Bugtraq (date)
January 31, 2007
- Re: Defeating CAPTCHAs via Averaging, Lou Katz, 19:32
- Technika - Attack Scripting Environment, pdp (architect), 19:12
- Re: [Full-disclosure] stompy the session stomper - tool availability, Michal Zalewski, 18:22
- BBED - Oracle Block Browser and Editor, pete, 18:12
- Windows Vista and unexported kernel symbols (Part II, 32bits version), Matthieu Suiche, 17:51
- [Full-disclosure] [ GLSA 200701-27 ] ELinks: Arbitrary Samba command execution, Raphael Marichez, 17:01
- [Full-disclosure] [ GLSA 200701-26 ] KSirc: Denial of Service vulnerability, Raphael Marichez, 16:51
- [Full-disclosure] [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access, Raphael Marichez, 16:51
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron, 15:30
- Re: Defeating CAPTCHAs via Averaging, Fred Leeflang, 15:20
- Re: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Casey Marshall, 15:00
- [ECHO_ADV_63$2007] Cadre remote file inclusion, y3dips, 14:50
- Oracle 10g R2 Enterprise Manager Directory Traversal, NGS Software Insight Security Research, 12:28
- Remote Unauthenticated Resource Exhaustion CA Mobile BackupService, NGS Software Insight Security Research, 12:18
- Remote DOS BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research, 12:08
- OWASP JBroFuzz 0.4 Fuzzer Released!, subere, 12:08
- Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research, 11:58
- Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup, NGS Software Insight Security Research, 11:48
- [Full-disclosure] 2007 Security OPUS CFP: Closed (Agenda included), Sharkey, 08:57
January 30, 2007
- Re: BOGUS: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Mailinglists Address, 18:01
- [ MDKSA-2007:030 ] - Updated bind packages fix DoS vulnerabilities, security, 17:41
- Re: Defeating CAPTCHAs via Averaging, Alexander Klimov, 15:39
- Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, trzindan, 15:29
- EncapsCMS 0.3.6 (common_foot.php) Remote File Include, trzindan, 15:19
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001, 13:07
- PhP Generic library & framework (include_path) Remote File Include Exploit, umutc4n, 13:07
- Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, Francesco Laurita, 12:37
- RBL - ASP (scripts with db) SQL injection, sn0oPy . team, 12:27
- rPSA-2007-0020-2 rmake, rPath Update Announcements, 12:07
- COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched), Coseinc, 12:07
- Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, Clay Seaman-Kossmeyer, 01:12
January 29, 2007
- Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, Clay Seaman-Kossmeyer, 21:50
- RBL - ASP (scripts with db) SQL injection, sn0oPy . team, 20:29
- [Full-disclosure] [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue, Uwe Hermann, 20:19
- VII National Computer and Information Security Conference ACIS 2007 - COLOMBIA, Jeimy Cano, 20:09
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Stefano Zanero, 19:19
- Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, 3B.Security Researcher, 19:08
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Simple Nomad, 18:08
- Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, shatter, 18:08
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero, 17:37
- Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects, Chris Travers, 17:17
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron, 16:57
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 16:47
- Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder, 16:27
- Re: Phorum HTML Injection Vulnerability, brian, 16:06
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 16:06
- AdMentor (banners) admin SQL injection, sn0oPy . team, 15:46
- gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, trzindan, 15:36
- Phorum HTML Injection Vulnerability, DoZ, 15:06
- Defeating CAPTCHAs via Averaging, noreply9871234, 14:35
- CVSTrac 2.0.0 Denial of Service (DoS) vulnerability, Ralf S. Engelschall, 14:15
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero, 13:55
- Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001, 13:45
- Re: Dexia website security alert, Thierry Zoller, 13:35
- Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities, h4cked . eg, 13:15
- MDPro 1.0.76 - Multiple Remote Vulnerabilities, adexior, 12:33
- [Full-disclosure] Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases, David Litchfield, 12:03
- [OpenPKG-SA-2007.007] OpenPKG Security Advisory (bind), OpenPKG GmbH, 12:03
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 11:53
- [Full-disclosure] Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS), Alexander Sotirov, 01:18
January 27, 2007
- Re: [Full-disclosure] stompy the session stomper - tool availability, Simon Smith, 16:32
- [Full-disclosure] [ GLSA 200701-25 ] X.Org X server: Multiple vulnerabilities, Matthias Geerdsen, 14:31
- RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani, 14:21
- local Calendar System v1.1 (lcStdLib.inc) Remote File Include, trzindan, 14:11
- AdMentor (banners) admin SQL injection, sn0oPy . team, 13:51
- [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security, 13:41
- Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan, 13:30
- Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw, 13:10
- Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872, Chris Travers, 12:50
- [ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability, security, 12:20
- Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati, 12:10
- WS_FTP 2007 Professional SCP handling format string vulnerability, Michal Bucko, 11:40
- [Full-disclosure] stompy the session stomper - tool availability, Michal Zalewski, 08:08
January 26, 2007
- [Full-disclosure] [USN-398-4] Firefox regression, Kees Cook, 21:03
- Re: Remove all admin->root authorization prompts from OSX, John Smith, 17:31
- Re: Remove all admin->root authorization prompts from OSX, Ben Bucksch, 17:21
- Re: Remove all admin->root authorization prompts from OSX, Baptiste Malguy, 17:11
- FdScript <= v1.3.2 Remote File Disclosure Vulnerability, ajannhwt, 15:59
- PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ, 15:19
- [Full-disclosure] iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs, 15:09
- Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, hainamluke, 15:09
- [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs, 14:59
- Re: SMF "index.php?action=pm" Cross Site-Scripting, Lise Moorveld, 13:37
- [ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities, security, 12:47
- Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, sirdarckcat, 12:16
- Movable Type <= 3.33 XSS Exploit, teracci2002, 12:16
- [Full-disclosure] [ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen, 08:54
- [Full-disclosure] [ GLSA 200701-23 ] Cacti: Command execution and SQL injection, Matthias Geerdsen, 08:34
- [Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati, 03:21
January 25, 2007
- [Full-disclosure] [USN-410-2] teTeX vulnerability, Kees Cook, 20:28
- [Full-disclosure] rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements, 19:48
- [Full-disclosure] rPSA-2007-0020-1 rmake, rPath Update Announcements, 19:48
- Medium Risk Vulnerability in PGP Desktop, NGSSoftware Insight Security Research, 19:07
- RubyGems 0.9.0 and earlier installation exploit, Eric Hodel, 18:57
- Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, anonym, 18:57
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct, 18:37
- Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities, DoZ, 18:27
- Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Steven M. Christey, 18:16
- Vulnerability disclosure comments, Shawna McAlearney, 18:06
- Re: Remove all admin->root authorization prompts from OSX, A. Shaw, 17:46
- The certification password of Internet Explorer 7 and operation of auto complete, support, 17:46
- Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig, 17:36
- RE: Remove all admin->root authorization prompts from OSX, Marvin Simkin, 17:16
- high5 Review script Security Risk, anon, 17:16
- Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Steven M. Christey, 16:15
- [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta, 16:05
- [Full-disclosure] Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux, Sebastian Wolfgarten, 15:55
- [Full-disclosure] Dexia website security alert, Jos Kirps, 15:44
- GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability, ajannhwt, 15:34
- [Full-disclosure] [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities, Matthias Geerdsen, 15:34
- [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta, 15:24
- phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, me you, 14:32
- Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig, 14:00
- [Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories, 14:00
- makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability, ajannhwt, 13:29
- Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, str0ke, 13:29
- Re: [Full-disclosure] rPSA-2007-0011-1 wget, Ron DuFresne, 13:19
- EzDatabase Multiple Cross-Site Scripting Vulnerability, DoZ, 13:09
- ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability, ajannhwt, 13:09
- uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability, ajannhwt, 12:59
- Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity, xorontr, 12:59
- ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability, ajannhwt, 12:39
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, bounce, 12:28
- Remove all admin->root authorization prompts from OSX, K F (lists), 12:18
- [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, Williams, James K, 11:38
- [Full-disclosure] BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.], Lebbeous Weekley, 10:06
- [Full-disclosure] rPSA-2007-0019-1 gtk, rPath Update Announcements, 04:04
January 24, 2007
- Multiple Remote Vulnerabilities in Wordpress, bmatheny, 20:50
- [security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access, security-alert, 20:29
- DoS against Telligent Community Server, bmatheny, 20:19
- Weaknesses in Pingback Design, bmatheny, 19:48
- [Full-disclosure] [USN-414-1] Squid vulnerabilities, Kees Cook, 19:28
- [Full-disclosure] Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Team SHATTER, 19:28
- Re: phpAdsNew 2.0.7 Remote File Include, matteo, 19:18
- [Full-disclosure] Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Team SHATTER, 18:47
- [Full-disclosure] Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT, Team SHATTER, 18:47
- [Full-disclosure] Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD, Team SHATTER, 18:47
- [Full-disclosure] Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE, Team SHATTER, 18:37
- [Full-disclosure] Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY, Team SHATTER, 18:37
- Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide, 17:06
- Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 16:35
- [Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed, Matteo Beccati, 15:54
- Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, Stefano Zanero, 15:44
- Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, Stefano Zanero, 15:24
- Maxtricity Tagger Password Disclosure Vulnerability, beks, 15:04
- [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 15:03
- ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, me you, 14:43
- [Full-disclosure] [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution, Matthias Geerdsen, 14:23
- Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, mail, 14:23
- [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities, Williams, James K, 14:02
- Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 13:42
- Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 13:32
- Toxiclab Shoutbox Password Disclosure Vulnerability, beks, 13:11
- [Aria-Security Team] MyBB Cross-Site Scripting, Advisory, 12:51
- Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Robert Tasarz, 12:40
- [ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities, security, 11:18
- SUSE Security Announcement: xine (SUSE-SA:2007:013), Thomas Biege, 01:43
- Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, me you, 00:53
- PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability, ProCheckUp Research, 00:23
January 23, 2007
- [Full-disclosure] [USN-413-1] BlueZ vulnerability, Kees Cook, 21:31
- [Full-disclosure] [USN-412-1] GeoIP vulnerability, Kees Cook, 20:50
- subscribe (pwd.txt) Remote Password Disclosur, the . tiger100, 20:50
- [Full-disclosure] [ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling, Raphael Marichez, 20:20
- [ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities, security, 18:49
- Re: DoS against AVM Fritz!Box 7050 (and others), Matthias Wenzel, 18:18
- [Full-disclosure] [USN-411-1] libsoup vulnerability, Kees Cook, 17:57
- RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur, the . tiger100, 17:57
- [Full-disclosure] [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation, Raphael Marichez, 17:46
- SUSE Security Announcement: squid (SUSE-SA:2007:012), Thomas Biege, 17:26
- [Full-disclosure] [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities, Raphael Marichez, 17:16
- [ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:46
- [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion, y3dips, 15:55
- Re: Windows logoff bug possible security vulnerability and exploit., Bart ...., 15:35
- Re: phpAdsNew 2.0.7 Remote File Include, l . d . 0, 15:15
- Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, nospam, 14:55
- Adobe ColdFusion Information Disclosure, zck zck, 14:24
- Re: Bluetooth DoS by obex push [readable], hornung, 14:14
- xss filter to protect from xss attacks, Anurag Agarwal, 13:44
- Bluetooth DoS by obex push, Armin Hornung, 13:24
- Bluetooth DoS by obex push, hornung, 13:03
- AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct, 12:43
- [ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability, security, 12:42
- Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again, Mailinglists Address, 12:12
- Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Jose Avila III, 12:02
- Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw, 12:02
- [Full-disclosure] rPSA-2007-0014-1 libgtop, rPath Update Announcements, 07:30
- [Full-disclosure] rPSA-2007-0015-1 libsoup, rPath Update Announcements, 07:30
- [Full-disclosure] rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 07:30
- [Full-disclosure] rPSA-2007-0012-1 ed, rPath Update Announcements, 07:19
- [Full-disclosure] rPSA-2007-0011-1 wget, rPath Update Announcements, 07:19
- [Full-disclosure] [ GLSA 200701-17 ] libgtop: Privilege escalation, Matthias Geerdsen, 04:18
January 22, 2007
- SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before, Rolf Huisman, 20:15
- Re: FishCart [injection sql], Michael Brennen, 20:04
- Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability, me you, 19:34
- UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability, me you, 19:14
- [Full-disclosure] [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities, Raphael Marichez, 18:54
- [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit, corrado . liotta, 18:54
- Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, alexbove, 18:34
- [Full-disclosure] [ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez, 18:14
- [Full-disclosure] [ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service, Raphael Marichez, 17:42
- Fantastic News <=- (news.php) Remote File Include Vulnerability, me you, 17:22
- Full Path Disclosure in Open-Realty ( v2.3.4 ), xx_hack_xx_2004, 16:52
- PHP Link Directory XSS Vulnerability version <= 3.0.6, jussi . vuokko, 16:42
- phpAdsNew 2.0.7 Remote File Include, mr alkomandoz, 16:22
- Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability, porkythepig, 16:22
- [Full-disclosure] [ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure, Matthias Geerdsen, 15:51
- cmsimple 2.7 Remote File Include, mr alkomandoz, 15:51
- SQL Injection in Unique Ads ( UDS ), xx_hack_xx_2004, 15:41
- XSS in Guestbook ( v.4.00 beta ), xx_hack_xx_2004, 15:21
- Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, security@yospot.de, 15:10
- XMB "U2U Instant Messenger" Cross-Site Scripting, Advisory, 15:10
- Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Troy Bollinger, 14:49
- Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, jn, 14:08
- FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, me you, 13:58
- Re: Multiple OS kernel insecure handling of stdio file descriptor, Carson Gaspar, 13:28
- FishCart [injection sql], saps . audit, 13:28
- Re: SMF "index.php?action=pm" Cross Site-Scripting, lfx4sodas, 13:07
- Wiki-how path disclosure, iamtheevil1, 12:37
- Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit, luoluonet, 12:27
- XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ), xx_hack_xx_2004, 12:07
- Re: [Full-disclosure] Check Point Connectra End Point security bypass, Felix Lindner, 11:06
- [Full-disclosure] Check Point Connectra End Point security bypass, Roni Bachar, 01:12
January 20, 2007
- Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Michele Cicciotti, 19:01
- Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, eugeny gladkih, 16:09
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 12:18
- Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, info, 12:08
- SMF "index.php?action=pm" Cross Site-Scripting, Advisory, 11:57
- Paypal Subscription Manager Multiple HTML Injections, DoZ, 11:47
- Login Manager Multiple HTML Injections, DoZ, 11:37
- a-forum xss, sn0oPy, 11:27
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Mario D, 10:57
January 19, 2007
- Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Shiva Persaud, 19:01
- [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability, RISE Security, 18:51
- DIMVA 2007: Final Call for Papers, Robin Sommer, 17:10
- Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, advisory07, 16:30
- Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop, porkythepig, 14:29
- TSLSA-2007-0003 - multi, Trustix Security Advisor, 12:58
- Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability, dh, 12:58
- MyShoutBox Multiple Cross-Site Scripting Vulnerability, DoZ, 12:47
- Re: CMS Made Simple non-permanent XSS, ted, 12:27
- EUSecWest 2007 Papers, Dragos Ruiu, 12:17
- [Full-disclosure] DoS against AVM Fritz!Box 7050 (and others), collin, 10:56
- [Full-disclosure] WzdFTPD < 8.1 Denial of service, S21sec Labs, 07:04
January 18, 2007
- Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder, 19:18
- [ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability, security, 18:27
- [x0n3-h4ck] sabros.us 1.7 XSS Exploit, corrado . liotta, 18:07
- [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability, security, 17:57
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 17:47
- Re: Multiple OS kernel insecure handling of stdio file descriptor, Peter Jeremy, 17:47
- [ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability, security, 17:27
- [ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability, security, 17:16
- [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability, security, 17:06
- Re: [Full-disclosure] [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge - Bayesian Filter detected spam, Simon Smith, 17:06
- [ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability, security, 16:46
- Directory Traversal in ArsDigita Community System, Elliot Kendall, 16:26
- [security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS), security-alert, 15:56
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 14:35
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 14:25
- Re: FW: [cacti-announce] Cacti 0.8.6j Released, Steve Friedl, 13:44
- Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, 3APA3A, 13:34
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Roman Medina-Heigl Hernandez, 13:04
- [USN-410-1] poppler vulnerability, Martin Pitt, 12:53
- CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, CYBSEC Advisories, 12:43
- FW: [cacti-announce] Cacti 0.8.6j Released, Warner Moore, 12:33
- Multiple OS kernel insecure handling of stdio file descriptor, XFOCUS Security Team, 12:13
- [security bulletin] HPSBST02184 SSRT071296 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-001 Through MS07-004, security-alert, 12:03
- [security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS), security-alert, 11:53
January 17, 2007
- Re: Windows logoff bug possible security vulnerability and exploit., 3APA3A, 18:05
- Microsoft Help Workshop .CNT contents files buffer overflow vulnerability, porkythepig, 17:15
- [x0n3-h4ck] myBloggie 2.1.5 XSS exploit, corrado . liotta, 15:34
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Tim Newsham, 15:04
- [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS, ISecAuditors Security Advisories, 15:04
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Jim Manico, 12:22
- Windows logoff bug possible security vulnerability and exploit., Rage Coder, 11:42
- Re: MS07-004 VML Integer Overflow Exploit, lifeasageek, 11:32
- [Full-disclosure] New tool for "evil twins" wireless attacks, noreply, 05:19
January 16, 2007
- [Full-disclosure] ADTool.exe Updated, Luis Alberto Cortes Zavala, 21:26
- [Full-disclosure] ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability, zdi-disclosures, 19:54
- Re: WMF CreateBrushIndirect vulnerability (DoS), temp0_123, 19:13
- SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal, research, 19:13
- Re: Trevorchan <= v0.7 Remote File Include Vulnerability, Stefano Zanero, 18:53
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, HACKPL - bugtraq/sapheal, 18:23
- [Full-disclosure] [ GLSA 200701-12 ] Mono: Information disclosure, Raphael Marichez, 18:13
- [Full-disclosure] [ GLSA 200701-11 ] Kronolith: Local file inclusion, Raphael Marichez, 18:13
- [ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability, security, 17:22
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, Eliah Kagan, 17:12
- vulnerability script indexu all versions, gamr-14, 16:01
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 15:21
- Re: Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio, 15:21
- Announcement: The Cross-site Request Forgery FAQ, bugtraq, 15:11
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Blue Boar, 15:11
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, John McGuire, 15:01
- Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, krasza, 14:50
- [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit, corrado . liotta, 14:40
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 14:40
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Blue Boar, 14:20
- Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, Chris Kelly, 14:20
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, K F (lists), 14:10
- dt_guestbook version 1.0f XSS vulnerability, jesper . jurcenoks, 14:00
- [ MDKSA-2007:016 ] - Updated fetchmail packages fix vulnerability, security, 13:39
- [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability, Dirk Mueller, 13:19
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 13:09
- [ MDKSA-2007:015 ] - Updated cacti packages SQL injection vulnerability, security, 12:59
- [ MDKSA-2007:017 ] - Updated wget packages fix ftp vulnerability, security, 12:49
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, K F (lists), 12:39
- MS07-004 VML Integer Overflow Exploit, LifeAsaGeek, 12:29
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 12:19
- PHPATM Remote Password Disclosure Vulnerablity, nightmare, 12:19
- Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, me you, 11:48
- [Full-disclosure] rPSA-2007-0007-1 kdenetwork, rPath Update Announcements, 01:13
January 15, 2007
- [Full-disclosure] [ GLSA 200701-10 ] WordPress: Multiple vulnerabilities, Raphael Marichez, 19:00
- [Full-disclosure] rPSA-2007-0008-1 gd, rPath Update Announcements, 18:50
- liens_dynamiques xss and admin authentification, sn0oPy . team, 18:30
- [Full-disclosure] [ GLSA 200701-09 ] oftpd: Denial of Service, Raphael Marichez, 18:00
- Uninformed Journal Release Announcement: Volume 6, H D Moore, 17:49
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, bmatheny, 17:39
- InstantForum.NET Multiple Cross-Site Scripting Vulnerability, DoZ, 17:29
- wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity, ilkerkandemir, 17:09
- Jax Petition Book (languagepack) Remote File Include Vulnerabilities, ilkerkandemir, 16:59
- Outpost Bypassing Self-Protection using file links Vulnerability, Matousec - Transparent security Research, 16:19
- Re: Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, recklessb, 15:28
- Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio, 14:57
- [Full-disclosure] [USN-409-1] ksirc vulnerability, Martin Pitt, 13:46
- Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability, ilkerkandemir, 13:26
- Oracle Passwords and OraBrute, paulw, 13:05
- [Full-disclosure] [USN-408-1] krb5 vulnerability, Martin Pitt, 12:45
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, 3APA3A, 12:35
- London DC4420 meet - Wednesday 17th January, 2007, Major Malfunction, 11:24
- Ovidentia 5.6x Series Remote File İnclude, hotturk, 11:04
- [Full-disclosure] [USN-407-1] libgtop2 vulnerability, Martin Pitt, 07:42
- Re: [Full-disclosure] Web Honeynet Project: announcement, exploit URLs this Wednesday, Stefan Kelm, 06:21
- [Full-disclosure] ADtool Beta 1.0 Release, Luis Alberto Cortes Zavala, 01:40
January 13, 2007
- Re: [Full-disclosure] 0trace - traceroute on established connections, Robert ÅwiÄcki, 19:28
- Trevorchan <= v0.7 Remote File Include Vulnerability, ilkerkandemir, 12:25
- RE: seeking comments on disclosure articles, Michael Scheidell, 12:15
- PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability, paisterist, 11:55
- Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, maxpost, 11:45
- Re: phpBB (privmsg.php) XSS Exploit, neothermic, 11:35
January 12, 2007
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, sapheal, 19:08
- [ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability, security, 18:58
- Re: Vendor guidelines regarding security contacts, Steven M. Christey, 18:48
- Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, me you, 17:47
- AIOCP Login Bypass Vulnerability, coloss7, 17:37
- AIOCP SQL Injection Vulnerability, coloss7, 17:27
- Re: slocate leaks filenames of protected directories, Ben Wheeler, 17:17
- [Full-disclosure] [ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities, Raphael Marichez, 16:26
- [Full-disclosure] [ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities, Raphael Marichez, 16:26
- [Full-disclosure] [ GLSA 200701-06 ] w3m: Format string vulnerability, Raphael Marichez, 16:16
- [ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:16
- [Full-disclosure] [ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service, Raphael Marichez, 16:16
- Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, Jim Manico, 16:06
- seeking comments on disclosure articles, smcalearney, 15:46
- Wordpress disclosure of Table Prefix Weakness, process, 15:46
- Re: phpBB (privmsg.php) XSS Exploit, neothermic, 15:16
- Re: [Full-disclosure] Web Honeynet Project: announcement,, Gadi Evron, 15:16
- Re: xss in phpmyadmin <= 2.8.1, alfa, 15:06
- [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities, Williams, James K, 14:56
- Re: slocate leaks filenames of protected directories, Dave Moore, 14:46
- Micro CMS <= 3.5 Remote File Include Exploit, ilkerKandemir, 14:35
- Re: [Full-disclosure] Web Honeynet Project: announcement,, bugtraq, 14:35
- Re: Vendor guidelines regarding security contacts, Ben Bucksch, 14:15
- Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability], Lubomir Kundrak, 14:05
- Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, advisories, 13:55
- Re (3): Circumventing CSFR Form Token Defense, bugtraq, 13:45
- [ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 13:05
- xss in phpmyadmin <= 2.8.1, alfa, 12:45
- Ezboxx multiple vulnerabilities., Info, 12:24
- LunarPoll (PollDir) Remote File Include Vulnerabilities, ilkerKandemir, 12:14
- [Full-disclosure] Web Honeynet Project: announcement, exploit URLs this Wednesday, Gadi Evron, 09:12
- [Full-disclosure] [USN-406-1] OpenOffice.org vulnerability, Kees Cook, 05:31
January 11, 2007
- Nwom topsites v3.0, lunY, 18:36
- LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability, advisories, 18:16
- Re: Perforce client: security hole by design, Crispin Cowan, 18:06
- [security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert, 17:25
- [ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities, security, 17:15
- Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability, info, 17:04
- easy-content filemanager, hackerbinhphuoc, 16:34
- [Full-disclosure] [USN-405-1] fetchmail vulnerability, Kees Cook, 16:14
- LayerOne 2007 CFP Announced, Layer One, 15:54
- [security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files, security-alert, 15:54
- rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 14:33
- [Full-disclosure] ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability, zdi-disclosures, 14:23
- [Full-disclosure] ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability, zdi-disclosures, 14:23
- [Full-disclosure] ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability, zdi-disclosures, 14:13
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail, FreeBSD Security Advisories, 14:13
- Re: slocate leaks filenames of protected directories, Ben Wheeler, 13:52
- RE: Circumventing CSFR Form Token Defense, James C. Slora Jr., 13:12
- phpBB (privmsg.php) XSS Exploit, info, 13:02
- [Full-disclosure] Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability, Calyptix Advisories, 13:01
- Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), hlangos-bugtraq, 13:01
- Re: SAP Security Contact, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 12:51
- Jshop Server 1.3, irvian, 12:31
- Xine-ui format string Vulnerabilties., saik0pod, 12:21
- WMF CreateBrushIndirect vulnerability (DoS), Alexander Sotirov, 12:11
- Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability, advisories, 12:00
- [ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability, security, 12:00
- Re: Vendor guidelines regarding security contacts, Juha-Matti Laurio, 11:50
- [ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability, security, 11:40
- [ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability, security, 11:40
- Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), Dave \"No, not that one\" Korn, 11:30
- DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS, K F (lists), 11:20
January 10, 2007
- Re: Circumventing CSFR Form Token Defense, Peter Watkins, 20:09
- Re: Vendor guidelines regarding security contacts, Chris Wysopal, 19:49
- Re: Circumventing CSFR Form Token Defense, bugtraq, 19:28
- sazcart v1.5 (cart.php) Remote File include, emel_gw_ini, 19:08
- A Major design Bug in Camouflage 1.2.1 (latest), thesinoda, 18:58
- Re: SAP Security Contact, Thor (Hammer of God), 18:28
- A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), thesinoda, 18:17
- Re: SAP Security Contact, Nick Boyce, 18:07
- Re: Circumventing CSFR Form Token Defense, Florian Weimer, 17:57
- Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq, 17:47
- CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability, ahmed_labib_hilmy, 17:37
- Re: slocate leaks filenames of protected directories, Dennis Jackson, 17:17
- VLC Format String Vulnerability also in XINE, Sven . Czaja, 17:07
- Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, null_hack, 16:57
- [Full-disclosure] [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez, 16:37
- [ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability, security, 16:06
- Re: [Full-disclosure] [Dailydave] Adobe Reader Remote Heap Memory Corruption - SubroutinePointer Overwrite, Dave Korn, 14:16
- [Full-disclosure] iDefense Q-1 2007 Challenge, contributor, 14:16
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Ralph Angenendt, 12:25
- [OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos), OpenPKG GmbH, 12:04
- slocate leaks filenames of protected directories, steven, 11:44
- [Full-disclosure] Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite, Piotr Bania, 00:40
January 09, 2007
- [Full-disclosure] iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability, iDefense Labs, 20:28
- [Full-disclosure] VMware ESX server security updates, VMware Security team, 19:28
- edit-x ecommerce (include_dir) Remote File include, emel_gw_ini, 19:07
- [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 17:57
- Circumventing CSFR Form Token Defense, Jim Manico, 17:27
- [Full-disclosure] rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 17:17
- [Full-disclosure] rPSA-2007-0004-1 bzip2, rPath Update Announcements, 17:17
- [Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability, iDefense Labs, 17:06
- [Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability, iDefense Labs, 17:06
- [Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability, iDefense Labs, 17:06
- CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice, Williams, James K, 16:56
- Easy Banner Pro Version 2.8 <= Remote File Inclusion, stormhacker, 16:56
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Marvin Simkin, 16:46
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Spector, 16:36
- Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 16:16
- Re: Cracking Steganography Application in less than ONE minute, Michal Spadlinski, 15:15
- MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers, Tom Yu, 15:05
- [Full-disclosure] [USN-404-1] MadWifi vulnerability, Kees Cook, 15:05
- MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer, Tom Yu, 14:55
- [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability, iDefense Labs, 14:35
- rPSA-2007-0003-1 fetchmail, rPath Update Announcements, 14:24
- [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability, iDefense Labs, 14:24
- [Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability, iDefense Labs, 14:24
- [Full-disclosure] [USN-403-1] X.org vulnerabilities, Kees Cook, 14:14
- magic photo storage website Multiple Remote File Inclusion, emel_gw_ini, 13:44
- ppc engine Multiple file inclusion, emel_gw_ini, 13:14
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Brian Eaton, 13:04
- Re: SAP Security Contact, Stan Bubrouski, 13:04
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Stripling, 12:24
- Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, recklessb, 12:24
- Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, yorn, 12:03
- Re: OpenPinboard <= Remote File Include, Steven M. Christey, 11:53
- [KDE Security Advisory] ksirc Denial of Service vulnerability, Dirk Mueller, 11:53
- [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability, security, 11:43
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico, 11:23
- Re: [Full-disclosure] [DCC SPAM] 0trace - traceroute on established connections, Lance James, 11:13
- Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 06:21
- Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide, 03:29
- Re: [Full-disclosure] 0trace - traceroute on established connections, Alessandro Dellavedova, 03:19
- [Full-disclosure] Sina UC ActiveX Multiple Remote Stack Overflow, Sowhat, 02:49
January 08, 2007
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 23:38
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Guy Podjarny, 23:28
- Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq, 23:08
- Re: FON Router allows anonymous web access, Thierry Zoller, 22:47
- Re: SAP Security Contact, Nicob, 22:37
- Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), socket69, 22:17
- Re: a cheesy Apache / IIS DoS vuln (+a question), Gadi Evron, 22:07
- Cracking Steganography Application in less than ONE minute, thesinoda, 21:47
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 21:37
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 21:37
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 20:36
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 20:16
- [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability, security, 19:56
- Re: Vendor guidelines regarding security contacts, security curmudgeon, 19:36
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Manico, 19:15
- GForge Cross Site Scripting vulnerability, jose . palanco, 18:25
- Re: cisco nac bypass vulnerability - cisco trust agent, Stefano Zanero, 18:15
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 17:54
- createauction (cats.asp) Remote SQL Injection Vulnerability, emel_gw_ini, 17:34
- Re: Sun java System Messenger Express XSS, b2wang, 17:14
- Vendor guidelines regarding security contacts, Steven M. Christey, 16:54
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 16:44
- cisco nac bypass vulnerability - cisco trust agent, thorben schroeder, 16:44
- Re: Universal XSS with PDF files: highly dangerous, Jeff Williams, 16:14
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 15:53
- Packeteer PacketWise CLI overflow DoS, kian . mohageri, 15:33
- magic photo storage website Remote File Inclusion, k1tk4t, 15:23
- QASEC Announcement: Writing Software Security Test Cases, bugtraq, 15:13
- HP Multiple Products PML Driver Local Privilege Escalation, Sowhat, 15:03
- Re: Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, rudeyak, 14:53
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, The Anarcat, 14:53
- MKPortal Full Path Disclosure, info, 14:43
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 14:33
- Re: SAP Security Contact, Ansgar -59cobalt- Wiechers, 14:23
- TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling, Lolek of TK53, 14:23
- GeoBB Georgian Bulletin Board Remote File Include Vuln., ShaFuq31, 14:12
- Re: Perforce client: security hole by design, The Fungi, 14:02
- Dayfox Blog Remote File Include Vuln., ShaFuq31, 14:02
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 13:52
- NUNE News Script (custom_admin_path) Remote File Include Vulnerablity, xorontr, 13:32
- Uguestbook Remote Password Disclosure Vulnerability, beks, 13:32
- Webulas Remote Password Disclosure Vulnerability, beks, 13:22
- HarikaOnline v2.0 Remote Password Disclosure Vulnerability, beks, 13:12
- M-Core Remote Password Disclosure Vulnerability, beks, 13:01
- MitiSoft Remote Password Disclosure Vulnerability, beks, 12:51
- EMembersPro 1.0 Remote Password Disclosure Vulnerability, beks, 12:41
- AJLogin v3.5 Remote Password Disclosure Vulnerability, beks, 12:21
- @lex Guestbook <= 4.0.2 Remote Command Execution Exploit, gmdarkfig, 12:11
- [Full-disclosure] rPSA-2007-0001-1 openoffice.org, rPath Update Announcements, 12:11
- Re: OpenPinboard <= Remote File Include, jgraef, 11:30
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, M.B.Jr., 09:39
January 06, 2007
- Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 20:04
- [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 19:04
- [OpenPKG-SA-2007.005] OpenPKG Security Advisory (wordpress), OpenPKG GmbH, 15:42
- FON Router allows anonymous web access, l . friedrichs, 15:32
- shopstorenow (orange.asp) sql injection, emel_gw_ini, 15:32
- [Full-disclosure] NNL-Labs & MNIN - F5 FirePass Security Advisory, Greg Sinclair, 13:11
- Fix & Chips CMS v1.0, luny, 12:31
- [OpenPKG-SA-2007.004] OpenPKG Security Advisory (fetchmail), OpenPKG GmbH, 12:21
- [OpenPKG-SA-2007.003] OpenPKG Security Advisory (drupal), OpenPKG GmbH, 12:11
- Yet Another Link Directory v1.0, lunY, 12:01
- ohhASP Remote Password Disclosure, Advisory, 11:51
- fetchmail security announcement 2006-02 (CVE-2006-5867), Matthias Andree, 11:30
- fetchmail security announcement 2006-03 (CVE-2006-5974), Matthias Andree, 11:20
- Re: SAP Security Contact, Thor (Hammer of God), 11:10
January 05, 2007
- [Full-disclosure] iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability, iDefense Labs, 17:23
- [OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2), OpenPKG GmbH, 17:03
- [Full-disclosure] ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability, zdi-disclosures, 16:43
- Kolayindir Download (Yenionline) (tr) SqL Injection Vuln., ShaFuq31, 15:02
- Flog 1.1.2 Remote Admin Password Disclosure, corrado . liotta, 14:42
- Multiple bugs in EditTag, nj, 14:02
- Re: SAP Security Contact, Fritz . Bauspiess, 13:41
- RI Blog 1.3 XSS Vuln., ShaFuq31, 13:31
- Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit, gmdarkfig, 13:00
- Intranet Open Source Remote Password Disclosure "intranet.mdb", Advisory, 12:50
- [Full-disclosure] [USN-402-1] Avahi vulnerability, Kees Cook, 12:50
- [Full-disclosure] iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability, iDefense Labs, 12:40
- [Full-disclosure] iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability, iDefense Labs, 12:40
- Uber Uploader 4.2 Arbitrary File Upload Vulnerability, null_hack, 12:40
- IG Calendar SQL Injection, asdfj38, 12:30
- IG Shop remote code execution, asdfj38, 12:20
- MkPortal Admin XSS, info, 12:10
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Stefano Di Paola, 11:50
- [Full-disclosure] Fwd: Re: Universal XSS with PDF files: highly dangerous, Tõnu Samuel, 11:39
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 11:39
- [Full-disclosure] Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability, Stefan Esser, 11:29
- [Full-disclosure] Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability, Stefan Esser, 11:29
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Kristina Lein, 11:29
- [Full-disclosure] [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue, Uwe Hermann, 06:57
- [Full-disclosure] [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue, Uwe Hermann, 06:57
January 04, 2007
- [Full-disclosure] [USN-400-1] Thunderbird vulnerabilities, Kees Cook, 22:03
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 20:23
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, Pete Connolly, 20:23
- CMS Made Simple non-permanent XSS, nanoymaster, 19:52
- Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, rudeyak, 19:42
- SAP Security, Mark Litchfield, 19:32
- Perforce client: security hole by design, Ben Bucksch, 19:22
- [Full-disclosure] [USN-401-1] D-Bus vulnerability, Kees Cook, 19:02
- Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 18:31
- DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability', K F (lists), 18:21
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 18:11
- Re: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), Michal Zalewski, 18:01
- Re: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), Larry Seltzer, 17:51
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 17:51
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, David Litchfield, 17:41
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Rude Yak, 17:30
- [Full-disclosure] Concurrency strikes MSIE (potentially exploitable msxml3 flaws), Michal Zalewski, 17:30
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, Florian Weimer, 17:00
- Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites), NGSSoftware Insight Security Research, 16:29
- Re: a cheesy Apache / IIS DoS vuln (+a question), Rob Sherwood, 15:38
- [Full-disclosure] [ GLSA 200701-03 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez, 15:38
- [Full-disclosure] [ GLSA 200701-02 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez, 15:38
- Wordpress <= 2.x dictionnary & Bruteforce attack, kadaj-diabolik, 15:18
- [Full-disclosure] [USN-398-3] Firefox theme regression, Kees Cook, 15:08
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Ronald Chmara, 14:48
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Bill Nash, 14:38
- SAP Security Contact, Mark Litchfield, 14:38
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 14:18
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Lawrence Paul MacIntyre, 14:08
- Re: [Full-disclosure] [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution), RSnake, 13:57
- Re: [Full-disclosure] Universal PDF XSS After Party(posible solution), Darren Bounds, 13:47
- [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, NGSSoftware Insight Security Research, 13:47
- Re: [Full-disclosure] Universal PDF XSS After Party(posible solution), Noe Espinoza M., 13:37
- Re: a cheesy Apache / IIS DoS vuln (+a question), Pieter de Boer, 13:07
- Re: a cheesy Apache / IIS DoS vuln (+a question), Siim Põder, 13:07
- [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability, vulnpost-remove, 12:47
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 12:37
- LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability, advisories, 12:27
- MkPortal "All Guests are Admin" Exploit, info, 12:27
- Re: [Full-disclosure] [WEB SECURITY]RE: Universal XSS with PDF files: highly dangerous, RSnake, 11:46
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, bugtraq, 11:46
- Re: SMS handling OpenSER remote code executing, bogdan, 11:36
- Re: OpenSER OSP Module remote code execution, bogdan, 11:26
- Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 11:16
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, T Biehn, 11:16
- Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 11:16
- [Full-disclosure] Universal PDF XSS After Party, pdp (architect), 10:56
- CFP for RAID 2007, Jeffrey Horton, 10:56
- Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 10:56
- Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 10:46
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio, 09:05
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, HASEGAWA Yosuke , 08:55
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Larry Seltzer, 08:45
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio, 07:54
- [Full-disclosure] 23C3 - Bluetooth hacking revisted [Summary and Code], Thierry Zoller, 07:54
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Thierry Zoller, 07:34
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico, 05:13
January 03, 2007
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 20:30
- a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 18:58
- jgbbs, dr . t3rr0r1st, 18:48
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Larry Seltzer, 18:38
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jean-Jacques Halans, 18:28
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 18:18
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 17:48
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 17:48
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Dave Ferguson, 17:38
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 17:28
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 17:17
- Re: OpenPinboard <= Remote File Include, Stefano Zanero, 16:07
- [Full-disclosure] [USN-398-2] Firefox vulnerabilities, Kees Cook, 15:56
- Simple Web Content Management System SQL Injection Exploit, gmdarkfig, 15:36
- Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution, chinese soup, 15:16
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 15:06
- Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution, 3APA3A, 14:56
- WineGlass "data.mdb" Remote Password Disclosure, Advisory, 14:16
- Black Hat New Years Updates (Free Stuff, too!), Jeff Moss, 14:06
- OpenPinboard <= Remote File Include, zooz_998, 13:46
- [Full-disclosure] [ GLSA 200701-01 ] DenyHosts: Denial of Service, Raphael Marichez, 13:35
- WineGlass "data.mdb" Remote Password Disclosure, Advisory, 13:35
- Adobe Acrobat Reader Plugin - Multiple Vulnerabilities, Stefano Di Paola, 12:55
- Hacking AJAX DWR Applications, shulman, 12:55
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, ascii, 12:45
- Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution, 3APA3A, 12:25
- openmedia local read file, exe_crack, 12:15
- GuestBook v0.3a Remote Password Disclosure, Advisory, 11:55
- Re: Windows Vista 64bits and unexported kernel symbols, Rik van Riel, 11:55
- Whos Johny Pwnerseed?, K F, 11:35
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 10:34
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, sven . vetsch, 10:24
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 10:24
- [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 10:24
- Re: [Full-disclosure] Apache 1.3.37 htpasswd buffer overflow vulnerability, Andrew Farmer, 04:52
- Re: [Full-disclosure] [USN-398-1] Firefox vulnerabilities, Scott, 01:20
January 02, 2007
- [Full-disclosure] [USN-399-1] w3m vulnerabilities, Kees Cook, 22:39
- [Full-disclosure] [USN-398-1] Firefox vulnerabilities, Kees Cook, 22:09
- [Full-disclosure] Apache 1.3.37 htpasswd buffer overflow vulnerability, Matias Soler, 18:28
- Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, wihl, 18:17
- [ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:36
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Darren Reed, 15:56
- Windows NT Message Compiler 1.00.5239 arbitrary code execution, sapheal, 15:46
- Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit, kadaj-diabolik, 15:36
- [ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities, security, 15:26
- [Full-disclosure] rPSA-2006-0234-2 firefox thunderbird, rPath Update Announcements, 14:15
- Windows Vista 64bits and unexported kernel symbols, Matthieu Suiche, 13:45
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Dana Hudes, 13:45
- AspBB Remote Password Disclosure, Advisory, 13:35
- RE: PHP as a secure language? PHP worms?, Jim Harrison, 13:35
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 13:25
- Re: PHP as a secure language? PHP worms?, Duncan Simpson, 13:04
- [Full-disclosure] Inforamtion Discloser Vulnerabilities in "phpMyAdmin", Tal Argoni, 12:54
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Darren Reed, 12:54
- Openforum Remote password Disclosure, Advisory, 12:44
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Kevin Waterson, 12:44
- lblog Remote Password Disclosure, Advisory, 12:34
- FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution, sapheal, 11:53
- Re: [Full-disclosure] simplog 0.9.3.2 SQL injection, Javor Ninov, 06:11
- Welcome to Pwndertino..., K F (lists), 01:18
- Dailymotion password reset vulnerability, daftrix, 00:58
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 00:48
January 01, 2007
- Re: [Full-disclosure] simplog 0.9.3.2 SQL injection, str0ke, 23:07
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Chad Maron, 18:35
- [Full-disclosure] simplog 0.9.3.2 SQL injection, Javor Ninov, 17:45
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Dana Hudes, 17:45
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 17:05
- Re: XSS with Vbulletin (new idea !), marco . van . herwaarden, 16:44
- Re: Re: Mozilla Firefox 2.0 denial of service vulnerability, sapheal, 16:34
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Tino Wildenhain, 16:14
- Re: Mozilla Firefox 2.0 denial of service vulnerability, Jeroen Massar, 15:54
- Mozilla Firefox 2.0 denial of service vulnerability, sapheal, 15:24
- [OpenPKG-SA-2007.001] OpenPKG Security Advisory (cacti), OpenPKG GmbH, 15:14
- AShop Shopping Cart Multiple XSS Vulnerabilities, DoZ, 15:14
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Kevin Waterson, 15:04
- ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution, sapheal, 14:43
- rblog Database Download Vulnerability, Advisory, 14:33
- golden book XSS, sn0oPy . team, 14:23
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Bill Nash, 14:03
- Kerio Fake 'iphlpapi' DLL injection Vulnerability, Matousec - Transparent security Research, 13:53
- BattleBlog Database Download Vulnerability, Advisory, 13:43
- [NGSEC] ngGame #3 - BrainStorming, labs@NGSEC, 13:33
- WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow, 76693223, 13:13
- Re: PlatinumFTP 1.0.18 remote DoS, info, 13:13
- vBulletin vCard PRO XSS, exexp, 13:02
- PHPIrc_bot <= Remote File Include, zooz_998, 12:52
- WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability, 76693223, 12:42
- Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files, gregory_panakkal, 12:32
- Spooky Login Multiple HTML Injection Vulnerability, DoZ, 11:32