Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

November 30, 2005

[VulnWatch] XSS & Header Injection in Drupal and vBulletin, Paul Laudanski, 23:13
MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team, 21:32
Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption, retrogod, 20:21
MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities, Mandriva Security Team, 20:11
Re: Opera 8.50 DoS with simple java applet, Edward D Wiget, 20:01
MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team, 19:50
MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team, 19:40
Opera 8.50 DoS with simple java applet, Marc Schoenefeld, 17:39
Re: DNS query spam, Joe, 17:29
Re: DNS query spam, Stephen Stuart, 17:09
Gallery 2.x Security Advisory, Bharat Mediratta, 17:09
Re: DNS query spam, Florian Weimer, 16:49
Re: DNS query spam, Jim Pingle, 16:38
Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption, Paul Laudanski, 16:08
[Full-disclosure] Re: WebCalendar Multiple Vulnerabilities, ascii, 11:35
[Full-disclosure] Re: WebCalendar Multiple Vulnerabilities, Paul Laudanski, 09:44
Re: DNS query spam, Florian Weimer, 07:54
Re: Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, picardos, 04:12
RE: - Cisco IOS HTTP Server code injection/execution vulnerability-, Evans, Arian, 03:42
Re: DNS query spam, Piotr Kamisiski, 03:32
possible privilege escalation on QNX Neutrino 6.3.0, pasquale minervini, 03:02
N-13 News Remote SQL/PHP Shell injection, contropotere, 02:51
Re: DNS query spam, Antone Roundy, 01:51
Re: DNS query spam, Josep Ma Castells, 01:41
Re: DNS query spam, Alexander Lourier, 01:11
APPLE-SA-2005-11-29 Security Update 2005-009, noreply, 01:00
Xaraya <= 1.0.0 RC4 D.O.S / file corruption, retrogod, 00:40
Webmin miniserv.pl format string vulnerability, advisory, 00:30
ASP-Rider Default.asp SQL Injection, info, 00:10

November 29, 2005

Re: Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, limfung, 22:09
[Full-disclosure] Panda Remote Heap Overflow, list, 13:24

November 28, 2005

Core FORCE and OpenBSD PF's, Ivan Arce, 21:57
[Full-disclosure] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers, 21:57
What is wrong with these people?, Paul Schmehl, 21:16
Re: phpBB Code EXEC (v2.0.10), Ron van Daal, 20:56
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Florian Weimer, 20:36
Flaw in Syn Attack Protection on non-updated Microsoft OSes can lead to DoS, Luigi Mori, 20:36
Google Talk cleartext credentials in process memory, unknown . pentester, 18:35
Kadu remote DoS, michal, 18:24
- Cisco IOS HTTP Server code injection/execution vulnerability-, picardos, 18:14
Randshop all versiyon Sql İnjection, liz0, 18:04
Re: Multiple security issues in TikiWiki 1.9.x, mose, 18:04
DNS query spam, Piotr Kamisiski, 17:54
Re: phpBB Code EXEC (v2.0.10), deane10, 17:44
ZRCSA-200503 - ktools Buffer Overflow Vulnerability, siegfried, 17:24
Re: XSS on Yahoo Mail, Lance James, 17:14
APC Security Advisory - PowerChute Network Shutdown's Web Interface Only Supports HTTP, Security . advisory, 17:04
Guppy <= 4.5.9 Remote code execution, retrogod, 16:38
ANN: Free endpoint security software released (Core FORCE 070.105), Core FORCE team, 16:07
[Full-disclosure] [ GLSA 200511-23 ] chmlib, KchmViewer: Stack-based buffer overflow, koon, 15:57
[Full-disclosure] WebCalendar Multiple Vulnerabilities, ascii, 14:16
[Full-disclosure] Php Web Statistik Multiple Vulnerabilities, ascii, 14:06
[Full-disclosure] Free Web Stat Multiple XSS Vulnerabilities, ascii, 14:06
[Full-disclosure] [ GLSA 200511-23 ] chmlib, KchmViewer: Stack-based buffer overflow, Thierry Carrez, 07:42
[Full-disclosure] [ GLSA 200511-22 ] Inkscape: Buffer overflow, Thierry Carrez, 07:32

November 26, 2005

Remote file include in phpgreetz, gb . network, 19:47
Remote file include in Q-News, gb . network, 19:37
Remote file include in Athena, gb . network, 19:27
Re: XSS on Yahoo Mail, Matan Peled, 17:27
Re: XSS on Yahoo Mail, alireza hassani, 17:16
Webistanbul Control Panel Sql Injection, khc, 17:06
RE: XSS on Yahoo Mail, Richard Fuchshuber, 12:04
Re: Mandriva Security, Vincent Danen, 12:04
RE: Advisory 23/2005: vTiger multiple vulnerabilities, Bug Traq Lists, 11:54
Re: XSS on Yahoo Mail, little . hacker, 11:44
Re: XSS on Yahoo Mail, Personal Account, 11:34
Re: XSS on Yahoo Mail, Jim Ley, 11:24
Re: XSS on Yahoo Mail, Will Wesley, 11:14
Re: XSS on Yahoo Mail, Steven Champeon, 11:04
XSS in PBLang 4.65 Profile.php/UCP.php, r0xes, 10:53

November 25, 2005

Advisory 23/2005: vTiger multiple vulnerabilities, Christopher Kunz, 18:16
Re: Advisory 23/2005: vTiger multiple vulnerabilities, Christopher Kunz, 17:56
Mandriva Security, [at], 17:46
eFiction <= 2.0 multiple vulnerabilities, retrogod, 17:16
MDKSA-2005:216 - Updated fuse packages fix vulnerability, Mandriva Security Team, 14:14
[Full-disclosure] [ GLSA 200511-21 ] Macromedia Flash Player: Remote arbitrary code execution, Thierry Carrez, 09:32
[Full-disclosure] SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM, SEC Consult Research, 05:40

November 24, 2005

Re: VHCS 2.x HTTP Error Cross Site Scripting, Moritz Naumann, 17:15
2nd CFP: Workshops at the 1st Int. Conf. on Availability, Reliability & Security, Manh Tho, 17:05
freeFTPd 1.0.10 (Dos,Exploit), Stefan Lochbihler, 16:44
RE: XSS on Yahoo Mail, Will Wesley, 16:24
Secunia Research: SpeedProject Products ZIP/UUE File Extraction Buffer Overflow, Secunia Research, 15:54
[Full-disclosure] Advisory 23/2005: vTiger multiple vulnerabilities, Christopher Kunz, 15:24
[Full-disclosure] MailEnable IMAP DOS, Josh Zlatin, 15:14

November 23, 2005

MDKSA-2005:215 - Updated binutils packages fix vulnerabilities, Mandriva Security Team, 19:45
XSS on Yahoo Mail, Richard Fuchshuber, 19:25
Google Talk Denial of Service - BenjiBug, James Evans, 18:45
Re: IE BUG, Mozilla DOS?, Kyle Wheeler, 18:25
GeSWall Intrusion Prevention System 2.1 Released (Freeware), GentleSecurity Team, 18:05
[security bulletin] SSRT051074 Revised - HP-UX Running xterm Local Unauthorized Access, security-alert, 14:32
OTRS 1.x/2.x Multiple Security Issues, Moritz Naumann, 03:06

November 22, 2005

[Full-disclosure] Re: Google Base, Stefan . Laudat, 23:55
Secunia Research: Opera Command Line URL Shell Command Injection, Secunia Research, 23:35
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Kurt Buff, 21:04
Exploiting the Stack (Part I-IV), [at], 20:24
[Full-disclosure] [ GLSA 200511-20 ] Horde Application Framework: XSS vulnerability, Sune Kloppenborg Jeppesen, 20:13
Horde MIME Viewer vulnerability, daniel . schreckling, 20:03
[Full-disclosure] [ GLSA 200511-19 ] eix: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 19:53
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Eliah Kagan, 19:53
[Full-disclosure] [ GLSA 200511-18 ] phpSysInfo: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 19:43
VHCS 2.x HTTP Error Cross Site Scripting, Moritz Naumann, 19:43
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Anonymous Squirrel, 19:33
[KAPDA::#14] - PHPPost XSS and HTML Injection, alireza hassani, 19:33
[Full-disclosure] Re: Google Base, Petko Petkov, 19:13
PmWiki 2.0.12 Cross Site Scripting, Moritz Naumann, 19:13
RE: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Paul Schmehl, 17:22
RE: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Christopher Carpenter, 16:41
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Jason Coombs, 16:31
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Paul Schmehl, 15:41
Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Jason Coombs, 15:10
[Full-disclosure] [ GLSA 200511-17 ] FUSE: mtab corruption through fusermount, Thierry Carrez, 14:10
[Full-disclosure] [USN-219-1] Linux kernel vulnerabilities, Martin Pitt, 09:57
[Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info, Anthony R. Nemmer, 09:07
[Full-disclosure] Cisco PIX TCP Connection Prevention, Konstantin V. Gavrilenko, 08:57

November 21, 2005

IE BUG, Mozilla DOS?, admin, 23:03
Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability, securityadvisory, 21:02
Gadu-Gadu several vulnerabilities (version <= 7.20), Jaroslaw Sajko, 20:52
Metro Olografix Crypto Meeting 2006 CFP, Angelo Dell'Aera, 18:10
Re: Cisco Clean Access Agent (Perfigo) bypass, fakemeail, 17:50
Google Search Appliance proxystylesheet Flaws, H D Moore, 17:30
Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow, inge . henriksen, 16:19
APBoard v [all] ---> [SQL injection], ksa_ksa82, 15:39
[Full-disclosure] [USN-218-1] netpbm vulnerabilities, Martin Pitt, 15:29
Security Advisory: Struts Error Message Cross Site Scripting, Irene Abezgauz, 15:29
[Full-disclosure] cracking safes with thermal imaging, Michal Zalewski, 15:09
[Full-disclosure] [ GLSA 200511-16 ] GNUMP3d: Directory traversal and insecure temporary file creation, Thierry Carrez, 09:35
[Full-disclosure] [USN-217-1] Inkscape vulnerability, Martin Pitt, 08:44
[Full-disclosure] [USN-190-2] ucs-snmp vulnerability, Martin Pitt, 08:34
Re: [Full-disclosure] Re: Google Base, Petko Petkov, 07:44
[Full-disclosure] Your One-Stop Site For Sony Lawsuit Info, Larry Seltzer, 00:31

November 20, 2005

[Full-disclosure] Re: Google Base, Alexander Klimov, 16:28

November 19, 2005

[Full-disclosure] [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ, tk, 16:28
[security - exponentcms], Hans Wolters, 15:18
Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities, sheldon, 15:08
MDKSA-2005:214 - Updated gdk-pixbuf/gtk+2.0 packages fix vulnerability, Mandriva Security Team, 14:58
Mambo 0day Exploit out in the wild - mambo/skype hacked, rebarz99, 14:58
[Full-disclosure] Re: Google Base, DRE, 13:07

November 18, 2005

Secunia Research: Winmail Server Multiple Vulnerabilities, Secunia Research, 17:29
Secunia Research: MailEnable Buffer Overflow and Directory Traversal Vulnerabilities, Secunia Research, 16:58
Re: New Bug KESM in GoogleTalk, kahrny, 16:48
PHP-Fusion <= 6.00.206 Multiple Vulnerabilities, r . verton, 16:48
Snagging Security Tokens to Elevate Privileges, David Litchfield, 16:38
RE: [Full-disclosure] Google Base, Krpata, Tyler, 16:18
Re: [Full-disclosure] Google Base, Petko Petkov, 12:46
RE: [Full-disclosure] Google Base, Christopher Carpenter, 12:36
[Full-disclosure] [ GLSA 200511-15 ] Smb4k: Local unauthorized file access, Sune Kloppenborg Jeppesen, 12:36
[Full-disclosure] Snagging Security Tokens to Elevate Privileges, David Litchfield, 11:56
[Full-disclosure] Google Base, Petko Petkov, 07:54

November 17, 2005

Re: [Full-disclosure] freeftpd MKD buffer overflow etc... [exploit], Expanders, 19:59
[KAPDA::#13] - XMB HTML Injection & Path Disclosure., alireza hassani, 19:29
MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities, Mandriva Security Team, 19:19
ShmooCon 2006 - Washington DC, B Potter, 19:09
[Full-disclosure] iDEFENSE Security Advisory 11.17.05: Qualcomm WorldMail IMAP Server Directory Traversal Vulnerability, labs-no-reply@idefense.com, 16:44

November 16, 2005

[security bulletin] SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS), security-alert, 22:03
MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities, Mandriva Security Team, 20:43
Buffer OverFlow For Php 4.3.10 and other ?? Local, papipsycho, 20:33
[security bulletin] SSRT5979 - HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS), Security Alert, 20:13
Re: List of Security-oriented Fairs/Events/Conferences?, Luca Sambucci, 19:42
Re: Authentication vulnerability in Belkin wireless devices, Andrei Mikhailovsky, 19:22
In response to ISAKMP 'vulnerabilities', sigint, 19:12
[security bulletin] SSRT051251 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert, 19:12
Buffer Overrun in FTGate4 Groupware Mail server, io, 17:51
Database servers on XP and the curious flaw, David Litchfield, 17:41
SUSE Security Announcement: gdk-pixbuf, gtk2 (SUSE-SA:2005:065), Thomas Biege, 17:31
Schneier's PasswordSafe password validation flaw, info, 17:21
RE: List of Security-oriented Fairs/Events/Conferences?, Juha-Matti Laurio, 16:20
Re: [Full-disclosure] Database servers on XP and the curious flaw, Eliah Kagan, 16:20
RE: [Full-disclosure] Database servers on XP and the curious flaw, James Tucker, 16:10
Re: [Full-disclosure] Database servers on XP and the curious flaw, Eliah Kagan, 16:10
Re: [Full-disclosure] Database servers on XP and the curious flaw, Eliah Kagan, 16:00
Re: [Full-disclosure] Database servers on XP and the curious flaw, David Litchfield, 15:49
Re: [Full-disclosure] Database servers on XP and the curious flaw, Eliah Kagan, 15:39
[Full-disclosure] [ GLSA 200511-14 ] GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities, Thierry Carrez, 12:26
[Full-disclosure] Database servers on XP and the curious flaw, David Litchfield, 12:16
[Full-disclosure] [USN-216-1] GDK vulnerabilities, Martin Pitt, 09:35
[Full-disclosure] freeftpd USER bufferoverflow, barabas mutsonline, 08:05
[Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability, Marco Monicelli, 06:54
RE: [Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability, Aditya Deshmukh, 02:02
APPLE-SA-2005-11-15 iTunes 6 for Windows, noreply, 00:21

November 15, 2005

Critical SQL Injection PHPNuke <= 7.8, sp3x, 23:41
[securityzone@macromedia.com: Macromedia Security Bulletins], noreply, 22:10
Re: phpBB 2.0.18 SQL Query problem, max, 22:00
Authentication vulnerability in Belkin wireless devices, Andrei Mikhailovsky, 21:40
RE: List of Security-oriented Fairs/Events/Conferences?, dave kleiman, 21:20
Template Seller Pro 3.25, r . verton, 20:39
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS, r . verton, 20:29
Re: Midicart sql injection, [at], 20:19
[Full-disclosure] iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability, labs-no-reply@idefense.com, 20:09
[Full-disclosure] iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability, labs-no-reply@idefense.com, 20:09
[Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability, Thierry Zoller, 17:47
Three years and ten months without a patch, David Litchfield, 17:07
[Full-disclosure] Re: [FLSA-2005:152794] Updated rp-pppoe package fixes security issue, David F. Skoll, 16:17
Re: phpBB 2.0.18 SQL Query problem, Ron van Daal, 16:06
Re: DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow', Dana Hudes, 15:36
PHPWCMS - Directory traversal vulnerability,CSS attack, Stefan Lochbihler, 15:16
RE: List of Security-oriented Fairs/Events/Conferences?, Jeremy Epstein, 14:25
Re: List of Security-oriented Fairs/Events/Conferences?, Saeed Abu Nimeh, 14:15
[Full-disclosure] [ GLSA 200511-13 ] Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer, Thierry Carrez, 11:13
[Full-disclosure] Three years and ten months without a patch, David Litchfield, 10:32
[Full-disclosure] [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities, Thierry Carrez, 10:02
[Full-disclosure] [FS-05-02] Multiple vulnerabilities in phpMyAdmin, Toni Koivunen, 09:12
[Full-disclosure] [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities, Matteo Beccati, 08:41
[Full-disclosure] [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability, alert7@xfocus.org, 03:19

November 14, 2005

RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability, Randy Ivener (rivener), 22:47
[Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fix security issues, Marc Deslauriers, 22:16
[Full-disclosure] [FLSA-2005:152794] Updated rp-pppoe package fixes security issue, Marc Deslauriers, 22:16
[Full-disclosure] [FLSA-2005:123013] Updated xchat package fixes security issue, Marc Deslauriers, 22:16
Multible Sql injections in Wizz Forum, s2b, 22:06
Midicart sql injection, crazy frog crazy frog, 21:36
Cyphor (Release: 0.19) Sql injection, s2b, 21:36
1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin, bhs_team, 21:16
Malware Removal and Prevention Procedure, Paul Laudanski, 20:46
Re: New Bug KESM in GoogleTalk, Cory Altheide, 20:25
phpBB 2.0.18 SQL Query problem, max, 19:55
GAO report on e-voting, Atom Smasher, 19:45
List of Security-oriented Fairs/Events/Conferences?, Rainer Duffner, 19:35
MD4 and MD5 collision generators, sflist, 19:25
[security bulletin] HPSBUX02075 SSRT051074 - HP-UX Running xterm Local Unauthorized Access, security-alert, 19:15
Beta product testing, Bill Stout, 19:15
[KAPDA::#12] - ekinboard XSS and HTML Injection, alireza hassani, 19:15
[ADVISORY] CISCO ASA Failover DoS Vulnerability, Amin Tora, 17:48
fipsCMS light - vulnerable to script injection., preben, 17:08
DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow', Kevin Finisterre, 16:28
XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads module v 2.05 SQL Injection, retrogod, 16:18
PHPCalendar (and some more codegrrl.com products) arbitrary code execution, r . verton, 16:07
PollVote Remote File Inclusion, stormhacker, 15:57
ZRCSA-200502 - phpAdsNew SQL Injection Vulnerabilities, Siegfried, 15:07
SQL injection in phpWebThing 1.4.4, A . 1 . M, 15:07
Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005), syini666, 14:57
MDKSA-2005:211 - Updated lynx packages fix critical vulnerability, Mandriva Security Team, 14:56
[Full-disclosure] Walla TeleSite Multiple Vulnerabilities, sinneR, 13:35
[Full-disclosure] [FLSA-2005:152848] Updated glibc packages fix security issues, Marc Deslauriers, 01:40

November 13, 2005

[Full-disclosure] [ GLSA 200511-11 ] linux-ftpd-ssl: Remote buffer overflow, Thierry Carrez, 19:52
[Full-disclosure] [ GLSA 200511-10 ] RAR: Format string and buffer overflow vulnerabilities, Thierry Carrez, 19:52
[Full-disclosure] [ GLSA 200511-09 ] Lynx: Arbitrary command execution, Thierry Carrez, 19:52
[Full-disclosure] [ GLSA 200511-08 ] PHP: Multiple vulnerabilities, Thierry Carrez, 19:52
[Full-disclosure] Advisory 22/2005: Multiple vulnerabilities in phpSysInfo, Christopher Kunz, 19:52
High Risk Flaw in RealPlayer, NGSSoftware Insight Security Research, 19:52
[Full-disclosure] phpBB 2.0.18 SQL Query problem, Maksymilian Arciemowicz, 19:51
[Full-disclosure] iDefense Security Advisory 11.11.05: Multiple Vendor Lynx Command Injection Vulnerability, labs-no-reply@idefense.com, 19:51
[Full-disclosure] iDEFENSE Security Advisory 11.10.05: Tikiwiki tiki-user_preferences Command Injection Vulnerability, iDEFENSE Labs, 19:50
[Full-disclosure] iDEFENSE Security Advisory 11.10.05: Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability, iDEFENSE Labs, 19:50
[Full-disclosure] iDEFENSE Security Advisory 11.10.05: Stack Overflow in Veritas Netbackup Enterprise Server, iDEFENSE Labs, 19:50
[Full-disclosure] [EEYEB-20050701] - RealPlayer Zipped Skin File Buffer Overflow II, Advisories, 19:49
[Full-disclosure] [EEYEB-20050510] - RealPlayer Data Packet Stack Overflow, Advisories, 19:49
Moodle <=1.6dev blind SQL Injection, retrogod, 19:49
Re: New Bug KESM in GoogleTalk, crowdat, 19:49
Folder Guard exe files protection bypass, ShadowBeast, 19:49
MDKSA-2005:210 - Updated w3c-libwww packages fixes DoS vulnerability., Mandriva Security Team, 19:49
MDKSA-2005:209 - Updated fetchmail packages fixes fetchmailconf vulnerability, Mandriva Security Team, 19:49
MDKSA-2005:208 - Updated emacs packages fix Lisp vulnerability, Mandriva Security Team, 19:49
MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities, Mandriva Security Team, 19:49
[security bulletin] SSRT051012 - HP-UX envd Local Execution of Privileged Code, security-alert, 19:49
[security bulletin] SSRT051014 - HP-UX Trusted Mode remshd Remote Unauthorized Access, security-alert, 19:49
[security bulletin] SSRT051064 Revised - HP-UX ftpd Remote Unauthorized Data Access, security-alert, 19:49
[security bulletin] SSRT051041 Revised - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS), security-alert, 19:49
[Full-disclosure] [FS-05-01] Multiple vulnerabilities in phpAdsNew, Toni Koivunen, 19:48
[Full-disclosure] [FLSA-2005:166941] Updated httpd and mod_ssl packages fix two security issues, Marc Deslauriers, 19:48
ASPKnowledgebase vulnerable to XSS injection., preben, 19:47
ASPKnowledgebase vulnerable to SQL-inject, preben, 19:47
New Bug KESM in GoogleTalk, natalylopez380, 19:47
Antville 1.1 Cross Site Scripting, Moritz Naumann, 19:47
Multiple security issues in TikiWiki 1.9.x, Moritz Naumann, 19:47
CYBSEC - Security Advisory: Multiple XSS in SAP WAS, Leandro Meiners, 19:47
CYBSEC - Security Advisory: Phishing Vector in SAP WAS, Leandro Meiners, 19:47
MDKSA-2005:206 - Updated openvpn packages fix multiple vulnerabilities, Mandriva Security Team, 19:47
CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS, Leandro Meiners, 19:47
[Full-disclosure] [USN-151-4] rpm vulnerability, Martin Pitt, 19:47
[Full-disclosure] [EEYEB-20050329] Windows Metafile Multiple Heap Overflows, Advisories, 19:46
[Full-disclosure] [EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability), Advisories, 19:46
Re: Hidden accounts on sony vaio laptops, Williams, James K, 19:46
MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities, Mandriva Security Team, 19:46
Call For Papers, first-2006papers, 19:46
Oracle DBMS_ASSERT and the October 2005 CPU, NGSSoftware Insight Security Research, 19:46
Oracle October 2005 CPU Problems, NGSSoftware Insight Security Research, 19:46
Re: [Full-disclosure] Re: readdir_r considered harmful, Casper . Dik, 19:45
[Full-disclosure] Advisory 21/2005: Multiple vulnerabilities in PHPKIT, Christopher Kunz, 19:45
Re: [Full-disclosure] Re: readdir_r considered harmful, Andrew Miller, 19:45
Hidden accounts on sony vaio laptops, yash . kadakia, 19:45
LayerOne 2006 CFP Released, Layer One, 19:45
e107 Games System exploit, willey_wonka, 19:45
[Full-disclosure] RANKBOX <= XSS vulnerability, spyburn mexico rlz, 19:45
Re: [Full-disclosure] Re: readdir_r considered harmful, Casper . Dik, 19:45
Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability, Debasis Mohanty, 19:45
Re: Re: Mambo Open Source, Path disclosure, trueend5, 19:45
Advanced Guestbook 2.2 ( SQL Injection Exploit ), bhs_team, 19:45
Asterisk vmail.cgi vulnerability, advisories+asterisk, 19:45
Invision Power Board 2.1 : Multiple XSS Vulnerabilities, Jerome Athias, 19:45
TWiki 20030201 VIEW string remote command execution, [at], 19:45
upload phpshell in PHPFM, [at], 19:45
XSS vulnerability in names.co.uk framed hosting, reuben . 31, 19:45
Path disclosure in CuteNews <= 1.4.0, poizon, 19:45
OSTE v1.0 Remote Command Exucetion, khc, 19:44
[Full-disclosure] [USN-215-1] fetchmailconf vulnerability, Martin Pitt, 19:44
Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow, inge . henriksen, 19:44
Re: Zoomblog HTML Injection Vulnerability, RBA, 19:44
Re: [Full-disclosure] Is Flash Player 5 not vulnerable or not supported?... Macromedia Flash Player ActionDefineFunction Memory Corruption, Juha-Matti Laurio, 19:44
[Full-disclosure] Is Flash Player 5 not vulnerable or not supported?... Macromedia Flash Player ActionDefineFunction Memory Corruption, Ken S, 19:44
[Full-disclosure] [ Suresec Advisories ] - Mac OS X (xnu) multiple information leaks., suresec advisories, 19:44
[Full-disclosure] [TKADV2005-11-001] Multiple vulnerabilities in PHPlist, tk, 19:44
EUSecWest/London Call for Papers and PacSec/Tokyo announcements, Dragos Ruiu, 19:44
[Full-disclosure] [USN-214-1] libungif vulnerabilities, Martin Pitt, 19:44
[Full-disclosure] SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption, Bernhard Mueller, 19:44
[Full-disclosure] SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites, Bernhard Mueller, 19:44
Re: [Full-disclosure] Re: readdir_r considered harmful, Andrew Farmer, 19:44
[Full-disclosure] [ GLSA 200511-07 ] OpenVPN: Multiple vulnerabilities, Thierry Carrez, 19:43
[Full-disclosure] [ GLSA 200511-06 ] fetchmail: Password exposure in fetchmailconf, Thierry Carrez, 19:43
[Full-disclosure] [ GLSA 200511-05 ] GNUMP3d: Directory traversal and XSS vulnerabilities, Sune Kloppenborg Jeppesen, 19:43
[Full-disclosure] [ GLSA 200511-04 ] ClamAV: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 19:43
Re: [Full-disclosure] Re: readdir_r considered harmful, Casper . Dik, 19:43
Re: [Full-disclosure] Re: readdir_r considered harmful, Ulrich Drepper, 19:43
Re: [Full-disclosure] Re: readdir_r considered harmful, Ulrich Drepper, 19:43
Zoomblog HTML Injection Vulnerability, sikikmail, 19:43
Gallery_v2.4 SQL Injection, abducter_minds, 19:43
Zoomblog HTML Injection Vulnerability, sikikmail, 19:43
Re: OpenVPN[v2.0.x]: foreign_option() formart string vulnerability., v9, 19:43
[waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier, come2waraxe, 19:43
Failles dans Invision Power Board 2.1 [xss], benjilenoob, 19:43
Xss - Html injection in XMB, s2b, 19:43
Invision Power Board Privilege Esaclation (2.0.1 + more), Anti Matter, 19:43
Apache Tomcat 5.5.x remote Denial Of Service, David Maciejak, 19:43
I-Saudi.Com First K-S-A WarGamE, S3ude, 19:43
XSS & SQL injection in phpWebThing, xx_hack_xx_2004, 19:43

November 05, 2005

Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability, sikikmail, 17:32
Re: Mambo Open Source, Path disclosure, Vasiliy, 17:32
Sql injection in ibProArcade, bhfh01, 17:22
DMA[2005-1104a] - 'GpsDrive friendsd2 format string vulnerability', kfinisterre, 16:32
[Full-disclosure] Re: readdir_r considered harmful, Casper . Dik, 16:11

November 04, 2005

[Full-disclosure] [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability, Advisories, 22:54
[Full-disclosure] iDEFENSE Security Advisory 11.04.05: Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability, iDEFENSE Labs, 20:43
[Full-disclosure] iDEFENSE Security Advisory 11.04.05: Clam AntiVirus tnef_attachment() DoS Vulnerability, iDEFENSE Labs, 20:33
SUSE Security Announcement: pwdutils, shadow (SUSE-SA:2005:064), Ludwig Nussel, 19:12
Parosproxy 3.2.6: Local Exploitation, Command injection vulnerability, Marc Schoenefeld, 17:52
ZDI-05-002: Clam Antivirus Remote Code Execution, zdi-disclosures, 17:32
Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability, Secunia Research, 17:21
Remotely DoSing JBoss 4.0.2 with serialized java objects, Marc Schoenefeld, 16:31
Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo(), Robert Waters, 11:38
[Full-disclosure] [ GLSA 200511-03 ] giflib: Multiple vulnerabilities, Thierry Carrez, 09:37
[Full-disclosure] Advisory: Apple QuickTime PICT Remote Memory Overwrite, Piotr Bania, 02:14
[Full-disclosure] Advisory: Apple QuickTime Player Remote Denial Of Service, Piotr Bania, 01:54
[Full-disclosure] Advisory: Apple QuickTime Player Remote Integer Overflow (2), Piotr Bania, 01:54
[Full-disclosure] Advisory: Apple QuickTime Player Remote Integer Overflow (1), Piotr Bania, 01:44

November 03, 2005

[Full-disclosure] H4-CREW-000003 Advirosy: Superclick XSS via popup.php, tHe cReW, 22:22
On Interpretation Conflict Vulnerabilities, Steven M. Christey, 21:32
Mambo Open Source, Path disclosure, alireza hassani, 21:12
Norton Unerase - Need Contact, alex cottle, 21:01
CuteNews 1.4.1 remote code execution, retrogod, 20:31
Black Hat Federal and Europe CFP and Registration now open, Jeff Moss, 20:01
Stack Overflow Basics, [a-t], 19:51
Re: [Full-disclosure] On Interpretation Conflict Vulnerabilities, Florian Weimer, 19:00
Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo(), phole, 17:09
[Full-disclosure] [CIRT.DK] Ipswitch Whatsup small Business 2004 - Directory Traversal, CIRT.DK Advisory, 17:08
MDKSA-2005:204 - Updated wget packages fix vulnerability, Mandriva Security Team, 17:08
Simple PHP Blog: Multiple XSS Vulnerabilities, enji, 17:08
[OpenPKG-SA-2005.023] OpenPKG Security Advisory (openvpn), OpenPKG, 17:08
[Full-disclosure] FW: [SR #:1-40483753] RE: Update for the magic byte bug, Auri Rahimzadeh, 17:08
[Full-disclosure] Socket termination in Battle Carry .005, Luigi Auriemma, 17:08
[Full-disclosure] Buffer-overflow and crash in FlatFrag 0.3, Luigi Auriemma, 17:08
[Full-disclosure] Buffer-overflow and directory traversal in Asus Video Security 3.5.0.0, Luigi Auriemma, 17:08
[Full-disclosure] [ TZO-012005 ] F-Prot/Frisk Anti Virus bypass - ZIP Version Header, Thierry Zoller, 17:08
[Full-disclosure] Limited directory traversal in NeroNET 1.2.0.2, Luigi Auriemma, 17:08
[Full-disclosure] Buffer-overflow in Glider collect'n kill 1.0.0.0, Luigi Auriemma, 17:08
[Full-disclosure] Multiple vulnerabilities in Scorched 3D 39.1, Luigi Auriemma, 17:08
[Full-disclosure] Buffer-overflow in GO-Global for Windows 3.1.0.3270, Luigi Auriemma, 17:08
MDKSA-2005:202 - Updated squirrelmail packages fix vulnerability, Mandriva Security Team, 17:08
[Full-disclosure] Advisory 17/2005: phpBB Multiple Vulnerabilities, sesser, 17:08
MDKSA-2005:203 - Updated gda2.0 packages fix string format vulnerability, Mandriva Security Team, 17:08
[Full-disclosure] Advisory 17/2005: phpBB Multiple Vulnerabilities, Stefan Esser, 17:08
[security bulletin] SSRT051029 rev.0 - HP OpenVMS Local Denial of Service (DoS), security-alter, 17:08
[Full-disclosure] [ GLSA 200511-02 ] QDBM, ImageMagick, GDAL: RUNPATH issues, Thierry Carrez, 17:08
[Full-disclosure] [ GLSA 200511-01 ] libgda: Format string vulnerabilities, Thierry Carrez, 17:08
[Full-disclosure] On Interpretation Conflict Vulnerabilities, Steven M. Christey, 17:07
HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability, h4cky0u . org, 17:06
VUBB XSS & path disclosure Vulnerabilities, alireza hassani, 17:06
[Full-disclosure] Re: readdir_r considered harmful, Ben Hutchings, 17:06
[tool] multispoof - parallel spoofing for throughput increase, Pawel Pokrywka, 17:06
[Full-disclosure] Gateway 7001 A/B/G AP: Selection of improper regulatory domains and channels, Andrew Lockhart, 17:06
Re: [Full-disclosure] readdir_r considered harmful, Ben Hutchings, 17:06
[Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets), Kira, 17:06

November 01, 2005

Re: [Full-disclosure] readdir_r considered harmful, 3APA3A, 08:33
[Full-disclosure] HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability, h4cky0u, 07:12
[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser, 06:32
[Full-disclosure] readdir_r considered harmful, Ben Hutchings, 06:32