Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

February 29, 2008

[ MDVSA-2008:056 ] - Updated gnumeric packages fix vulnerability, security, 17:42
[Full-disclosure] [USN-582-1] Thunderbird vulnerabilities, Jamie Strandboge, 16:39
[Full-disclosure] rPSA-2008-0094-1 kernel, rPath Update Announcements, 16:28
[Full-disclosure] rPSA-2008-0093-1 thunderbird, rPath Update Announcements, 16:28
Release: Pass-The-Hash toolkit v1.3, Hernan Ochoa, 15:57
[Full-disclosure] rPSA-2008-0092-1 tshark wireshark, rPath Update Announcements, 15:15
[Full-disclosure] rPSA-2008-0091-1 cups, rPath Update Announcements, 15:15
netOffice Dwins 1.3 Remote code execution., db, 13:30
[ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability, security, 13:20
Centreon <= 1.4.2.3 (index.php) Remote File Disclosure, sys-project, 13:19
Re: Loginwindow.app and Mac OS X, Matt Johnston, 13:09
Ghostscript buffer overflow, Chris Evans, 12:47
PHPMyTourney Remote file include Vulnerability, security, 12:37
Re: Loginwindow.app and Mac OS X, Jacob Appelbaum, 12:37
Re: Loginwindow.app and Mac OS X, oc photon, 12:26
Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials, brad . antoniewicz, 12:16

February 28, 2008

[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability, security, 19:03
rPSA-2008-0082-1 espgs, rPath Update Announcements, 18:32
Loginwindow.app and Mac OS X, Jacob Appelbaum, 18:11
rPSA-2008-0088-1 am-utils, rPath Update Announcements, 18:00
rPSA-2008-0086-1 pcre, rPath Update Announcements, 16:14
rPSA-2008-0084-1 lighttpd, rPath Update Announcements, 16:03
XSS on XRMS- open source CRM, vijayv, 15:42
Re: 123 Flash Chat Module for phpBB, f10, 15:10
PR07-41: XSS on Juniper Networks Secure Access 2000, ProCheckUp Research, 13:24
PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000, ProCheckUp Research, 13:13
PHP-Nuke My_eGallery "gid" Remote SQL Injection, no-reply, 12:51
123 Flash Chat Module for phpBB, f10, 12:40
security and aluminum foil hats, Pete Herzog, 12:18
[Full-disclosure] Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385), Daniel Roethlisberger, 11:57
Re: [Full-disclosure] Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products, Raymond_Villafania, 09:50

February 27, 2008

[ MDVSA-2008:053 ] - Updated pcre packages fix vulnerability, security, 19:19
[ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities, security, 18:14
[Full-disclosure] CORE-2008-0130: VLC media player chunk context validation error, Core Security Technologies Advisories, 16:19
[Full-disclosure] Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products, Luigi Auriemma, 15:58
Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS, jamboomla, 15:15
CFP - ekoparty 4th edition, ekoparty, 14:23
[Full-disclosure] Symark PowerBroker: Local Privilege Escalation vulnerability, Greg Sinclair, 05:13

February 26, 2008

[Full-disclosure] iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability, iDefense Labs, 21:07
[ MDVSA-2008:051 ] - Updated cups packages fix vulnerabilities, security, 20:16
[Full-disclosure] iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability, iDefense Labs, 19:55
[Full-disclosure] iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability, iDefense Labs, 19:55
Re: Re: Nortel IP Phone DoS, sipherr, 19:33
[Full-disclosure] [ GLSA 200802-11 ] Asterisk: Multiple vulnerabilities, Pierre-Yves Rofes, 19:33
[Full-disclosure] [ GLSA 200802-12 ] xine-lib: User-assisted execution of arbitrary code, Robert Buchholz, 19:22
[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities, security, 19:12
Re: Nortel IP Phone DoS, amarkov, 18:49
SandMan 1.0.080226 is out!, Matthieu Suiche, 17:37
Bypassing OfficeScan Trend Micro AV, Danux, 14:59
[SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities, Noah Meyerhans, 14:38
php-nuke sql injection reportaj [secid], lovebug, 14:16
Nortel IP Phone DoS, sipherr, 13:34
[Full-disclosure] Backend Cross Site Scripting (XSS) in Serendipity (S9Y) 1.2.1, CVE-2008-0124, Hanno BÃck, 10:42

February 25, 2008

[Full-disclosure] NULL pointer in SurgeFTP 2.3a2, Luigi Auriemma, 18:39
Re: Powered by Pagetool Ver (1.04-05-06-07), packet, 18:18
[SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution, Thijs Kinkhorst, 16:34
[Full-disclosure] Format string and buffer-overflow in SurgeMail 38k4, Luigi Auriemma, 16:34
Powered by Pagetool Ver (1.04-05-06-07), turkish-warrorr, 16:12
Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities, nbbn, 15:30
Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection, No-Reply, 15:09
Php Nuke "Sell" module SQL Injection ("cid"), no-reply, 14:58
Packeteer Products File Listing XSS, nnposter, 14:37
Alkacon OpenCms tree_files.jsp resource XSS, nnposter, 13:53
Pigyard Art Gallery Multiple SQL Injection, No-Reply, 13:32
Softbiz jokes and funny pictures (index.php) sql injection, Hamza Almersoumi, 13:32
[ MDVSA-2008:049 ] - Updated nss_ldap package fixes race condition allowing user data theft, security, 13:21
Joomla com_inter "id" Remote SQL Injection, no-reply, 13:21
Joomla Com_blog "pid" Remote SQL Injection, no-reply, 12:59
joomla com_simpleshop SQL Injection(section) #, hackturkiye . hackturkiye, 12:58
Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management), dcid, 12:48
joomla com_wines SQL Injection(id), hackturkiye . hackturkiye, 12:37
joomla com_garyscookbook SQL Injection(id), hackturkiye . hackturkiye, 12:37
[Full-disclosure] CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation, Core Security Technologies Advisories, 12:27
Joomla com_stat "id" Remote SQL Injection, no-reply, 12:27
[Full-disclosure] S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server, S21sec labs, 07:46

February 23, 2008

[Full-disclosure] [ GLSA 200802-10 ] Python: PCRE Integer overflow, Robert Buchholz, 15:40
phpechocms v 2.0 rc3 RFI, beenudel1986, 15:29
php-nuke Quran SQL Injection(surano), hackturkiye . hackturkiye, 13:57
CastleCops Six Years Old, Paul Laudanski, 13:47
aura cms lihatberita SQL Injection(id), hackturkiye . hackturkiye, 13:47
php-nuke Kuran SQL Injection(surano), hackturkiye . hackturkiye, 13:25
php nuke gallery SQL Injection(aid), hackturkiye . hackturkiye, 13:15
php-nuke Recipes SQL Injection(recipeid), hackturkiye . hackturkiye, 13:04
[ MDVSA-2008:048 ] - Updated Firefox packages fix multiple vulnerabilities, security, 13:04
php nuke Sections SQL Injection(print), hackturkiye . hackturkiye, 12:54
joomla com_hello_world SQL Injection(id), hackturkiye . hackturkiye, 12:54
joomla com_product SQL Injection(catid), hackturkiye . hackturkiye, 12:43
[Aria-Security.Net] BestWebApp Dating System SQL Injection, no-reply, 12:43

February 22, 2008

[SECURITY] [DSA 1505-1] New alsa-driver packages fix kernel memory leak, dann frazier, 18:52
[SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues, dann frazier, 18:31
[Full-disclosure] Multiple vulnerabilities in Double-Take 5.0.0.2865, Luigi Auriemma, 17:59
[SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues, dann frazier, 17:48
[security bulletin] HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 15:24
IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter), goldshlager19, 14:41
Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management), Dominique Karg, 14:41
Certification for Web Application Security Professionals, Anurag Agarwal, 14:08
EDLGraph 1.0, subere, 13:46
CanSecWest 2008 Mar 26-28, Dragos Ruiu, 13:14
Cold Boot Attacks on Disk Encryption, Jacob Appelbaum, 12:52
Re: [Full-disclosure] Tool release: extract Windows credentials from registry hives, wac, 08:40
Certification for Web Application Security Professionals, Anurag Agarwal, 00:10

February 21, 2008

[Full-disclosure] [USN-581-1] PCRE vulnerability, Kees Cook, 21:14
[SECURITY] [DSA 1501-1] New dspam packages fix information disclosure, Thijs Kinkhorst, 19:39
[Full-disclosure] [ GLSA 200802-09 ] ClamAV: Multiple vulnerabilities, Pierre-Yves Rofes, 19:17
Academic Computer Security Conference, Jon R. Kibler, 18:35
joomla SQL Injection(com_cms), hackturkiye . hackturkiye, 17:09
joomla SQL Injection(com_asortyment)katid, hackturkiye . hackturkiye, 16:37
XOOPS Module prayerlist SQL Injection(cid), hackturkiye . hackturkiye, 16:16
aeries browser interface(ABI) 3.8.2.8 Remote SQL Injection, admin, 16:05
joomla SQL Injection(com_most)secid, hackturkiye . hackturkiye, 15:54
[Full-disclosure] VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates, VMware Security team, 15:54
PHP-Nuke Module Downloads SQL Injection(sid), hackturkiye . hackturkiye, 15:43
joomla SQL Injection(com_mygallery), hackturkiye . hackturkiye, 15:32
PHP-Nuke Module Dossiers Injection(did), hackturkiye . hackturkiye, 15:21
PHP-Nuke genaral print SQL Injection(id), hackturkiye . hackturkiye, 15:10
XOOPS Module tinyevent-print SQL Injection(id), hackturkiye . hackturkiye, 15:00
SQL-injection, XSS in OSSIM (Open Source Security Information Management), marcin . kopec, 14:49
PHP-Nuke Siir SQL Injection(id), hackturkiye . hackturkiye, 14:38
joomla SQL Injection(com_idvnews), hackturkiye . hackturkiye, 14:16
PHP-Nuke Module BenchmarkNewsInjection(sid), hackturkiye . hackturkiye, 14:06
CFP: Workshop on Open Source Software for Computer and Network Forensics, Stefano Zanero, 13:55
joomla SQL Injection(com_joomlavvz), hackturkiye . hackturkiye, 13:55
joomla SQL Injection(com_referenzen), hackturkiye . hackturkiye, 13:44
PHP-Nuke Module Classifieds SQL Injection(Details), hackturkiye . hackturkiye, 13:44
ZyXEL Gateways Vulnerability Research: http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf, ProCheckUp Research, 13:01
aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection, admin, 12:49
joomla SQL Injection(com_asortyment)katid, hackturkiye . hackturkiye, 12:49
[security bulletin] HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013, security-alert, 12:39
[ MDVSA-2008:046-1 ] - Updated xine-lib package fixes arbitrary code execution vulnerability, security, 12:39
aeries browser interface(ABI) 3.8.2.8 XSS, admin, 12:39
[Full-disclosure] [USN-580-1] libcdio vulnerability, Jamie Strandboge, 11:47
[Full-disclosure] [USN-579-1] Qt vulnerability, Jamie Strandboge, 11:26
[Full-disclosure] Advisory, advisories, 11:15
[Full-disclosure] Tool release: extract Windows credentials from registry hives, Brendan Dolan-Gavitt, 11:15
[Full-disclosure] Announce: RFIDIOt credit card sub-module: ChAP.py, Adam Laurie, 09:31

February 20, 2008

[Full-disclosure] iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability, iDefense Labs, 21:08
[Full-disclosure] ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability, zdi-disclosures, 19:55
Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability, Stefan Esser, 18:52
Re: [Full-disclosure] iDefense Security Advisory 02.19.08: EMC RepliStor Multiple Heap Overflow Vulnerabilities, iDefense Labs, 18:41
[Full-disclosure] iDefense Security Advisory 02.19.08: EMC RepliStor Multiple Heap Overflow Vulnerabilities, iDefense Labs, 18:19
[Full-disclosure] Heap overflow in Sybase MobiLink 10.0.1.3629, Luigi Auriemma, 17:57
[Full-disclosure] Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability, Stefan Esser, 16:51
Re: XOOPS Module wflinks SQL Injection(cid), packet, 13:00
Xoops-2.0.16 Remote File Inclusion, f10, 12:49
Web Hacking Incidents Database Update for Feb 20th, Ofer Shezaf, 12:17
[security bulletin] HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code, security-alert, 12:17

February 19, 2008

[Full-disclosure] Multiple buffer-overflow in NowSMS v2007.06.27, Luigi Auriemma, 18:47
[Full-disclosure] Access violation and limited informations disclosure in webcamXP 3.72.440.0, Luigi Auriemma, 18:47
[Full-disclosure] Two heap overflow in Foxit WAC Server 2.0 Build 3503, Luigi Auriemma, 18:46
[Full-disclosure] NULL pointer crash in freeSSHd 1.20, Luigi Auriemma, 18:36
[ MDVSA-2007:047 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 18:35
PHP-Nuke Module Web_Links SQL Injection(cid), hackturkiye . hackturkiye, 17:52
XOOPS Module eEmpregos SQL Injection(cid), hackturkiye . hackturkiye, 17:52
XOOPS Module wflinks SQL Injection(cid), hackturkiye . hackturkiye, 17:31
XOOPS Module classifieds SQL Injection(cid), hackturkiye . hackturkiye, 17:21
Re: CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference, si0uxsecurity, 17:10
joomla SQL Injection(com_magazine), hackturkiye . hackturkiye, 15:26
XOOPS Module seminars SQL Injection, hackturkiye . hackturkiye, 15:05
joomla SQL Injection(com_foevpartners), hackturkiye . hackturkiye, 15:05
XOOPS Module badliege SQL Injection, hackturkiye . hackturkiye, 14:54
XOOPS Module events SQL Injection, hackturkiye . hackturkiye, 14:54
[DSECRG-08-016] Jinzora 2.7.5 Multiple XSS, Digital Security Research Group, 14:44
XOOPS Module vacatures SQL Injection, hackturkiye . hackturkiye, 14:33
PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP), ProCheckUp Research, 14:33
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals, ProCheckUp Research, 14:33
WoltLab Burning Board 3.0.3 PL1 SQL-Injection Vulnerability, nbbn, 14:22
SYMSA-2008-001: Lyris ListManager - Multiple Vulnerabilities, research, 14:11
joomla SQL Injection(com_genealogy), hackturkiye . hackturkiye, 14:11
joomla SQL Injection(com_listoffreeads), hackturkiye . hackturkiye, 14:01
joomla SQL Injection(com_facileforms), hackturkiye . hackturkiye, 13:49
joomla SQL Injection(com_geoboerse), hackturkiye . hackturkiye, 13:28
joomla SQL Injection(com_team, hackturkiye . hackturkiye, 13:18
joomla SQL Injection(com_iigcatalog), hackturkiye . hackturkiye, 13:17
XOOPS Module myTopics-print SQL Injection(articleid), hackturkiye . hackturkiye, 13:07
XOOPS Module wflinks SQL Injection(cid), hackturkiye . hackturkiye, 13:06
joomla SQL Injection(com_detail), hackturkiye . hackturkiye, 12:56
SmarterMail Enterprise 4.3 - malformed mail XSS, jplopezy, 12:45
joomla SQL Injection(com_formtool), hackturkiye . hackturkiye, 12:34
XOOPS Module section SQL Injection(articleid), hackturkiye . hackturkiye, 12:24
[DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4, Digital Security Research Group, 12:24

February 18, 2008

Re: etomite xss, dean, 19:31
Re: etomite xss, ralph, 19:21
(tip=sollinkicerik)SQL Injection Vulnerability, hackturkiye . hackturkiye, 15:43
joomla SQL Injection (cat)(com_downloads), hackturkiye . hackturkiye, 15:01
ATutor <= 1.5.5 Cross Site Scripting, L4teral, 15:01
ProjectPier <= 0.80 Cross Site Scripting and Request Forgery, L4teral, 14:50
WordPress album PHOTO SQL Injection, hackturkiye . hackturkiye, 14:39
Wordpress Plugin (wp-people) SQL Injection, hackturkiye . hackturkiye, 14:39
Crafty Syntax Xss Vulnerability, Ozgur Ozdemircili, 14:29
joomla SQL Injection(com_ricette), hackturkiye . hackturkiye, 14:29
Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit, sys-project, 14:18
RUXCON 2008 CALL FOR PAPERS, cfp, 14:18
joomla SQL Injection(com_jooget), hackturkiye . hackturkiye, 14:08
WordPress SQL Injection(wp-content-simple-forum), hackturkiye . hackturkiye, 13:57
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties, nbbn, 13:47
joomla SQL Injection(com_galeria), hackturkiye . hackturkiye, 13:47
joomla SQL Injection(com_filebase), hackturkiye . hackturkiye, 13:36
lightblog 9.6 local file inclusion vulnerability, muuratsalo experimental hack lab, 13:36
joomla SQL Injection(com_detail), hackturkiye . hackturkiye, 13:25
Wordpress Plugin (wp-content/recipe) SQL Injection, hackturkiye . hackturkiye, 13:25
WordPress forumaction (PAGE_id)(user)SQL Injection, hackturkiye . hackturkiye, 13:25
joomla SQL Injection(com_profile), hackturkiye . hackturkiye, 13:25

February 16, 2008

Re[2]: Apache web server 2.2: htpasswd predictable salt weakness, 3APA3A, 14:01
joomla SQL Injection(com_emcompose), hackturkiye . hackturkiye, 14:01
joomla SQL Injection(com_sg), hackturkiye . hackturkiye, 13:50
joomla SQL Injection(com_filebase), hackturkiye . hackturkiye, 13:40
joomla SQL Injection(com_lexikon), hackturkiye . hackturkiye, 13:40
banpro-dms 1.0 local file inclusion vulnerability, muuratsalo experimental hack lab, 13:29
joomla SQL Injection( com_scheduling), hackturkiye . hackturkiye, 13:29
joomla SQL Injection(com_salesrep), hackturkiye . hackturkiye, 13:18
[HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service, Gynvael Coldwind, 13:07

February 15, 2008

Re: artmedic_weblog Cross Site Scriptting Vulnerbility, jyvaeskylae, 21:27
[ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability, security, 19:11
rPSA-2008-0056-1 mailman, rPath Update Announcements, 18:28
Simple Forum Version 1.7-1.9(pagename), hackturkiye . hackturkiye, 18:27
Re: ACER Travelmate 600 and 800 series - Smartcard flawed Implementation, linke_z, 18:16
Re: Apache web server 2.2: htpasswd predictable salt weakness, Peter Watkins, 17:45
all version Wordpress FORUM S@L injection, hackturkiye . hackturkiye, 17:34
joomla faq SQL Injection, hackturkiye . hackturkiye, 17:34
joomla com_activities sql injection, hackturkiye . hackturkiye, 17:23
Ecommerce Websites from b1st.com SQL Injection, hackturkiye . hackturkiye, 16:40
joomla "com_smslist" sql injecton, hackturkiye . hackturkiye, 16:30
engineering Neoteric UK LTD S@L İNJECTİON, hackturkiye . hackturkiye, 16:19
artmedic_weblog Cross Site Scriptting Vulnerbility, hadihadi_zedehal_2006, 15:46
[ MDVSA-2008:045 ] - Updated MPlayer packages fix a few vulnerabilities, security, 15:35
Re: Apache web server 2.2: htpasswd predictable salt weakness, 3APA3A, 15:14
Simple Forum Version 1.10-1.11 SQL Injection, hackturkiye . hackturkiye, 14:52
SellOwnHouse login SQL Injection, hackturkiye . hackturkiye, 14:20
Re: DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks, rose-of-a, 13:17
Sami FTP Server 2.0.* Multiple Remote Vulnerabilities, securfrog, 13:06
Re: SECURITY ADVISORY - Level Platforms, Inc. Service Center Install Data HTTP Vulnerability, cmiyazaki, 13:06
Re: Philips VOIP841 Multiple Vulnerabilities, mattyg, 12:45
Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php, manuel . no_spam . bruneau, 12:34
StatCounteX 3.0 & 3.1 Admin Vulnerability, Sekomirza, 12:34
[Full-disclosure] [INFIGO-2008-02-13]: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability, infocus, 10:28

February 14, 2008

[Full-disclosure] [ GLSA 200802-08 ] Boost: Denial of Service, Raphael Marichez, 19:10
UniversalFtp Server 1.0.44 Multiple Remote Denial of service, securfrog, 18:27
scribe 0.2 local file inclusion vulnerability, muuratsalo experimental hack lab, 18:16
Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service, securfrog, 17:54
PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability, muuratsalo experimental hack lab, 17:44
[Full-disclosure] DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks, eagle, 16:41
Rosoft Media Player 4.1.8 Buffer Overflow ( .M3U), securfrog, 16:20
[Full-disclosure] DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack, eagle, 16:09
FreeBSD Security Advisory FreeBSD-SA-08:04.ipsec, FreeBSD Security Advisories, 15:17
FreeBSD Security Advisory FreeBSD-SA-08:03.sendfile, FreeBSD Security Advisories, 15:06
Philips VOIP841 Multiple Vulnerabilities, luca . carettoni, 14:56
Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php, Hendrik Jan Verheij, 14:34
Apache web server 2.2: htpasswd predictable salt weakness, Peter Watkins, 14:02
etomite xss, th3 . r00k . nospam, 13:51
Re: Vwar New Bug, packet, 13:29
[DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS, Digital Security Research Group [DSecRG], 13:07
artmedic weblog multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab, 13:07
ELFdump crash when analyzing crafted ELF file., david . reguera, 12:57
JSPWiki Multiple Vulnerabilities, Trancer, 12:46
Search Unleashed 0.2.10 JavaScript injection (Wordpress plugin), Krzysztof Burghardt, 12:25
[Full-disclosure] Digitalarmaments a fake orginazation?, Arjun srivastav, 09:29
Re: [Full-disclosure] rPSA-2008-0052-1 kernel, Tonnerre Lombard, 03:58
[Full-disclosure] [USN-578-1] Linux kernel vulnerabilities, Jamie Strandboge, 00:53

February 13, 2008

[Full-disclosure] [ GLSA 200802-07 ] Pulseaudio: Privilege escalation, Pierre-Yves Rofes, 19:12
joomla "com_omnirealestate" S@L Injection, hackturkiye . hackturkiye, 17:35
joomla "com_model", hackturkiye . hackturkiye, 17:24
joomla upload php code or picture (com_uhp), hackturkiye . hackturkiye, 16:53
[Full-disclosure] rPSA-2008-0063-1 boost, rPath Update Announcements, 16:31
all forums.asp hack, hackturkiye . hackturkiye, 16:10
ALL VERSİON PHPAUTOVİDEO c99 shell, hackturkiye . hackturkiye, 16:00
Provided By Development Solutions SQL Injection Exploit(panel), hackturkiye . hackturkiye, 15:39
[security bulletin] HPSBUX02313 SSRT080015 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code, security-alert, 15:07
[security bulletin] HPSBMA02274 SSRT071445 rev.3 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS), security-alert, 14:46
rPSA-2008-0061-1 SDL_image, rPath Update Announcements, 14:36
[security bulletin] HPSBUX02249 SSRT071442 rev.3 - HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert, 14:36
Netkom Internet Solutions (folder_id) Remote SQL Injection Vulnerability, crazy_kinq, 14:15
[Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient, Reversemode, 14:03
Vwar New Bug, p_s3rver, 13:42
Re: XSS on Obedit v3.03, richard, 13:20
SyScan'08 Call for Paper/Training, organiser@syscan.org, 12:49
Thanks to all, ExploitSearch in Top5 security must-have, Security Basic, 12:38
QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow, laurent . gaffie, 12:17
Re: [Full-disclosure] rPSA-2008-0052-1 kernel, gregory, 09:11
[Full-disclosure] rPSA-2008-0059-1 openldap openldap-clients openldap-servers, rPath Update Announcements, 09:00
[Full-disclosure] rPSA-2008-0054-1 tk, rPath Update Announcements, 09:00

February 12, 2008

[Full-disclosure] iDefense Security Advisory 02.12.08: Adobe Flash Media Server 2 Memory Corruption Vulnerability, iDefense Labs, 21:50
[Full-disclosure] iDefense Security Advisory 02.12.08: Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities, iDefense Labs, 21:50
[Full-disclosure] iDefense Security Advisory 02.12.08: Microsoft Internet Explorer Property Memory Corruption Vulnerability, iDefense Labs, 21:17
[Full-disclosure] ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability, zdi-disclosures, 21:07
[Full-disclosure] iDefense Security Advisory 02.12.08: Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability, iDefense Labs, 20:44
[Full-disclosure] iDefense Security Advisory 02.12.08: Microsoft Office Works Converter Heap Overflow Vulnerability, iDefense Labs, 20:00
[Full-disclosure] [ GLSA 200802-06 ] scponly: Multiple vulnerabilities, Pierre-Yves Rofes, 17:27
[Full-disclosure] [ GLSA 200802-05 ] Gnumeric: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 17:07
LI-countdown SQL Injection Vulnerability, sex, 17:06
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, Luigi Auriemma, 16:56
Cacti 0.8.7a Multiple Vulnerabilities, s4tan, 16:34
cacti -- Multiple security vulnerabilities have been discovered, Mario Sergio Candian, 16:12
artmedic weblog multiple xss vulnerabilities, muuratsalo experimental hack lab, 16:01
gkrellweather, forensec, 15:18
[ MDVSA-2008:044 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 14:57
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, jfvanmeter, 14:46
[Full-disclosure] Directory traversal and DoS in WinIPDS G52-33-021, Luigi Auriemma, 14:46
[Full-disclosure] Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11, Luigi Auriemma, 14:46
[Full-disclosure] [USN-577-1] Linux kernel vulnerability, Jamie Strandboge, 14:35
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, jfvanmeter, 14:24
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, Luigi Auriemma, 14:24
IOActive Security Advisory: Multiple Remote SiteScope Vulnerabilities, IOActive Advisories, 14:24
[Full-disclosure] iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerability, iDefense Labs, 14:03
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, jfvanmeter, 13:52
[ MDVSA-2008:043 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 13:29
joomll(k12.tr)(com_mezun)SQL Injection, hackturkiye . hackturkiye, 13:19
[Full-disclosure] rPSA-2008-0052-1 kernel, rPath Update Announcements, 13:08
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, Luigi Auriemma, 12:57
Kommentare zum Download script SQL Injection, hackturkiye . hackturkiye, 12:57
joomla (k12.tr)(com_iomezun)SQL Injection, hackturkiye . hackturkiye, 12:45
my little forum XSS, db, 12:45
Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, jfvanmeter, 12:23
IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow, IOActive Advisories, 12:12
[Full-disclosure] FLEA-2008-0007-1 gd, Foresight Linux Essential Announcement Service, 05:25
[Full-disclosure] FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts, Foresight Linux Essential Announcement Service, 05:25
[Full-disclosure] FLEA-2008-0005-1 e2fsprogs, Foresight Linux Essential Announcement Service, 05:15
[Full-disclosure] FLEA-2008-0003-1 nss_ldap, Foresight Linux Essential Announcement Service, 05:04
[Full-disclosure] FLEA-2008-0004-1 rsync, Foresight Linux Essential Announcement Service, 05:04
[Full-disclosure] FLEA-2008-0002-1 python, Foresight Linux Essential Announcement Service, 04:42
[Full-disclosure] CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference, Wojciech Purczynski, 04:21
[Full-disclosure] FLEA-2008-0001-1 firefox, Foresight Linux Essential Announcement Service, 04:10

February 11, 2008

[Full-disclosure] [ GLSA 200802-04 ] Gallery: Multiple vulnerabilities, Pierre-Yves Rofes, 19:30
ExtraOutlook 1.2 Released, Thor (Hammer of God), 19:19
[Full-disclosure] ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability, zdi-disclosures, 19:09
[Full-disclosure] ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability, zdi-disclosures, 19:09
[Full-disclosure] [ GLSA 200802-03 ] Horde IMP: Security bypass, Pierre-Yves Rofes, 18:47
aliboard Beta Upload Shell From ControlPanel, رومانسي هكر, 18:04
Mercury v1.1.5 Send Message Cross-Site Scripting, No-reply, 17:42
Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS, enterth3dragon, 17:31
Final CFP: EuroSec Workshop (March 31st, 2008), Stefano Zanero, 15:31
[Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0, Luigi Auriemma, 15:20
hi, f10, 15:20
[Full-disclosure] Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x, Luigi Auriemma, 14:59
[Full-disclosure] Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105, Luigi Auriemma, 14:59
پيش گزيده Website Design Chat Software Remote Cross-Site Scripting, no-reply, 14:59
Default Multiple Joomla! Component com_rapidrecipe "user_id=" Remote SQL Inj., staad1, 14:58
[Full-disclosure] Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15, Luigi Auriemma, 14:48
Vwar 1.5.0, p_s3rver, 14:47
F5 BIG-IP Web Management Console CSRF (with example), nnposter, 11:57
F5 BIG-IP Web Management Console CSRF, nnposter, 11:57

February 09, 2008

PKs Movie Database version 3.0.3 (SQL/XSS), houssamix, 18:28
Some interesting hashes, Open Phugu, 14:18
[SECURITY] CVE-2007-6286: Tomcat duplicate request processing vulnerability, Mark Thomas, 13:57
[SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities, Mark Thomas, 13:57
[Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities, iDefense Labs, 05:29
[Full-disclosure] rPSA-2008-0051-1 firefox, rPath Update Announcements, 00:24
[Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability, iDefense Labs, 00:02
[Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability, iDefense Labs, 00:02

February 08, 2008

CVE-2008-0002: Tomcat information disclosure vulnerability, Mark Thomas, 19:37
SECURITY ADVISORY - Level Platforms, Inc. Service Center Install Data HTTP Vulnerability, Brook Powers, 19:37
[Full-disclosure] NULL byte writing in Emerald, RadiusNT/X and Air Marshal, Luigi Auriemma, 17:54
RE: ASUS Eee PC rooted out of the box, Bug traq, 17:21
Re: RE: ASUS Eee PC rooted out of the box, RISE Security, 17:00
rPSA-2008-0048-1 kernel, rPath Update Announcements, 16:49
jetAudio <= 7.0.5 (.ASX) Remote Stack Overflow, laurent . gaffie, 15:55
Re: Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging), david130490, 15:45
Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging), david130490, 14:31
[ MDVSA-2008:039 ] - Updated netpbm packages fix buffer overflow vulnerability, security, 14:31
ASUS Eee PC rooted out of the box, RISE Security, 14:31
Joomla <= v1.0.14-RC1(Index.php) Remote File Inclusion Exploit, alex_zooz_zooz, 14:20
[ MDVSA-2008:038 ] - Updated gd packages fix buffer overflow vulnerability, security, 13:59
Joovili <= v.2.1 (members_help.php) Remote File İnclude Vulnerability, crazy_kinq, 13:26
Blackboard (id) Remote SQL Injection, crazy_kinq, 13:04
Husrev Forums v2.0.1:PoWerBoard (tr) (id) Remote SQL Injection, crazy_kinq, 13:03
[DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6, Digital Security Research Group [DSecRG], 12:30
[ MDVSA-2008:042 ] - Updated Qt4 packages fix vulnerability in QSslSocket, security, 12:30
Web Hacking Incidenets Database 2007 annual Report is out, Ofer Shezaf, 12:19
[ MDVSA-2008:040 ] - Updated SDL_image packages fix vulnerabilities, security, 12:08
[ MDVSA-2008:041 ] - Updated tk packages fix buffer overflow vulnerability, security, 11:57

February 07, 2008

[Full-disclosure] [USN-576-1] Firefox vulnerabilities, Jamie Strandboge, 23:58
[Full-disclosure] Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability, cocoruder, 22:42
[Full-disclosure] iDefense Security Advisory 02.07.08: IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability, iDefense Labs, 19:30
[Full-disclosure] iDefense Security Advisory 02.07.08: IBM DB2 Universal Database db2pd Arbitrary Library Loading Vulnerability, iDefense Labs, 18:37
[ MDVSA-2008:037 ] - Updated libcdio packages fix DoS vulnerability, security, 17:21
[Full-disclosure] Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1, Luigi Auriemma, 17:09
Re: [Full-disclosure] Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability, Rodrigo Rubira Branco (BSDaemon), 14:32
[Full-disclosure] Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability, Michael Neal Vasquez, 14:10
[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:50
Re: Logs visualization in WS_FTP Server Manager 6.1.0.0, Steve Shockley, 12:39
mini-pub 0.3 multiple vulnerabilities, muuratsalo experimental hack lab, 12:17
[security bulletin] HPSBMA02309 SSRT080013 rev.1 - HP Select Identity Software, Remote Unauthorized Access, security-alert, 12:17

February 06, 2008

RE: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability", Amit Klein, 19:23
[ GLSA 200802-02 ] Doomsday: Multiple vulnerabilities, Pierre-Yves Rofes, 18:40
[Full-disclosure] [ GLSA 200802-01 ] SDL_image: Two buffer overflow vulnerabilities, Raphael Marichez, 18:19
[ MDVSA-2008:036 ] - Updated CUPS packages fix SNMP vulnerability, security, 17:58
Re: Tested on Webmin 1.390, ivangaravito, 17:46
[Full-disclosure] rPSA-2008-0046-1 gd, rPath Update Announcements, 16:41
[Full-disclosure] ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability, zdi-disclosures, 16:41
[Full-disclosure] Logs visualization in WS_FTP Server Manager 6.1.0.0, Luigi Auriemma, 16:19
[Full-disclosure] Chat vulnerabilities in TinTin++ 1.97.9, Luigi Auriemma, 16:19
[Full-disclosure] iDefense Security Advisory 02.04.08: Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability, iDefense Labs, 15:48
[Full-disclosure] rPSA-2008-0043-1 icu, rPath Update Announcements, 15:05
Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability", Tim Newsham, 14:34
[security bulletin] HPSBGN02310 SSRT080007 rev.1 - HP Virtual Rooms Running on Windows, Remote Execution of Arbitrary Code, security-alert, 13:07
Tested on Webmin 1.390, no-reply, 12:56
A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability", Amit Klein, 12:45
[security bulletin] HPSBST02302 SSRT071474 rev.1 - HP Storage Essentials SRM, Remote Unauthorized Access, security-alert, 12:34

February 05, 2008

[ MDVSA-2008:035 ] - Updated libcdio packages fix DoS vulnerability, security, 17:56
Apple iPhone 1.1.3 remote DoS exploit, morin . josh, 17:56
rPSA-2008-0040-1 mysql mysql-bench mysql-server, rPath Update Announcements, 17:46
dBpowerAMP Audio Player Release 2 Remote Buffer Overflow, Securfrog, 17:14
CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop, CYBSEC Advisories, 15:30
[DSECRG-08-012] Multiple LFI in Azucar CMS 1.3, Digital Security Research Group [DSecRG], 14:17
Re: Multiple vulnerabilities in SAPlpd 6.28, robert . ingruber, 13:45
Re: PR07-38: XSS on sIFR, hk, 13:34
[security bulletin] HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Denial of Service (DoS), security-alert, 13:23
Re: Re: PIX Privilege Escalation Vulnerability, rvandenbrink, 13:13
[ MDVSA-2008:034 ] - Updated emacs packages fix vulnerabilities, security, 13:02
NERO Media Player <= 1.4.0.35b Remote Buffer Overflow( .M3U), Securfrog, 12:51

February 04, 2008

[Full-disclosure] [USN-575-1] Apache vulnerabilities, Jamie Strandboge, 20:45
[Full-disclosure] Multiple vulnerabilities in SAPlpd 6.28, Luigi Auriemma, 18:27
[Full-disclosure] Multiple vulnerabilities in WinCom LPD Total 3.0.2.623, Luigi Auriemma, 18:06
[Full-disclosure] Socket termination in FTP Log Server 7.9.14.0, Luigi Auriemma, 17:55
[Full-disclosure] iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server onedcu File Creation Vulnerability, iDefense Labs, 16:21
[Full-disclosure] iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability, iDefense Labs, 16:21
[Full-disclosure] CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability, CORE Security Technologies Advisories, 16:10
[Full-disclosure] CORE-2008-0122: MPlayer arbitrary pointer dereference, CORE Security Technologies Advisories, 15:59
[DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities, Digital Security Research Group, 15:37
[DSECRG-08-010] VHD Web Pack 2.0 Local File Include, Digital Security Research Group, 15:15
[DSECRG-08-011] Astrosoft HelpDesk Multiple XSS, Digital Security Research Group, 15:05
[Full-disclosure] [USN-574-1] Linux kernel vulnerabilities, Jamie Strandboge, 14:43
[DSECRG-08-009] xoops 2.0.18 Local File Include, Digital Security Research Group, 14:33
[Full-disclosure] [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed, Matteo Beccati, 14:22
[security bulletin] HPSBUX02308 SSRT080010 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code, security-alert, 12:15
Anon Proxy Server <= 0.102 remote buffer overflow, L4teral, 12:15

February 02, 2008

IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow, securfrog, 17:58
phpShop <= v 0.8.1 Remote SQL injection / Filter Bypass, theredc0ders, 14:21
Wordpress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities, nbbn, 14:10
Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites, nbbn, 14:00
[ MDVSA-2008:033 ] - Updated ruby-gnome2 packages fix arbitrary code execution vulnerability, security, 14:00
ITech Classifieds Multiple Remote Vulnerabilities, cybermilitan, 13:49
Domain Trader v2.0 Xss Vulnerable, cybermilitan, 13:38
[ MDVSA-2008:032 ] - Updated boost packages fix DoS vulnerabilities, security, 13:38
The Everything Development System - SQL Injection, sub, 13:38
Sun JRE / JDK bug introduces XXE possibilities, Chris Evans, 13:27
Youtube Clone Xross Site Scripting (load_message.php), ciucciamilcalzino, 13:27
Titan FTP Server Remote Heap Overflow (USER/PASS), securfrog, 13:16

February 01, 2008

SQL in Archimede Net 2000 "E-Guest_show.php", Sw33t . h4cK3r, 14:50
LightBlog Remote File Upload Vulnerability, omnipresent, 13:15
LiveCart XSS vulnerability fixed since version 1.1.0, info, 13:05
[ MDVSA-2008:031 ] -, security, 12:43
[ MDVSA-2008:030 ] - Updated pcre packages fix vulnerability, security, 12:33