Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

September 30, 2007

[Full-disclosure] [ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities, Raphael Marichez, 17:59
Re: [Full-disclosure] feedreader3 has XSS vulnerability, avivra, 11:08

September 29, 2007

Public Media Manager <= 1.3 Remote File Inclusion Vulnerability, 0in . email, 13:42
[Full-disclosure] [USN-522-1] OpenSSL vulnerabilities, Kees Cook, 10:45

September 28, 2007

Re: 0trace - traceroute on established connections, Tony Rall, 16:55
Re: defining 0day, Chad Perrin, 14:57
Re: 0trace - traceroute on established connections, tyter9, 14:47
feedreader3 has XSS vulnerability, Guy Mizrahi, 14:03
Owning Big Brother: How to Crack into Axis IP cameras, research, 13:52
Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11, gmdarkfig, 13:42
[ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability, security, 13:31
RE: defining 0day, Marvin Simkin, 13:20
Ruby Net::HTTPS library does not validate server certificate CN, Chris Clark, 13:09

September 27, 2007

[Full-disclosure] [USN-521-1] libmodplug vulnerability, Kees Cook, 22:59
Promise NAS NS4300N GUI bug, Tor Houghton, 20:23
Re: Multiple vulnerabilities in rFactor 1.250, babutski, 20:23
rPSA-2007-0202-1 kernel, rPath Update Announcements, 20:12
[ MDKSA-2007:189 ] - Updated t1lib packages fix vulnerability, security, 19:40
[Full-disclosure] [ GLSA 200709-17 ] teTeX: Multiple buffer overflows, Raphael Marichez, 19:29
[SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 19:29
Re: defining 0day, Chad Perrin, 19:08
[ GLSA 200709-16 ] Lighttpd: Buffer overflow, Pierre-Yves Rofes, 18:56
Re: Service Pack 3 for Microsoft Sharepoint Services broken, bobbyh, 17:40
[Full-disclosure] iDefense Security Advisory 09.27.07: Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities, iDefense Labs, 17:19
OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow, Moritz Jodeit, 16:58
Re: Possible Windows Explorer bad PNG file preview integer overflow handling, none, 16:47
[waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12, come2waraxe, 16:16
Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11, Bugsman, 15:55
Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, Rob Thompson, 15:44
Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 14:40
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS, come2waraxe, 13:57
Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, none, 13:46
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta, come2waraxe, 13:36
[CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities, Williams, James K, 13:25
Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 13:15
[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11, come2waraxe, 13:04
Re: Joomla multiple vulerabilities (1.0.X >= ), packet, 12:54
Re: [Full-disclosure] defining 0day, Zow, 10:17

September 26, 2007

Re: Joomla multiple vulerabilities (1.0.X >= ), Gavin Hanover, 20:03
[SECURITY] [DSA 1343-2] New file packages fix arbitrary code execution, Florian Weimer, 19:32
Joomla multiple vulerabilities (1.0.X >= ), security, 17:05
RE: Procedure for publishing a new vulnerability?, William J. Mills, 13:55
Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 13:01
Re: New Shell For Linux & Windows, Vladimir Vitkov, 12:50
Re: [Full-disclosure] COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability, Robert Swiecki, 11:36
[Full-disclosure] ERNW Tool Release: CVSS Calculator, mozilla, 08:10
Re: [Full-disclosure] defining 0day, full-disclosure, 07:49
[Full-disclosure] [USN-520-1] fetchmail vulnerabilities, Kees Cook, 00:25

September 25, 2007

Re: [Full-disclosure] defining 0day, Juergen Marester, 21:07
Re: [Full-disclosure] 0-day inquiry, Joey Mengele, 21:07
Re: [Full-disclosure] defining 0day, Juergen Marester, 21:07
Re: [Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, avivra, 20:25
Re: defining 0day, Charles Miller, 20:04
Re: 0day: PDF pwns Windows, Steve Shockley, 19:52
Re: [Full-disclosure] 0-day inquiry, Juergen Marester, 19:42
RE: defining 0day, David Gillett, 19:42
Re: defining 0day, Gadi Evron, 19:42
[Full-disclosure] [USN-519-1] elinks vulnerability, Kees Cook, 19:31
Re: defining 0day, Andrew Weaver, 19:20
Re: defining 0day, Brian Loe, 19:10
Re: defining 0day, Adrian Griffis, 18:27
Re: [Full-disclosure] 0day: PDF pwns Windows, Lawrence Paul MacIntyre, 18:16
Re: [Full-disclosure] defining 0day, Gadi Evron, 18:16
Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele, 18:05
[Full-disclosure] defining 0day, Gadi Evron, 18:05
Re: defining 0day, Brian Loe, 18:05
Re: defining 0day, Brian Loe, 17:54
Re: [Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, full-disclosure, 17:44
defining 0day, Gadi Evron, 17:22
RE: 0day: PDF pwns Windows, Thor (Hammer of God), 16:29
Re: 0day: PDF pwns Windows, Roland Kuhn, 15:58
Possible Windows Explorer bad PNG file preview integer overflow handling, rocheml, 15:58
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink, security, 15:47
SimpNews version 2.41.03 File Content Disclosure Vulnerability, securityresearch, 15:37
SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities, securityresearch, 15:26
SimpGB version 1.46.02 File Content Disclosure Vulnerability, securityresearch, 15:15
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities, securityresearch, 15:04
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities, securityresearch, 14:54
SimpGB version 1.46.02 Information Disclosure Vulnerability, securityresearch, 14:54
SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities, securityresearch, 14:54
Re: 0day: PDF pwns Windows, Iggy E, 14:43
Re: Multiple vulnerabilities in rFactor 1.250, superfreak, 14:43
[Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, Core Security Technologies Advisories, 14:21
New Shell For Linux & Windows, crazy_king, 14:21
n.runs AG puts §202 law to the test - Tools back online, Thierry Zoller, 14:10
[waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke, come2waraxe, 13:59
[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11, come2waraxe, 13:38
[Full-disclosure] rPSA-2007-0199-1 openssl openssl-scripts, rPath Update Announcements, 13:28
Simple PHP Blog Multiple Vulnerabilities, luca . carettoni, 13:28
[Full-disclosure] iDefense Security Advisory 09.25.07: Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability, iDefense Labs, 13:17
Re: LFI On SMF 1.1.3, alex . tracer, 13:06
JSPWiki Multiple Vulnerabilities, Jason Kratzer, 13:06
Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo, 11:21
Re: [Full-disclosure] 0day: PDF pwns Windows, Glenn.Everhart, 11:00
Re: [Full-disclosure] 0day: PDF pwns Windows, Lamont Granquist, 08:26
[Full-disclosure] [USN-518-1] Linux kernel vulnerabilities, Kees Cook, 08:26

September 24, 2007

ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability, zdi-disclosures, 20:11
sk.log v0.5.3 Remote File Inclusion, h3llcode, 19:50
Auditing clients program in Oracle, fryxar fryxar, 19:50
Re: 0day: PDF pwns Windows, Crispin Cowan, 19:40
Re: 0day: PDF pwns Windows, Chad Perrin, 19:18
[USN-517-1] kdm vulnerability, Kees Cook, 18:36
rPSA-2007-0198-1 kernel, rPath Update Announcements, 18:26
Re: Re: 0day: PDF pwns Windows, Lamont Granquist, 16:31
Google Urchin password theft madness, pagvac, 16:21
Re: New bypass shell for linux, none, 16:21
Arbitrary Command Inclusion, darkbunny91, 16:10
New bypass shell for linux, ernealizm, 14:57
Re: New Zeroday published, Joey Mengele, 14:47
Re: Re: Oracle 11g Password algorithm revealed, pete, 14:36
[security bulletin] HPSBOV02261 SSRT071449 rev.1 - HP OpenVMS running BIND, Remote DNS Cache Poisoning, security-alert, 14:04
Re: Oracle 11g Password algorithm revealed, ak, 14:03
Service Pack 3 for Microsoft Sharepoint Services broken, jimbob1, 13:53
Nuke Mobile Entartainment Local File Inclusion, h3llcode, 13:10
Re: Re: 0day: PDF pwns Windows, johanfunsale, 13:10
Re: [Full-disclosure] Oracle 11g Password algorithm revealed, Thierry Zoller, 13:00
Oracle 11g Password algorithm revealed, pete, 12:49
[Full-disclosure] COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability, Wojciech Purczynski, 07:00
Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), Panda Security Response, 05:48

September 23, 2007

[Full-disclosure] [ GLSA 200709-15 ] BEA JRockit: Multiple vulnerabilities, Raphael Marichez, 19:41
Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan, 11:07

September 22, 2007

HITBSecConf2007 - Malaysia Materials & Photos are up !, Praburaajan, 14:51
xcms all version arbitrary code execution, x0kster, 14:41
[ MDKSA-2007:187 ] - Updated PHP packages fix numerous vulnerabilities, security, 14:30
Re: PHP-Nuke add admin ALL Versions, Blaine Elzey, 14:19
2 vanilla XSS on Wordpress ‘wp-register.php’, Adrian P, 14:19

September 21, 2007

Procedure for publishing a new vulnerability?, vinod sharma, 22:55
[Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities, iDefense Labs, 20:41
Re: Re: PHP-Nuke add admin ALL Versions, h3llcode, 20:40
Re: [Full-disclosure] 0day: PDF pwns Windows, Aaron Collins, 20:30
Re: SimplePHPBlog Hacking, luca . carettoni, 20:09
EEYE: Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops, eEye Advisories, 19:58
[Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability, iDefense Labs, 19:47
greensql firewall permanent xss, laurent . gaffie, 19:36
Re: [Full-disclosure] 0day: PDF pwns Windows, Kevin Finisterre (lists), 19:26
Re: [Full-disclosure] 0day: PDF pwns Windows, bugtraq, 19:15
Re: Re: 0day: PDF pwns Windows, rmk115, 18:21
Re: PHP-Nuke add admin ALL Versions, n0de, 17:38
Re: [Full-disclosure] 0day: PDF pwns Windows, Thierry Zoller, 17:37
[Full-disclosure] DEFCON London DC4420 meet - Monday 24th September, Major Malfunction, 17:27
Re: [Full-disclosure] CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities, Florian Weimer, 17:27
[CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities, Williams, James K, 17:26
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability, iDefense Labs, 17:16
RE: [Full-disclosure] 0day: PDF pwns Windows, Jeff Wells (jmwells), 17:16
Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo, 17:15
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities, iDefense Labs, 17:15
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability, iDefense Labs, 17:05
Re: [Full-disclosure] 0day: PDF pwns Windows, Casper . Dik, 17:05
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities, iDefense Labs, 17:05
Re: [Full-disclosure] 0day: PDF pwns Windows, Wayne D. Hoxsie Jr., 16:43
RE: [Full-disclosure] 0day: PDF pwns Windows, Michael Bitow, 16:32
Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin, 16:32
Re: [Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature, J. Oquendo, 16:00
DDIVRT-2007-04 NetSupport Manager Authentication Bypass, VulnerabilityResearch, 16:00
[ISR] - Barracuda Spam Firewall. Cross-Site Scripting, ISR-noreply, 15:38
TSLSA-2007-0028 - multi, Trustix Security Advisor, 15:27
[Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature, Aditya K Sood, 15:16
Neuron News 1.0 Local file inclusion (index.php), h3llcode, 15:06
[Full-disclosure] ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage, zdi-disclosures, 14:44
Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin, 14:01
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, Kees Cook, 13:30
List all the comment + entry belong to the Yahoo 360 public blog and more..., vnn95, 13:08
ToorCon Final Lineup Announcement, David Hulton, 12:57
Re: [Full-disclosure] 0day: PDF pwns Windows, Steven Adair, 12:25
Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), 3APA3A, 11:23
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, Ismail Dönmez, 11:23
Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, 3APA3A, 10:42
Re: [Full-disclosure] 0day: PDF pwns Windows, pdp (architect), 06:43
Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu, Tom Laermans, 06:43
Re: [Full-disclosure] 0day: PDF pwns Windows, pdp (architect), 06:33
Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu, Colin Alston, 06:33
Re: [Full-disclosure] 0day: PDF pwns Windows, Antivirus Taneja, 06:33
Re: [Full-disclosure] 0day: PDF pwns Windows, Rohit Srivastwa, 04:50
Re: [Full-disclosure] 0day: PDF pwns Windows, coderman, 03:21
Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan, 02:07
Re: [Full-disclosure] 0day: PDF pwns Windows, Gadi Evron, 01:57
Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele, 01:57

September 20, 2007

[Full-disclosure] [USN-516-1] xfsdump vulnerability, Kees Cook, 22:19
[Full-disclosure] [ GLSA 200709-14 ] ClamAV: Multiple vulnerabilities, Pierre-Yves Rofes, 19:54
[ MDKSA-2007:186 ] - Updated openoffice.org packages fix TIFF parser vulnerability, security, 19:54
[Full-disclosure] rPSA-2007-0194-1 kdebase, rPath Update Announcements, 18:51
[Full-disclosure] [ GLSA 200709-13 ] rsync: Two buffer overflows, Raphael Marichez, 17:59
Vigile CMS v1.8 Multiple Remote XSS Vulnerability, x0kster, 16:56
PHP-Nuke add admin ALL Versions, h3llcode, 15:20
WebED-0.8999 Multiple Remote File Inclusion Vulnerability, h3llcode, 15:10
PhpBB Xs 2 profile.php Permanent Xss Vulnerability, h3llcode, 14:47
Re: 0day: PDF pwns Windows, pdp (architect), 14:37
Re: Security Advisory for Bugzilla 3.0.1 and 3.1.1, tkevans, 14:26
Re: [Full-disclosure] 0day: PDF pwns Windows, Aditya K Sood, 14:05
Re: 0day: PDF pwns Windows, Gadi Evron, 13:54
WebBatch Applications Cross Site Scripting Vulrnability, DoZ, 13:33
SimplePHPBlog Hacking, webmaster666, 13:33
[security bulletin] HPSBUX02249 SSRT071442 rev.2 - HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert, 13:22
[security bulletin] HPSBUX02251 SSRT071449 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert, 13:11
[Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM, Aditya K Sood, 13:01
0day: PDF pwns Windows, pdp (architect), 12:50
Security Advisory for Bugzilla 3.0.1 and 3.1.1, mkanat, 12:39
[Full-disclosure] VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player, VMware Security team, 00:26

September 19, 2007

Re: [Full-disclosure] security notice: Backdooring Windows Media Files, pdp (architect), 21:12
Update? Question on BID 19000, Michael Scheidell, 20:09
[Full-disclosure] [ GLSA 200709-12 ] Poppler: Two buffer overflow vulnerabilities, Raphael Marichez, 19:26
Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), Panda Security Response, 19:06
rPSA-2007-0193-1 gdm, rPath Update Announcements, 18:35
[USN-515-1] t1lib vulnerability, Kees Cook, 18:03
PHPBBPLUS 1.5.3 RFI BUG, Mehrad1989, 17:01
WBR3404TX Broadband Router XSS, azizov, 16:50
Re: Re: Re: Toms Gstebuch 1.00 - XSS, administrator, 16:29
Re: file upload vulnerability in joomla media component, Gavin Hanover, 16:29
Re: [Full-disclosure] security notice: Backdooring Windows Media Files, Rahul Mohandas, 15:35
[security bulletin] HPSBUX02259 SSRT071439 rev.1 - HP-UX Running logins(1M), Remote Unauthorized Access, security-alert, 15:24
[Full-disclosure] Multiple vulnerabilities in the gMotor2 engine, Luigi Auriemma, 15:13
file upload vulnerability in joomla media component, vinodsharma . mmit, 14:41
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval, come2waraxe, 14:30
[security bulletin] HPSBST02260 SSRT071471 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054, security-alert, 14:19
Re: eyeOS checksum prediction, jose, 14:08
[Full-disclosure] rPSA-2007-0190-1 kdebase, rPath Update Announcements, 07:46
[Full-disclosure] rPSA-2007-0189-1 openoffice.org, rPath Update Announcements, 07:46
[Full-disclosure] FLEA-2007-0056-1 openoffice.org, Foresight Linux Essential Announcement Service, 03:03

September 18, 2007

[Full-disclosure] [USN-514-1] X.org vulnerability, Kees Cook, 23:15
[Full-disclosure] [ GLSA 200709-11 ] GDM: Local Denial of Service, Raphael Marichez, 19:15
[Full-disclosure] [ GLSA 200709-10 ] PhpWiki: Authentication bypass, Raphael Marichez, 19:04
A little advisory content correction., j00ru . vx, 18:54
Re: [Full-disclosure] security notice: Backdooring Windows Media Files, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 18:32
[Full-disclosure] [USN-513-1] Qt vulnerability, Kees Cook, 18:21
Uninformed Journal Release Announcement: Volume 8, Uninformed Staff, 18:21
Re: [Full-disclosure] security notice: Backdooring Windows Media Files, pdp (architect), 17:27
RE: security notice: Backdooring Windows Media Files, Memisyazici, Aras, 17:27
RE: security notice: Backdooring Windows Media Files, Memisyazici, Aras, 17:16
[Full-disclosure] TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability, TSRT, 16:34
RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Ed Patterson, 15:18
WifiZoo v1.1, Hernan Ochoa, 15:07
Plague in (security) software drivers & BSDOhook utility, Matousec - Transparent security Research, 14:44
Re: [Full-disclosure] security notice: Backdooring Windows Media Files, jf, 14:12
security notice: Backdooring Windows Media Files, pdp (architect), 13:50
[ MDKSA-2007:185 ] - Updated avahi packages fix vulnerability, security, 13:27
[security bulletin] HPSBUX02153 SSRT061181 rev.6 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 13:16
XSS on Obedit v3.03, fuxxx0rz, 13:05
GCALDaemon Remote DoS, luca . carettoni, 13:05
RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Peter Gutmann, 12:44
[ MDKSA-2007:184 ] - Updated cacti packages fix vulnerability, security, 12:33

September 17, 2007

b1gmail Cross Site Scripting, malibu . r, 20:15
rPSA-2007-0188-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements, 20:04
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion, L4teral, 19:32
[Full-disclosure] iDefense Security Advisory 09.17.07: Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities, iDefense Labs, 18:40
[Full-disclosure] FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass, Foresight Linux Essential Announcement Service, 17:57
[Full-disclosure] FLEA-2007-0054-1 lighttpd, Foresight Linux Essential Announcement Service, 17:47
SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure, research, 15:21
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Strykar, 15:10
Re: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Peter Gutmann, 13:44
TSLSA-2007-0026 - multi, Trustix Security Advisor, 13:33
RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Roger A. Grimes, 13:33
Alcatel-Lucent OmniPCX Remote Command Execution, RedTeam Pentesting GmbH, 13:22
Media Player Classic Denial of Service, yeikos, 13:12
WinImage 8.10 vulnerabilities, j00ru . vx, 12:51
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Eric Chien, 11:48
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 10:25
[Full-disclosure] IE (Internet Explorer) pwns SecondLife, pdp (architect), 09:43

September 16, 2007

Re: [Full-disclosure] Patch for idle scan in Microsoft windows based systems, Slythers Bro, 14:34
[Full-disclosure] Patch for idle scan in Microsoft windows based systems, Joel Jose, 14:24
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 12:51
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Thierry Zoller, 10:47

September 15, 2007

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 23:17
[Full-disclosure] [ GLSA 200709-09 ] GNU Tar: Directory traversal vulnerability, Raphael Marichez, 20:02
Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities, Seth Fogie, 15:14
RE: Next generation malware: Windows Vista's gadget API, Peter Gutmann, 15:03
rPSA-2007-0187-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 14:21
[Full-disclosure] [ GLSA 200709-08 ] id3lib: Insecure temporary file creation, Matthias Geerdsen, 13:19
[Full-disclosure] [ GLSA 200709-07 ] Eggdrop: Buffer overflow, Matthias Geerdsen, 13:09
[Full-disclosure] [USN-512-1] Quagga vulnerability, Kees Cook, 04:04

September 14, 2007

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, avivra, 21:51
[Full-disclosure] [ GLSA 200709-06 ] flac123: Buffer overflow, Raphael Marichez, 19:25
[Full-disclosure] [ GLSA 200709-05 ] RealPlayer: Buffer overflow, Raphael Marichez, 18:53
RE: Next generation malware: Windows Vista's gadget API, Roger A. Grimes, 17:51
rPSA-2007-0184-1 samba samba-swat, rPath Update Announcements, 17:30
Gelato SQL Injection exploit, s0cratex, 16:48
AIM Local File Display in Notification Window, shell, 15:02
[security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation, security-alert, 15:02
new XSS vulnerability in php-stats -tracking.php, root, 14:51
[ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability, security, 14:40
Boa (with Intersil Extensions) - HTTP Basic Authentication Bypass, luca . carettoni, 14:30
[Full-disclosure] [GOODFELLAS-VULN] FileFind class from MFC Library cause heap overflow, GOODFELLAS SRT, 14:19
[Full-disclosure] [GOODFELLAS-VULN] ActiveX hpqutil!ListFiles hpqutil.dll - Remote heap overflow, GOODFELLAS SRT, 14:19
[Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl, rPath Update Announcements, 14:08
[Full-disclosure] rPSA-2007-0183-1 lighttpd, rPath Update Announcements, 13:57

September 13, 2007

[ MDKSA-2007:182 ] - Updated quagga packages fix vulnerability and bugs, security, 18:06
[Full-disclosure] [ GLSA 200709-04 ] po4a: Insecure temporary file creation, Raphael Marichez, 17:55
[Full-disclosure] [ GLSA 200709-03 ] Streamripper: Buffer overflow, Raphael Marichez, 16:42
[ GLSA 200709-02 ] KVIrc: Remote arbitrary code execution, Raphael Marichez, 16:41
Re: Next generation malware: Windows Vista's gadget API, Todd Manning, 16:09
WinSCP < 4.04 url protocol handler flaw, Kender . Security, 13:18
NDSS 2008 CfP Papers Due September 21, Crispin Cowan, 13:18
[ MDKSA-2007:180 ] - Updated id3lib packages fix vulnerability, security, 13:07
[ MDKSA-2007:181 ] - Updated librpcsecgss packages fix vulnerabilities, security, 12:56
[Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 07:06

September 12, 2007

ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability, zdi-disclosures, 19:13
Apache2 Undefined Charset UTF-7 XSS Vulnerability, cxib, 18:09
AIM Arbitrary HTML Display in Notification Window, shell, 15:09
SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor, research, 14:59
CS Guestbook Admin Name & Md5 Security Vuln, crazy_king, 14:37
Re Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, laurent . gaffie, 14:16
Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, Ben Wheeler, 14:16
[Full-disclosure] CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities, Code Audit Labs, 13:55
Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, Ronald Chmara, 13:55
Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information, Integrigy Alerts, 13:55
RSA EnVision Reflected XSS Hole, Stelios Tigkas, 13:23
Boinc Forum Cross Site Scripting Vulrnability, DoZ, 13:23
[ MDKSA-2007:179 ] - Updated fetchmail packages fix DoS vulnerability, security, 13:13
[Full-disclosure] 0DAY: QuickTime pwns Firefox, pdp (architect), 13:12
[ MDKSA-2007:178 ] - Updated x11-server packages fix vulnerability, security, 13:01
RE: ScanAlert Security Advisory, Nick Merritt, 12:51
[Full-disclosure] S21SEC-036-EN Ekiga <= 2.0.5 Denial of service, S21sec Labs, 07:32

September 11, 2007

[Full-disclosure] [ GLSA 200709-01 ] MIT Kerberos 5: Multiple vulnerabilities, Matthias Geerdsen, 17:32
[Full-disclosure] iDefense Security Advisory 09.11.07: Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer Overflow Vulnerability, iDefense Labs, 17:11
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities, Thijs Kinkhorst, 16:49
Assurent VR - Microsoft Agent Crafted URL Stack Buffer Overflow, VR-Subscription-noreply, 15:34
NuclearBB Alpha 2 Remote File Inclusion, b14ck1c3, 13:30
PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, laurent . gaffie, 13:19
[Full-disclosure] XSS using Atom feed in www.ibm.com, HASEGAWA Yosuke, 13:19
[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default, Gerald (Jerry) Carter, 13:08
[Full-disclosure] RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability, OS2A BTO, 07:06
[Full-disclosure] rPSA-2007-0181-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements, 05:02

September 10, 2007

Re: XSIO - Cross Site Image Overlaying, Tod Beardsley, 19:05
ekoparty 3rd edition CFP, ekoparty, 19:05
New Whitepaper : g00gle CrewBots, matteo, 18:34
XSIO - Cross Site Image Overlaying, Sven Vetsch / Disenchant, 18:24
[Aria-Security Team] social-networkin SQL Injection, Advisory, 14:46
Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service, azurIt, 14:35
Symantec Product Security: Symantec Device Driver Local Elevation of Privilege, secure, 14:14
/* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */, laurent . gaffie, 14:03
PHP <=5.2.4 open_basedir bypass & code exec & denial of service, laurent . gaffie, 13:51
Announcing ShmooCon 08 and the CFP, B Potter, 13:40
Husrev Forums v2.0.1:PoWerBoard Sql, yollubunlar, 13:08
Proxy Anket v3.0.1 Sql injection Vulnerable, yollubunlar, 12:57
phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities, yollubunlar, 12:46

September 08, 2007

Netjuke 1.0-rc2 - sql injection & XSS, cod3in, 14:30
ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability, zdi-disclosures, 13:59
TxxCMS_Multiple File inclusion Vulnerabilies, nnc, 13:59
Re: Re: Toms Gstebuch 1.00 - XSS, hd1979, 13:59
[Full-disclosure] IMF 2007 - 2nd Call for Participation, Oliver Goebel, 09:02

September 07, 2007

[Full-disclosure] ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability, zdi-disclosures, 21:56
hack.lu 2007 18-20 October, Luxembourg, info, 18:29
[ MDKSA-2007:174-1 ] - Updated krb5 packages fix vulnerabilities, security, 18:18
Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc, retrog, 18:18
[Full-disclosure] [USN-511-2] Kerberos vulnerability, Kees Cook, 16:11
Re: Toms Gstebuch 1.00 - XSS, administrator, 14:53
Re: Buffalo AirStation WHR-G54S CSRF vulnerability, Adrian P, 14:32
Safari 3.0.3 (522.15.5) Buffer overflow, azizov, 14:21
[ MDKSA-2007:177 ] - Updated MySQL packages fix vulnerabilities, security, 13:07
Buffalo AirStation WHR-G54S CSRF vulnerability, Henri Lindberg - Smilehouse Oy, 13:06
[Full-disclosure] FLEA-2007-0053-1 fetchmail, Foresight Linux Essential Announcement Service, 02:15
[Full-disclosure] FLEA-2007-0051-1 star, Foresight Linux Essential Announcement Service, 00:32
[Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation, Foresight Linux Essential Announcement Service, 00:21
[Full-disclosure] FLEA-2007-0052-1 gd, Foresight Linux Essential Announcement Service, 00:21

September 06, 2007

[Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation, Foresight Linux Essential Announcement Service, 23:30
[ MDKSA-2007:176 ] - Updated kdebase and kdelibs packages fix location bar spoofing issues, security, 20:33
[HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal, Gynvael Coldwind, 20:02
[ MDKSA-2007:174 ] - Updated krb5 packages fix vulnerabilities, security, 19:30
iTunes 7.3.x - Heap overflow in album cover parsing, David Thiel, 19:29
[ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow, security, 19:19
[Full-disclosure] rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 17:32
PHP <= 5.2.4 multiple Iconv functions denial of service, laurent . gaffie, 16:50
[HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities, Gynvael Coldwind, 16:40
Re: PHP < 5.2.3 glob() denial of service, Jonathan Yu, 16:29
[HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal, Gynvael Coldwind, 15:06
Sophos Anti-Virus 6.5.4 Vulnerability, disclosure, 12:57
[Full-disclosure] Apache Tomcat remote xss, handrix cobra, 00:03

September 05, 2007

updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer, Tom Yu, 19:13
Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files, lcat, 19:02
rPSA-2007-0177-1 kdebase kdelibs, rPath Update Announcements, 18:52
rPSA-2007-0178-1 fetchmail, rPath Update Announcements, 18:52
[Full-disclosure] Format string and clients disconnection in Alien Arena 2007 6.10, Luigi Auriemma, 18:10
PHP <=5.2.4 iconv_substr() denial of service, laurent . gaffie, 18:09
PHP < 5.2.3 fnmatch() denial of service, laurent . gaffie, 17:48
PHP < 5.2.4 setlocale() denial of service, laurent . gaffie, 17:37
PHP < 5.2.3 glob() denial of service, laurent . gaffie, 17:27
Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability, Mark Thomas, 14:49
Cisco Security Advisory: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities, Cisco Systems Product Security Incident Response Team, 14:39
[ MDKSA-2007:173 ] - Updated tar packages fix vulnerabilities, security, 14:28
rPSA-2007-0176-1 gd php php-mysql php-pgsql php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements, 13:57

September 04, 2007

[Full-disclosure] [USN-511-1] Kerberos vulnerability, Kees Cook, 22:28
Digital Armaments 2007 September-October Hacking Challenge: Symbian, info, 18:40
New version of Pass-The-Hash Toolkit v1.1, Hernan Ochoa, 18:20
Tutorial on Fuzzled, Tim Brown, 18:20
MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer, Tom Yu, 17:06
Re: Multiple vulnerabilities in Joomla 1.5 RC 1, admin, 16:03
Re: Built2Go_PHP_Link_Portal_v1.79 >> RFI, scoutt_42, 14:17
[security bulletin] HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 13:35
Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability, tusharvartak, 13:35
Wireshark DNP3 Dissector Infinite Loop Vulnerability, Aviram Jenik, 13:14
212cafeBoard Sql injection, Lopez Bran, 13:03
[security bulletin] HPSBUX02156 SSRT061236 rev.3 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:52
Marshal MailMarshal TAR Unpacking Vulnerability, S. Vandersee, 12:52

September 03, 2007

Re: [Full-disclosure] [Sec] Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Thierry Zoller, 20:25
Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Jan Münther, 14:26
DeepSec IDSC 2007 Vienna Registration Now Open, Paul Böhm, 14:05
Multiple vulnerabilities in Joomla 1.5 RC 1, Omid, 14:05
Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll (v.1) remote arbitrary registry key manipulation, retrog, 13:54
Re: MkPortal "All Guests are Admin" Exploit, nospam, 13:44
Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Sergio Alvarez, 10:28

September 01, 2007

SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion, home_edition2001, 16:48
Re: Sony: The Return Of The Rootkit, John Hammond, 16:38
Re: ePersonnel_RC_2004 Remote File Bug, the . tiger100, 16:27
[Paper] The Anatomy of Third Party Pop Up Attacks., Aditya K Sood, 15:25
Re: Sony: The Return Of The Rootkit, Juha-Matti Laurio, 15:14
Re: Sony: The Return Of The Rootkit, Tyler Reguly, 14:53
[ MDKSA-2007:172 ] - Updated clamav packages vulnerabilities, security, 14:43
Re: Sony: The Return Of The Rootkit, Chad Perrin, 14:32
Toms Gstebuch 1.00 - XSS, cod3in, 14:22
Olate Download 3.4.2~uploads folder ~ directory traversal, imei Addmimistrator, 14:01
Re: Sony: The Return Of The Rootkit, Paul Sebastian Ziegler, 13:50
Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files, imei Addmimistrator, 13:39
Re: Sony: The Return Of The Rootkit, Jason Brooke, 13:29
[Full-disclosure] WHITE PAPER: For my next trick… hacking Web2.0, pdp (architect), 11:56