Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

January 31, 2006

Windows Access Control Demystified, sudhakar+bugtraq, 22:19
[Full-disclosure] CME-24/BlackWorm email notifications + top-7 unreachable AS's, Gadi Evron, 21:18
Xmame 0.102 local vulnerability proof-of-concept, Rafael San Miguel Carrasco, 18:17
Nmap 4.00 Released, Fyodor, 16:56
FarsiNews 2.1 PHP Remote File Inclusion, h e, 16:36
MyCO multiple vulnerabilities, revnic, 15:46
[Full-disclosure] Re: DISIT - OPEN SOURCE DISASSEMBLER ENGINE, Robert Kim Wireless Internet Advisor, 15:16
[Full-disclosure] DISIT - OPEN SOURCE DISASSEMBLER ENGINE, Piotr Bania, 15:16
Re: EasyCMS vulnerable to XSS injection., kim, 14:55
Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist, Juha-Matti Laurio, 12:44
Cerberus Helpdesk vulnerable to XSS, preben, 12:34
BrowserCRM vulnerable for XSS, preben, 12:24
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, DanB-FD, 12:24
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, DanB-FD, 08:02
[Full-disclosure] Proof of concept for CommuniGate Pro Server vulnerability, Evgeny Legerov, 05:11

January 30, 2006

Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, George A. Theall, 23:59
Etomite followup information, security curmudgeon, 22:48
[ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities, security, 22:08
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, Dan B UK, 22:08
New worm crawling trough blogs?!, blog . worm, 21:17
Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal, 20:57
[ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities, security, 19:47
[Full-disclosure] [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows, Sune Kloppenborg Jeppesen, 19:36
Etomite CMS "Backdoored", [at], 19:26
[Full-disclosure] [ GLSA 200601-16 ] MyDNS: Denial of Service, Sune Kloppenborg Jeppesen, 18:46
XSS flaw in MG2 Image Gallery (v.0.5.1), preben, 18:26
Re: Arescom NetDSL-1000 DoS atack source, Pim van Riezen, 18:16
MyBB 1.2 Local File Incusion, o . y . 6, 18:16
[Full-disclosure] Re: CME-24 (BlackWorm) Users' FAQ, Gadi Evron, 17:45
[Full-disclosure] CME-24 (BlackWorm) Users' FAQ, Gadi Evron, 17:15
Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), orambaldini, 15:54
EasyCMS vulnerable to XSS injection., preben, 15:44
Nuked-klaN Cross-Site Scripting Vulnerability, [at], 15:34
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ), o . y . 6, 15:24
sPaiz-Nuke Cross-Site Scripting Vulnerability, [at], 15:14
Winamp 5.12 - 0day exploit - code execution through playlist, Process, 15:04
Arescom NetDSL-1000 DoS atack source, framirez, 14:54
[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >, hessam, 14:33
TSLSA-2006-0004 - multi, Trustix Security Advisor, 14:03
[Full-disclosure] ashnews Cross-Site Scripting Vulnerability, zeus olimpusklan, 14:03
UebiMiau Webmail System Security Vulnerability, M.Neset KABAKLI, 13:33
Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire, 13:13
Re: MySQL 5.0 information leak?, Duncan Simpson, 12:52
zbattle.net, c_lispfedora, 12:42
[Full-disclosure] RE: Cross Site Cooking, Michal Zalewski, 07:20
Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Yvan Boily, 00:26

January 29, 2006

[SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting, Martin Schulze, 20:35
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability, Williams, James K, 18:34
[Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Sune Kloppenborg Jeppesen, 18:14
[Full-disclosure] Re: BlackWorm naming confusing [CME entry now available], Gadi Evron, 13:42
[Full-disclosure] Re: BlackWorm naming confusing [CME entry now available], Jose Nazario, 13:02
[Full-disclosure] [ GLSA 200601-14 ] LibAST: Privilege escalation, Sune Kloppenborg Jeppesen, 11:31
[eVuln] Pixelpost Photoblog XSS Vulnerability, alex, 09:00

January 28, 2006

Cross Site Cooking, Michal Zalewski, 23:26
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi, 15:23
LibAST 0.7 Release Fixes Security Vulnerability, Michael Jennings, 15:03
Ege Internet Web Desing Remote Command Exucetion, botan, 13:22
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Charles Cala, 09:10
[Full-disclosure] gnome evolution mail client inline text file DoS issue, Mike Davis, 09:10
The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns), cvh, 09:00
[Full-disclosure] Multiple vulnerabilities in CommuniGate Pro Server, Evgeny Legerov, 04:29
Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi, 03:18
[Full-disclosure] Re: What A Click! [Internet Explorer], Robert Kim Wireless Internet Advisor, 01:07

January 27, 2006

Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle, 22:06
[Full-disclosure] Re: [security] What A Click! [Internet Explorer], yossarian, 19:04
[ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities, security, 18:24
Re: [security] What A Click! [Internet Explorer], Lance James, 17:03
Shareaza P2P Remote Vulnerability, Ryan Smith, 15:52
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1], Williams, James K, 15:22
[ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities, security, 14:52
[ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability, security, 13:52
hello, code . shell, 13:31
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Holger van Lengerich, 08:39
[Full-disclosure] RE: [funsec] BlackWorm: statistics and numbers, Gary Funck, 07:18
[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution, Martin Schulze, 02:56

January 26, 2006

[Full-disclosure] BlackWorm: statistics and numbers, Gadi Evron, 23:04
RE: MySQL 5.0 information leak?, Burton Strauss, 22:24
BitComet URI Proof of Concept, nick58, 21:43
[Full-disclosure] Re: [security] What A Click! [Internet Explorer], yossarian, 21:43
[ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability, security, 21:03
[ Rosiello Security ] Eterm-LibAST Advisory, angelo, 20:43
Re: MySQL 5.0 information leak?, Johan De Meersman, 20:23
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution, Martin Schulze, 20:02
[Full-disclosure] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}, Cesar, 19:42
Buffer Overflow /Font on mIRC, Crowdat Kurobudetsu, 19:12
Re: MySQL 5.0 information leak?, Lance James, 17:51
[eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex, 17:11
Windows mem leakage, endrazine, 16:41
[Full-disclosure] [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius, 16:30
[eVuln] AndoNET Blog SQL Injection Vulnerability, alex, 16:10
[HSC] Multiple transversal bug in vis, spher3, 16:00
[ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat, ISecAuditors Security Advisories, 15:40
SamiFTPd buffer overflow, admin, 14:39
HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities, h4cky0u . org, 13:59
SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005), Marcus Meissner, 13:59
SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004), Ludwig Nussel, 13:38
[security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006, security-alert, 13:18
Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting, iNETstore Support, 12:48
Updated mozilla-thunderbird packages fix vulnerability, security, 12:38
MyBB 1.0.2 XSS attack in search.php redirection, addmimistrator, 12:28
Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, brian428, 11:07
[Full-disclosure] [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability, Stefan Cornelius, 10:57
[eVuln] Text Rider Sensitive Information Disclosure, alex, 10:17
Newsphp Multiple SQL Injection Vulnerabilities, at, 09:36
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting, roozbeh_afrasiabi, 08:56
[eVuln] miniBloggie Authentication Bypass, alex, 07:36
[security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege, security-alert, 06:15
Re: Tumbleweed EMF 6.x Processing Issues, support, 05:35
FreeBSD Security Advisory FreeBSD-SA-06:06.kmem, FreeBSD Security Advisories, 01:03

January 25, 2006

Rosiello Security - Eterm-LibAST Advisory, angelo, 20:40
[Full-disclosure] BlackWorm: 2 million infected? ISP notifications., Gadi Evron, 20:20
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability, alex, 19:10
Updated ipsec-tools packages fix vulnerability, security, 19:00
FreeBSD Security Advisory FreeBSD-SA-06:07.pf, FreeBSD Security Advisories, 18:09
[eVuln] CheesyBlog XSS Vulnerability, alex, 16:28
Technical Note by Amit Klein: "XST Strikes Back", Amit Klein (AKsecurity), 16:18
HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u . org, 16:08
Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield, 15:47
[Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u, 11:55
Re: [Full-disclosure] BlackWorm naming confusing [CME entry now available], greybrimstone, 11:25
Call For Paper - SyScan'06 Singapore, organiser@syscan.org, 02:11
ANN: New release of CORE FORCE free endpoint security package, Core FORCE team, 00:10
Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released, Gadi Evron, 00:00
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure, alex, 00:00

January 24, 2006

[eVuln] e-moBLOG SQL Injection Vulnerability, alex, 23:39
fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321), ma+bt, 23:39
High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server, NGSSoftware Insight Security Research, 23:19
[Full-disclosure] [FLSA-2006:152845] Updated perl packages fix security issues, Marc Deslauriers, 20:48
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), Exibar, 19:48
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), mjcarter, 19:48
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included), Exibar, 16:46
[Full-disclosure] What A Click! [Internet Explorer], mikx, 16:26
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle, 16:06
RE: [Full-disclosure] BlackWorm naming confusing [CME entry nowavailable], Eric Sites, 16:06
Re: [Full-disclosure] BlackWorm naming confusing [CME entry now available], b . hines, 15:56
[Full-disclosure] BlackWorm naming confusing [CME entry now available], Gadi Evron, 15:46
[Full-disclosure] BlackWorm technical information, Gadi Evron, 14:35
[Full-disclosure] [USN-246-1] imagemagick vulnerabilities, Martin Pitt, 13:44
[Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Gadi Evron, 13:34

January 23, 2006

[Full-disclosure] iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 15:54
Re: MySQL 5.0 information leak?, Stephen Frost, 14:13
CodeCon program announced, early registration deadline nearing, Len Sassaman, 12:32

January 22, 2006

[Full-disclosure] [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability, Sune Kloppenborg Jeppesen, 09:40
BlogPHP config.php SQL injection login bypassed, addmimistrator, 02:37
Critical security advisory #006 tftpd32 Format string, admin, 02:07
Re: Directory traversal in phpXplorer, Stan Bubrouski, 00:56
RE: MySQL 5.0 information leak?, Burton Strauss, 00:56
Tumbleweed EMF 6.x Processing Issues, jcary2543, 00:36
MDKSA-2006:019 - Updated kdelibs packages fix vulnerability, Mandriva Security Team, 00:26
Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Stan Bubrouski, 00:16

January 21, 2006

MyBB Signature HTML Code Injection, n, 20:55
MyBB 1.0.2 Sniffing table perfix bug in search.php, addmimistrator, 20:14
Re: WMF vulnerability was a deliberate backdoor?, Gadi Evron, 19:34
[eVuln] geoBlog SQL Injection Vulnerability, alex, 18:44
[eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities, alex, 01:37
[eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities, alex, 00:26

January 20, 2006

[eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure, alex, 21:24
MySQL 5.0 information leak?, Bernd Wurst, 20:34
SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003), Ludwig Nussel, 20:04
Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Florian Weimer, 19:34
BlogPHP config.php SQL injection login bypass, addmimistrator, 19:23
BlogPHP config.php SQL injection login bypass, addmimistrator, 19:13
Claroline 1.7.2, sso identification vulnerability, karmaguedon, 19:03
MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities, Mandriva Security Team, 18:53
DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow', KF (lists), 18:53
[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow, Dirk Mueller, 16:02
phpXplorer file inclusion biyosecurity.be, liz0, 09:29
[Full-disclosure] [USN-245-1] KDE library vulnerability, Martin Pitt, 08:38
Re: Microsoft knew about the WMF flaw for years, Steven M. Christey, 06:07
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, ak, 05:07
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, ak, 04:17
Change passwd 3.1 (SquirrelMail plugin ), rod hedor, 03:56
MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability, Mandriva Security Team, 03:36
FreeBSD Security Advisory FreeBSD-SA-06:05.80211, FreeBSD Security Advisories, 03:36
[security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS), security-alert, 02:46
Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at], 02:35
Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager, Michael Shigorin, 02:15
-2- [XSS] in ar-blog v 5.2, s3ude, 01:15

January 19, 2006

CAID 33756 - DM Deployment Common Component Vulnerabilities, Williams, James K, 23:24
Re: Re: MSN Messenger Password Decrypter for WinXP/2003, null, 22:31
HITBSecConf2005 Videos Released !, Praburaajan, 19:19
Land Down Under Signature HTML Code Injection, [at], 16:20
[eVuln] WebspotBlogging Authentication Bypass Vulnerability, alex, 15:59
IRM 015: File system path disclosure on TYPO3 Web Content Manager, Advisories, 15:39
Re: [DCC SPAM] Hacking With The Google Search Engine, Paul Laudanski, 15:29
HITBSecConf2005 Videos Released, Praburaajan, 15:19

January 18, 2006

MyBB Signature HTML Code Injection, [at], 22:00
Re: MSN Messenger Password Decrypter for WinXP/2003, frank boldewin, 21:10
XMB Forum HTML Code Injection, [at], 21:00
ICQ Cross Site Scripting Vulnerability, simo, 20:50
WEP-Client-Communication-Dumbdown (WCCD) Vulnerability, Michael.Wade, 19:29
[Full-disclosure] Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability, Fortinet Research, 19:19
Re: Directory traversal in phpXplorer, Stan Bubrouski, 19:09
Cerberus FTP Server 2.32 Denial of Service, cvh, 18:39
[eVuln] aoblogger Multiple Vulnerabilities, alex, 18:39
[eVuln] Flog Information Disclosure Vulnerability, alex, 18:18
Re: PunBB BBCode URL Tag Script Injection Vulnerability, Rickard Andersson, 18:08
[eVuln] CaLogic Calendars Multiple XSS Vulnerabilities, alex, 17:58
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 17:47
Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at], 17:37
Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA, ak, 17:07
Oracle Reports - Read parts of files via customize(fixed after 875 days), ak, 16:57
Oracle Critical Patch Update - January 2006, NGSSoftware Insight Security Research, 16:47
Oracle Reports - Overwrite any application server file via desname (fixed after 889 days), ak, 16:27
Oracle Reports - Read parts of files via desname (fixed after 874 days), ak, 16:17
[HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1, zinho, 16:06
Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext, ak, 16:06
Oracle DBMS Access Control Bypass in Login, shulman, 15:56
Attacking Automatic Wireless Network Selection, Dino A. Dai Zovi, 15:26
[Full-disclosure] Google's Blogger.com classic HTTP response splitting vulnerability, Meder Kydyraliev, 08:53
[Full-disclosure] [USN-244-1] Linux kernel vulnerabilities, Martin Pitt, 05:35

January 17, 2006

White Album Sql İnjection biyosecurity.be, liz0, 22:22
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements, inge . henriksen, 22:01
Re: Hacking With The Google Search Engine, Ryan McGeehan, 21:51
[Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability, labs-no-reply@idefense.com, 20:50
[Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability, labs-no-reply@idefense.com, 20:40
[Full-disclosure] iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe Heap Overflow Vulnerability, labs-no-reply@idefense.com, 20:40
[Full-disclosure] iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability, labs-no-reply@idefense.com, 20:40
Re: Fullpath disclosure in roundcube webmail, roundcube, 19:39
[Full-disclosure] [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess(), Thierry Zoller, 18:59
Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, Dave Korn, 18:49
PowerPortal Cross-Site Scripting Vulnerability, night_warrior771, 18:18
Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability, Secunia Research, 17:58
Re: Microsoft knew about the WMF flaw for years, Gadi Evron, 17:38
[eVuln] microBlog BBCode XSS Vulnerability, alex, 17:18
[eVuln] microBlog SQL Injection Vulnerability, alex, 17:07
[eVuln] BlogPHP Authentication Bypass, alex, 16:37
[Full-disclosure] Re: WehnTrust - When you have to trust Wehntrust, Dave Korn, 16:37
XSS in WBNews < = v1.1.0, dragonjar, 16:27
[Full-disclosure] Reverse Engineering WMF Exploit Code, Gadi Evron, 16:07
Re: Reverse Proxy Cross Site Scripting, Amit Klein (AKsecurity), 16:07
IndonesiaHack Advisory HTML injection in PHP Fusebox, king_purba, 15:27
MDKSA-2006:016 - Updated clamav packages fix vulnerability, Mandriva Security Team, 14:56
MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities, Mandriva Security Team, 14:36
MDKSA-2006:014 - Updated wine packages fix WMF vulnerability, Mandriva Security Team, 14:06
[Full-disclosure] Re: WehnTrust - When you have to trust Wehntrust, Dave Korn, 11:45
Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, info, 10:54
Announcement: The Web Application Firewall Evaluation Criteria v1 Released, contact, 10:24
Re: Hacking With The Google Search Engine, Jean-Jacques Halans, 09:23
RE: Hacking With The Google Search Engine, Matt Fisher, 09:23
PunBB BBCode URL Tag Script Injection Vulnerability, night_warrior771, 09:13
Re: [DCC SPAM] Hacking With The Google Search Engine, Lance James, 08:13
Re: MSN Messenger Password Decrypter for WinXP/2003, James_gmail-ij, 06:52
[Full-disclosure] ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen, 04:41
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 04:21
Microsoft knew about the WMF flaw for years, Richard M. Smith, 03:30
Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, patrickthomassen, 02:50
[eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability, alex, 02:10
Re: WMF vulnerability was a deliberate backdoor?, Mike Ely, 01:40
[eVuln] Benders Calendar SQL Injection, alex, 00:09

January 16, 2006

Re: MyBB 1.0.2 SQL injection in usercp.php, o . y . 6, 23:38
Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust, H D Moore, 22:48
Reverse Proxy Cross Site Scripting, Shalom Carmel, 22:08
iWar 0.07 PSTN auditing tool released..., Da Beave, 21:57
Re: WMF vulnerability was a deliberate backdoor?, Steve Friedl, 21:37
[Full-disclosure] Sun Java Update Scheduler gets placed in autostart without absolute path quotes, Paul, 21:37
Re: WMF vulnerability was a deliberate backdoor?, Denis Jedig, 20:47
Homeftp r1.0.7 Denial of Service, cvh, 20:17
CounterPath eyeBeam Handing SIP header Vulnerabilities, zwell, 19:36
RE: WMF vulnerability was a deliberate backdoor?, Alex Eckelberry, 18:56
[eVuln] Bit 5 Blog JavaScript Insertion Vulnerability, alex, 18:26
[Full-disclosure] WehnTrust - When you have to trust Wehntrust, Thierry Zoller, 18:05
Directory traversal in phpXplorer, Oriol Torrent, 17:15
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities, oliver karow, 16:55
[Full-disclosure] RE: Session data pollution vulnerabilities in web applications, Keenan Smith, 16:24
DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal', KF (lists), 16:14
[Full-disclosure] [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation, Thierry Carrez, 10:52
[Full-disclosure] [USN-243-1] tuxpaint vulnerability, Martin Pitt, 09:11
[Full-disclosure] [USN-242-1] mailman vulnerabilities, Martin Pitt, 08:01
[Full-disclosure] Virata-EmWeb DSL modems, Dinos, 07:00
MDKSA-2006:013 - Updated kolab packages fix vulnerability, Mandriva Security Team, 01:47
Visual Studio Remote Code Execution, priest, 01:17
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server, ISecAuditors Security Advisories, 00:57
DDSN CMS Admin Panel SQL Injection Vulnerability, khc, 00:37
TSL-2006-0001 - postgresql, Trustix Security Advisor, 00:16

January 15, 2006

TSLSA-2006-0002 - multi, Trustix Security Advisor, 23:56
DIMVA 2006 Call for Papers, Thomas Biege, 23:36
Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075, 20:45
Re: MSN Messenger Password Decrypter for WinXP/2003, kuku, 20:04
[eVuln] Light Weight Calendar PHP Code Execution, alex, 19:24
AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability, night_warrior771, 18:44
DCP Portal Cross-Site Scripting Vulnerability, night_warrior771, 18:14
MyBB 1.0.2 SQL injection, addmimistrator, 17:44
WMF vulnerability was a deliberate backdoor?, Brooks, Shane, 17:03
[Full-disclosure] EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability, Josh Zlatin, 12:31
MyBB 1.0.2 SQL injection in usercp.php, addmimistrator, 02:48

January 14, 2006

[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution, Martin Schulze, 22:36
FreeBSD Security Advisory FreeBSD-SA-06:02.ee, FreeBSD Security Advisories, 21:45
[NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops, Advisories, 18:24
Hacking With The Google Search Engine, Paul Laudanski, 17:54
RE: Did MS pull an Ilfak? (MS patch bindiff results), Greg Wroblewski, 17:54
[KAPDA::#21] - HomeFtp v1.1 Denial of Service, [a], 17:34
FullPath disclosure in Xaraya 1.0.1, king_purba, 17:24
ezDatabase 2.0 and below, none, 17:13
Helm XSS Vulnerability, M.Neset KABAKLI, 16:23
[eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities, alex, 13:12
FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw, FreeBSD Security Advisories, 10:51
Serial Line Sniffer 0.4.4 Buffer Overflow, Sintigan, 10:31
MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities, Mandriva Security Team, 09:50
FreeBSD Security Advisory FreeBSD-SA-06:03.cpio, FreeBSD Security Advisories, 03:38
mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation, xwings, 01:27

January 13, 2006

[Full-disclosure] Re: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Austin Murkland, 16:53
[Full-disclosure] iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow, labs-no-reply@idefense.com, 15:53
MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities, Mandriva Security Team, 15:13
SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002), Marcus Meissner, 15:02
RE: [Full-disclosure] Fortinet Advisory - Apple QuickTime PlayerStripByteCounts Buffer Overflow Vulnerability, Tom Ferris, 13:42
Re: [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, virus, 09:40
Re: industry standards - current status [was: what we REALLY learned from WMF], D. Hazelton, 04:58
[Full-disclosure] [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen, 04:28
[Full-disclosure] [ GLSA 200601-08 ] Blender: Heap-based buffer overflow, Sune Kloppenborg Jeppesen, 04:28
[Full-disclosure] [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen, 04:18
RE: [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, Paul, 02:17

January 12, 2006

[Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, secresearch, 23:15
[Full-disclosure] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow, Fortinet Research, 22:55
[Full-disclosure] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability", Fortinet Research, 22:45
[Full-disclosure] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability", Fortinet Research, 22:45
[Full-disclosure] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability, Fortinet Research, 22:35
[Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces, Fortinet Research, 22:25
[Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, Fortinet Research, 22:15
[eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities, alex, 21:34
[eVuln] Wordcircle Authentication Bypass, alex, 21:24
[eVuln] ACal Authentication Bypass & PHP Code Insertion, alex, 21:14
[Full-disclosure] Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability, secresearch, 21:14
[Full-disclosure] Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx, 21:14
[eVuln] TankLogger SQL Injection Vulnerability, alex, 21:14
[Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch, 21:04
[Full-disclosure] Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit, nukedx, 21:04
FogBugz Cross Site Scripting Vulnerability, M.Neset KABAKLI, 20:34
Multiple PHP Toolkit for PayPal Vulnerabilities, uinC Team, 20:24
Interspire TrackPoint NX XSS Vulnerability, M.Neset KABAKLI, 20:24
Cisco, haven't we learned anything? (technician reset), Gadi Evron, 20:03
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx, 19:03
[Full-disclosure] ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability, zdi-disclosures, 18:02
Re: [Full-disclosure] Re: Session data pollution vulnerabilities inweb applications, Frank Knobbe, 17:52
EUSecWest papers and CanSecWest CFP, Dragos Ruiu, 17:42
H-Sphere Security Vulnerability, M.Neset KABAKLI, 16:41
[Full-disclosure] Re: Session data pollution vulnerabilities inweb applications, Dave Korn, 16:41
Re: [Full-disclosure] Re: what we REALLY learned from WMF, wac, 15:31
[Full-disclosure] Advisory 02/2006: PHP ext/mysqli Format String Vulnerability, Stefan Esser, 14:20
[Full-disclosure] Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability, Stefan Esser, 14:20
Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, mailinglist mailinglist, 14:10
Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, Frank Knobbe, 14:10
[Full-disclosure] [USN-241-1] Apache vulnerabilities, Adam Conrad, 08:37
[Full-disclosure] Session data pollution vulnerabilities in web applications, Alla Bezroutchko, 08:17
Re: PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski, 04:05
BSD Securelevels: Circumventing protection of files flagged immutable, RedTeam Pentesting, 02:04
Advisory: XSS attack on Superonline.com email service., nukedx, 01:24
MDKSA-2006:010 - Updated cups packages fix several vulnerabilities, Mandriva Security Team, 00:54
[RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server, bugzilla, 00:43

January 11, 2006

FreeBSD Security Advisory FreeBSD-SA-06:01.texindex, FreeBSD Security Advisories, 23:43
[eVuln] MyPhPim Arbitrary File Upload, alex, 22:53
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp), nukedx, 22:22
Re: Did MS pull an Ilfak? (MS patch bindiff results), Denis Jedig, 21:42
eStara Softphone SIP stack Buffer Overflow Vulnerability, zwell, 19:50
SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001), Ludwig Nussel, 19:30
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED], FreeBSD Security Advisories, 19:20
PostgreSQL security releases 8.0.6 and 8.1.2, PostgreSQL Security, 19:10
[Full-disclosure] Updated Advisories - Incorrect CVE Information, Advisories, 15:07
[Full-disclosure] [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow, Advisories, 14:57
[Full-disclosure] [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow, Advisories, 14:57
[Full-disclosure] [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow, Advisories, 14:57
[Full-disclosure] [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow, Advisories, 14:47
[Full-disclosure] [USN-240-1] bogofilter vulnerability, Martin Pitt, 14:27
Re: [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow, virus, 13:36
[Full-disclosure] Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability, Paul Starzetz, 13:06
[Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow, CIRT.DK Advisory, 13:06
Microsoft Outlook Critical Vulnerability, NGSSoftware Insight Security Research, 12:26
Microsoft Exchange Critical Vulnerability, NGSSoftware Insight Security Research, 12:06
Re: PayPal Phishing Site Exploits Google XSS Vulnerability, Stelian Ene, 09:45
PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski, 08:24
Re: Dumb IE6/XP denial of service found on the web, rebornrebel, 08:14
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team, 04:32
New PEAR / Apache2Triad Exploit, jd2k2000, 01:00

January 10, 2006

[Full-disclosure] [FLSA-2006:167803] Updated mysql packages fix security issues, Marc Deslauriers, 22:09
Malware - future trends, Dancho Danchev, 18:47
[Full-disclosure] [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow, Stefan Cornelius, 18:27
Time modification flaw in BSD securelevels on NetBSD and Linux, RedTeam Pentesting, 18:06
[Full-disclosure] [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability, Advisories, 17:46
Re: Did MS pull an Ilfak? (MS patch bindiff results), Joe Polk, 17:23
[Full-disclosure] [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities, Stefan Cornelius, 17:13
Re: Html_Injection in vBulletin 3.5.2, info, 17:02
[security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert, 16:42
Multiple Vulnerabilities in Hummingbird Collaboration, luca . carettoni, 14:41
Re: Html_Injection in vBulletin 3.5.2, Steven M. Christey, 14:11
[Full-disclosure] iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability, labs-no-reply@idefense.com, 12:20
industry standards - current status [was: what we REALLY learned from WMF], Gadi Evron, 00:55
Research: Malware Action Detection and Protection, Arman Nayyeri, 00:45

January 09, 2006

MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team, 23:44
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team, 23:34
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team, 23:24
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team, 23:14
MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities, Mandriva Security Team, 22:54
[Full-disclosure] [FLSA-2006:168375] Updated mozilla packages fix security issues, Marc Deslauriers, 22:54
[Full-disclosure] [FLSA-2006:152922] Updated ethereal packages fix security issues, Marc Deslauriers, 22:54
[Full-disclosure] [FLSA-2006:152907] Updated htdig packages fix security issues, Marc Deslauriers, 22:44
[Full-disclosure] [FLSA-2006:152803] Updated lesstif packages fix security issues, Marc Deslauriers, 22:44
[Full-disclosure] [FLSA-2006:136323] Updated gettext package fixes security issues, Marc Deslauriers, 22:44
[eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS), alex, 22:44
Xoops Pool Module IMG Tag Cross Site Scripting, night_warrior771, 22:34
Re: Interview: Ilfak Guilfanov, Denis Jedig, 22:24
Php-Nuke Pool and News Module IMG Tag Cross Site, night_warrior771, 22:14
Orjinweb E-commerce, serxwebun, 21:33
AIM Multiple Cross Site Scripting Vulnerability, simo, 21:23
AOL Multiple Cross Site Scripting Vulnerability, simo, 21:13
Html_Injection in vBulletin 3.5.2, the_bekir, 21:13
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team, 21:03
Re: Did MS pull an Ilfak? (MS patch bindiff results), Brett Glass, 20:33
[Full-disclosure] iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability, labs-no-reply@idefense.com, 18:41
Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability, info, 17:51
[eVuln] Venom Board SQL Injection Vulnerability, alex, 17:31
[eVuln] Foxrum BBCode XSS Vulnerabilty, alex, 17:01
NetBSD Security Advisory 2006-002: settimeofday() time wrap, NetBSD Security Officer, 16:50
NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure, NetBSD Security Officer, 16:30
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities, frankruder, 15:49
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities, frankruder, 15:39
xorg server 6.8.2 and below on 64bit arch, serj, 15:29
[Full-disclosure] [USN-235-2] sudo vulnerability, Martin Pitt, 08:46
[Full-disclosure] [USN-236-2] xpdf vulnerabilities in kword, kpdf, Martin Pitt, 05:44
[Full-disclosure] [USN-239-1] libapache2-mod-auth-pgsql vulnerability, Martin Pitt, 05:34

January 08, 2006

Survey on Vuln Disclosure: Request for Participation, Richard Forno, 03:44
Recon2006 - Call for papers, Hugo Fortier, 03:04

January 07, 2006

[eVuln] NavBoard BBcode XSS Vulnerability, alex, 19:10
Re: Interview: Ilfak Guilfanov, Randal L. Schwartz, 19:00
[Full-disclosure] [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking, Sune Kloppenborg Jeppesen, 18:30
[Full-disclosure] RE: Windows PHP 4.x "0-day" buffer overflow, LE Backup, 15:49
Re: MD:Pro - Malware Distribution Project, Rembrandt, 14:48
Re: [Full-disclosure] Re: what we REALLY learned from WMF, dudevanwinkle@gmail.com, 09:36
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team, 08:46
Re: Dumb IE6/XP denial of service found on the web, Francois Labreque, 08:15
SysCP WebFTP local file inclusion vulnerability, Thomas Henlich, 04:34
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team, 04:04
HylaFAX Security advisory - fixed in HylaFAX 4.2.4, Aidan Van Dyk, 02:53
[eVuln] TinyPHPForum Multiple Vulnerabilities, alex, 02:12
Re: Dumb IE6/XP denial of service found on the web, Kim Christensen, 01:10
CyberShop User Login Sql Injection, night_warrior771, 00:49

January 06, 2006

[eVuln] Proyecto Domus 'email' XSS Vulnerability, alex, 20:37
Re: what we REALLY learned from WMF, Thor (Hammer of God), 19:36
MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team, 18:35
[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1, eufrato, 18:25
Re: Download Accelerator Plus can be tricked to download malicious file, Dave Korn, 18:15
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team, 18:04
Did MS pull an Ilfak? (MS patch bindiff results), Gadi Evron, 17:54
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team, 17:44
[Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability, zeus olimpusklan, 17:34
Re: MS released a patch today - MS06-001, Anthony R. Nemmer, 17:24
[Full-disclosure] Re: what we REALLY learned from WMF, Dave Korn, 17:24
[eVuln] TheWebForum Script Insertion and Authentication Bypass, alex, 17:14
MD5s of Unofficial patches and other mistakes, Forrest J. Cavalier III, 17:03
Re: [Full-disclosure] Re: what we REALLY learned from WMF, Devdas Bhagat, 16:53
[security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access, security-alert, 16:53
[Full-disclosure] Re: what we REALLY learned from WMF, Matt . Carpenter, 16:33
[Full-disclosure] Re: what we REALLY learned from WMF, Gavin Conway, 16:33
[Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 12:11
[Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 12:11
Re: New from the MS Advisory, Damaged Industries, 11:20
APPLE-SA-2006-01-05 AirPort firmware update, noreply, 11:10
[Full-disclosure] [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 11:00
[Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 09:39
Re: [Full-disclosure] what we REALLY learned from WMF, Florian Weimer, 09:29
[Full-disclosure] Re: [USN-237-1] nbd vulnerability, Florian Weimer, 07:28
[Full-disclosure] [USN-238-2] Blender vulnerability, Martin Pitt, 07:08
[Full-disclosure] [USN-237-1] nbd vulnerability, Martin Pitt, 06:28
[Full-disclosure] [USN-238-1] Blender vulnerability, Martin Pitt, 06:28
[eVuln] ADNForum Multiple Vulnerabilities, alex, 02:16
MS released a patch today - MS06-001, Duran, Jason IT0, 02:16
RE: WMF browser-ish exploit vectors, James C Slora Jr, 01:36
Re: Download Accelerator Plus can be tricked to download malicious file, visitbipin, 01:26
[Full-disclosure] RE: what we REALLY learned from WMF, Donald N Kenepp, 00:45
Interview: Ilfak Guilfanov, Matthew Murphy, 00:35

January 05, 2006

Uninformed Journal Release Announcement: Volume 3, Uninformed, 23:35
RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 23:15
Contact information for Symantec Vulnerability Management, secure, 22:54
What is sbininitd port 65534 ???, waltdnes, 22:24
[Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:24
Re: [Full-disclosure] WMF round-up, updates and de-mystification, Scott Renna, 22:24
[Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:14
[Full-disclosure] RE: what we REALLY learned from WMF, Adrian Marsden, 22:14
Re: [Full-disclosure] WMF round-up, updates and de-mystification, Anthony R. Nemmer, 22:14
[Full-disclosure] Re: what we REALLY learned from WMF, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 22:14
[Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:14
[Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:14
RE: Dumb IE6/XP denial of service found on the web, Mario Contestabile, 22:04
[Full-disclosure] Re: what we REALLY learned from WMF, Gadi Evron, 22:04
[Full-disclosure] Mozilla Firefox image Buffer Overflow Vulnerability, zeus olimpusklan, 22:04
[Full-disclosure] so, who is going to bindiff the WMF patch first? Already done, Gadi Evron, 22:04
MD:Pro - Malware Distribution Project, anthony . aykut, 21:43
WMF Exploit Patch Released, Matthew Schiros, 20:19
[Full-disclosure] what we REALLY learned from WMF, Gadi Evron, 19:19
[Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability, labs-no-reply@idefense.com, 18:58
[Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability, labs-no-reply@idefense.com, 18:58
[Full-disclosure] iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability, labs-no-reply@idefense.com, 18:48
Re: [Full-disclosure] RE: Download Accelerator Plus can be tricked to download malicious file, Bipin Gautam, 18:28
[VulnWatch] RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 18:28
Re: [Full-disclosure] MS Patch Release for WMF Issue, Stan Bubrouski, 18:08
[Full-disclosure] MS Patch Release for WMF Issue, Geoff.Shatz, 17:37
[Full-disclosure] RE: Download Accelerator Plus can be tricked to download malicious file, NaPa, 16:47
[Full-disclosure] [USN-236-1] xpdf vulnerabilities, Martin Pitt, 15:16
[Full-disclosure] [USN-235-1] sudo vulnerability, Martin Pitt, 13:55
Re: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, Josh Zlatin, 12:44
Re: WMF Exploit, Joshua, 11:14
[Full-disclosure] Open Letter on the Interpretation of "Vulnerability Statistics", Steven M. Christey, 10:33
Re: WMF browser-ish exploit vectors, Dave Korn, 10:13
[Full-disclosure] Re: Re[2]: [funsec] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:43
Re: [Full-disclosure] RE: WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
Re: [Full-disclosure] Re: WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
[Full-disclosure] Re: [funsec] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 09:33
Re: WTF??, anthony . aykut, 08:53
WMF: New Metasploit Framework Module, H D Moore, 07:42
Mapping and Remote manipulation of databases, Gandalf The White, 06:42
Re: WTF??, Nick FitzGerald, 05:41
Re: WMF browser-ish exploit vectors, Nick FitzGerald, 04:51
RE: WMF Exploit, Discussion Lists, 04:00
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability, Mandriva Security Team, 03:10
Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, Eloy A. Paris, 02:09
[Full-disclosure] Windows PHP 4.x "0-day" buffer overflow, mercenary, 01:29
Dumb IE6/XP denial of service found on the web, 8ux1fpd02, 01:09
Recruitment Software allows MySQL credentials disclosure, Rafael San Miguel Carrasco, 00:49

January 04, 2006

Re[2]: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne, 22:48
New from the MS Advisory, Larry Seltzer, 21:46
Re: [Full-disclosure] WMF round-up, updates and de-mystification, Crist J. Clark, 20:05
[Full-disclosure] [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code, Sune Kloppenborg Jeppesen, 19:25
Re: WMF Exploit, Paul Laudanski, 18:35
RE: [Full-disclosure] RE: WMF round-up, updates and de-mystification, Krpata, Tyler, 17:44
[Full-disclosure] RE: WMF round-up, updates and de-mystification, Mario Contestabile, 17:24
[eVuln] Lizard Cart CMS SQL Injection Vulnerability, alex, 17:24
[Full-disclosure] RE: WMF round-up, updates and de-mystification, Brance Amussen, 17:14
Re[2]: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, 3APA3A, 16:23
Download Accelerator Plus can be tricked to download malicious file, visitbipin, 16:03
Another WMF exploit workaround, Ivan Arce, 15:53
WMF exploit, Andreas Marx, 15:33
Re: WMF SETABORTPROC exploit, Alexander Sotirov, 14:53
Re: [Full-disclosure] Rockliffe Directory Transversal Vulnerability, Stan Bubrouski, 14:22
[Full-disclosure] Rockliffe Mailsite User Enumeration Flaw, Josh Zlatin, 13:21
[Full-disclosure] Rockliffe Directory Transversal Vulnerability, Josh Zlatin, 13:21
[Full-disclosure] Re: WMF round-up, updates and de-mystification, Adam Shostack, 04:17

January 03, 2006

[eVuln] PHPenpals SQL Injection Vulnerabilit, alex, 22:05
WSJ: The new "metasploit" computer virus, Richard M. Smith, 21:14
[eVuln] phpBook PHP Code Execution, alex, 21:04
RE: WMF Exploit, Paul, 20:43
RE: [funsec] WMF round-up, updates and de-mystification, Larry Seltzer, 20:33
RE: [Full-disclosure] Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected], Paul, 20:33
Re: WMF round-up, updates and de-mystification, Gadi Evron, 20:12
[eVuln] VEGO Links Builder Authentication Bypass, alex, 20:02
RE: [Full-disclosure] WMF round-up, updates and de-mystification, Larry Seltzer, 19:52
[Full-disclosure] RE: WMF round-up, updates and de-mystification, Krpata, Tyler, 19:52
Re: Drupal all versiyon xss cehennem.org, RSnake, 19:42
Re: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne, 19:42
[eVuln] VEGO Web Forum SQL Injection Vulnerability, alex, 19:21
[eVuln] Chimera Web Portal System Multiple Vulnerabilities, alex, 19:11
Re: Drupal all versiyon xss cehennem.org, security, 19:01
WMF SETABORTPROC exploit, SanjayR, 19:01
Winrar 3.30 Local Buffer Overflow, Alpha_Programmer, 18:30
RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau, 18:20
[eVuln] oaBoard PHP Code Execution, alex, 17:59
SCO Openserver 5.0.x exploit, rod hedor, 17:59
[eVuln] ScozBook "adminname" Authentication Bypass, alex, 17:49
[eVuln] inTouch Authentication Bypass, alex, 17:39
[eVuln] B-net Software Multiple XSS Vulnerabilities, alex, 17:29
[eVuln] Chipmunk Guestbook XSS Vulnerability, alex, 17:29
Drupal all versiyon xss cehennem.org, liz0, 17:19
[eVuln] PHPjournaler SQL Injection Vulnerability, alex, 17:09
NicoFTP Stack Overflow, k4p0k4p0, 17:09
[KAPDA::#19] - Html Injection in vBulletin 3.5.2, alireza hassani, 17:09
Re: WMF Exploit, Frank Knobbe, 16:38
Re: RE: WMF Exploit, grasshopa, 16:38
Re: WMF Exploit, Justin Myers, 16:18
Re: [Full-disclosure] WMF round-up, updates and de-mystification, gat0r, 14:37
RE: [Full-disclosure] WMF round-up, updates and de-mystification, Peter Ferrie, 14:27
[Full-disclosure] [ GLSA 200601-01 ] pinentry: Local privilege escalation, Thierry Carrez, 12:06
Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 08:54
Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH, 08:54
Re: [Full-disclosure] WMF round-up, updates and de-mystification, Nancy Kramer, 07:14
[Full-disclosure] WMF round-up, updates and de-mystification, Gadi Evron, 05:43

January 02, 2006

[Full-disclosure] [USN-234-1] cpio vulnerability, Martin Pitt, 16:27
[Full-disclosure] [USN-233-1] fetchmail vulnerability, Martin Pitt, 15:47

January 01, 2006

[Full-disclosure] [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities, XFOCUS Security Team, 05:33