Bugtraq (date)
December 31, 2007
- Re: Cryptome: NSA has real-time access to Hushmail servers, Rob Thompson, 15:57
- Re: Cryptome: NSA has real-time access to Hushmail servers, Jay Hennigan, 15:46
- RE: Cryptome: NSA has real-time access to Hushmail servers, Craig Wright, 15:35
- RE: Cryptome: NSA has real-time access to Hushmail servers, Thor (Hammer of God), 15:24
- [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise, zinho, 15:04
- Re: Cryptome: NSA has real-time access to Hushmail servers, J. Oquendo, 14:32
- Re: Cryptome: NSA has real-time access to Hushmail servers, mark seiden-via mac, 14:00
- RE: Cryptome: NSA has real-time access to Hushmail servers, Kevin Reiter, 13:50
- Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities, oldguy, 13:50
- Re: Cryptome: NSA has real-time access to Hushmail servers, Seth, 13:39
- RE: Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 13:06
- Instant Softwares DatingSite SQL Injection, The-0utl4w-noreply, 13:06
- LiveCart Multiple Cross-Site Scripting Vulnerabilities, DoZ, 12:56
- Re: Re: Cryptome: NSA has real-time access to Hushmail servers, gb, 12:45
- milliscripts (dir.php) Cross-Site Scripting Vulnerability, sys-project, 12:45
- Bitweaver source code disclosure, arbitrary file upload, admin, 12:23
- Fingerprints in Astaro Security Gateway v7.1, morin . josh, 12:23
December 29, 2007
- CCMS v3.1 Demo <= SQL Injection Vulnerability 0day, pawel2827, 17:54
- CuteNews Arbitrary File Download AllVersion, pawel2827, 17:54
- TK53 Advisory #2: Multiple vulnerabilities in ClamAV, Lolek of TK53, 15:19
- [Full-disclosure] [ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities, Robert Buchholz, 12:52
- [Full-disclosure] [ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities, Robert Buchholz, 12:42
- [Full-disclosure] [ GLSA 200712-19 ] Syslog-ng: Denial of Service, Robert Buchholz, 12:42
- [Full-disclosure] [ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities, Robert Buchholz, 10:38
- [Full-disclosure] [ GLSA 200712-17 ] exiftags: Multiple vulnerabilities, Pierre-Yves Rofes, 10:28
- [Full-disclosure] [ GLSA 200712-16 ] Exiv2: Integer overflow, Pierre-Yves Rofes, 10:07
- [Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities, Pierre-Yves Rofes, 09:56
December 28, 2007
- [Full-disclosure] Buffer-overflow in CoolPlayer 217, Luigi Auriemma, 14:52
- [SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution, Thijs Kinkhorst, 13:18
- [SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection, Thijs Kinkhorst, 12:25
- [SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression, Thijs Kinkhorst, 12:25
- [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities, Florian Weimer, 12:15
- 2z-project 0.9.6.1 Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:14
- FAQMasterFlexPlus multiple vulnerabilities, Juan Galiana, 12:03
- OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities, Juan Galiana, 11:53
- [Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities, Juan Galiana, 00:18
December 27, 2007
- Re: Cryptome: NSA has real-time access to Hushmail servers, Steve Shockley, 15:33
- Re: Cryptome: NSA has real-time access to Hushmail servers, Kurt Buff, 15:22
- Re: Re: Re: TotalPlayer 3.0 .m3u crash, david130490, 15:12
- [Full-disclosure] Multiple vulnerabilities in libnemesi 0.6.4-rc1, Luigi Auriemma, 14:07
- [Full-disclosure] Multiple vulnerabilities in Feng 0.1.15, Luigi Auriemma, 13:56
- [Full-disclosure] Buffer-overflow in Extended Module Player 2.5.1, Luigi Auriemma, 13:56
- Re: Re: TotalPlayer 3.0 .m3u crash, david130490, 13:45
- [Full-disclosure] rIP BETA - reverse IP tool, disfigure, 13:23
- Re: Multiple xss in mambo 4.6.2, Hanno BÃck, 13:12
- Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma, 13:01
- PHP -> set_time_limit, brancohat, 13:01
- [security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 12:51
- Re: Cryptome: NSA has real-time access to Hushmail servers, Valdis . Kletnieks, 12:51
- Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, blackredyellow, 12:40
- Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf, 12:29
- Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma, 12:08
- IPortalX Forums Cross-Site Scripting Vulnerability, DoZ, 11:58
- XZero Community Classifieds <= v4.95.11 LFI & SQL Injection, office, 11:58
- Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection, sys-project, 11:47
December 26, 2007
- RE: Cryptome: NSA has real-time access to Hushmail servers, M. Burnett, 16:36
- RE: Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 16:25
- Bid 24744 ?, balrog, 16:15
- Re: Microsoft Office Publisher, fagian, 16:15
- Re: Re: PHP <= 5.2.5 Safe Mode Bypass, Alireza Hassani, 16:04
- Confixx Professional RFİ, erne, 13:08
December 24, 2007
- Re: PHP <= 5.2.5 Safe Mode Bypass, shsuff, 14:34
- Double directory traversal in ImgSvr 0.6.21, Luigi Auriemma, 14:24
- [Full-disclosure] Unicode buffer-overflow in Zoom Player 6.00b2, Luigi Auriemma, 14:23
- Buffer-overflow and format string in VideoLAN VLC 0.8.6d, Luigi Auriemma, 14:13
- Update: Clients buffer-overflow in Live for Speed 0.5X10, Luigi Auriemma, 14:02
- SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability, sys-project, 14:02
- [CVE-2007-5342] Apache Tomcat's default security policy is too open, Mark Thomas, 13:21
- PHP <= 5.2.5 Safe Mode Bypass, admin, 13:00
- Jupiter Cms Multiple Vulnerabilities, admin, 12:49
- [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5, come2waraxe, 12:49
- pdflib long filename multiple bufferoverflows, poplix, 12:39
- Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability, Mesut Timur, 12:28
- Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities, yannick . warnier, 12:28
- [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack, ISecAuditors Security Advisories, 12:17
- Logaholic Web Analytics Software, malibu . r, 12:17
December 22, 2007
- Re: Re: Moodle SQL Injection, bar, 17:01
- [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities, DoZ, 17:01
- Microsoft Office Publisher, jplopezy, 13:16
- Re: Moodle SQL Injection, foo, 13:16
- My Blog Rfi, beenudel1986, 13:05
December 21, 2007
- America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution, evanchik, 20:29
- Word 2003 denial of service, jplopezy, 19:36
- HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 19:36
- [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability, Williams, James K, 16:52
- [Full-disclosure] Buffer-overflow in WinUAE 1.4.4, Luigi Auriemma, 16:09
- RE: Cryptome: NSA has real-time access to Hushmail servers, Thor (Hammer of God), 15:59
- RE: Cryptome: NSA has real-time access to Hushmail servers, Jim Harrison, 15:17
- Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 13:41
- Moodle SQL Injection, root, 12:28
- CFP CISIS '08, hjan, 12:07
- [Full-disclosure] [USN-559-1] MySQL vulnerabilities, Jamie Strandboge, 03:52
December 20, 2007
- Re: Design flaw in AS3 socket handling allows port probing, fukami, 19:32
- [SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 19:11
- Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability, nbbn, 18:07
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio, 17:35
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio, 17:14
- PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability, sys-project, 16:20
- [security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access, security-alert, 15:49
- [security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS), security-alert, 15:38
- SiteScape Forum TCL injection, lolo lolo, 15:38
- [security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos), security-alert, 15:28
- [Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection, The-0utl4w-noreply, 15:28
- Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, mj, 15:17
- iSupport v1.8 Local file include vulnerability, ahcrew, 15:17
- Black Hat Briefings Call for Papers and Happy Happy Joy Joy, jmoss, 15:06
December 19, 2007
- xeCMS 1.x.x Remote File Disclosure Vulnerability., p4imi0, 18:53
- Re: Wordpress - Broken Access Control, otto, 18:32
- Re: Wordpress - Broken Access Control, Abel Cheung, 18:11
- HP laptops Software Update tool vulnerability, porkythepig, 17:39
- Array overflow in id3lib (devel CVS), Luigi Auriemma, 14:42
- SYMSA-2007-015, research, 14:00
- Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module, Cisco Systems Product Security Incident Response Team, 13:07
- smbfs and apache+php source code disclosure, Maciej Gąsiorowski, 12:57
- Re: MS Office 2007: Digital Signature does not protect Meta-Data, Henrich C. Poehls, 12:05
- [Full-disclosure] [USN-558-1] Linux kernel vulnerabilities, Kees Cook, 11:23
December 18, 2007
- [Full-disclosure] [USN-557-1] GD library vulnerability, Jamie Strandboge, 22:09
- [Full-disclosure] [ GLSA 200712-14 ] CUPS: Multiple vulnerabilities, Robert Buchholz, 19:03
- Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability, recklessb, 17:40
- [Full-disclosure] [ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows, Robert Buchholz, 17:29
- AST-2007-027 - Database matching order permits host-based authentication to be ignored, Security Officer, 16:58
- [Full-disclosure] Google Toolbar Dialog Spoofing Vulnerability, avivra, 16:58
- Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, blackredyellow, 16:47
- rPSA-2007-0269-1 kernel, rPath Update Announcements, 16:25
- [USN-556-1] Samba vulnerability, Kees Cook, 16:15
- [Full-disclosure] iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability, iDefense Labs, 15:00
- [Full-disclosure] iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability, iDefense Labs, 15:00
- [security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069, security-alert, 14:29
- Re: RE: TCP Port randomization paper, Amit Klein, 13:47
- Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.., carlo . feller, 13:15
- Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, arsalan1991, 13:04
- SyScan'08 Call For Paper/Training, organiser@syscan.org, 12:53
- iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit, retrog, 12:10
- Re: Wordpress - Broken Access Control, th3 . r00k . nospam, 12:10
- Multiple xss in mambo 4.6.2, beenudel1986, 12:00
- Rosoft Media Player 4.1.7 crash, jplopezy, 11:39
December 17, 2007
- [Full-disclosure] ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability, zdi-disclosures, 20:52
- [Full-disclosure] ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability, zdi-disclosures, 20:41
- [Full-disclosure] ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability, zdi-disclosures, 20:21
- rPSA-2007-0268-1 kdebase, rPath Update Announcements, 18:48
- Apple OS X Software Update Remote Command Execution, Moritz Jodeit, 18:37
- Uber Uploader <= 5.3.6 Remote File Upload Vulnerability, sys-project, 18:06
- SurgeMail v.38k4 webmail Host header crash, retrog, 17:02
- RaidenHTTPD 2.0.19 ulang cmd exec poc exploit, retrog, 16:52
- rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 16:41
- [Full-disclosure] Heap overflow in PeerCast 0.1217, Luigi Auriemma, 13:52
- PHP Security Framework: Vuln and Security Bypass, gmdarkfig, 13:41
- Re: Wordpress - Broken Access Control, otto, 13:31
- release uhooker v1.3, Hernan Ochoa, 13:31
- Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, theredc0ders, 12:59
- jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow, gforce, 12:48
- neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss), hadihadi_zedehal_2006, 12:48
- Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service, Balazs Scheidler, 12:38
- ZSA-2007-029: syslog-ng Denial of Service, Balazs Scheidler, 12:27
December 15, 2007
- Wordpress - Broken Access Control, th3 . r00k . nospam, 15:43
- PHP RPG - Sql Injection and Session Information Disclosure., th3 . r00k . nospam, 15:02
- ClubHack2007: Presentation are online now, `ClubHack `, 14:51
- Oreon/Centreon - Multiple Remote File Inclusion, th3 . r00k . nospam, 14:41
- Anon Proxy Server - Remote Code Execution, th3 . r00k . nospam, 14:20
- [security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 13:59
- Phpay - Local File Inclusion, th3 . r00k . nospam, 13:38
December 14, 2007
- [Full-disclosure] BackTrack 3 Beta Released, Mati Aharoni, 22:56
- POC for samba send_mailslot(), x 86, 18:28
- ANNOUNCE: SquirrelMail 1.4.13 Released, Jon Angliss, 14:48
- [ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities, security, 13:55
- [ISR] - Novell Groupwise client remote stack overflow silently patched., ISR-noreply, 13:34
- AW: MS Office 2007: Digital Signature does not protect Meta-Data, Naujoks, Hans-Dietmar, 12:30
- HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, security-alert, 12:30
- Re: MS Office 2007: Digital Signature does not protect Meta-Data, Henrich C. Poehls, 12:19
- PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, arsalan1991, 12:09
December 13, 2007
- Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data, webmaster@networkdefense.biz, 19:35
- + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338, swhite, 19:23
- [ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service, security, 18:27
- [Full-disclosure] [ GLSA 200712-12 ] IRC Services: Denial of Service, Pierre-Yves Rofes, 17:22
- [Full-disclosure] [ GLSA 200712-11 ] Portage: Information disclosure, Pierre-Yves Rofes, 16:59
- SECURITY: 1.4.12 Package Compromise, Jon Angliss, 16:06
- AW: MS Office 2007: Digital Signature does not protect Meta-Data, Naujoks, Hans-Dietmar, 14:01
- MS Office 2007: Target of Hyperlinks not covered by Digital Signatures, poehls, 13:30
- Hosting Controller - Multiple Security Bugs (Extremely Critical), admin, 12:37
- SQL MKPortal M1.1 Rc1, Sw33t . h4cK3r, 12:37
- [security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS), security-alert, 12:27
- OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents, poehls, 12:15
- RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass, Hubbard, Dan, 12:04
- [security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, security-alert, 12:04
- QK SMTP Server 3 - Denial of service, jplopezy, 11:43
- [Full-disclosure] [USN-550-3] Cairo regression, Kees Cook, 01:22
December 12, 2007
- [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass, The Security Community, 20:06
- Re: Re: Cpanel Vulnerability?, gdfuego, 17:37
- rPSA-2007-0264-1 mod_dav_svn subversion, rPath Update Announcements, 17:15
- [Full-disclosure] iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability, iDefense Labs, 16:21
- [Full-disclosure] iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability, iDefense Labs, 15:59
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day, Matthew Leeds, 15:16
- MS Office 2007: Digital Signature does not protect Meta-Data, poehls, 14:01
- Re: TCP Port randomization paper, Fernando Gont, 12:13
- Re: Cpanel Vulnerability?, Charles Hardin, 12:13
- Cpanel Vulnerability?, Francisco Pecorella, 12:03
- [SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 11:52
- [ MDKSA-2007:244 ] - Updated samba packages fix vulnerability, security, 11:41
December 11, 2007
- [Full-disclosure] ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability, zdi-disclosures, 19:03
- [Full-disclosure] ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability, zdi-disclosures, 19:03
- ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption, zdi-disclosures, 19:03
- [Full-disclosure] ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability, zdi-disclosures, 18:52
- [Full-disclosure] TOP 10 Vulnerability Trends for 2008, Sowhat, 18:20
- Black Hat Briefings Call for Papers, jmoss, 17:38
- HP notebooks remote code execution vulnerability (multiple series), porkythepig, 16:15
- SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS, imei Addmimistrator, 16:04
- rPSA-2007-0262-1 e2fsprogs, rPath Update Announcements, 15:22
- [ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities, security, 12:54
- [SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 12:43
- [Full-disclosure] TrendMicro AntiVirus UUE Processing Vulnerability, Sowhat, 12:22
- [ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities, security, 12:11
- RE: TCP Port randomization paper, Amit Klein, 12:00
- [ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability, security, 12:00
- Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release, coderman, 02:22
December 10, 2007
- Re: Dell / Dell Financial Services - Contact, Juha-Matti Laurio, 19:45
- [Full-disclosure] ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities, zdi-disclosures, 19:35
- WASC Announcement: The Script Mapping Project Results and Call for Participation, announcements, 18:53
- Dell / Dell Financial Services - Contact, Justin@InfoTek, 18:11
- [Full-disclosure] [USN-550-2] Cairo regression, Kees Cook, 17:39
- [Full-disclosure] [ GLSA 200712-10 ] Samba: Execution of arbitrary code, Pierre-Yves Rofes, 17:27
- [Full-disclosure] Multiple vulnerabilities in BadBlue 2.72b, Luigi Auriemma, 17:07
- [Full-disclosure] Filesystem access in DOSBox 0.72, Luigi Auriemma, 17:07
- [Full-disclosure] Multiple vulnerabilities in BarracudaDrive 3.7.2, Luigi Auriemma, 17:07
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day, Rob Thompson, 16:46
- WordPress Charset SQL injection vulnerability (re-resend), Abel Cheung, 16:35
- [Full-disclosure] rPSA-2007-0261-1 samba samba-swat, rPath Update Announcements, 16:24
- Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953), Stefan Kanthak, 16:13
- [SECURITY] Buffer overrun in send_mailslot(), Gerald (Jerry) Carter, 16:03
- Advisory: Websense XSS Vulnerability, Liquidmatrix Security Digest, 16:03
- [Full-disclosure] WordPress Charset SQL injection vulnerability (resend), Abel Cheung, 15:31
- Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability, Secunia Research, 14:59
- Falt4 CMS Security Report/Advisory, Mesut Timur, 14:37
- squids ICAP implementation lacks a defer check when reading from ICAP server, Martin Huter, 14:37
- SQL injection - GestDownV1.00Beta, bebe, 14:05
- bttlxeForum Multiple SQL Injection And Cross Site Scripting, noreply, 13:02
- Security and hacking papers, Ork, 12:51
- Bitweaver XSS & SQL Injection Vulnerability, DoZ, 12:41
- CVE-2007-6205, Hanno BÃck, 12:30
- Call for Papers - Security and High Performance Computing System 2008, shpcs08, 12:30
- Flat PHP Board <= 1.2 Multiple Vulnerabilities, kingoftheworld92, 12:30
- Unsanitized scripting in RoundCube webmail, Tomas Kuliavas, 12:19
- Two vulnerabilities in SquirrelMail GPG plugin, Tomas Kuliavas, 12:08
- webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability, brainheadbrainhead, 11:58
- [Full-disclosure] WordPress Charset SQL injection vulnerability, Abel Cheung, 11:47
- Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection, no-reply, 11:47
- [Full-disclosure] Advisory: Websense XSS Vulnerability, Liquidmatrix Security Digest, 10:35
- [Full-disclosure] The Cookie Tools v0.3 -- first public release, michele dallachiesa, 10:24
December 09, 2007
- [Full-disclosure] [ GLSA 200712-09 ] Ruby-GNOME2: Format string error, Pierre-Yves Rofes, 18:50
- [Full-disclosure] [ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities, Pierre-Yves Rofes, 18:29
- [Full-disclosure] [ GLSA 200712-07 ] Lookup: Insecure temporary file creation, Pierre-Yves Rofes, 18:29
- [Full-disclosure] [ GLSA 200712-06 ] Firebird: Multiple buffer overflows, Pierre-Yves Rofes, 18:18
- [Full-disclosure] [ GLSA 200712-05 ] PEAR::MDB2: Information disclosure, Pierre-Yves Rofes, 17:47
- [Full-disclosure] [ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities, Pierre-Yves Rofes, 17:05
- [Full-disclosure] [ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 16:44
December 07, 2007
- [Full-disclosure] Upload directory traversal in Easy File Sharing 4.5, Luigi Auriemma, 19:13
- [Full-disclosure] Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699, Luigi Auriemma, 19:13
- Two vulnerabilities in Simple HTTPD 1.38, Luigi Auriemma, 18:51
- Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146), Luigi Auriemma, 18:51
- [ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw, security, 18:10
- Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability, jaakkoNOSPAM, 18:10
- R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities, advisory, 14:08
- Re: Phorm v3.0 Remote File Upload Vulnerability, security curmudgeon, 13:04
- [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS, ISecAuditors Security Advisories, 13:04
- Re: BellaBiblio Admin Login Bypass, security curmudgeon, 12:54
- Re: Friend Script 2.5 - 2.4 Remote File İnclude, security curmudgeon, 12:21
- Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability, security curmudgeon, 12:11
- [ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability, security, 12:00
- Potential SQL injection vulnerability in Apache::AuthCAS, Matthias Bethke, 11:49
- [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities, Williams, James K, 11:39
December 06, 2007
- [Full-disclosure] rPSA-2007-0260-1 firefox, rPath Update Announcements, 23:38
- ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows, zdi-disclosures, 19:19
- [Full-disclosure] ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability, zdi-disclosures, 19:08
- [ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow, security, 18:05
- [Full-disclosure] [USN-554-1] teTeX and TeX Live vulnerabilities, Jamie Strandboge, 18:05
- [Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks, Sarasa, 16:08
- [XSS] OpenNewsletter v2.5 Multipe XSS Attacks, bugtraq, 14:53
- Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection, NetAuctionHelp Support, 14:00
- SQUID-2007:2, Dec 4, 2007, Adrian Chadd, 13:38
- NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability, NSFOCUS Security Team, 13:17
- [security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert, 12:13
- HITBSecConf2007 Malaysia Videos Now Available, Praburaajan, 12:13
- Aria-Security.Net: PenPals Login and search page SQL Injection, no-reply, 12:02
- Re: [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability, Code Audit Labs, 04:25
- [Full-disclosure] Avast! AntiVirus TAR Processing Remote Heap Corruption, Sowhat, 03:53
- [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability, cocoruder, 02:08
December 05, 2007
- [Full-disclosure] UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code, Pierre-Yves Rofes, 19:55
- ezContents Version 1.4.5 Remote File Disclosure Vulnerability., p4imi0, 19:34
- SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.., kingoftheworld92, 19:33
- [Full-disclosure] [ GLSA 200712-02 ] Cacti: SQL injection, Pierre-Yves Rofes, 19:11
- [Full-disclosure] [ GLSA 200712-01 ] Hugin: Insecure temporary file creation, Pierre-Yves Rofes, 18:51
- Re: Sql Injection in wordpress 2.3.1, shino, 17:04
- Firefox 2.0.0.11 INPUT Denial Of Service, azizov, 16:53
- Re: Sql Injection in wordpress 2.3.1, alan, 16:10
- [SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation, Thijs Kinkhorst, 15:49
- [ELEYTT] Public Advisory 05-12-2007, Michal Bucko, 13:54
- [Full-disclosure] Information about recent malware exploited vulnerabilities - a blog post, uday kumar, 13:44
- Advisory: Cross Site Scripting in CiscoWorks, Liquidmatrix Security Digest, 12:50
- Sql Injection in wordpress 2.3.1, beenudel1986, 12:50
- [ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability, erdc, 12:40
- Opera 9.50 beta and prior remote DoS (freeze), gynvael, 12:29
- Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer", Michal Bucko, 12:19
- Blind Sql-Injection in Joomla 1.5 RC3, beenudel1986, 12:19
- [ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability, security, 12:08
- [ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability, security, 11:57
- Re: [Full-disclosure] need help in managing administrators, happy nino, 05:57
- [Full-disclosure] rPSA-2007-0257-1 rsync, rPath Update Announcements, 01:49
December 04, 2007
- [Full-disclosure] The recent number of unpatched QuickTime flaws is: two, Juha-Matti Laurio, 21:21
- [Full-disclosure] [USN-553-1] Mono vulnerability, Kees Cook, 21:11
- [Full-disclosure] [USN-552-1] Perl vulnerability, Kees Cook, 21:11
- Re: sing (debian) vunlerability?, Moritz Muehlenhoff, 19:58
- [Full-disclosure] [USN-546-2] Firefox regression, Kees Cook, 17:32
- RFI and Multiple XSS in PhpMyChat, beenudel1986, 15:47
- [Full-disclosure] SecNiche Garbage Dumps on mailinglists, Lamer Buster, 15:05
- CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability, CORE Security Technologies Advisories, 14:33
- Re: Powerschool 404 Admin Exposure, bob, 14:33
- Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets), Thomas Roessler, 14:22
- [security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access, security-alert, 14:12
- [Full-disclosure] TIBCO Rendezvous Exploitation Video, IRM Research, 14:01
- PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection, research, 14:01
- The first release of SWFIntruder is out !, Stefano Di Paola, 13:29
- (Re-post) ATC-08 CFP, atc08, 13:18
- Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd), Gadi Evron, 13:07
- [ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability, security, 12:46
- Snitz2000 SQL Injection: A user can gain admin level, admin, 12:35
- [ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities, security, 12:24
- [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets, Thomas Roessler, 11:52
- [Full-disclosure] SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability, Bernhard Mueller, 10:28
- [Full-disclosure] [USN-549-2] PHP regression, Kees Cook, 00:48
- [Full-disclosure] [USN-551-1] OpenLDAP vulnerabilities, Jamie Strandboge, 00:06
December 03, 2007
- [USN-550-1] Cairo vulnerability, Kees Cook, 18:29
- SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software, research, 17:57
- Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, imipak, 15:51
- Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, guiness.stout, 15:09
- McAfee SecurityCenter Privacy Service HTML Execution Vulnerability, DoZ, 14:58
- Re: SQL Injection in SaphpLesson2.0 "show.php", security curmudgeon, 13:34
- sing (debian) vunlerability?, Milen Rangelov, 13:03
- Lotfian Brochure and cataloge Script XSS And SQL Injection, noreply, 13:03
- PR06-09: BEA Plumtree portal full version disclosure vulnerability, research, 12:31
- PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users, research, 12:20
- [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps, AKS aka (0kn0ck), 12:09
- Re: SQL Injection in saphp "showcat.php", security curmudgeon, 12:09
- PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, research, 11:37
- Re: [Full-disclosure] need help in managing administrators, Joel R. Helgeson, 01:11