18
Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski, 00:48

May 10, 2006

Kerio WinRoute Firewall Protocol Inspection Denial, SnoBMSN, 22:47
[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL, 48Bits.com [I+D Team], 21:56
vbulletin security Alert, aura, 21:16
Re: modules name(Downloads)SQL Injection Exploit, Paul Laudanski, 20:26
Re: Firefox 1.5.0.3 code execution exploit, Ismail Donmez, 20:05
PhpListPro 2.01 Remote File Include Vulnerability, SnoBMSN, 19:45
Re: Firefox 1.5.0.3 - DoS, Chris Horry, 19:25
[Full-disclosure] ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability, zdi-disclosures, 19:05
mybb v1.1.1(showthread.php) SQL Injection Exploit, Breeeeh, 18:55
Firefox 1.5.0.3 - DoS, p4 . werterxyz, 18:35
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Hugo van der Kooij, 18:15
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities, security, 17:54
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Giancarlo Razzolini, 17:34
UBlog Remote XSS Exploit, SnoBMSN, 17:24
Re: Firefox 1.5.0.3 code execution exploit, Daniel Veditz, 17:14
Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Maksymilian Arciemowicz, 16:54
Re: Milliscript 1.4 Multiple Vulnerabilities, webmaster, 16:34
Re: Firefox 1.5.0.3 code execution exploit, Flavio Visentin, 16:24
Re: Firefox 1.5.0.3 code execution exploit, Juha-Matti Laurio, 16:04
Re: Firefox 1.5.0.3 code execution exploit, James_gmail-ij, 15:54
Re: tseekdir.cgi<--Local File Include, Steven M. Christey, 15:54
Hackmaster Group DMCounter Remote File Include, c-w-m, 15:13
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability, security, 14:13
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code, Brian Gallagher, 13:52
[Full-disclosure] [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow, Sune Kloppenborg Jeppesen, 04:48
[Full-disclosure] [ GLSA 200605-11 ] Ruby: Denial of Service, Sune Kloppenborg Jeppesen, 04:48
[Full-disclosure] [ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution, Sune Kloppenborg Jeppesen, 04:18
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities, Dj_ReMix_20, 02:57
[Full-disclosure] Oracle - the last word, David Litchfield, 01:57
IBM Websphere Application Server Multiple Vulnerabilities, SnoBmsn, 01:06
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Thierry Zoller, 00:36

May 09, 2006

Re: Phil's Bookmark script admin By-pass, Steven M. Christey, 21:55
[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution, Thierry Zoller, 21:34
[Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode, 21:24
Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, Thilo Schulz, 20:54
IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba, 20:34
[Full-disclosure] ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability, zdi-disclosures, 19:33
[Full-disclosure] [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow, eEye Advisories, 19:23
[Full-disclosure] [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service, eEye Advisories, 19:23
Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, Andrea Rimicci, 19:03
# MHG Security Team --- DuGallery V2.x SQL Injection, Dj_ReMix_20, 18:32
plaNetStat Admin ByPass, alp_eren, 15:00
# MHG Security Team --- OzzyWork Gallery SQL Injection, Dj_ReMix_20, 14:30
tseekdir.cgi<--Local File Include, BoNy-m, 14:00
Re: ISA Server 2004 Log Manipulation, Steven M. Christey, 13:39
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 13:19
[Full-disclosure] ICQ Client Cross-Application Scripting (XAS), 3APA3A, 09:47

May 08, 2006

Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, Matthew Cerha, 22:02
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, Matthew Cerha, 21:12
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities, rgod, 20:41
SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, research, 20:41
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability, admin, 20:21
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago, 20:11
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, VSR Advisories, 19:30
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 18:19
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 18:19
Re: Invision Community Blog .. Bugs, mattmecham, 17:49
[Kurdish Security # 5] phpRaid Remote File Include [SMF], botan, 17:39
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB), botan, 17:29
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, infocus, 17:19
singapore v0.9.7 XSS Vulnerabilities, alp_eren, 17:09
Claroline Open Source e-Learning 1.7.5 Remote File Include, beford, 17:09
[Full-disclosure] [ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 16:58
Multiple Vulnerabilities In IdealBB ASP Bulletin Board, CodeScan Labs, 16:58
Dokeos Learning Management System 1.6.4 Remote File Include, beford, 16:48
[Full-disclosure] [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Thierry Carrez, 16:48
CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability, Williams, James K, 16:38
Re: BankTown's ActiveX Buffer Overflow Vulnerability, lkh1348, 16:18
AngelineCMS Multiple Vulnerabilities, admin, 16:08
[Full-disclosure] ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability, zdi-disclosures, 15:38
[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack, addmimistrator, 15:38
OpenEngine (PHP CMS), ck, 15:28
Phil's Bookmark script admin By-pass, alp_eren, 15:07
Limbo CMS (option=weblinks) SQL injection exploit, SnoBMSN, 14:57
X-POLL admin By-Pass, alp_eren, 14:47
[Full-disclosure] [USN-283-1] MySQL vulnerabilities, Martin Pitt, 12:26
[Full-disclosure] [USN-282-1] Nagios vulnerability, Martin Pitt, 09:55

May 07, 2006

[Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen, 17:48

May 06, 2006

Re: ISA Server 2004 Log Manipulation, Thor (Hammer of God), 23:40
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump, 23:20
URL Bug On 1ASPHost and DomainDLX Hosting Services, spymeta, 23:10
Re: ISA Server 2004 Log Manipulation, Shaun Colley, 22:50
Firefox 1.5.0.3 code execution exploit, yesn, 22:40
phpBB 2.0.20 Full Path Disclosure and SQL Errors, cxib, 22:20
Re: Re: Invision Gallery 2.0.6 ( SQL Injection ), an0n, 22:10
Intel wireless service s24evmon.exe confidential information disclosure., ruben, 22:10
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Tonnerre Lombard, 22:00
Alexadex.com players.py XSS Exploit, skinnypuppy, 22:00
Re: DB_eSession deleteSession() SQL injection, interact, 18:58
X7Chat <= 2.0.2 avatar XSS injection, zerogue, 18:48
WebsiteBaker CMS lack of sanitizing, zerogue, 18:38
VisionSource CMS <= 0.6 XSS vectors, zerogue, 18:28
PassMasterFlex (and PassMasterFlex+) XSS injection, zerogue, 17:58
myBloggie <= 2.1.3 XSS, zerogue, 16:47
FlexCustomer <= 0.0.4 sql injection, zerogue, 16:37
[Full-disclosure] [ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution, Thierry Carrez, 16:37
ChipmunkBoard Multiple Attack vectors, zerogue, 15:57
ChipmunkBlogger improper input sanitizing, zerogue, 15:46
JetBox CMS Remote File Include, beford, 15:36
OpenFAQ - HTML injection and XSS (Cross Site Scripting), Kamil Sienicki, 15:06
[Full-disclosure] [ GLSA 200605-05 ] rsync: Potential integer overflow, Sune Kloppenborg Jeppesen, 04:02

May 05, 2006

TSLSA-2006-0024 - multi, Trustix Security Advisor, 18:37
Cryptomathic ActiveX Buffer Overflow (TDC Digital signature), CIRT.DK Advisory, 18:27
Re: WebCalendar User Account Enumeration Weakness, David Maciejak, 17:57
SaPHPLesson 3.0 Multbugs, o . y . 6, 17:47
Invision Community Blog .. Bugs, o . y . 6, 17:47
Re: ISA Server 2004 Log Manipulation, beSIRT, 17:36
Re: ISA Server 2004 Log Manipulation, Steven M. Christey, 17:26
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability, security, 17:16
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Kurt Seifried, 17:06
CuteNews 1.4.1 Multiple vulnerabilities, k4p0k4p0, 16:56
modules name(Downloads)SQL Injection Exploit, Mster-X, 16:46
modules name(Sections)SQL Injection Exploit, Mster-X, 16:36
WebCalendar User Account Enumeration Weakness, David Maciejak, 15:45
[Full-disclosure] Idle scan rediscovered!!!, Joel Jose, 14:45

May 04, 2006

foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???), Michael Shigorin, 22:58
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Joachim Schipper, 22:48
Re: Dynamic Evaluation Vulnerabilities in PHP applications, Michael Schlenker, 22:38
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, leonleon77, 22:18
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability, rewterz, 17:56
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret, 17:46
libero.it XSS vulnerability - HTML injection, Davide Denicolo, 17:36
[Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret, 17:25
321soft PhP Gallery 0.9 - directory travel & XSS, d4igoro, 16:35
Fast Click <= 2.3.8 Remote File Inclusion, Aminrayden, 16:15
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion, Aminrayden, 16:05
zawhttpd - Buffer Overflow, Kamil Sienicki, 15:55
PunBB 1.2.11 Cross-Site Scripting, o . y . 6, 15:45
CuteGuestbook XSS attack, omnipresent, 15:35
[Full-disclosure] bigwebmaster guestbook multiply XSS, Javor Ninov, 15:25
Re: Invision Gallery 2.0.6 ( SQL Injection ), mattmecham, 15:25
[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability, rewterz, 15:25
Re: Invision Power Board v2.1.5 Remote SQL Injection, mattmecham, 15:15
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 15:04
ISA Server 2004 Log Manipulation, beSIRT, 15:04
[Full-disclosure] [USN-280-1] X.org server vulnerability, Martin Pitt, 08:10
[Full-disclosure] [USN-281-1] Linux kernel vulnerabilities, Martin Pitt, 08:10

May 03, 2006

Re: Ejabberd : Symlink vulnerability during installation process, mickael . remond, 21:05
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, David F. Skoll, 20:55
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities, security, 20:14
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump, 19:24
Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication., gdehanot, 19:14
[Full-disclosure] BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park, 17:53
Re: FTP Fuzzer, Alexey Biznya, 16:32
[Full-disclosure] [USN-279-1] libnasl/nessus vulnerability, Martin Pitt, 16:02
[Full-disclosure] [USN-278-1] gdm vulnerability, Martin Pitt, 15:52
Re: [Full-disclosure] RE: Oracle, where are the patches???, Cesar, 15:32
Dynamic Evaluation Vulnerabilities in PHP applications, Steven M. Christey, 15:21
[Full-disclosure] [USN-277-1] TIFF library vulnerabilities, Martin Pitt, 14:41
SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023), Ludwig Nussel, 14:21
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability, security, 13:30
[Full-disclosure] BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park, 09:58
[Full-disclosure] [USN-276-1] Thunderbird vulnerabilities, Martin Pitt, 08:57
[Full-disclosure] Re: Quagga RIPD unauthenticated route injection, Paul Jakma, 07:47
[Full-disclosure] Quagga RIPD unauthenticated route injection, Konstantin V. Gavrilenko, 00:54
[Full-disclosure] Quagga RIPD unauthenticated route table broadcast, Konstantin V. Gavrilenko, 00:54

May 02, 2006

[Full-disclosure] RE: Oracle, where are the patches???, Kornbrust, Alexander, 18:52
[Full-disclosure] Hola Distro Help me, Edgardo Zavala, 18:52
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution., Stefano Di Paola, 18:22
MySQL Anonymous Login Handshake - Information Leakage., Stefano Di Paola, 18:11
Oracle, where are the patches???, David Litchfield, 18:01
Invision Gallery 2.0.6 ( SQL Injection ), o . y . 6, 17:51
[Full-disclosure] [ GLSA 200605-04 ] phpWebSite: Local file inclusion, Sune Kloppenborg Jeppesen, 17:41
TyroCms beta V1.0 multiple XSS injections, zerogue, 17:41
[Full-disclosure] [ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam, Sune Kloppenborg Jeppesen, 17:41
[Full-disclosure] [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension, Sune Kloppenborg Jeppesen, 17:31
Russcom.net Loginphp multiple vulnerabilties, zerogue, 17:31
FileProtection Express <= 1.0.1 authentification bypass, zerogue, 17:21
SF-Users V1.0 XSS injection, zerogue, 17:21
Cmscout <= V1.10 multiple XSS attack vectors, zerogue, 17:11
sBlog SQL Injection and Path Disclosure Vulnerability, admin, 17:01
geoBlog Mutiple XSS Vulnerability, admin, 16:51
Ejabberd : Symlink vulnerability during installation process, Julien L., 16:41
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck, 16:31
X7 Chat <=2.0 remote commands execution, rgod, 16:10
JSBoard XSS vulnerability, Alexander Klink, 16:00
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability, security, 15:50
VHCS --- Virtual Hosting Control System Cross Site Scripting, outlaw, 15:40
FTP Fuzzer, infocus, 15:30
[Full-disclosure] Oracle, where are the patches???, David Litchfield, 14:29
Re: Poll: Emerging Threats, Jon R. Kibler, 01:33

May 01, 2006

RE: Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo, 21:32
Re: CoolMenus Event Remote File Inclusion exploit, Steven M. Christey, 21:02
Blog Mod <= 0.2.x SQL Injection, qex, 19:10
XINE format string bugs when handling non existen file, king_purba, 19:00
CoolMenus Event Remote File Inclusion exploit, AminRayden, 18:50
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N, AminRayden, 18:40
OpenBB 1.0.8 Full Path Disclosure, o . y . 6, 18:10
Invision Power Board v2.1.5 Remote SQL Injection, o . y . 6, 18:10
4images<-- 1.7.1 SQL Injection, CrAzY . CrAcKeR, 18:00
Thyme 1.3 Cross Site Scripting, outlaw, 17:50
Image file crashes Finder, Safari and other apps, cmertes, 17:39
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, buggy, 17:19
Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 16:59
free-php.net Poll 1.0 admin login, tugr, 16:49
planetGallery admin login, tugr, 16:39
JMK's Picture Gallery admin login, alp_eren, 16:29
DMCounter Remote File Include, beford, 16:19
[Full-disclosure] [ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow, Sune Kloppenborg Jeppesen, 13:37