Bugtraq (date)
January 31, 2008
- nilson's blogger 0.11 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 19:30
- [Full-disclosure] [USN-573-1] PulseAudio vulnerability, Jamie Strandboge, 18:57
- sflog! 0.96 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 15:06
- Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 14:44
- [Full-disclosure] Attackers can SkypeFind you, avivra, 14:02
- [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14, come2waraxe, 11:42
- [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 11:31
- [ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack, security, 11:31
- contactforms "cforms-css.php" Remote File Inclusion, Sw33t . h4cK3r, 11:20
- [Full-disclosure] [ GLSA 200801-22 ] PeerCast: Buffer overflow, Pierre-Yves Rofes, 07:22
- [Full-disclosure] [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution, Pierre-Yves Rofes, 07:22
- Re: [Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Jamie Haggett, 07:01
January 30, 2008
- [ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities, Pierre-Yves Rofes, 19:40
- [ GLSA 200801-19 ] GOffice: Multiple vulnerabilities, Pierre-Yves Rofes, 19:29
- [ GLSA 200801-20 ] libxml2: Denial of Service, Pierre-Yves Rofes, 19:19
- rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 18:57
- PeteFinnigan.com Limited advisory for Oracle January 2008 CPU, Pete Finnigan, 15:09
- Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability, Cisco Systems Product Security Incident Response Team, 13:54
- RE: Recent Web Hacks: WHID update for Janury 30th 2008, Michael Wojcik, 13:54
- Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj., g0rk3m-31, 13:23
- [ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities, security, 13:12
- [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14, come2waraxe, 13:02
- Webspell 4.01.02 2 Vulnerabilites, nbbn, 12:51
- tinyBB v0.2 Message Board Remote File Inc., g0rk3m-31, 12:51
- Recent Web Hacks: WHID update for Janury 30th 2008, Ofer Shezaf, 12:19
January 29, 2008
- [Full-disclosure] [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service, Raphael Marichez, 20:00
- [Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Raphael Marichez, 19:40
- Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340), Daniel Roethlisberger, 17:45
- AmpJuke-0.7.0 (index.php) Xss VuLn., g0rk3m-31, 15:50
- Re: Remote File Disclosure in phpCMS 1.2.2, 3APA3A, 15:39
- [!!FIX Information ] Nucleus 3.31 XSS in path, Digital Security Research Group, 14:58
- Remote File Disclosure in phpCMS 1.2.2, Digital Security Research Group, 14:27
- PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities, nbbn, 14:27
- Nucleus 3.31 XSS in path, Digital Security Research Group, 14:06
- CSRF/XSS in Sungard Banner, banner, 13:55
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, pete . sage, 12:53
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, pete . sage, 12:53
- Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, pete . sage, 12:42
- [Full-disclosure] Advisory: Tripwire Enterprise/Server XSS Vulnerability, Liquidmatrix Security Digest, 10:47
- [Full-disclosure] [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities, Raphael Marichez, 06:10
January 28, 2008
- Re: Exploit in IE6,7, Nick FitzGerald, 19:40
- Exploit in IE6,7, r2t, 18:05
- Uninformed Journal Release Announcement: Volume 9, Uninformed Journal, 16:30
- VB Marketing "tseekdir.cgi" Local File Inclusion, Sw33t . h4cK3r, 15:25
- [Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories, 14:10
- WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability, nbbn, 13:25
- ASPired2Protect bypass, milad_sa2007, 13:14
- Re: OneCMS Vulnerabilities, webmaster, 13:04
- Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities, dev, 12:53
- eTicket 'index.php' Cross Site Scripting Path Vulnerability, Alessandro Tanasi, 12:53
- ClanSphere 2007.4.4 Remote File Disclosure Vulnerability., p4imi0, 12:42
- Facebook security contact, Alexander Sotirov, 12:31
- Metasploit Framework v3.1 Released, H D Moore, 11:59
- Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS, admin, 11:59
January 26, 2008
- [Full-disclosure] phpIP 4.3.2 - Numerous SQL Injection Vulnerablities, Charles Hooper, 21:43
- PhPress-0.3.0 Read All Sql Information For Config, r2t, 14:12
- F5 BIG-IP Web Management ASM Security Report XSS, nnposter, 14:11
- [ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability, security, 14:11
- [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting, Thijs Kinkhorst, 13:40
January 25, 2008
- [Full-disclosure] Tool availability - browser DOM Checker, Michal Zalewski, 20:53
- Two vulnerabilities for PatchLink Update Client for Unix., lcashdol, 17:36
- Re: PIX Privilege Escalation Vulnerability, Aaron Collins, 17:26
- [ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities, security, 17:15
- Re: [Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 16:22
- C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, Eyal Udassin, 15:50
- C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, Eyal Udassin, 15:40
- C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, Eyal Udassin, 15:19
- gdb bug, digit2004, 13:01
- [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure), Admin, 12:50
- Pre Hotel and Resorts reservation portal login bypass, milad_sa2007, 12:40
- Pre Dynamic Institution bypass, milad_sa2007, 12:29
- E-SMART CART bypass, milad_sa2007, 12:18
- Re: Re: PIX Privilege Escalation Vulnerability, tbbunn, 12:07
January 24, 2008
- phpBB 2.0.22 Remote PM Delete XSRF Vulnerability, nbbn, 17:30
- rPSA-2008-0030-1 CherryPy, rPath Update Announcements, 17:20
- rPSA-2008-0029-1 bind bind-utils, rPath Update Announcements, 17:09
- [Full-disclosure] iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability, iDefense Labs, 16:26
- [Full-disclosure] iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability, iDefense Labs, 15:33
- Re: PIX Privilege Escalation Vulnerability, Eloy Paris, 14:51
- Tiger PHP News System SQL Injection, 0in . email, 14:08
- [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability, security, 13:36
- [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities, security, 13:25
- [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities, security, 13:14
- [ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities, security, 13:04
- ImageShack Toolbar FileUploader Class insecurities, retrog, 12:53
- [ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities, security, 12:42
- PIX Privilege Escalation Vulnerability, tbbunn, 12:32
- [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphaël Marichez, 12:10
January 23, 2008
- [Full-disclosure] [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphael Marichez, 20:19
- Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability, nbbn, 17:01
- RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability, Eric Davis, 16:50
- Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability, Felipe M. Aragon, 14:55
- Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities, Felipe M. Aragon, 14:44
- Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities, Felipe M. Aragon, 14:24
- [ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities, security, 13:42
- Web Wiz NewsPad Directory traversal, admin, 13:31
- Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server, admin, 13:31
- Web Wiz Forums Directory traversal, admin, 13:20
- [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS), security-alert, 12:06
- PHP 5.2.5 cURL safe_mode bypass, cxib, 12:06
- SDL_Image 1.2.6 and prior GIF handling buffer overflow, Gynvael Coldwind, 11:55
January 22, 2008
- [Full-disclosure] UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 22:02
- Apache mod_negotiation Xss and Http Response Splitting, Minded Security Research Labs, 19:17
- XSRF under Deanâs Permalinks Migration 1.0, g30rg3_x, 17:42
- Re: PR07-38: XSS on sIFR, bugs+securityfocus, 16:29
- Re: [Full-disclosure] Skype videomood XSS, avivra, 15:47
- Belong Site Builder 0.1b Bypass Admincp, رومانسي هكر, 14:30
- DeluxeBB 1.1 XSS Vulnerabilitie, nbbn, 14:09
- PacerCMS Multiple Vulnerabilities (XSS/SQL), db, 13:06
- Re: common dns misconfiguration can lead to "same site" scripting, David Malone, 12:56
- [ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability, security, 12:56
- [ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities, security, 12:45
- Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 12:34
- RE: Country by Country ISA Computer Sets, Jim Harrison, 12:24
- Troopers 08 Security Conference, Call for Papers, Enno Rey, 12:13
- PR07-38: XSS on sIFR, ProCheckUp Research, 12:02
- [Full-disclosure] Some hashes for the record, Sergio 'shadown' Alvarez, 11:31
January 21, 2008
- Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split, mparker, 17:01
- [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11, come2waraxe, 15:03
- [ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities, security, 15:03
- [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01, come2waraxe, 15:03
- Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability, gmdarkfig, 13:58
- BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include, رومانسي هكر, 13:36
- Pass-The-Hash Toolkit v1.2 released., Hernan Ochoa, 13:25
- boastMachine <=3.1 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 13:14
- Flaw in Alice gate2 pluswifi adsl modem, wargame89, 13:03
- WifiZoo v1.3 released (minor release), Hernan Ochoa, 12:52
- Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 12:42
- MegaBBS ASP Forum Cross-Site Scripting, grossman, 12:42
- AXIGEN 5.0.x AXIMilter Format String Exploit, hempel, 12:30
- Php Search Remote Inclusion, effectiveness63, 12:20
- Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure, admin, 12:09
- RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 11:59
- [Full-disclosure] Call Jacking: Phreaking the BT Home Hub, Adrian P, 07:00
January 19, 2008
- [Full-disclosure] [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code, Robert Buchholz, 21:16
- [Full-disclosure] [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities, Robert Buchholz, 21:05
- Re: common dns misconfiguration can lead to "same site" scripting, Kurt Grutzmacher, 13:53
- BitDefender Update Server - Unauthorized Remote File Access Vulnerability, oliver karow, 13:43
- [Full-disclosure] [USN-571-2] X.org regression, Kees Cook, 04:36
- [Full-disclosure] silentbaker trojan sample, J B, 00:30
January 18, 2008
- [Full-disclosure] [USN-572-1] apt-listchanges vulnerability, Kees Cook, 19:33
- Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, michael . lambie, 19:33
- RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 19:22
- Re: Re: Utimaco Safeguard Easy vulnerability, joachim . schneider, 18:29
- MyBB 1.2.11 Multiple XSRF Vulnerabilities, nbbn, 17:57
- Re: Country by Country ISA Computer Sets, Richard Powell, 17:05
- RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 16:54
- Re: Country by Country ISA Computer Sets, GomoR, 16:33
- Re: Article DashBoard all version SQL Injection Vulnerability, hey, 16:33
- Re: mcGuestbook v1.2 Remote File Inc., the . tiger100, 16:22
- RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 16:12
- SinFP fingerprinting tool online demo, GomoR, 16:12
- Re: Country by Country ISA Computer Sets, The Fungi, 16:01
- Making big money..., jmacaranas, 15:50
- SocksCap Stack Overflow (<= 2.40-051231), azizov, 15:50
- Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php), m3venge, 14:34
- common dns misconfiguration can lead to "same site" scripting, Tavis Ormandy, 13:29
- New search engine for exploits, Security Basic, 13:28
- Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities, houssamix, 12:45
- [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH), Robert Scheck, 12:02
- [Full-disclosure] [USN-571-1] X.org vulnerabilities, Kees Cook, 03:21
January 17, 2008
- [Full-disclosure] ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability, zdi-disclosures, 20:15
- Re: [Full-disclosure] what is this?, Valdis . Kletnieks, 19:54
- [Full-disclosure] IMF 2008 - Call for Papers, Oliver Goebel, 19:00
- CORE-2007-1119: CORE FORCE Kernel Buffer Overflow, CORE Security Technologies Advisories, 18:06
- [Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability, iDefense Labs, 17:14
- [Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities, iDefense Labs, 17:14
- [Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability, iDefense Labs, 17:14
- [Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities, iDefense Labs, 17:04
- Re: [Full-disclosure] Skype videomood XSS, avivra, 16:53
- [CSNC] OKI C5510MFP Printer Password Disclosure, Adrian Leuenberger, 16:42
- Clever Copy <=3.0 Multiple Remote Vulnerabilities, hadihadi_zedehal_2006, 14:46
- Re: Utimaco Safeguard Easy vulnerability, benleavett, 13:28
- rPSA-2008-0021-1 kernel, rPath Update Announcements, 13:07
- JoomlaFlash Component Multiple Remote File Inclusion, Smasher, 13:07
- [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities, security, 12:56
- Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples, linlei99, 12:45
- rPSA-2008-0018-1 mysql mysql-bench mysql-server, rPath Update Announcements, 12:25
- PHPEchoCMS Multible remote vulnerabilitis, security, 12:24
- [security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 12:03
- Re: [Full-disclosure] what is this?, SilentRunner, 04:38
January 16, 2008
- Re: [Full-disclosure] what is this?, damncon, 23:18
- [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities, security, 20:11
- [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities, security, 19:50
- [Full-disclosure] [USN-570-1] boost vulnerabilities, Jamie Strandboge, 19:19
- Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit, sys-project, 18:46
- [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10, come2waraxe, 17:52
- [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10, come2waraxe, 17:41
- SQL scalar function to convert big int to dot notation, Thor (Hammer of God), 17:30
- Country by Country Computer Sets now available for ISA 2004, Thor (Hammer of God), 17:09
- [Full-disclosure] TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability, DVLabs, 17:09
- mcGuestbook v1.2 Remote File Inc., gokhankaya, 15:45
- [Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 15:24
- [Aria-Security.Net] Real Estate Web SQL Injection, no-reply, 13:34
- 8e6 Technologies R3000 Internet Filter Bypass by Request Split, nnposter, 13:13
- [DSECRG-08-002] Local File Include in arias 0.99-6, Digital Security Research Group [DSecRG], 13:02
- cPanel Hosting Manager (dohtaccess.html), no-reply, 12:41
- RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit, sys-project, 12:20
- [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:19
- Re: Defeating audio captcha systems, 3APA3A, 11:57
- Re: what is this?, Yousef Syed, 11:57
January 15, 2008
- [Full-disclosure] TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability, DVLabs, 22:10
- [Full-disclosure] rPSA-2008-0017-1 libxml2, rPath Update Announcements, 22:10
- [Full-disclosure] rPSA-2008-0016-1 postgresql postgresql-server, rPath Update Announcements, 22:10
- [Full-disclosure] rPSA-2008-0015-1 cairo, rPath Update Announcements, 22:00
- [Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability, iDefense Labs, 19:43
- Re: Linksys WRT54 GL - Session riding (CSRF), Valdis . Kletnieks, 16:54
- Re: Linksys WRT54 GL - Session riding (CSRF), Daniel Weber, 16:43
- Re[2]: what is this?, none, 16:32
- RE: what is this?, Memisyazici, Aras, 16:11
- [Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities, iDefense Labs, 15:50
- [Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities, iDefense Labs, 15:39
- [Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities, iDefense Labs, 15:39
- [Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability, iDefense Labs, 15:28
- Re: what is this?, Jamie Riden, 15:06
- Pipe to FOR Crashes CMD, James C. Slora Jr., 14:45
- Re: [Full-disclosure] what is this?, Gadi Evron, 14:45
- MicroNews Admin Direct Access vulnerability, xcross87, 14:34
- Max's File Uploader File Upload Vulnerability, xcross87, 14:23
- Re[2]: what is this?, Denis, 14:12
- Article DashBoard all version SQL Injection Vulnerability, xcross87, 14:12
- SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS), sp3x, 14:02
- Re: [Full-disclosure] Hacking The Interwebs, Ed Carp, 14:01
- Re[2]: what is this?, Denis, 13:51
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 13:51
- Re: [Full-disclosure] Hacking The Interwebs, Fredrick Diggle, 13:18
- Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 13:18
- Exploiting the SpamBam plugin for wordpress, "JosÂÃ M. PalazÃn Romero", 13:18
- Country by Country ISA Computer Sets, Thor (Hammer of God), 13:07
- Defeating audio captcha systems, "JosÂÃ M. PalazÃn Romero", 13:07
- Re: what is this?, Denis, 12:45
- FreeBSD Security Advisory FreeBSD-SA-08:02.libc, FreeBSD Security Advisories, 12:34
- FreeBSD Security Advisory FreeBSD-SA-08:01.pty, FreeBSD Security Advisories, 12:23
- [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module, security, 12:12
- [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities, security, 12:12
- [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002, security-alert, 12:01
- [security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code, security-alert, 12:01
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 04:59
- Re: [Full-disclosure] what is this?, Nick FitzGerald, 03:16
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 02:45
January 14, 2008
- [Full-disclosure] [USN-569-1] libxml2 vulnerability, Kees Cook, 21:15
- Re: what is this?, Gadi Evron, 19:41
- Re: [Full-disclosure] what is this?, 3APA3A, 18:04
- [Full-disclosure] [USN-568-1] PostgreSQL vulnerabilities, Jamie Strandboge, 18:04
- Hacking The Interwebs, pdp (architect), 17:43
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 16:50
- Re: Garment Center (index.cgi) Local File Inclusion, Smasher, 16:39
- Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily, sys-project, 16:39
- RE: what is this?, Mario Contestabile, 16:28
- Re: Linksys WRT54 GL - Session riding (CSRF), J. Oquendo, 16:07
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 15:46
- Re: what is this?, admin, 15:35
- [Full-disclosure] ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability, zdi-disclosures, 15:35
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, snagg, 14:31
- Re: At long last -- Extra Outlooks!, Francois Labreque, 14:20
- RE: At long last -- Extra Outlooks!, Thor (Hammer of God), 14:09
- Re: [Full-disclosure] what is this?, Jose Nazario, 13:59
- Re: At long last -- Extra Outlooks!, Casper . Dik, 13:47
- [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration, security, 13:26
- SQID v0.3 - SQL Injection Digger., Metaeye SG, 13:14
- F5 BIG-IP Web Management List Search XSS, nnposter, 12:53
- Re: [Full-disclosure] what is this?, Robert McArdle, 12:32
- RE: Linksys WRT54 GL - Session riding (CSRF), Tomaz, 12:32
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 12:31
- Re: [Full-disclosure] what is this?, Robert McArdle, 12:10
- Re: [Full-disclosure] what is this?, Robert McArdle, 12:10
- Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 11:59
- Garment Center (index.cgi) Local File Inclusion, Smasher, 11:59
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 10:26
- Re: [Full-disclosure] what is this?, Nick FitzGerald, 08:22
- Re: [Full-disclosure] what is this?, 3APA3A, 06:30
January 12, 2008
- Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, void, 19:37
- [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 13:18
- [ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration, security, 13:18
- [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities, security, 13:07
- [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability, security, 12:56
- [Full-disclosure] Safari 2 Denial of Service, S21sec labs, 12:36
January 11, 2008
- [Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3, Hanno BÃck, 20:20
- Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 17:49
- RE: At long last - Extra Outlooks!, Thor (Hammer of God), 16:01
- Re: At long last -- Extra Outlooks!, Alexander Bochmann, 15:30
- Naymz multiple XSS, morin . josh, 15:29
- Member Area System (MAS) Remote File Include Vulnerability (view_func.php), ship_nx, 13:04
- CFP: EuroSec Workshop (March 31st, 2008), Stefano Zanero, 12:53
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, str0ke, 12:53
- ImageAlbum Remote SQL Injection Vulnerabilities, db, 12:43
- SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability, sp3x, 12:21
- Re: Linksys WRT54 GL - Session riding (CSRF), Florian Weimer, 12:21
- SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability, sp3x, 12:10
- [ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities, security, 12:10
- At long last -- Extra Outlooks!, Thor (Hammer of God), 12:00
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, none, 12:00
- [Full-disclosure] re-resting of zzuf results, Hanno BÃck, 01:35
January 10, 2008
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 18:38
- [Full-disclosure] [USN-567-1] Dovecot vulnerability, Kees Cook, 18:37
- [ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability, security, 18:26
- [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability, Noah Meyerhans, 18:15
- MTCMS <=2.0 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 16:08
- [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 15:16
- Word 2007 Email as PDF path disclosure flaw, ebk_lists, 13:53
- [Full-disclosure] SunOS 5.10 ICMP Remote Kernel Crash Exploit Code, kcope, 13:52
- Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit, info, 12:27
- uCon 2008 call for participation - Recife, Brazil, ucon, 12:16
- PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager, ProCheckUp Research, 11:55
- Simple Machines Forum Cross-Site Scripting Vulnerabilities, DoZ, 11:55
- [Full-disclosure] BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP, Adrian P, 08:50
January 09, 2008
- [Full-disclosure] [USN-566-1] OpenSSH vulnerability, Kees Cook, 23:01
- [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure, Thijs Kinkhorst, 20:05
- [Full-disclosure] [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities, Robert Buchholz, 19:55
- [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities, security, 19:44
- [USN-565-1] Squid vulnerability, Kees Cook, 19:22
- [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service, Thijs Kinkhorst, 19:11
- [Full-disclosure] [ GLSA 200801-05 ] Squid: Denial of Service, Pierre-Yves Rofes, 18:39
- [Full-disclosure] [ GLSA 200801-04 ] OpenAFS: Denial of Service, Pierre-Yves Rofes, 18:28
- [Full-disclosure] [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation, Pierre-Yves Rofes, 18:17
- [Full-disclosure] iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability, iDefense Labs, 18:06
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 17:24
- [Full-disclosure] [ GLSA 200801-02 ] R: Multiple vulnerabilities, Pierre-Yves Rofes, 16:52
- Re: First (Major) web hacking incidents for 2008. Sign of the year to come?, Paul Schmehl, 16:30
- [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected, infocus, 16:20
- [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities, security, 15:27
- [Full-disclosure] Pre-auth remote commands execution in SAP MaxDB 7.6.03.07, Luigi Auriemma, 14:22
- Privileg escalation in Omegasoft Insel 7, MC Iglo, 14:11
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 14:01
- First (Major) web hacking incidents for 2008. Sign of the year to come?, Ofer Shezaf, 12:26
- [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS, infocus, 12:26
- [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution, security-alert, 12:05
- LFI in Tuned Studios Templates, Digital Security Research Group [DSecRG], 12:05
- [Full-disclosure] [USN-564-1] Net-SNMP vulnerability, Jamie Strandboge, 11:23
- [Full-disclosure] [USN-561-1] pwlib vulnerability, Kees Cook, 02:44
- [Full-disclosure] [USN-563-1] CUPS vulnerabilities, Kees Cook, 02:44
- [Full-disclosure] [USN-562-1] opal vulnerability, Kees Cook, 02:44
January 08, 2008
- [Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution, Robert Buchholz, 21:15
- ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow, Robert Buchholz, 18:38
- Re: Joomla 1.0.13 CSRF, J. Carlos Nieto, 15:21
- Joomla 1.0.13 CSRF, J. Carlos Nieto, 15:10
- Level-One WBR-3460A Grants Root Access, anastasiosm, 13:23
- HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:41
- HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:30
- Corsaire Security Advisory: Sun J2RE DoS issue, advisories, 12:19
- sysHotel On Line Remote File Disclosure Vulnerability., p4imi0, 12:08
- [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 11:47
January 07, 2008
- [Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 22:55
- [Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 22:44
- [Full-disclosure] VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 22:34
- [Full-disclosure] VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1, VMware Security team, 22:23
- RE: [HSC] Snitz Forums Multiple Vulnerabilities, Aaron Cake, 17:52
- [Full-disclosure] iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability, iDefense Labs, 17:41
- Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 17:30
- CORE-2007-1106: SynCE Remote Command Injection, CORE Security Technologies Advisories, 17:20
- [Full-disclosure] PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes, Reed Arvin, 16:58
- [Full-disclosure] PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes., Reed Arvin, 16:58
- Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 16:47
- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability., p4imi0, 16:16
- LayerOne 2008 - CFP Released, Layer One, 15:44
- SocialURL Login Page Cross-Site Scripting, morin . josh, 14:18
- PostgreSQL 2007-01-07 Cumulative Security Release, Josh Berkus, 14:07
- Re: vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 13:56
- Linksys WRT54 GL - Session riding (CSRF), tomaz . bratusa, 13:35
- [Reversemode Paper] Exploiting WDM Audio Drivers, Reversemode, 13:14
- New Web Hacking Incidents at WHID, Ofer Shezaf, 13:03
- OneCMS Vulnerabilities, admin, 12:21
- eTicket 1.5.5.2 Multiple Vulnerabilities, L4teral, 12:11
- netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss), hadihadi_zedehal_2006, 12:11
- [HSC] Snitz Forums Multiple Vulnerabilities, DoZ, 12:00
- vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 11:49
January 05, 2008
- Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207, Robbie Gill, 13:53
- rPSA-2008-0008-1 cups, rPath Update Announcements, 13:43
- rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 13:43
- [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service, security, 13:32
- INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT, underwater, 13:11
- NetRisk 1.9.7 Remote File Inclusion Vulnerability, erne, 13:11
- rPSA-2008-0006-1 libexif, rPath Update Announcements, 13:01
January 04, 2008
- [Full-disclosure] iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability, iDefense Labs, 18:09
- Re: FortiGuard: URL Filtering Application Bypass Vulnerability, 3APA3A, 16:06
- Some DoS in some telnet servers, Luigi Auriemma, 15:12
- [Full-disclosure] Pre-auth buffer-overflow in mySQL through yaSSL, Luigi Auriemma, 14:30
- [Full-disclosure] Multiple vulnerabilities in yaSSL 1.7.5, Luigi Auriemma, 14:30
- Re: rPSA-2008-0001-1 dovecot, Jonathan Smith, 13:38
- Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 12:19
- AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability, Aufmuth Andreas, 12:19
- Re: Latest round of web hacking incidents for 2007 & Project news, s f, 12:07
- Re: rPSA-2008-0001-1 dovecot, Steven M. Christey, 11:57
- FortiGuard: URL Filtering Application Bypass Vulnerability, Danux, 11:46
January 03, 2008
- rPSA-2008-0004-1 tshark wireshark, rPath Update Announcements, 20:16
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 19:35
- Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 17:59
- Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, admin, 17:48
- [Full-disclosure] securityvulns.com russian vulnerabilities digest, 3APA3A, 17:16
- Re: Latest round of web hacking incidents for 2007 & Project news, Peter Watkins, 17:06
- rPSA-2008-0001-1 dovecot, rPath Update Announcements, 16:44
- [Full-disclosure] multiple CAPTCHA automation test bypass digest, 3APA3A, 16:23
- RE: Latest round of web hacking incidents for 2007 & Project news, Memisyazici, Aras, 15:41
- RE: Re: Cryptome: NSA has real-time access to Hushmail servers, M. Burnett, 15:20
- RE: Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf, 14:59
- Re: Cryptome: NSA has real-time access to Hushmail servers, Lee Dilkie, 14:58
- Re: Cryptome: NSA has real-time access to Hushmail servers, John Simpson, 14:37
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 14:26
- [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 13:23
- xss in w3-msql error page, vivek_infosec, 12:18
- [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 11:47
- Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 10:03
- Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, Michal Zalewski, 07:59
- [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 03:12
January 02, 2008
- AST-2008-001: Crash from transfer using BYE with Also header, Asterisk Security Team, 19:06
- phpBB2 2.0.22 Cross Site Scripting Vulnerability, bugtraq, 17:21
- [Full-disclosure] Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003, Luigi Auriemma, 16:27
- [Full-disclosure] Buffer-overflow and format string in White_Dune 0.29beta791, Luigi Auriemma, 16:27
- XSS Vulnerabilities in Common Shockwave Flash Files, rich cannings, 15:56
- MODx CMS Source code disclosure, local file inclusion, admin, 11:54