Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

October 31, 2006

[Full-disclosure] iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability, iDefense Labs, 21:25
[Full-disclosure] iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability, iDefense Labs, 21:25
[Full-disclosure] iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability, iDefense Labs, 21:15
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Daniel Veditz, 20:44
Re: freenews---> fileinclude, pokley, 20:44
PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability, paisterist . nst, 19:44
Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, xxxx, 19:03
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion, 18:53
[Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion, 18:53
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion, 18:43
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions, LegendaryZion, 18:43
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint", LegendaryZion, 18:43
[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD", LegendaryZion, 18:43
[Full-disclosure] Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD", LegendaryZion, 18:33
Re: [Full-disclosure] unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products], Dave \"No, not that one\" Korn, 18:23
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Gouki, 18:13
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Josh Bressers, 17:52
Authentication bypass in BytesFall Explorer, RedTeam Pentesting, 17:12
Re: freenews---> fileinclude, pokley, 16:32
New Flaw in Firefox 2.0: DoS and possible remote code execution, xxxx, 16:11
Sun java System Messenger Express XSS, handrix, 16:01
SQL Injection Vulnerability in bfExplorer 0.0.6, security, 15:51
[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities, security, 15:31
[ MDKSA-2006:193 ] - Updated ImageMagick packages fix vulnerabilities, security, 15:21
Hawking Technology wireless router WR254-CA DNS issue, Nikolai Grigoriev, 15:01
ActiveX security leaks in the TV owned web game platform, maxgipeh, 15:00
phpMyConferences <= 8.0.2 Remote File Inclusion, mfp . c, 14:39
[Full-disclosure] Parallels Workstation - Rogue autostart.., Thierry Zoller, 13:18
[Full-disclosure] JavaScript Attack Console (Backweb), pdp (architect), 09:57

October 30, 2006

ModSecurity 2.0, A Core Rule Set and Console now available, Ofer Shezaf, 22:52
Re: Free Rainbow Tables.com, Jerome Athias, 22:42
Re: Nucleus Core v3.23 - Remote File Include, Francesco Laurita, 22:32
Re: freenews---> fileinclude, Tamriel, 22:22
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, Tamriel, 22:12
[security bulletin] HPSBTU02168 SSRT061237 rev.1 - HP Tru64 UNIX Running gzip, gunzip, and gzcat, Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert, 22:02
[security bulletin] HPSBMA02121 SSRT061157 rev.3 - HP OpenView Storage Data Protector Remote Unauthorized Arbitrary Command Execution, security-alert, 21:52
[security bulletin] HPSBMA02138 SSRT061184 rev.2 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution, security-alert, 21:42
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, Francesco Laurita, 20:51
Multiple Remote File Include, firewall1954, 20:41
CORE FORCE R0.95 released!, CORE FORCE Team, 20:31
Metasploit Framework 2.7 Released, H D Moore, 20:11
opendocman <= 1.2p3 Bypass admin/user Login, k1tk4t, 19:30
[ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, erdc, 19:20
Punbb <= 1.2.13 Multiple Vulnerabilities, Nms, 19:10
Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), bf, 19:10
Nucleus Core v3.23 - Remote File Include, firewall1954, 18:50
PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability, ajannhwt, 18:50
Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Gadi Evron, 18:40
PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability, ajannhwt, 18:30
[Full-disclosure] unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products], Gadi Evron, 18:30
Simple Website Software v0.99 (common.php) Remote File Include, cw . cybersecurity, 18:10
Re: imageVue16.1 upload vulnerability, mjau, 17:59
[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue, admin, 17:49
easy notes manager sql injection and authentication bypass, poplix, 17:29
freenews---> fileinclude, MoHaNdKo , 17:19
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, simo, 17:09
Re: vulnerability in Symantec products, jay.tomas, 16:48
SQL in WebWizForum by almaster hacker, almaster, 16:38
Back-end => 0.4.5 Remote File Include Vulnerability Exploit, h4ck3riran, 16:18
bbsNew => 2.0.1 Remote File Include Vulnerability Exploit, h4ck3riran, 16:08
Exporia => 0.3.0 Remote File Include Vulnerability Exploit, h4ck3riran, 15:48
[Full-disclosure] [ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities, Raphael Marichez, 15:48
CentiPaid <= 1.4.2 [$class_pwd] Remote File Include, firewall1954, 15:37
[OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress), OpenPKG, 15:07
[Full-disclosure] [ GLSA 200610-14 ] PHP: Integer overflow, Raphael Marichez, 06:43

October 28, 2006

[ MDKSA-2006:191 ] - Updated screen packages fix vulnerability, security, 16:46
Re: Ban v0.1 (bannieres.php) File Include, Francesco Laurita, 16:16
[ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability, security, 16:06
[ MDKSA-2006:190 ] - Updated mutt packages fix multiple vulnerabilities, security, 15:46
[ MDKSA-2006:188 ] - Updated mono packages fix vulnerability, security, 15:25
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, emme0032, 15:15
Re: [Full-disclosure] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Marshall Eubanks, 15:05
[ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability, security, 15:05
Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, Matt Richard, 02:50

October 27, 2006

Microsoft .NET request filtering bypass vulnerability, research, 22:18
Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability, playpacific . emulacaid, 22:08
Thepeak File Upload v1.3 : Read file vulneability, loveha, 21:58
Ban v0.1 (bannieres.php) File Include, mahmood ali, 21:38
phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include, zooz_998, 21:18
phpLedAds 2.0(dir) File Include, mahmood ali, 20:47
PLS-Bannieres 1.21 (bannieres.php) File Include, mahmood ali, 20:37
GestArt <= vbeta 1 Remote File Include Vulnerabilities, ip . 123 . 456 . 78 . 90, 20:17
ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability, Bithedz, 20:07
Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, Jerome Athias, 19:57
[Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie, 19:57
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability, paisterist . nst, 19:47
UNISOR CMS sql injection, fireboy2006, 19:47
SMF fgets off-by-one issue and filter size evasion, josecarlos . norte, 19:06
TextPattern <=1.19 Remote File Inclusion Vulnerability, Bithedz, 18:46
[Full-disclosure] Coppermine 1.4.9 SQL injection, disfigure, 18:16
Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, Reversemode, 18:06
[Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, zdi-disclosures, 17:56
vulnerability in Symantec products, security, 17:46
Re: Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability, Christian Kalkhoff, 17:15
Re: [Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, Dude VanWinkle, 16:45
phpFaber CMS Cross Site Scripting, security, 16:25
Directory Traversal in TorrentFlux 2.1, Christopher, 16:15
Joomla extended_registration mod Remote File Include Vulnerabilities, crackers_child, 16:05
Insecure storage of passwords in Axalto Protiva, nnposter, 15:55
MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability, xorontr, 15:45
MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues, Mayhemic Labs Security, 15:24
TSLSA-2006-0059 - postgresql, Trustix Security Advisor, 15:04
[Full-disclosure] [ Capture Skype trafic ], Tyop?, 11:12
Re: [Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, poo, 11:02
Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, HASEGAWA Yosuke , 11:02
Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, Jain, Siddhartha, 05:19

October 26, 2006

[Full-disclosure] [ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow, Raphael Marichez, 20:56
[Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, zdi-disclosures, 20:16
[Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, LIUDIEYU dot COM, 19:05
[Full-disclosure] iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability, iDefense Labs, 17:34
[Full-disclosure] iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability, iDefense Labs, 17:34
[OpenPKG-SA-2006.026] OpenPKG Security Advisory (screen), OpenPKG, 14:12
Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, Gadi Evron, 13:52
Re: [Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, cdejrhymeswithgay, 13:12
Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, cdejrhymeswithgay, 13:12
[Full-disclosure] rPSA-2006-0195-2 kdelibs qt-x11-free, rPath Update Announcements, 10:40
[Full-disclosure] rPSA-2006-0198-1 screen, rPath Update Announcements, 10:40

October 25, 2006

[security bulletin] HPSBMA02133 SSRT061201 rev.2 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 23:54
Web-style Wireless IDS attacks, noreply, 23:04
[Full-disclosure] IE7 status: 8 days after release, 3 unfixed issues, Moritz Naumann, 22:03
Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability, erreale, 21:53
Re: phpMyConferences_8.0.2 Remote File Inclusion, Tamriel, 21:23
[Full-disclosure] iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability, iDefense Labs, 19:30
[Full-disclosure] iDefense Security Advisory 10.25.06: AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability, iDefense Labs, 19:20
[Full-disclosure] iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability, iDefense Labs, 19:20
[Full-disclosure] iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox Lyrics3 v2.00 tags Heap Overflow Vulnerability, iDefense Labs, 19:20
[ MDKSA-2006:187 ] - Updated Qt packages fix vulnerability, security, 17:07
phpMyConferences_8.0.2 Remote File Inclusion, Outlaw, 16:47
[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities, farhadkey, 16:37
Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, Gadi Evron, 10:13

October 24, 2006

[Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, Gadi Evron, 22:28
[Full-disclosure] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Gadi Evron, 21:58
Re: adobe php sdk Remote File Include Vulnerabilities, Mailinglists Address, 20:57
[Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability, Jain, Siddhartha, 17:55
InteliEditor (sys_path) Remote File Include Vulnerability, xorontr, 17:55
adobe php sdk Remote File Include Vulnerabilities, crackers_child, 17:35
CSLH2.9.9 Remote File Include Vulnerabilities, crackers_child, 17:25
Re: Application orders Linux in WebAPP v0.9.9.2.1, nicolascamino, 16:55
[Full-disclosure] [USN-369-1] PostgreSQL vulnerabilities, Martin Pitt, 16:44
[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities, vulnpost-remove, 16:44
ProgSys verion 0.151 XSS vulnerability, security, 16:34
Re: [Full-disclosure] who needs a server ..., cdejrhymeswithgay, 15:44
Re: Smarty-2.6.1 Remote File Include Vulnerabilities, J. Carlos Nieto, 15:23
[Full-disclosure] [ GLSA 200610-12 ] Apache mod_tcl: Format string vulnerability, Raphael Marichez, 15:23
[Full-disclosure] [ GLSA 200610-11 ] OpenSSL: Multiple vulnerabilities, Raphael Marichez, 15:13
[Full-disclosure] [ GLSA 200610-10 ] ClamAV: Multiple Vulnerabilities, Raphael Marichez, 15:03
[Full-disclosure] who needs a server ..., auto113922, 12:32
[Full-disclosure] Month of Kernel Bugs and fsfuzzer release (0.6), L.M.H., 05:29

October 23, 2006

[Full-disclosure] xxs in Firefox 2.0 ?, auto113922, 23:36
Symantec Product Security: Symantec Device Driver Elevation of Privileg, secure, 23:16
WikiNi Multiple Cross Site Scripting Vulnerabilities, raphael . huck, 22:36
INCA IM-204 Dsl several vulnerabilities, crackers_child, 22:25
Application orders Linux in WebAPP v0.9.9.2.1, the_free_kernel, 22:15
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT, Debasis Mohanty, 22:05
SQL Injection in Oracle package MDSYS.SDO_LRS, ak, 21:45
SQL Injection in package SYS.DBMS_CDC_IMPDP, ak, 21:35
SQL Injection in package XDB.DBMS_XDBZ0, ak, 21:25
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL, ak, 21:15
Modify Data via Inline Views, ak, 20:54
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports, ak, 20:34
http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html, ak, 20:14
Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP, ak, 20:04
SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES, ak, 19:54
Smarty-2.6.1 Remote File Include Vulnerabilities, crackers_child, 19:44
Flaw in Firefox 2.0 Final, mike, 18:53
D-Link DSL-G624T several vulnerabilities, jose . palanco, 18:43
-==PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities==-, paisterist . nst, 18:13
Re: Simple Machines Forum (SMF) XSS issue, RSnake, 17:43
PHP Generator of Object SQL Database (path) Remote File Include Vulnerability, xorontr, 17:12
WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability, crackers_child, 16:52
speedberg <= 1.2beta1 Remote File Inclusion, k1tk4t, 16:32
XSS in Zwahlen Online Shop, MC Iglo, 16:22
Re: [Full-disclosure] hack.lu Bluetooth demo, Thierry Zoller, 16:22
[Full-disclosure] hack.lu Bluetooth demo, K F (lists), 15:31
IPEER Remote file inclusion, navairum, 15:21
trawler <= 1.8.1 Remote File Inclusion, k1tk4t, 15:11
RMSOFT Cross Site Scripting, FREAK_PR, 14:50
[Full-disclosure] [USN-368-1] Qt vulnerability, Martin Pitt, 14:00
[Full-disclosure] [PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability, Matteo Beccati, 11:38

October 22, 2006

[Full-disclosure] AROUNDMe 0.6.9 remonte file inclusion, noislet . nospam, 19:01
[Full-disclosure] [ GLSA 200610-09 ] libmusicbrainz: Multiple buffer overflows, Matthias Geerdsen, 16:50
[Full-disclosure] iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability, iDefense Labs, 03:35
[Full-disclosure] iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability, iDefense Labs, 03:25
[Full-disclosure] iDefense Security Advisory 10.21.06: Novell eDirectory NCP over IP length Heap Overflow Vulnerability, iDefense Labs, 03:25

October 21, 2006

Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, Steven M. Christey, 16:11
Virtual Law Office (phpc_root_path) Remote File Include Vulnerability, xorontr, 15:31
Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability, xorontr, 15:01
Re: Simple Machines Forum (SMF) XSS issue, mrapples, 14:50

October 20, 2006

[OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal), OpenPKG, 23:25
[Full-disclosure] Hustle Labs & MNIN eDirectory Vulnerability, Ryan Smith, 23:04
Re: Flaw in Firefox 2.0 RC2, Jure PeÄar, 21:44
PHPLibrary-1.5.3(Description.php) Remote File Include, arab_anaconda, 21:03
Advisory for Oneorzero helpdesk, Mike Klingler, 20:43
[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation, Reversemode, 20:33
PHP Poll Creator 1.04 (poll_vote.php)File Include, mahmood ali, 17:51
[security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code, security-alert, 17:21
PHP Classifieds 7.1 - Remote File Include Vulnerability, Le . CoPrA, 16:31
Simple Machines Forum (SMF) XSS issue, josecarlos . norte, 16:11
HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code, security-alert, 15:50
[KAPDA::#60] Mambo V4.6.x vulnerabilities, alireza hassani, 15:20
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED), Williams, James K, 15:00
Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, abel . andrade, 14:50
Re: PHP "exec", "system", "popen" (+small POC), Bernhard Mueller, 14:40
[Full-disclosure] Web-style Wireless IDS attacks, noreply, 10:57
[Full-disclosure] [ GLSA 200610-08 ] Cscope: Multiple buffer overflows, Raphael Marichez, 06:56

October 19, 2006

RE: Flaw in Firefox 2.0 RC2, Aras \"Russ\" Memisyazici, 23:13
[ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability, security, 22:42
TORQUE Spool Job Race condition (torque <= 2.0.0p8), Luís Miguel Silva, 22:12
Re: Flaw in Firefox 2.0 RC2, Mark A Basil, 21:42
[Xss] IN SMF 1.1 RC2, the_free_kernel, 21:02
RE: Flaw in Firefox 2.0 RC2, Sean Warnock, 20:52
ATutor 1.5.3.2=> Remote File Include Vulnerability, subzero . 0000, 20:41
Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, theif, 20:41
PHP "exec", "system", "popen" problem, Дмитрий Borgir, 20:21
Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, neothermic, 20:01
Multiple XSS Vulnerabilities in KnowledgeBank 1.01, security, 20:01
SQL Injection simplog, navairum, 19:41
KICS CMS sql injection, fireboy2006, 19:41
UltraCMS 0.9 sql injection, fireboy2006, 19:21
DigitalHive 2.0 RC2 (base_include.php)File Include, mahmood ali, 19:00
Re: phpAdsNew include bug!, matteo, 18:40
[Full-disclosure] iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, iDefense Labs, 18:40
Re: [Full-disclosure] Genetic method to detect the presence of anyvirtual machine, Dave \"No, not that one\" Korn, 18:19
[Full-disclosure] Genetic method to detect the presence of any virtual machine, Bipin Gautam, 16:28
[Full-disclosure] [DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue, Uwe Hermann, 16:18
[Full-disclosure] [DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues, Uwe Hermann, 16:18
[Full-disclosure] [DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue, Uwe Hermann, 16:08
Re: Flaw in Firefox 2.0 RC2, Lubomir Kundrak, 16:08
[OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk), OpenPKG, 15:58
[Full-disclosure] Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities, Stefan Esser, 15:37
[security bulletin] HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065, security-alert, 15:17

October 18, 2006

Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, str0ke, 22:29
[Full-disclosure] [USN-367-1] Pike vulnerability, Kees Cook, 22:19
[Full-disclosure] rPSA-2006-0195-1 kdelibs, rPath Update Announcements, 21:48
[Full-disclosure] Security-Assessment.com Advisory: Asterisk remote heap overflow, Adam Boileau, 21:48
Static fmat exploits with random va, root, 21:38
Re: Flaw in Firefox 2.0 RC2, arny, 21:38
Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions, Secunia Research, 21:18
Secunia Research: Joomla BSQ Sitestats Script Insertion and SQL Injection, Secunia Research, 21:08
Re: Flaw in Firefox 2.0 RC2, Paul Schmehl, 20:47
{x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit, corrado . liotta, 20:37
Re: Utimaco Safeguard Easy vulnerability, Juha-Matti Laurio, 20:17
Airmagnet management interfaces multiple vulnerabilities, noreply, 20:07
[Full-disclosure] [USN-366-1] binutils vulnerability, Kees Cook, 19:57
Call for Papers - First International Workshop on Secure Software Engineering (SecSE 2007), Lillian Røstad, 19:37
PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, CarcaBotx, 19:17
PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, mahmood ali, 18:56
Re: [Full-disclosure] Analysis of the Oracle October 2006 Critical Patch Update, vile, 18:46
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability, mahmood ali, 18:36
TSLSA-2006-0057 - multi, Trustix Security Advisor, 18:16
[Full-disclosure] ERRATA: [ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez, 18:06
[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion, erdc, 17:36
zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit, MoHaNdKo , 17:15
Re: Flaw in Firefox 2.0 RC2, Shane Lahey, 16:55
Re: phpAdsNew include bug!, Wim Godden, 15:44
[ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities, security, 15:14
[ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities, security, 15:04
Re: Flaw in Firefox 2.0 RC2, jm, 14:34
Re: Flaw in Firefox 2.0 RC2, Eliah Kagan, 14:14
[Full-disclosure] Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface, noreply, 13:43
Re: [Full-disclosure] Analysis of the Oracle October 2006 Critical Patch Update, Paul Schmehl, 13:03
[Full-disclosure] Airmagnet management interfaces multiple vulnerabilities, noreply, 12:42
[Full-disclosure] Boonex Dolphin 5.2 Remote File Inclusion, disfigure, 09:21
[Full-disclosure] Analysis of the Oracle October 2006 Critical Patch Update, David Litchfield, 05:59
[Full-disclosure] Simplog 0.9.3.1 SQL Injection, disfigure, 01:47
[Full-disclosure] Comdev One Admin 4.1 Remote File Inclusion, disfigure, 01:37
[ MDKSA-2006:183 ] - Updated libksba packages correct DoS vulnerability, security, 00:07

October 17, 2006

Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin, advisory, 22:25
[Full-disclosure] rPSA-2006-0194-1 kernel, rPath Update Announcements, 21:25
phpAdsNew include bug!, wacky, 20:44
Re: Flaw in Firefox 2.0 RC2, Jose Nazario, 19:53
[Full-disclosure] iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability, iDefense Labs, 19:13
[Full-disclosure] [ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez, 19:13
[security bulletin] HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges, security-alert, 17:42
Flaw in Firefox 2.0 RC2, Mike, 17:32
[Full-disclosure] {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit, corrado.liotta, 17:21
[ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability, erdc, 17:21
[Full-disclosure] [ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery, Raphael Marichez, 17:11
[Full-disclosure] [ GLSA 200610-05 ] CAPI4Hylafax fax receiver: Execution of arbitrary code, Raphael Marichez, 17:11
[OpenPKG-SA-2006.023] OpenPKG Security Advisory (php), OpenPKG, 17:01
TorrentFlux user_id Script Insertion, 3cab7cc7, 16:51
TorrentFlux file Script Insertion, 3cab7cc7, 16:41
TorrentFlux action Script Insertion, 3cab7cc7, 16:31
PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting, research, 16:21
Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2, gene, 16:11
[Xss] IN phplist v 2.10.2,, the-free_kernel, 15:40
Re: vbulletin Exploit Tool Box, scottREMOVE, 15:10
About.com contact, C. Hamby, 14:50

October 16, 2006

PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability, mahmood ali, 23:52
Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux, advisory, 22:41
[Full-disclosure] [USN-365-1] libksba vulnerability, Kees Cook, 22:41
patchlodel-0.7.3 - Remote File Include Vulnerabilities, erne, 22:21
Full Path Disclosure in PHP-Wyana (2), xx_hack_xx_2004, 21:51
[Full-disclosure] NVIDIA Linux/BSD/Solaris Drivers Local Root Buffer Overflow, Alexander Hristov, 20:50
osprey 1.0 (ListRecords.php) Remote File Include Vulnerability, KaBaRa . HaCk . eGy, 20:40
WebYep-1.1.9 - Remote File Include Vulnerabilities, erne, 19:39
[Full-disclosure] iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability, iDefense Labs, 19:29
[Full-disclosure] iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability, iDefense Labs, 18:49
[Full-disclosure] [USN-364-1] Xsession vulnerability, Kees Cook, 18:18
MOStlyCEV454 - Remote File Include Vulnerabilities, erne, 17:58
Full Path Disclosure in PHP-Wyana, xx_hack_xx_2004, 17:07
Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2, mkanat, 16:47
maintain-3.0.0-RC2 - Remote File Include Vulnerabilities, erne, 16:27
[Full-disclosure] :ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities, 3APA3A, 16:27
Back-end ( File Include Vulnerability Exploit ), h4ck3riran, 15:56
vbulletin Exploit Tool Box, [dot], 15:36
SYMSA-2006-010: Directory Traversal in IronWebMail, research, 15:26
bbsNew ( File Include Vulnerability Exploit ), h4ck3riran, 15:16
Kmail <= 1.9.1 (table/frameset) DOS, nnp, 14:56
[Full-disclosure] VoMM: Taking browser exploits to the next level, avivra, 14:36
Re: @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit, ptitgal, 14:26
ISS BlackICE PC Protection Filelock protection bypass Vulnerability, Matousec - Transparent security Research, 14:16
[Full-disclosure] AttackAPI 0.8 is OUT, pdp (architect), 10:24
[Full-disclosure] [ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities, Raphael Marichez, 08:13

October 15, 2006

[Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability, Stefan Esser, 14:06
Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS, Vidar Løkken, 01:21

October 14, 2006

Re: yet another OpenSSH timing leak?, Marco Ivaldi, 20:39
Spoofing security dialog in object packager - 2, seejay . 11, 20:19
Jinzora 2.6 - Remote File Include Vulnerabilities, erne, 20:09
[Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS, nnp, 19:18
Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5, security, 17:38
WDT:- osTicket File Include all V, stormhacker, 16:47
@lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit, xp1o, 16:27
Re: Jax LinkLists Remote File include, xorontr, 16:17
Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing, edubp2002, 16:07
Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities, dansoftaus, 15:47
Multiple XSS Vulnerability in Gcontact, security, 15:37
EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability, mahmood ali, 15:27
Buzlas <= v2006-1 Full Remote File Include Vulnerability, nima . salehi, 03:22
PHP Top webs (config.php) Remote File Inclue Vulnerability, Le . CoPrA, 03:12
PhpBB Prillian French Remote File Include Vulnerability, nima . salehi, 03:02
RPG Events 1.0.0 Remote File Include Vulnerability, nima . salehi, 02:52
phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability, nima . salehi, 02:42
AMAZONIA MOD Remote File Include Vulnerability, nima . salehi, 02:12
PHP Cards <= 1.3 Remote File Inclue Vulnerability, Le . CoPrA, 01:52
news defilante horizontale <= 4.1.1 Remote File Include Vulnerability, nima . salehi, 01:31
Open Conference Systems <= 1.1.3 Remote File Inclusion, k1tk4t, 00:20
phpBB PlusXL 2.x <= biuld 272 Remote File Include Vulnerability, nima . salehi, 00:10

October 13, 2006

maluinfo version 206.2.38l Remote File Include Vulnerability, nima . salehi, 23:49
SpamOborona PHPBB Plugin Remote File Include Vulnerability, nima . salehi, 23:19
phpBB Add Name Remote File Include Vulnerability, nima . salehi, 22:59
phpMyConferences <= 8.0.2 Remote File Inclusion, k1tk4t, 22:49
MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability, Le . CoPrA, 22:38
Jax LinkLists Remote File include, dj_remix_20, 22:28
pbpbb archive for search engines Remote File Include Vulnerability, nima . salehi, 22:08
TorrentFlux startpop.php torrent Script Insertion, 566d9bfe, 21:48
Jax Newspage Remote File include, dj_remix_20, 21:27
news7 <= (news.php) Remote File Inclusion Exploit, xp1o, 21:17
PHPht Topsites Remote File İnclude, By_KorsaN_Son, 20:57
phpBB Security <= 1.0.1 Remote File Include Vulnerability, nima . salehi, 20:37
Bloq 0.5.4 Remote File İnclude, By_KorsaN_Son, 20:17
Utimaco Safeguard Easy vulnerability, boomboom999, 19:47
Re: [Full-disclosure] iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability, Marco Ivaldi, 19:26
ISOI II - a DA Workshop (announcement and CFP), Gadi Evron, 18:56
Download-Engine Remote File İnclude, By_KorsaN_Son, 18:16
SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability, nima . salehi, 17:56
CMS contenido Path Disclosure, CvIr . System, 17:45
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, Le . CoPrA, 17:35
[Full-disclosure] iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability, iDefense Labs, 17:25
PacSec Hype Security Team: CGI.pm param injection, Dragos Ruiu, 17:15
RamaCMS (adodb.inc.php) Remote File Inclue Vulnerability, Le . CoPrA, 16:55
CMS contenido Remote File Inclusion, CvIr . System, 16:45
[security bulletin] HPSBST02134 SSRT061187 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-052, MS06-053 and MS06-054, security-alert, 16:45
[security bulletin] HPSBST02160 SSRT061254 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-055, security-alert, 16:25
Phpbb insert mod Remote file include, By_KorsaN_Son, 15:24
Black Hat CFP, Registration, and Announcements for October, Jeff Moss, 15:14

October 12, 2006

Download-Engine Remote File Include, v1per-hacker, 20:15
[Full-disclosure] Mcafee Network Agent (mcnasvc.exe) Remote DoS, Alexander Hristov, 19:24
Security Suite IP Logger Remote File Inclusion, ReeM_HaCk, 19:04
Iono all version fullpath disclosure, hack2prison, 18:54
Admin User Viewed Posts Tracker Remote File Include Vulnerability, nima . salehi, 18:44
Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability, nima . salehi, 18:24
[Full-disclosure] Google Earth (kml & kmz files) buffer overflow, Alexander Hristov, 17:53
ExtCalThai_Component <= 0.9.1 Remote File Inclusion, k1tk4t, 17:12
[security bulletin] HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege, security-alert, 16:52
[Full-disclosure] iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability, iDefense Labs, 16:02
SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability, Research, 15:52
MS06-060 Microsoft Word Memmove Code Execution, Avert, 15:31
new version of phplist fix XSS vulnerability, info, 15:01
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck, 14:31
[Full-disclosure] MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues, Mayhemic Labs Security, 03:06
[Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities, Tamriel, 01:56
[Full-disclosure] XeoPort <= 0.81 SQL Injection Vulnerability, Tamriel, 01:56

October 11, 2006

Re: gcards (languagefile) <= Remote File Include, str0ke, 20:13
[ MDKSA-2006:182 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 20:13
AlberT-EasySite <= 1.0.a5 Remote File Inclusion, k1tk4t, 19:52
CommunityPortals <= 1.0 Remote File Include Vulnerability, nima . salehi, 19:42
[Full-disclosure] iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability, iDefense Labs, 19:32
[Full-disclosure] iDefense Security Advisory 10.11.06: AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability, iDefense Labs, 19:12
Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities, kevin, 19:12
Noah's Classifieds Cross Site Scripting Vulnerability, raphael . huck, 18:22
gcards (languagefile) <= Remote File Include, D-virus, 17:51
Jinzora <= 2.1 Remote File Inclusion, k1tk4t, 17:31
Secunia Research: Microsoft Windows Object Packager Dialog Spoofing, Secunia Research, 16:20
[Full-disclosure] [USN-363-1] libmusicbrainz vulnerability, Kees Cook, 16:10
MysqlDumper Version 1.21 b6 Xss Vulnerability, crackers_child, 15:50
Microsoft Office Malformed Record Memory Corruption Vulnerability, Sowhat, 15:40
ShmooCon 2006 CFP Announcement, B Potter, 15:20
Directory Traversal Vulnerability in Goop Gallery 2.0.2, security, 14:59
Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, Steven M. Christey, 13:17
[Full-disclosure] rPSA-2006-0187-1 idle python, rPath Update Announcements, 10:46
New tool release today - "wyd" - password profiling, Max Moser, 02:02

October 10, 2006

[ MDKSA-2006:181 ] - Updated python packages fix vulnerability, security, 22:41
pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+, Dragos Ruiu, 22:20
blueshoes <= 4.6_public Remote File Inclusion, k1tk4t, 22:10
claroline <= 180rc1 Remote File Inclusion, k1tk4t, 21:40
tagit2b -- Remote File Inclusion, k1tk4t, 21:30
PHPLibrary <= 1.5.3 Remote File Inclusion, k1tk4t, 21:20
[Full-disclosure] iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability, iDefense Labs, 20:59
Re: yet another OpenSSH timing leak?, Marco Ivaldi, 20:08
[Fedora] libtool-ltdl uses relative paths to resolve and load libraries, Enrico Scholz, 19:48
[Full-disclosure] ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability, zdi-disclosures, 19:07
[Full-disclosure] ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability, zdi-disclosures, 18:57
[Full-disclosure] ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability, zdi-disclosures, 18:57
[security bulletin] HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert, 18:17
[Full-disclosure] [USN-362-1] PHP vulnerabilities, Martin Pitt, 17:56
Re: yet another OpenSSH timing leak?, Gianluca Varisco, 15:45
eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities, Tamriel, 15:25
Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, str0ke, 15:05
phpWebSite 0.10.2 Remote File Include Vulnerabilities, crackers_child, 14:55
[ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability, erdc, 14:35
7 php scripts File Inclusion / Source disclosure Vuln, gmdarkfig, 14:25
[Full-disclosure] [USN-361-1] Mozilla vulnerabilities, Martin Pitt, 13:04
[Full-disclosure] MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues, Mayhemic Labs Security, 08:22
[Full-disclosure] [USN-360-1] awstats vulnerabilities, Martin Pitt, 06:31

October 09, 2006

Re: net2ftp: a web based FTP client :) <= Remote File Inclusion, Steven M. Christey, 20:26
yet another OpenSSH timing leak?, Marco Ivaldi, 17:45
[ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc, 17:15
[ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc, 16:34
SUSE Security Announcement: php4,php5 (SUSE-SA:2006:059), Ludwig Nussel, 16:14
[ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability, erdc, 16:03
HITBSecConf2006 CTF Source code and daemons, Praburaajan, 15:53
PHP open_basedir with symlink() function Race Condition PoC exploit, paisterist . nst, 15:43
SQL injection - 4images, disfigure, 15:33
Freenews v1.1 <= (chemin) Remote File Include Vulnerability, xorontr, 15:03
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability, erdc, 15:02
XSS IN paFileDB 3.1, zarloule04, 14:52
[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability, erdc, 14:42
PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability, xorontr, 14:42
Advanced Poll v2.02 :) <= Remote File Inclusion, alguidy, 14:22
The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit, xp1o, 14:02
Re: [Full-disclosure] SQL injection - moodle, scsantos@unigranrio com br, 10:00
[Full-disclosure] Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow, Stefan Esser, 06:39

October 08, 2006

[Full-disclosure] SQL injection - 4images, disfigure, 20:15
[Full-disclosure] SQL injection - moodle, disfigure, 20:15
Re: [Full-disclosure] [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Gadi Evron, 12:32

October 07, 2006

RE: Informing Companies about security vulnerabilities..., Wolf Halton, 21:16
Re: zero-day flaws in Firefox: about 30 unpatched Firefox flaws, Mailinglists Address, 20:25
PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability, paisterist . nst, 19:55
Re: Security contact for Myspace/Fox?, Juha-Matti Laurio, 19:45
Observations on Mandatory Integrity Control (MIC) in Windows Vista, Enno Rey, 19:35
Re: Invision Power Board Multiple Vulnerabilities, Rapigator, 19:25
Sorry....My Message With Out Live Site...., Dr . Ninux, 16:54
Cahier de textes 2.0 Remote SQL injection Exploit, sami, 16:03
LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories, 15:53
phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability, x0r0n, 15:33
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability, x0r0n, 15:13
LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories, 14:43
Vulnerability in Btitracker, aeroxteam, 14:33
LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories, 14:23
Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit, Steven M. Christey, 01:48

October 06, 2006

[Full-disclosure] Kmail <= 1.9.1 (latest) DOS, nnp, 23:27
Re: net2ftp Remote File Inclusion - bogus report, david, 21:36
phponline <= (LangFile) Remote File Inclusion Exploit, xp1o, 20:46
Emek Portal v2.1 SQL Injection, dj_remix_20, 20:46
Re: Informing Companies about security vulnerabilities..., Art Cooper, 18:35
Details of Lotus Notes Java Applet vulnerabilities, Jouko Pynnonen, 18:15
[Full-disclosure] [ GLSA 200610-03 ] ncompress: Buffer Underflow, Raphael Marichez, 17:14
FreeWPS File Upload Command Execution, security, 17:04
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities, Williams, James K, 15:23
[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation, Reversemode, 15:13
ackerTodo 4.2 SQL Injection Vulnerability, Francesco Laurita, 14:42
phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability, x0r0n, 14:42
Re: Concurrency-related vulnerabilities in browsers - expect problems, Josh Bressers, 14:32
Re: Concurrency-related vulnerabilities in browsers - expect problems, Nick Boyce, 14:02
TorrentFlux User-Agent XSS Vulnerability, sec, 13:52
[Full-disclosure] [USN-359-1] Python vulnerability, Martin Pitt, 13:42
TSLSA-2006-0055 - multi, Trustix Security Advisor, 13:42
[Full-disclosure] JavaScript Spider (code that can traverse the web), pdp (architect), 13:32
SUSE Security Summary Report SUSE-SR:2006:024, Thomas Biege, 13:12
Hazir Site v2.0 Admin SQL Injection, dj_remix_20, 13:02
[ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability, security, 12:51
RE: Informing Companies about security vulnerabilities..., Craig Wright, 05:28

October 05, 2006

[Full-disclosure] Vulnerable function in newest PowerPoint case (MS Advisory #925984), Juha-Matti Laurio, 22:56
[Full-disclosure] rPSA-2006-0182-1 php php-mysql php-pgsql, rPath Update Announcements, 21:55
[Full-disclosure] rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements, 21:55
[Full-disclosure] rPSA-2006-0183-1 nss_ldap, rPath Update Announcements, 21:55
[Full-disclosure] TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities, TSRT, 21:15
[Full-disclosure] TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability, TSRT, 21:15
[Full-disclosure] ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability, zdi-disclosures, 20:35
[Full-disclosure] ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability, zdi-disclosures, 20:35
RE: Informing Companies about security vulnerabilities..., Arian J. Evans, 19:04
RE: Informing Companies about security vulnerabilities..., Levenglick, Jeff, 17:13
[Full-disclosure] iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability, iDefense Labs, 16:32
Re: Informing Companies about security vulnerabilities..., Dragos Ruiu, 16:32
Re: Concurrency-related vulnerabilities in browsers - expect problems, Mike, 12:08
WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit, xp1o, 11:58
Vulnerability Type Distributions in CVE, Steven M. Christey, 11:48

October 04, 2006

Re: Informing Companies about security vulnerabilities..., bugtraq, 20:52
RE: Informing Companies about security vulnerabilities..., Krpata, Tyler, 20:52
Invision Power Board Multiple Vulnerabilities, Rapigator, 20:12
[Full-disclosure] [ GLSA 200610-02 ] Adobe Flash Player: Arbitrary code execution, Matthias Geerdsen, 19:11
RE: Informing Companies about security vulnerabilities..., bugtraq, 18:51
[Full-disclosure] [ GLSA 200610-01 ] Mozilla Thunderbird: Multiple vulnerabilities, Matthias Geerdsen, 18:00
Re: [Full-disclosure] [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Alexander Sotirov, 17:40
[Full-disclosure] [USN-357-1] Mono vulnerability, Martin Pitt, 16:09
[Full-disclosure] [USN-353-2] OpenSSL vulnerability, Martin Pitt, 16:09
[Full-disclosure] [USN-358-1] ffmpeg, xine-lib vulnerabilities, Martin Pitt, 16:09
[Full-disclosure] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()], Gadi Evron, 14:38
Yener Haber Script v2.0 SQL injection, dj_remix_20, 10:37
Directory Traversal Vulnerability in Goop Gallery 2.0.2, security, 10:26
[ MDKSA-2006:179 ] - Updated openssh packages fix DoS vulnerabilities, security, 10:06
[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability, Williams, James K, 09:46
phpMyProfiler remote file include, mozi2weed, 09:36

October 03, 2006

[Full-disclosure] Advisory 08/2006: PHP open_basedir Race Condition Vulnerability, Stefan Esser, 20:30
Re: [Full-disclosure] Security Rss Feeds, Tyler Reguly, 15:27
[Full-disclosure] iDefense Security Advisory 10.02.06: Novell GroupWise Messenger nmma.exe DoS Vulnerability, iDefense Labs, 14:57
PacSec 2006 Papers announcement and EUSecWest Call For Papers, Dragos Ruiu, 10:45
Security flaw in IBM Client Security Password Manager, Luís Miguel Silva, 10:35
Re: WebspotBlogging => 3.0 Remote File Include Vulnerabilities, Steven M. Christey, 10:24
[ MDKSA-2006:178 ] - Updated ntp packages rebuilt against updated openssl., security, 10:14
[ MDKSA-2006:177 ] - Updated MySQL packages rebuilt against updated openssl., security, 09:54
[ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities, security, 09:44
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo, 02:01

October 02, 2006

Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo, 20:39
Re: [Full-disclosure] Security Rss Feeds, Gareth Davies, 20:18
[security bulletin] HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access, security-alert, 19:08
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh, FreeBSD Security Advisories, 19:08
Re: net2ftp: a web based FTP client :) <= Remote File Inclusion, securfrog, 18:47
Re: WebCalendar-1.0.3 reading of any files, webcalendar, 18:07
Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053], Eiji James Yoshida, 17:47
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Brian Eaton, 17:47
Security contact for Myspace/Fox?, E Mintz, 17:37
Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability, David Matousek, 17:37
digishop v 4.0.0 Xss Vuln., meto5757, 17:16
Dayfox Blog v2.0 Remote file include, dj_remix_20, 16:56
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Schmehl, 16:56
"POC 2006" by Korean hackers, securityproof, 16:56
[security bulletin] HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation, security-alert, 16:26
Pebble 2.0.0 RC[1,2] XSS vulnerability, Paolo Perego, 16:06
IBM Informix Dynamic Server V10.0 File Clobbering during Install, Larry Cashdollar, 15:56
zero-day flaws in Firefox: about 30 unpatched Firefox flaws, ragan, 15:45
[OpenPKG-SA-2006.022] OpenPKG Security Advisory (openssh), OpenPKG, 15:45
EasyBannerFree (functions.php) Remote File Include Exploit, las_kid, 15:35
Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability, dh, 15:25
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability, x0r0n, 15:25
[Full-disclosure] [USN-354-1] Firefox vulnerabilities, Martin Pitt, 13:54
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Brian Eaton, 12:34
[Full-disclosure] [USN-356-1] gdb vulnerability, Martin Pitt, 12:34
[Full-disclosure] [USN-355-1] openssh vulnerabilities, Martin Pitt, 12:24
[Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]), Paul Szabo, 11:23

October 01, 2006

[Full-disclosure] 0day in Firefox from ToorCon '06, Thor Larholm, 19:16
[Full-disclosure] Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities, Stefan Esser, 17:45
[Full-disclosure] ZERT patch for setSlice(), Gadi Evron, 13:44
Re: [Full-disclosure] Security Rss Feeds, William Knowles, 05:01