Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

August 31, 2006

Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability, maric_sasa, 22:10
Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ), do, 21:50
rPSA-2006-0162-1 kernel, rPath Update Announcements, 21:40
[ISR] - IBM eGatherer ActiveX Code Execution PoC, Francisco Amato, 21:30
ModuleBased CMS alfa 1 Multiple Remote File Inclusion, amir . scorpino, 21:20
Pheap CMS<= (lpref) Remote File Inclusion Exploit, SHiKaA-, 21:09
Re: Re: BlackBoard Multiple Vulnerabilities (XSS), Pr070n, 20:49
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug, security, 19:59
[Full-disclosure] Compression Plus and Tumblweed EMF Stack Overflow, Michael Hale Ligh, 19:29
AW: AW: JetBox cms (search_function.php) Remote File Include, Frank Reißner, 17:37
Membrepass v1.5 Php code execution, Xss, Sql Injection, gmdarkfig, 17:07
Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list, Design Properly, 16:57
[ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities, security, 16:37
XXS in learncenter.asp, exe_crack, 16:37
New NT4/Windows botnet reported, Juha-Matti Laurio, 16:17
[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion, erdc, 15:26
Re: JetBox cms (search_function.php) Remote File Include, Steven M. Christey, 15:16
[ MDKSA-2006:157 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities, security, 15:06
[KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack, addmimistrator, 05:02
Hackers to Hackers Conference III - Call for Papers, Rodrigo Rubira Branco (BSDaemon), 04:52
feedsplitter considered harmful, jon, 04:42
[Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list, Design Properly, 03:41
[Full-disclosure] rPSA-2006-0161-1 libmusicbrainz, rPath Update Announcements, 02:51

August 30, 2006

[KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack, addmimistrator, 20:49
osCommerce < 2.2 Milestone 2 060817 POC Exploit, s10242006, 19:58
ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS, gmdarkfig, 19:38
Re: JetBox cms (search_function.php) Remote File Include, Carsten Eilers, 19:28
[KAPDA::#56] - FREEKOT SQL Injection Vulnerability, farhadkey, 17:57
XSS in HLstats 1.34, MC Iglo, 17:37
Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed, Blwood, 17:26
IwebNegar v1.1 Multiple vulnerabilities, Hessamx, 17:06
Ezportal/Ztml v1.0 Multiple vulnerabilities, Hessamx, 16:56
SQL-Ledger serious security vulnerability and workaround, chris, 16:46
Re: AW: JetBox cms (search_function.php) Remote File Include, Steven M. Christey, 16:26
InfoSec Paper: Creating Business Through Virtual Trust, Kenneth F. Belva, 16:16
Re: CuteNews 1.3.* Remote File Include Vulnerability, Carsten Eilers, 15:56
Re: Jupiter CMS 1.1.5 index.php Remote File Include, Carsten Eilers, 15:46

August 29, 2006

Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion, x0r0n, 23:29
DUpoll 3.1 security alert, bozkurtserdar, 22:08
[Full-disclosure] Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability, Joe Feise, 21:48
JS ASP Faq Manager v1.10 sql injection, ali, 19:16
Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ), h4ck3riran, 18:56
Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ), h4ck3riran, 18:46
e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution, rgod, 18:26
AW: JetBox cms (search_function.php) Remote File Include, Frank Reißner, 18:06
CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow, Mariano Nuñez Di Croce, 17:56
LinksCaffe no checker at admin, hoangyenxinhdep, 17:36
[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability, security, 17:26
[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities, security, 17:05
[ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities, security, 16:45
SYMSA-2006-009, research, 15:45
[Full-disclosure] rPSA-2006-0159-1 ImageMagick, Justin M. Forbes, 14:44
[Full-disclosure] [ GLSA 200608-28 ] PHP: Arbitary code execution, Raphael Marichez, 14:34
[Full-disclosure] [ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities, Raphael Marichez, 14:24
[Full-disclosure] [ GLSA 200608-27 ] Motor: Execution of arbitrary code, Raphael Marichez, 14:24

August 28, 2006

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability, Udo Sprotte, 22:38
Possible Myspace Worm, mjw, 21:47
Re: Another YabbSE Remote Code Execution Vulnerability, wiziwig, 21:27
JetBox cms (search_function.php) Remote File Include, carcabotx, 19:16
interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability, carcabotx, 19:06
[Full-disclosure] [ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations, Raphael Marichez, 16:14
[Full-disclosure] InfoSec Paper: Creating Business Through Virtual Trust, Kenneth F. Belva, 15:54
[XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability, nop, 15:34

August 26, 2006

[Full-disclosure] AttackAPI 0.5 (JavaScript tools), pdp (architect), 23:17
[Full-disclosure] Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability, Eloy Paris, 23:17
[Snort-users] IBM did not invent the PC nor the IDS, Michael Scheidell, 19:15
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities, matdhule, 16:04
Cisco NAC Appliance Agent Installation Bypass Vulnerability, Andreas Gal, 16:04
Suggested Fix for CVE-2006-4299, Michael Jennings, 15:54
Jetbox CMS search_function.php Remote File, D3nGeR, 15:44
Jupiter CMS 1.1.5 index.php Remote File Include, D3nGeR, 15:24
Bigace 1.8.2 (GLOBALS) Remote File Inclusion, vampire_chiristof, 15:24
Sql injection in Xoops, Omid, 15:14
AlstraSoft Video Share Enterprise Remote File Include Vulnerability, night_warrior-, 15:14
Sql injection in Mambo & Joomla, Omid, 15:04
MyBB Html Injection ( XSS ), Redworm, 14:53
[ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities, security, 14:43
[Full-disclosure] [ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows, Raphael Marichez, 11:32

August 25, 2006

[Full-disclosure] New honeypots, Joxean Koret, 22:27
[Full-disclosure] Re: Re: Security researcher, Denis Jedig, 20:56
CuteNews 1.3.* Remote File Include Vulnerability, stormhacker, 20:36
[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities, security, 20:06
Re: [Full-disclosure] Re: Security researcher, Thierry Zoller, 19:56
[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities, security, 18:05
Re: Symantec Gateway Security DNS exploit, axel, 16:24
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability, Kuon_at_Armorize_dot_com, 16:14
Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities, Krulewitch, Sean V, 16:04
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED], FreeBSD Security Advisories, 15:54
TSLSA-2006-0048 - multi, Trustix Security Advisor, 15:44
NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability, NSFOCUS Security Team, 15:34
Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11), Matt Riddell (IT), 15:23
Re: [eVuln] B-net Software Multiple XSS Vulnerabilities, anon, 15:03
[Full-disclosure] rPSA-2006-0158-1 tshark wireshark, Justin M. Forbes, 03:49
[Full-disclosure] rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, Justin M. Forbes, 03:49
Re: contentpublisher Mambo Component Remote File Include Vulnerabilities, Carsten Eilers, 00:07

August 24, 2006

pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability, x0r0n, 23:57
[ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities, security, 23:27
[ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities, security, 22:16
EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability, Marc Maiffret, 19:25
Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include, Carsten Eilers, 19:15
Re: Mambo Component - EstateAgent Remote File Inclusion, Carsten Eilers, 17:54
Re: PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability, Carsten Eilers, 17:34
[Full-disclosure] [ GLSA 200608-23 ] Heartbeat: Denial of Service, Sune Kloppenborg Jeppesen, 17:24
Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2), Carsten Eilers, 17:14
Re: Directory Traversal vulnerability in IPCheck Monitor Server, support, 16:54
Re: Opsware NAS 6.0 reveals MySQL 'root' password, danil9470, 16:13
Re: Joomla RFİ ( ERNE ), Carsten Eilers, 15:43
Re: Modification For OpenSEF Remote file Inclusion, Carsten Eilers, 15:23
Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI, 15:02
Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities, Mustafa Can Bjorn IPEKCI, 14:42
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp, FreeBSD Security Advisories, 14:32
[Full-disclosure] Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities, Stefan Esser, 11:51
[Full-disclosure] Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities, Mustafa Can Bjorn IPEKCI, 08:30
[Full-disclosure] Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI, 08:30

August 23, 2006

[Full-disclosure] [ GLSA 200608-22 ] fbida: Arbitrary command execution, Raphael Marichez, 19:04
[Full-disclosure] [ GLSA 200608-21 ] Heimdal: Multiple local privilege escalation vulnerabilities, Raphael Marichez, 19:04
[Full-disclosure] New malware names and updates to PowerPoint FAQ document, Juha-Matti Laurio, 18:43
Bugtraq ID: 18402, The Cute Group, 18:33
RE: Symantec Gateway Security DNS exploit, Pretorius, Wynand (ZA - Johannesburg), 18:03
AW: Symantec Gateway Security DNS exploit, Andre Braun, 17:53
Re: BlackBoard Multiple Vulnerabilities (XSS), C. Hamby, 15:32
Re: BlackBoard Multiple Vulnerabilities (XSS), pr0t0n, 15:22
Symantec Gateway Security DNS exploit, Gianstefano Monni, 15:02
faille include in "VeriTECH" isreal, king-hacker, 01:06
[ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities, security, 00:25
Re: anjel Mambo Component Remote File Include, Carsten Eilers, 00:15
Re: discloser 0.0.4 Remote File Inclusion (with Exploit), Carsten Eilers, 00:05

August 22, 2006

BlackBoard Multiple Vulnerabilities (XSS), Pr070n, 23:55
PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2), D3nGeR, 23:45
PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability, D3nGeR, 23:15
Re: mambo-phphop Product Scroller Module R.F.I, Carsten Eilers, 22:55
Tons of SQL-injections and XSS in Eichhorn Portal and vendor page, MC Iglo, 22:45
Symantec Enterprise Security Manager Denial-of-Service Vulnerability, Avert, 22:25
Linux Kernel SCTP Privilege Elevation Vulnerability, Avert, 22:14
(exploit) firefox 1.5.0.6 linux DoS, tomas, 22:04
Re: mtg_myhomepage Component For Mambo R.F.I, Carsten Eilers, 21:54
Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln, Jan de Groot, 21:44
unauthorized VNC access in AK-Systems Windows Terminals, Victor Sudakov, 21:24
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability, Carsten Eilers, 21:14
Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability, Carsten Eilers, 21:04
Simple Machines Forum <=1.1RC2 unset() vulnerabilities, rgod, 20:44
Major updates in PowerPoint FAQ document - not a 0-day issue, Juha-Matti Laurio, 20:34
EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable, Marc Maiffret, 20:14
Simpliciti Locked Browser Jail Breakout Vulnerability, dc, 16:32
Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug, dkabs, 16:12
TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities, TTG, 15:32
[ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 15:21
MDaemon POP3 server remote buffer overflow (preauth), infocus, 15:01
[ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities, security, 14:51

August 21, 2006

[ MDKSA-2006:144 ] - Updated php packages fix vulnerability, security, 22:35
[Full-disclosure] MS PowerPoint 0-day FAQ updated, CVE added, Juha-Matti Laurio, 22:15
DieselPay İndex.php Cross-Site Scripting Vulnerability, night_warrior-, 19:54
Smart Traffic Remote File Include Vulnerability, night_warrior-, 19:43
Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability, night_warrior-, 19:33
Diesel Job Site forgot.php Cross-Site Scripting, night_warrior-, 19:13
SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit, ChironeX . FleckeriX, 19:03
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, securityfocus, 18:43
[XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability, nop, 18:33
ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include, h4ck3riran, 18:33
Mambo Component - EstateAgent Remote File Inclusion, Outlaw, 18:13
DoS 2wire Gateway, preth00nker, 17:52
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln, Outlaw, 17:42
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln, Outlaw, 17:32
[XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability, nop, 17:02
Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation, Henry Jensen, 16:41
WoltLab Burning Board 2.3.5(WBB) in XSS, ZeberuS, 15:51
LBlog <= "comments.asp" SQL Injection Exploit, ChironeX . FleckeriX, 15:41
POC & exploit for Apache mod_rewrite off-by-one, Jacobo Avariento, 15:31

August 20, 2006

[Full-disclosure] New PowerPoint 0-day and Trojan - FAQ document ready, Juha-Matti Laurio, 23:04

August 19, 2006

XennoBB <= 2.2.1 "icon_topic" SQL Injection, c . boulton, 22:04
Mambo com_cropimage 1.0 Component Remote Include Vulnerability, x0r0n, 21:04
Mambo CatalogShop Remote File Inclusion, Outlaw, 20:34
[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability, botan, 19:33
Ako Comments (mod) Remote File Inclusion, Outlaw, 18:33
Modification For OpenSEF Remote file Inclusion, Outlaw, 17:12

August 18, 2006

Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit), dr . t3rr0r1st, 22:43
Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski, 22:23
Sonium Enterprise Adressbook Version 0.2 (folder) RFI, philipp . niedziela, 22:13
Joomla RFİ ( ERNE ), erne, 22:02
[KAPDA::#55] - Joomla poll component vulnerability, alireza hassani, 22:02
Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability, camino, 21:26
Re: UPDATE vBulletin Version 3.5.4 exploit, scott, 21:16
Re: Concurrency-related vulnerabilities in browsers - expect problems, mannion, 20:56
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino, 20:46
Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability, bilkopat, 19:25
Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), naveed, 18:34
contentpublisher Mambo Component Remote File Include Vulnerabilities, crackers_child, 18:24
OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS, vampire_chiristof, 17:54
RE: Security contact from Critical Path Inc, Tony Maupin, 17:44
UPDATE vBulletin Version 3.5.4 exploit, dicomdk, 17:34
RE: Google Picasa Listening on Port 80?, Kameron Gasso, 17:13
Re: [Full-disclosure] Re: when will AV vendors fix this???, Paul Schmehl, 17:03
Multiple xxs cPanel 10, preth00nker, 16:53
Mambo jim Component Remote Include Vulnerability, x0r0n, 16:12
Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability, David Matousek, 16:02
mambo-phphop Product Scroller Module R.F.I, Outlaw, 15:52
anjel Mambo Component Remote File Include, crackers_child, 15:32
Joomla Rssxt <= 1.0 Remote File Include Vulnerability, crackers_child, 15:32
Joomla x-shop <= 1.7 Remote File Include Vulnerability, crackers_child, 15:12
mtg_myhomepage Component For Mambo R.F.I, Outlaw, 15:11
Secunia Research: AOL Insecure Default Directory Permissions, Jakob Balle, 15:01
ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added, h1kari@toorcon.org, 14:51
RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), Marc Maiffret, 14:01
Re: Dates Correction - World Summit on Intrusion Prevention, May 8-9, 2007, wsip, 14:01
[Full-disclosure] Call for Papers: Security OPUS conference - San Francisco, Ca October 4-5, Richard Lindberg, 11:19
[Full-disclosure] Yahoo! Research Multiple vulnerabilites, simo, 08:07
[XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability, nop, 00:12

August 17, 2006

Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege, secure, 22:40
[Full-disclosure] RE: World Summit on Intrusion Prevention, Anthony J Biacco, 22:20
[ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities, security, 22:10
[security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS), security-alert, 21:59
[Full-disclosure] Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski, 21:59
powergap <= (s0x.php) Remote File Inclusion, saudi . unix, 20:59
[Full-disclosure] RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Michael Wojcik, 20:18
Re: discloser 0.0.4 Remote File Inclusion (with Exploit), Carsten Eilers, 19:48
UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities, Tom Yu, 19:38
World Summit on Intrusion Prevention, wsip, 19:17
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Steven M. Christey, 19:17
CubeCart <= 3.0.11 SQL injection & cross site scripting, rgod, 19:17
[XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability, nop, 19:17
Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, nareshhacker, 19:17
Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA, Richard Lindberg, 19:17
discloser 0.0.4 Remote File Inclusion (with Exploit), dr . t3rr0r1st, 14:52
[Full-disclosure] [USN-337-1] imagemagick vulnerability, Martin Pitt, 14:11
[Full-disclosure] [USN-336-1] binutils vulnerability, Martin Pitt, 14:11
[Full-disclosure] Telmex Advisory, Luis Alberto Cortes Zavala, 14:11
Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow, Daniel Kobras, 14:11
Reporter Mambo Component Remote File İnclude, crackers_child, 14:11
SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege, Mike Prosser, 14:11
[Full-disclosure] [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability, eEye Advisories, 14:11
Re: MS Terminal Server application session breakout, Thor (Hammer of God), 14:11
[Full-disclosure] PBNJ 2.02 - a suite of tools to monitor changes on a network over time., Joshua D. Abraham, 14:11
Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Pascal Meunier, 14:11
[ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities, security, 14:11
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)", Amit Klein (AKsecurity), 14:10
[Full-disclosure] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 14:10
[security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS), security-alert, 14:10
ShockwaveFlash 9 (Stack overflow), Mr . Niega, 14:10
MS Terminal Server application session breakout, pedantic1, 14:10
Mambo com_lm component (archive.php) Remote File Include Vulnerabilities, crackers_child, 14:10
Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, tinywebgallery, 14:10
Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, Joe Orton, 14:10
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue., root, 14:10
[Full-disclosure] [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing, Marc Ruef, 14:10
[Full-disclosure] [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting, Marc Ruef, 14:10
[Full-disclosure] [USN-335-1] heartbeat vulnerability, Martin Pitt, 14:10
[Full-disclosure] [USN-334-1] krb5 vulnerabilities, Martin Pitt, 14:10
[Full-disclosure] Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool, 14:09
CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service, Core Security Technologies advisories, 14:09
JavaScript Lazy Authorization Forcer and Visited Link Scaner, pdp (architect), 14:09
fusionnews 3,7 Remote File Inclusion, Outlaw, 14:09
otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln, vampire_chiristof, 14:09
Lizge V.20 Web Portal File Include Vulnerability, crackers_child, 14:09
Koobi Pro CMS 5.6 SQL injection & XSS, vampire_chiristof, 14:09
[security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS), security-alert, 14:09
[Full-disclosure] Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski, 14:09
[XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability, nop, 14:09
[XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability, nop, 14:09
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers, 14:09
[XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability, nop, 14:09
Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), Gerardo Richarte, 14:09
local file include in PHP-Nuke (autohtml.php), MosT3mR, 14:09
Re: [Full-disclosure] RE: when will AV vendors fix this???, Bipin Gautam, 14:09
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, Carsten Eilers, 14:08
[ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability, security, 14:08
[ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability, security, 14:08
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Steven M. Christey, 14:08
Security contact from Critical Path Inc, Guillermo Marro, 14:08
Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, istgha, 14:08
Re: RE: linksys WRT54g authentication bypass, gooorguss, 14:08
Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 14:08
Opera 9 Remote Denial of Service, NNP, 14:08
Multiple Arbitrary File Access (Write/Read) Vulnerabilities, NGSSoftware Insight Security Research, 14:08
RE: linksys WRT54g authentication bypass, TeamXMM Consulting, Inc., 14:08
Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities, x0r0n, 14:08
Multiple Buffer Overflow Vulnerabilities in Informix, NGSSoftware Insight Security Research, 14:08
(somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns, 14:08
Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities, matdhule, 14:08
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, noname, 14:08
osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed, vijay, 14:08
Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, mr, 14:07
Multiple Password Exposures Flaws, NGSSoftware Insight Security Research, 14:07
Local privilege Escalation in SmartLine DeviceLock 5.73, seppi, 14:07
Unauthorized Database Creation Privilege on Informix, NGSSoftware Insight Security Research, 14:07
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash, Amit Klein (AKsecurity), 14:07
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Michael Engert, 14:07
InfanView 3.98 (with plugins) - Access violation at processing images CUR files, sehato, 14:07
Multiple Arbitrary Command Execution Vulnerabilities, NGSSoftware Insight Security Research, 14:07
Arbitrary Library Loading in Informix, NGSSoftware Insight Security Research, 14:07
Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability, ss_team, 14:07
Kaspersky Anti-Hacker personal firewall unstealthy stealth mode, tbratusa, 14:07
HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution, security-alert, 14:07
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, Carsten Eilers, 14:07
RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Lance Seelbach, 14:07
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Allie Daneman, 14:07
Virtual War v1.5.0 SQL injection and XSS, vampire_chiristof, 14:07
BlaBla 4U XSS Vulnerabilite, vampire_chiristof, 14:07
Re: Yabb XSS - or NOT, Volker Tanger, 14:07
XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution, rgod, 14:06
SQLIDEBUG envariable overflow on Informix, NGSSoftware Insight Security Research, 14:06
Re: [Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL,, bugtraq, 14:06
Re: [Full-disclosure] RE: when will AV vendors fix this???, Paul Schmehl, 14:06
Google Picasa Listening on Port 80?, Geoff Vass, 14:06
Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, Carsten Eilers, 14:06
[Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL, F-Secure, eEye, Valery Marchuk, 14:06
[Full-disclosure] [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow, Damian Put, 14:06
[Full-disclosure] Re: when will AV vendors fix this???, Andreas Marx, 14:06
[ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability, erdc, 14:06
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, noname, 14:06
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers, 14:06
Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, Carsten Eilers, 14:06
Error logging buffer overflow in Informix, NGSSoftware Insight Security Research, 14:06
Informix Long Username Buffer Overflow Vulnerability, NGSSoftware Insight Security Research, 14:06
Informix - Discovery, Attack and Defense, David Litchfield, 14:06
Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, public, 14:06
[Full-disclosure] [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities, Raphael Marichez, 14:06
[Full-disclosure] RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 14:05
[Full-disclosure] Multiple buffer-overflows in libmusicbrainz 2.1.2, Luigi Auriemma, 14:05
RE: [Full-disclosure] Concurrency-related vulnerabilities in browsers -expect problems, Larry Seltzer, 14:05
Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities, Reversemode, 14:05
ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability, ScatterChat Advisories, 14:05
Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss, blood2_20032003, 14:05
(Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow, Secure, 14:05
Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, nukedx, 14:05
Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities, Benjamin Tobias Franz, 14:05
JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 14:05
Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski, 14:05
myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, sh3ll, 14:05
Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, sh3ll, 14:05
Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 14:05
Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), Martin Dipo Zimmermann, 14:05
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Yves Goergen, 14:04
SquirrelMail 1.4.8 released - fixes variable overwriting attack, Thijs Kinkhorst, 14:04
Nokia Browser Crash, qode, 14:04
VWar <= 1.50 R14 (n) Remote SQL Injection, brom0815, 14:04
wheatblog ُSession.php Remote File Inclusion, Outlaw, 14:04
Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, xvml, 14:04
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI, philipp . niedziela, 14:04
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, sh3ll, 14:04
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, sh3ll, 14:04
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Henry Sieff, 14:04
[Full-disclosure] rPSA-2006-0152-1 squirrelmail, Justin M. Forbes, 14:04
TSLSA-2006-0046 - multi, Trustix Security Advisor, 14:04
[security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert, 14:04
Security Vulnerability in Ruby on Rails 1.1.x, michael, 14:03
[security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert, 14:03
Re: linksys WRT54g authentication bypass, Ginsu Rabbit, 14:03
Re: linksys WRT54g authentication bypass, guant a, 14:03
Bypassing script filters with variable-width encodings, Cheng Peng Su, 14:03
RE: linksys WRT54g authentication bypass, Ginsu Rabbit, 14:03
RE: linksys WRT54g authentication bypass, Miguel Valentin, 14:03
[Full-disclosure] UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities, Raphael Marichez, 14:03
Re: linksys WRT54g authentication bypass, Rodrigo Barbosa, 14:03
Re: linksys WRT54g authentication bypass, Ginsu Rabbit, 14:03
RE: [Full-disclosure] RE: when will AV vendors fix this???, Dmitry Yu. Bolkhovityanov, 14:03
Re: linksys WRT54g authentication bypass, Nicholas Knight, 14:03
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, henry . sieff, 14:03
Security Contact, Sean Warnock, 14:03
Dragonfly CMS 9.0.6.1 and prior XSS, HeLiOsZ RooT, 14:03
Simple one-file GuestBook 1.0, omnipresent, 14:03
CGI Script Source Code Disclosure Vulnerability in Apache for Windows, susam . pal, 14:03
XennoBB <= "avatar gallery" Directory Transversal, c . boulton, 14:03
Virtual War v1.5.0 <= Sql Injection vuln., mfoxhacker, 14:03
Compersus ASP shopping cart <= DataBase Downloading vuln., mfoxhacker, 14:03
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, sh3ll, 14:03
InfanView 3.98 (with plugins) - Access violation at processing images ANI files, sehato, 14:03
Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, sh3ll, 14:03
Netgear FVG318 is vunerable to DOS attack, root, 14:03
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability, camino, 14:03
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, dm, 14:02
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service, Collin R. Mulliner, 14:02
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, Mariano Nuñez Di Croce, 14:02
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service, Mariano Nuñez Di Croce, 14:02
[Full-disclosure] [ GLSA 200608-19 ] WordPress: Privilege escalation, Raphael Marichez, 14:02
[Full-disclosure] [ GLSA 200608-18 ] Net::Server: Format string vulnerability, Sune Kloppenborg Jeppesen, 14:02
Directory Traversal vulnerability in IPCheck Monitor Server, auuw73, 14:02
[Full-disclosure] [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen, 14:02
[Full-disclosure] [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows, Sune Kloppenborg Jeppesen, 14:02
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, x0r0n, 14:02
Yabb XSS, Outlaw, 14:02
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection, simo64, 14:02
XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php), ratboy727, 14:02
[Full-disclosure] [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation, Raphael Marichez, 14:02
Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity), 14:01
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability, security, 14:01
Multiple buffer-overflows in AlsaPlayer 0.99.76, Luigi Auriemma, 14:00
[ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability, security, 14:00
[ISR] - Novell Groupwise Webaccess (Cross-Site Scripting), Francisco Amato, 14:00
[Full-disclosure] Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8, Luigi Auriemma, 14:00
[Full-disclosure] Latinchat Denial Of Service, Vicente Perez, 14:00
Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability, philipp . niedziela, 14:00
BlogHoster v2.2 Post Comment Html Injection, piiiiiii pppiiiiiiii, 14:00
CivicSpace Version 0.8.5 HTML injection, HeLiOsZ RooT, 14:00
[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability, security, 14:00
Assessment of Vista Kernel Mode Security, ATR-Bugtraq, 14:00
Latinchat Denial Of Service, Vicente Perez, 14:00
PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities, x0r0n, 14:00
SUSE Security Announcement: clamav (SUSE-SA:2006:046), Ludwig Nussel, 14:00
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow, pucik, 14:00
[Full-disclosure] rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, Justin M. Forbes, 14:00
[Full-disclosure] Re: TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability, Denis Jedig, 14:00
[Full-disclosure] more on browser trust, pdp (architect), 14:00
[Full-disclosure] [USN-333-1] libwmf vulnerability, Martin Pitt, 14:00
AW: Virtual War v1.5.0 Remote File Include (vwar_root), Frank Reißner, 13:59
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities, Tom Yu, 13:59
[Full-disclosure] Re: Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio, 13:59
MojoScripts' xss vulnerable, tugra, 13:59
unwrapping PL/SQL, pete, 13:59
Microsoft PowerPoint Malformed Record Memory Corruption, Sowhat, 13:59
phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability, tr_zindan, 13:59
[Full-disclosure] [ GLSA 200608-14 ] DUMB: Heap buffer overflow, Sune Kloppenborg Jeppesen, 13:59
docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability, x0r0n, 13:59
Archangel Weblog 0.90.02 and prior Multiple HTML injections, piiiiiii pppiiiiiiii, 13:59
[Full-disclosure] TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability, TSRT, 13:59
[Full-disclosure] TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability, TSRT, 13:59
[Full-disclosure] TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability, TSRT, 13:59
[Full-disclosure] ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen, 13:59
[Full-disclosure] ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability, zdi-disclosures, 13:59
[Full-disclosure] ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability, zdi-disclosures, 13:59
[Full-disclosure] TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities, TSRT, 13:58

August 08, 2006

[Full-disclosure] [ GLSA 200608-13 ] ClamAV: Heap buffer overflow, Matthias Geerdsen, 09:39
XSSing the Lan 3 (web trojans.. not a new idea), pdp (architect), 09:29
Re: [Full-disclosure] Attacking the local LAN via XSS, Dude VanWinkle, 08:59

August 07, 2006

[Full-disclosure] Re: when will AV vendors fix this???, Bipin Gautam, 21:44
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, sh3ll, 19:23
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs, 19:23
AUTODAFE: an Act of Software Torture [FUZZER], Martin Vuagnoux, 19:13
Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov, 19:03
Re: vbulletin 3.5.4 IE exploit xss, james, 19:03
RE: [Full-disclosure] RE: when will AV vendors fix this???, Thomas D., 18:33
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho, 18:03
Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, Mailinglists Address, 18:03
[Full-disclosure] rPSA-2006-0147-1 mysql mysql-bench mysql-server, Justin M. Forbes, 17:53
[Full-disclosure] [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow, eEye Advisories, 17:42
simplog 0.9.3 and prior XSS, piiiiiii pppiiiiiiii, 17:12
DeluxeBB Multiple Vulnerabilities, darkz . gsa, 16:52
Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability, x0r0n, 16:52
RE: linksys WRT54g authentication bypass, Andy Meyers, 16:22
[Full-disclosure] Re: when will AV vendors fix this???, Paul Schmehl, 16:12
Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln., dinoboff, 16:01
linksys WRT54g authentication bypass, Ginsu Rabbit, 15:21
Re: [Full-disclosure] RE: when will AV vendors fix this???, Dude VanWinkle, 14:30
Virtual War v1.5.0 Remote File Include (vwar_root), AG Spider, 14:20
[vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability, vulnpost-remove, 14:20
[Full-disclosure] RE: when will AV vendors fix this???, Thomas D., 14:10
[Full-disclosure] Re: when will AV vendors fix this???, Bryan, 14:10
php local buffer underflow could lead to arbitary code execution, heintz, 14:10
[Full-disclosure] Re: when will AV vendors fix this???, Marius Huse Jacobsen, 14:00
[Full-disclosure] [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, Sune Kloppenborg Jeppesen, 13:40
[Full-disclosure] TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability, TSRT, 13:40
[Full-disclosure] TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability, TSRT, 13:40
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY, king_purba, 13:30
blur6ex 0.3 Comment title HTML inyection vuln., piiiiiii pppiiiiiiii, 13:09
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion, philipp . niedziela, 12:49
0-day XP SP2 wmf exploit (some details), cyanid-E, 12:49
SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion, chris_hasibuan, 12:29
[ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion, erdc, 12:19
0-day XP SP2 wmf exploit, cyanid-E, 12:19
SAPID CMS remote File Inclusion vulnerabilities, simo64, 12:09
XennoBB <= 2.1.0 "birthday" SQL injection, c . boulton, 11:59
Re: flatnuke <= 2.5.7 arbitrary php file upload, segatom, 11:49
XSS Vulnerability in FTD v3.7.3, try_og, 11:39

August 06, 2006

Re: [Full-disclosure] Re: when will AV vendors fix this???, <...>, 17:51
[Full-disclosure] [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure, Sune Kloppenborg Jeppesen, 15:50
[Full-disclosure] [ GLSA 200608-10 ] pike: SQL injection vulnerability, Sune Kloppenborg Jeppesen, 15:40
[Full-disclosure] Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006), Luigi Auriemma, 15:00
[Full-disclosure] [ GLSA 200608-09 ] MySQL: Denial of Service, Sune Kloppenborg Jeppesen, 15:00
[Full-disclosure] PHP: Zend_Hash_Del_Key_Or_Index Vulnerability, Stefan Esser, 14:09

August 05, 2006

MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure, rgod, 16:51
Tinyportal Shoutbox, exploitex, 11:59
vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit, addmimistrator, 11:39
[Full-disclosure] [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen, 06:47
[Full-disclosure] Re: when will AV vendors fix this???, Denis Jedig, 04:16
[Full-disclosure] when will AV vendors fix this???, Bipin Gautam, 02:55

August 04, 2006

[Full-disclosure] [ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 18:22
[Full-disclosure] Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio, 17:51
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion, philipp . niedziela, 16:51
CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities, Williams, James K, 16:00
TSLSA-2006-0044 - multi, Trustix Security Advisor, 14:39
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion, matdhule, 14:29
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client, erdc, 13:59
XSS in Vbulletin 3.6.0 in IE 0nly, Stefan, 13:08
GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities, Tamriel, 12:48
CounterChaos <= 0.48c SQL Injection Vulnerability, Tamriel, 12:38
GaesteChaos <= 0.2 Multiple Vulnerabilities, Tamriel, 12:28
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 08:45
Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 07:45
Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 06:14
[Full-disclosure] Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01], Matthew Hall, 06:04
Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 05:54
Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke, 03:03
[Full-disclosure] [ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 00:32
[Full-disclosure] [ GLSA 200608-05 ] LibVNCServer: Authentication bypass, Sune Kloppenborg Jeppesen, 00:22

August 03, 2006

[Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 21:31
[Full-disclosure] Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Steve VanDevender, 19:10
[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation, security-alert, 19:10
ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability, x0r0n, 19:10
ME Download System 1.3 Remote File Inclusion, philipp . niedziela, 17:19
vbulletin 3.5.4 IE exploit xss, stefan, 16:38
[Full-disclosure] [ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 16:08
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], Matthew Hall, 15:57
[Full-disclosure] [ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 15:47
SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, chris_hasibuan, 15:06
SendCard <= 3.4.0 unauthorized administrative access / remote commands execution, rgod, 14:35
[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue, admin, 14:15
Javascript software authentication brute force attack, Gianstefano Monni, 14:04
[Full-disclosure] [ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities, Stefan Cornelius, 13:44
CMSimple Cross Site Scripting, Outlaw, 12:43
Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions, Secunia Research, 12:33
Vwar v1.5.0 <= Sql Injection and XSS vuln., mfoxhacker, 12:13
TSEP <= 0.942 Remote File Include, beford, 12:03
[Full-disclosure] [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue, Uwe Hermann, 11:02
[Full-disclosure] Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Philip M. Gollucci, 10:12
[Full-disclosure] Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, William A. Rowe, Jr., 10:02
[Full-disclosure] [USN-332-1] gnupg vulnerability, Martin Pitt, 05:30
[Full-disclosure] [USN-331-1] Linux kernel vulnerabilities, Martin Pitt, 05:00

August 02, 2006

RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], Roger A. Grimes, 21:56
Simpliciti Locked Browser Jail Breakout Vulnerability, EvilPacket, 21:36
[security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert, 21:15
Hobbit monitor security bugfix release - 4.1.2p2, Henrik Stoerner, 20:03
[security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS), security-alert, 19:11
OZJournal v1.5 - XSS, luny, 18:51
[security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert, 18:41
[security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert, 18:10
Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], pingywon, 17:59
[eVuln] MyBB 'Avatar URL' XSS Vulnerability, alex, 17:39
Content Management Framework "G3" - XSS Vulnerability in Search Function, Stefan Friedli, 15:46
[Full-disclosure] XSS at Netcraft.com, Valery Marchuk, 15:26
[Full-disclosure] [USN-330-1] tiff vulnerabilities, Martin Pitt, 15:26
SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability, x0r0n, 15:16
[Full-disclosure] rPSA-2006-0143-1 gnupg, Justin M. Forbes, 14:46
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, Chris Wysopal, 14:45
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills, 14:05
Secunia Research: Jetbox Multiple Vulnerabilities, Secunia Research, 13:04
EEYE: research.eeye.com, Marc Maiffret, 12:24
[Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function, Stefan Friedli, 10:42
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 10:32
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 10:32
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 10:32
[Full-disclosure] Re: JavaScript port scanning, TheGesus, 08:10

August 01, 2006

JavaScript port scanning, pdp (architect), 21:25
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities, security, 20:14
Re: Gdiplus.dll division by 0, Dennis Lubert, 19:54
DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow', K F (lists), 19:34
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], gssincla, 18:23
[Full-disclosure] rPSA-2006-0142-1 libtiff, Justin M. Forbes, 18:13
Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], gssincla, 17:53
SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, secure, 17:23
SUSE Security Announcement: libtiff (SUSE-SA:2006:044), Thomas Biege, 16:52
[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities, security, 16:42
SUSE Security Announcement: freetype2 (SUSE-SA:2006:045), Thomas Biege, 16:02
WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider, 15:11
ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability, David Matousek, 15:01
TSEP 0.9.4.2 <= Remote File Inclusion, philipp . niedziela, 14:51
VMSA-2006-0004 Cross site scripting vulnerability and other fixes, VMware Security Team, 14:21
[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities, security, 14:01
[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability, vulnpost-remove, 13:50
Re: Gdiplus.dll division by 0, giacomo collini, 13:40
WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider, 13:30
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution, botan, 13:00
[Kurdish Security # 20 ] Quickie Remote Command Execution, botan, 12:39
[Kurdish Security # 19 ] FileManager Remote Command Execution, botan, 12:29
[Kurdish Security # 18 ] FAQ Script Remote Command Execution, botan, 12:09
Re: [Full-disclosure] Do world's famous companies take care of their security?, Valery Marchuk, 12:09
[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution, botan, 11:59
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution, botan, 11:39
NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit, tr_zindan, 11:29
[Full-disclosure] [ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite, Matthias Geerdsen, 07:46
[Full-disclosure] [USN-327-2] firefox regression, Martin Pitt, 04:44