Vulnerability Development (thread)

New SecurityFocus mailing list: Focus-Apple, Marc Fossi, 2006/05/31
- Re: New SecurityFocus mailing list: Focus-Apple, Marc Fossi, 2006/05/31
[Full-disclosure] rPSA-2006-0087-1 kernel, Justin M. Forbes, 2006/05/31
Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 2006/05/31
Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities, Secunia Research, 2006/05/31
toendaCMS 0.7.0 Cross Site Scripting, kubasx, 2006/05/31
QontentOneCMS v1.0, luny, 2006/05/31
# MHG Security Team --- PHP NUKE All version Remote File Inc., erne, 2006/05/31
pppBlog <= 0.3.8 administrative credentials/system disclosure, rgod, 2006/05/31
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities, enji, 2006/05/30
WebCalendar-1.0.3 reading of any files, socsam, 2006/05/30
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities., security, 2006/05/30
Fire fox dos exploit, co296, 2006/05/30
- Re: Fire fox dos exploit, Josh Zlatin-Amishav, 2006/05/31
OaBoard 1.0 Remote File inclusion, hessamx, 2006/05/30
WBB<--v2.3.4"misc.php" SQL injection Vulnerability, CrAzY . CrAcKeR, 2006/05/30
NorthStudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR, 2006/05/30
Bratpack Cross Site Scripting Vulnerability, CrAzY . CrAcKeR, 2006/05/30
phpMyDesktop|arcade 1.0 FINAL Code Execution, darkgod . xsf, 2006/05/30
4nNukeWare<--V 0.91 SQL Injection exploits, CrAzY . CrAcKeR, 2006/05/30
[Full-disclosure] [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities, Stefan Cornelius, 2006/05/30
Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., Robert, 2006/05/30
[Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability, Stefan Cornelius, 2006/05/30
[Full-disclosure] Backdoor in RelevantKnowledge adware (What are we fighting for?), 3APA3A, 2006/05/30
- [Full-disclosure] Re: Backdoor in RelevantKnowledge adware (What are wefighting for?), Dave \"No, not that one\" Korn, 2006/05/30
[KAPDA::#46] - Nukedit Unauthorized Admin Add, farhadkey, 2006/05/29
WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck, 2006/05/29
New SMB and DCERPC features on Impacket released with doc, Gerardo Richarte, 2006/05/29
Foing Remote File Include Vulnerability [PHPBB], s3rv3r_hack3r, 2006/05/29
UBBThreads 5.x,6.x md5 hash disclosure, chris, 2006/05/29
[KAPDA::#45] - geeklog multiple vulnerabilities, alireza hassani, 2006/05/29
Xss exploit in Photoalbum B&W v1.3, black-cod3, 2006/05/29
VARIOMAT(advanced cms tool)SQL injection/XSS, CrAzY . CrAcKeR, 2006/05/29
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability, Mustafa Can Bjorn IPEKCI, 2006/05/29
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI, 2006/05/29
JAMES 2.2.0 <-- Denial Of Service, y3dips, 2006/05/29
multiple file include exploits in EzUpload Pro v2.10, black-cod3, 2006/05/29
Buffer overflow in QuickTime 7.0.4?, John Richard Moser, 2006/05/29
[Full-disclosure] [USN-288-1] PostgreSQL server/client vulnerabilities, Martin Pitt, 2006/05/29
[Full-disclosure] [USN-287-1] Nagios vulnerability, Martin Pitt, 2006/05/29
[Full-disclosure] Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI, 2006/05/29
- [Full-disclosure] RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability, austin best, 2006/05/29
[Full-disclosure] Advisory: UBBThreads 5.x, 6.x Multiple File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities., Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI, 2006/05/28
- [Full-disclosure] RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Egg, 2006/05/29
[Full-disclosure] Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities, Mustafa Can Bjorn IPEKCI, 2006/05/28
[Full-disclosure] Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI, 2006/05/28
html Guest Gear, pieisgdvgd, 2006/05/27
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda, 2006/05/27
- Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, Andreas Beck, 2006/05/29
D-Link DSA-3100 Cross-Site Scripting, jaime . blasco, 2006/05/27
Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit, ajannhwt, 2006/05/27
sql injection in PHPcafe.net Tutorial Manager, black-cod3, 2006/05/27
Multiple Xss exploits in ar-blog v 5.2, black-cod3, 2006/05/27
Xss exploit in Chipmunk guestbook, black-cod3, 2006/05/27
Critical sql injection in saphplesson 2.0, black-cod3, 2006/05/27
InternerExplorer error: ECMAScript interpreter stack overflow, sehato, 2006/05/27
Symantec antivirus software exposes computers, Michael Scheidell, 2006/05/27
Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password, Cemil Degirmenci, 2006/05/27
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib, 2006/05/27
LM hashes in a hot-desking environment, feedb4ck, 2006/05/27
- Re: LM hashes in a hot-desking environment, 3APA3A, 2006/05/27
- Re: LM hashes in a hot-desking environment, Ansgar -59cobalt- Wiechers, 2006/05/27
  - Re: LM hashes in a hot-desking environment, The Little Prince, 2006/05/29
- RE: LM hashes in a hot-desking environment, Roger A. Grimes, 2006/05/27
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability., security, 2006/05/27
Morris Guestbook v1, luny, 2006/05/27
Smile Guestbook v1, luny, 2006/05/27
Pretty Guestbook v1, luny, 2006/05/27
MyYearBook.com - XSS, luny, 2006/05/27
Vacation Retal Script v1.0, luny, 2006/05/26
Super Link Exchange Script v1.0, luny, 2006/05/26
PHPSimple Choose v0.3, luny, 2006/05/26
iBoutique.MALL - Directory Traversal, luny, 2006/05/26
XSS Vulnerability on Vodafone, try_og, 2006/05/26
[Full-disclosure] rPSA-2006-0084-1 fetchmail, Justin M. Forbes, 2006/05/26
On the Recent PGP and Truecrypt Posting, jon, 2006/05/26
- Re: On the Recent PGP and Truecrypt Posting, John Pettitt, 2006/05/27
  - Re: On the Recent PGP and Truecrypt Posting, Jon Callas, 2006/05/29
    - Message not available
    - Re: On the Recent PGP and Truecrypt Posting, Jon Callas, 2006/05/30
    - Re: On the Recent PGP and Truecrypt Posting, Andreas Beck, 2006/05/30
[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils), OpenPKG, 2006/05/26
XSS Vulnerability on www.my6d.com Connection Work System, spymeta, 2006/05/26
Seditio Cross Site Scripting Vulnerability, mail, 2006/05/26
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities, ajannhwt, 2006/05/26
Assetman <= 2.4a XSS, zerogue, 2006/05/26
ByteHoard <= 2.1 multiple vulnerabilities, zerogue, 2006/05/26
PHP AGTC-Membership system <= v1.1a XSS, zerogue, 2006/05/26
PHPResidence <= 0.6 XSS, zerogue, 2006/05/26
Plume CMS Remote File Include, beford, 2006/05/26
[Full-disclosure] rPSA-2006-0083-1 enscript, Justin M. Forbes, 2006/05/26
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood, 2006/05/26
my Web Server << v-1.0 Denial of Service Exploit, s3rv3r_hack3r, 2006/05/26
- Re: my Web Server << v-1.0 Denial of Service Exploit, str0ke, 2006/05/27
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities, ajannhwt, 2006/05/26
[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability, admin, 2006/05/26
qjForum(member.asp) SQL Injection Vulnerability, ajannhwt, 2006/05/26
phpjobboard Authecnical admin byPass, alp_eren, 2006/05/26
Toasts Forums 1.6.44 in Xss, ajannhwt, 2006/05/26
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities, ajannhwt, 2006/05/26
XSS in Monster Top List | MTL 1.4, V8f3, 2006/05/26
Docebo LMS 2.05 Remote File Include, beford, 2006/05/26
XSS in Omegasoft's Insel, MC Iglo, 2006/05/26
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2, bugtraq, 2006/05/26
[BuHa-Security] DoS Vulnerability in MS IE 6 SP2, bugtraq, 2006/05/26
- Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2, ad@heapoverflow.com, 2006/05/26
V-Webmail 1.6.4 Remote File Include, beford, 2006/05/26
- Re: V-Webmail 1.6.4 Remote File Include, Ventsislav Genchev, 2006/05/30
TSLSA-2006-0030 - multi, Trustix Security Advisor, 2006/05/26
Addendum, ennead@truecrypt.org, 2006/05/26
[Full-disclosure] Graph analysis of stolen credit cards, Lance James, 2006/05/26
- [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 2006/05/26
  - [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 2006/05/26
- [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Justin Mason, 2006/05/26
  - Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, James Eaton-Lee, 2006/05/26
    - Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, James Eaton-Lee, 2006/05/26
    - Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards, Lance James, 2006/05/26
- [Full-disclosure] Re: [apwg] Graph analysis of stolen credit cards, glennhall, 2006/05/26
  - [Full-disclosure] Re: [apwg] Graph analysis of stolen credit cards, Lance James, 2006/05/26
[Full-disclosure] ASLR now built into Vista, David Litchfield, 2006/05/26
- Re: [Full-disclosure] ASLR now built into Vista, c0ntex, 2006/05/26
  - Re[2]: [Full-disclosure] ASLR now built into Vista, 3APA3A, 2006/05/26
- Re: [Full-disclosure] ASLR now built into Vista, 0x80, 2006/05/26
Wordpress <=2.0.2 'cache' shell injection, rgod, 2006/05/25
- Re: Wordpress <=2.0.2 'cache' shell injection, pokley, 2006/05/27
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15, PostgreSQL Security, 2006/05/25
Hackernetwork Mail Xss[Search] Vulnerability, ajannhwt, 2006/05/25
iFlance v1.1, luny, 2006/05/25
[Full-disclosure] rPSA-2006-0082-2 vixie-cron, Justin M. Forbes, 2006/05/25
[Full-disclosure] rPSA-2006-0082-1 vixie-cron, Justin M. Forbes, 2006/05/25
Drupal <= 4.7 attachment/mod_mime remote code execution, rgod, 2006/05/25
Pre News Manager v1.0, luny, 2006/05/25
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie, farhadkey, 2006/05/25
Pre Shopping Mall v1.0, luny, 2006/05/25
CMS Mundo V1.0, luny, 2006/05/25
GuestbookXL 1.3, luny, 2006/05/25
Bulletin Board Elite-Board v.1.1, luny, 2006/05/25
Realty Pro One Property Listing Script, luny, 2006/05/25
- RE: Realty Pro One Property Listing Script, Krpata, Tyler, 2006/05/26
iFdate v1.2, luny, 2006/05/25
sql injection in phpWebSite 0.8.3, help-users, 2006/05/25
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda, 2006/05/25
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., 3APA3A, 2006/05/26
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., Alexander Klimov, 2006/05/27
- RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., phugo, 2006/05/27
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ennead@truecrypt.org, 2006/05/26
- Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ahariri, 2006/05/27
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda, 2006/05/27
- Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin, 2006/05/27
ChatPat v1.0, luny, 2006/05/25
AZ Photo Album Script Pro, luny, 2006/05/25
Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, phpnuke, 2006/05/25
phpFoX All Version Login Exploit, mx, 2006/05/25
Kaspersky antivirus 6: POP3 state machine error, bug . registrator, 2006/05/25
- Re: Kaspersky antivirus 6: POP3 state machine error, denisov_vit, 2006/05/26
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other., support, 2006/05/25
VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow, advisories, 2006/05/25
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities, security, 2006/05/25
[Full-disclosure] rPSA-2006-0080-1 postgresql postgresql-server, Justin M. Forbes, 2006/05/24
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability, security, 2006/05/24
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc, security, 2006/05/24
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability, security, 2006/05/24
[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption, security, 2006/05/24
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting, jaime . blasco, 2006/05/24
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)", Amit Klein (AKsecurity), 2006/05/24
Diesel Joke Site SQL INJECTION, a_linuxer, 2006/05/24
NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability, info, 2006/05/24
Vodafone.de XSS Vulnerability, try_og, 2006/05/24
Default Screen Saver Vulnerability in Microsoft Windows, susam . pal, 2006/05/24
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Eliah Kagan, 2006/05/24
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Ansgar -59cobalt- Wiechers, 2006/05/24
  - Re: Default Screen Saver Vulnerability in Microsoft Windows, Jason V. Miller, 2006/05/25
YLZH(right.php)Cross Site Scripting, Breeeeh, 2006/05/24
Mambo <= 4.6. RC1 xss, rgod, 2006/05/24
Publicist v0.95 - XSS And Full Path Errors, luny, 2006/05/24
AlstraSoft Web Host Directory v1.2, luny, 2006/05/24
[Full-disclosure] [USN-286-1] Dia vulnerabilities, Martin Pitt, 2006/05/24
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation, security-alert, 2006/05/24
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert, 2006/05/24
DGbook v1.0 - XSS, luny, 2006/05/24
[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access, security-alert, 2006/05/23
Alstrasoft Article Manager Pro v1.6, luny, 2006/05/23
AlstraSoft E-Friends - XSS, luny, 2006/05/23
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!), ajannhwt, 2006/05/23
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege, security-alert, 2006/05/23
Nucleus CMS <= 3.22 arbitrary remote inclusion, rgod, 2006/05/23
Non eXecutable Stack Lovin on OSX86, KF (lists), 2006/05/23
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap), OpenPKG, 2006/05/23
Kaspersky antivirus 6: HTTP monitor bypassing, john, 2006/05/23
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, denisov_vit, 2006/05/26
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, dmitryp . spm, 2006/05/26
SkyeShoutbox <= v.1.2.0 XSS, zerogue, 2006/05/23
Russcom Ping Remote code execution, zerogue, 2006/05/23
Russcom PHPImages lack of validation, zerogue, 2006/05/23
QBv14 XSS, zerogue, 2006/05/23
IpLogger <= 1.7 XSS, zerogue, 2006/05/23
- Re: IpLogger <= 1.7 XSS, thrasher . basher, 2006/05/25
DSChat <= 1.0 XSS, zerogue, 2006/05/23
Chatty improper input sanitizing, zerogue, 2006/05/23
[Full-disclosure] Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229), Luigi Auriemma, 2006/05/23
[Full-disclosure] Server termination in netPanzer 0.8 (rev 952), Luigi Auriemma, 2006/05/23
[Full-disclosure] [USN-285-1] awstats vulnerability, Martin Pitt, 2006/05/23
Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar, 2006/05/22
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, 3APA3A, 2006/05/23
- RE: Circumventing quarantine control in Windows 2003 and ISA 2004, Roger A. Grimes, 2006/05/24
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Mark Senior, 2006/05/24
  - Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar, 2006/05/25
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Andreas Beck, 2006/05/24
Hackernetwork.Com Mail XSS Vulnerability, TeufeL Online, 2006/05/22
Microsoft Internet Explorer - Crash on mouse button click, mac68k, 2006/05/22
- Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 2006/05/24
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 2006/05/26
    - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 2006/05/27
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user, 2006/05/26
- RE: Microsoft Internet Explorer - Crash on mouse button click, Jain, Siddhartha, 2006/05/25
- Re: Microsoft Internet Explorer - Crash on mouse button click, mac68k, 2006/05/27
Remote Code Execution in artmedic Newsletter 4.1 [log.php], c . j . schmitz, 2006/05/22
TSLSA-2006-0028 - multi, Trustix Security Advisor, 2006/05/22
phpRaid "view.php" XSS Vulnerability, TeufeL Online, 2006/05/22
Beoped Portal XSS, outlaw, 2006/05/22
SOE's implementation of Lithium Forums Software allows users to log on as each other., john, 2006/05/22
ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service, ACROS Security, 2006/05/22
CANews Multiple Vulnerabilities, omnipresent, 2006/05/22
mybb v1.1.1(rss.php) SQL Injection Exploit, Breeeeh, 2006/05/22
- Re: mybb v1.1.1(rss.php) SQL Injection Exploit, Steven M. Christey, 2006/05/25
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS), security-alert, 2006/05/22
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS), security-alert, 2006/05/22
BitZipper Archive Extraction Directory traversal, h e, 2006/05/22
Prodder Remote Arbitrary Command Execution, RedTeam Pentesting, 2006/05/22
[Full-disclosure] ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability, zdi-disclosures, 2006/05/22
Perlpodder Remote Arbitrary Command Execution, RedTeam Pentesting, 2006/05/22
Skype - URI Handler Command Switch Parsing, Brett Moore, 2006/05/22
[KAPDA::#43] - phpwcms multiple vulnerabilities, alireza hassani, 2006/05/22
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06, Marc Schoenefeld, 2006/05/22
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, EitanCaspi@yahoo.com, 2006/05/22
- Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, Roman Drahtmueller, 2006/05/22
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit, rgod, 2006/05/22
Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions, milw0rm, 2006/05/22
PHP Easy Galerie Index.PHP Remote File Include Vulnerability, craziest, 2006/05/22
Captivate 1.0 - XSS Vuln, luny, 2006/05/22
Destiney Links Script v2.1.2, luny, 2006/05/22
Destiney Rated Images Script v0.5.0 - XSS Vulnv, luny, 2006/05/22
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, webmaster, 2006/05/24
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, Steven M. Christey, 2006/05/26
PunBB 1.2.11 Cross site scripting, k4p0k4p0, 2006/05/22
Hiox Guestbook 3.1, luny, 2006/05/22
[Full-disclosure] PBNJ 1.14 released, Joshua D. Abraham, 2006/05/21
[Full-disclosure] [ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities, Stefan Cornelius, 2006/05/21
[Full-disclosure] [ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows, Stefan Cornelius, 2006/05/21
[Full-disclosure] [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart, Thierry Zoller, 2006/05/21
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, i6d, 2006/05/20
- Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, farhadkey, 2006/05/22
cPanel OpenBaseDir Bypass, i6d, 2006/05/20
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2, fredck, 2006/05/20
Xtremescripts Topsites v1.1, luny, 2006/05/20
Interlink "news_information.php" XSS, Mster-X, 2006/05/20
RaceEventManagement <--v0.7.6 SQL injection & XSS, Mster-X, 2006/05/20
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability, i6d, 2006/05/20
Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC, fredck, 2006/05/20
phpBazar <= 2.1.0 Multiple vulnerabilites, i6d, 2006/05/20
CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command, Leandro Meiners, 2006/05/19
Jemscripts Download Control v1.0, luny, 2006/05/19
Yourfreeworld.com Short Url & Url Tracker Script, luny, 2006/05/19
Yourfreeworld Styleish Text Ads Script, luny, 2006/05/19
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities, security, 2006/05/19
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert, 2006/05/19
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS), security-alert, 2006/05/19
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert, 2006/05/19
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 2006/05/19
Sun single-CPU DOS, Doug Hughes, 2006/05/19
- Re: Sun single-CPU DOS, Mike O'Connor, 2006/05/22
  - Re: Sun single-CPU DOS, Doug Hughes, 2006/05/24
    - Re: Sun single-CPU DOS, Mike O'Connor, 2006/05/24
    - Re: Sun single-CPU DOS, Doug Hughes, 2006/05/26
    - Re: Sun single-CPU DOS, Mike O'Connor, 2006/05/26
    - Re: Sun single-CPU DOS, Mike O'Connor, 2006/05/26
    - Re: Sun single-CPU DOS, Doug Hughes, 2006/05/27
Code Injection via Hidden Form Field Manipulation, mtoren, 2006/05/19
Myspace Friend Train v2.8, luny, 2006/05/19
Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability, gyzmo77, 2006/05/19
POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 2006/05/19
- Re: POC exploit for freeFTPd 1.0.10, Sanjay Rawat, 2006/05/22
- Re:POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 2006/05/19
- Re: POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad, 2006/05/22
FrontRange iHeat Vulnerability, mcdanielar, 2006/05/19
XSS in orkut.com, Rohin Koul, 2006/05/19
- Re: XSS in orkut.com, Google Security Team, 2006/05/20
Gmail/Gtalk web client DoS, dan, 2006/05/19
AspBB Forum "profile.asp & default.asp" XSS Vulnerability, TeufeL Online, 2006/05/19
[Info Disclosure] Diesel PHP Job Site Latest Version, Matt Gibson, 2006/05/19
- Re: [Info Disclosure] Diesel PHP Job Site Latest Version, support, 2006/05/30
  - Re: [Info Disclosure] Diesel PHP Job Site Latest Version, GulfTech Security Research, 2006/05/31
[cosmoshop again] sql injection + view all files as admin user, innate, 2006/05/19
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload, CodeScan Labs, 2006/05/19
[Full-disclosure] Multiple Vulns in Bitrix CMS, Gogi The Georgian, 2006/05/19
Gawab.com Register Xss Bugtraq, rootter, 2006/05/19
Wargamming Network.., Dusty, 2006/05/19
RadLance Local Inclusion Exploit, Hussain Salim, 2006/05/19
HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, h4cky0u . org, 2006/05/19
OpenWiki<--v0.78 Cross-Site Scripting, LiNuX_rOOt1, 2006/05/19
Boastmachine Cross Site Scripting Vulnerability, mail, 2006/05/19
Mobotix IP Network Cameras Multiple XSS, jaime . blasco, 2006/05/19
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/19
DIMVA 2006 - Call For Participation, Thomas Biege, 2006/05/19
[Full-disclosure] Two heap overflow in libextractor 0.5.13 (rev 2832), Luigi Auriemma, 2006/05/19
Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Debasis Mohanty, 2006/05/19
- Re: Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Roman Daszczyszak, 2006/05/19
VNC_bypauth: vnc scanner multithreaded linux & windows, ad@heapoverflow.com, 2006/05/19
Newsportal <= 0.36 Remote File Inclusion Vulnerability, philipp . niedziela, 2006/05/19
Re: Zen Cart login.php SQL Injection Vulnerability, noreply, 2006/05/19
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/19
Maksymilian Arciemowicz, cxib, 2006/05/19
- Re: Maksymilian Arciemowicz, frantisek holop, 2006/05/19
[Full-disclosure] What's Up Professional Spoofing Authentication Bypass, Kenneth F. Belva, 2006/05/19
- Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass, David Maciejak, 2006/05/19
[Full-disclosure] iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@idefense.com, 2006/05/19
[Full-disclosure] Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI, 2006/05/19
vulnerability details, Arnold Grossmann, 2006/05/19
[Full-disclosure] ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen, 2006/05/19
DeluxeBB <= v1.06 attachment mod_mime exploit, rgod, 2006/05/19
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure, rgod, 2006/05/19
[Full-disclosure] UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen, 2006/05/19
The Weakness of Windows Impersonation Model, Brian L. Walche, 2006/05/19
- Re: The Weakness of Windows Impersonation Model, David Litchfield, 2006/05/19
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche, 2006/05/19
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche, 2006/05/19
    - Re: Re[2]: The Weakness of Windows Impersonation Model, Cesar, 2006/05/31
Caucho Resin Windows Directory Traversal Vulnerability, advisory, 2006/05/19
Checkpoint SYN DoS Vulnerability, sanjay naik, 2006/05/19
- Re: Checkpoint SYN DoS Vulnerability, Pawel Worach, 2006/05/19
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 2006/05/19
    - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja, 2006/05/19
    - Re: Checkpoint SYN DoS Vulnerability, Jim Clausing, 2006/05/22
    - Re: Checkpoint SYN DoS Vulnerability, Erick Mechler, 2006/05/19
    - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja, 2006/05/22
- Re: Checkpoint SYN DoS Vulnerability, Chris Brenton, 2006/05/19
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 2006/05/19
    - Re: Checkpoint SYN DoS Vulnerability, Niranjan S Patil, 2006/05/24
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 2006/05/19
- Re: Re: Checkpoint SYN DoS Vulnerability, jrh57, 2006/05/19
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik, 2006/05/19
- RE: Checkpoint SYN DoS Vulnerability, Sterling, Chuck, 2006/05/19
ScanAlert Security Advisory, Joseph Pierini, 2006/05/19
- [Full-disclosure] security open source tools require, adnan habib, 2006/05/19
  - Re: [Full-disclosure] security open source tools require, subhag ghosh, 2006/05/19
Newsportal: code injection vulnerability, newsportal, 2006/05/19
IceWarp Cross-Site Scripting(XSS), LiNuX_rOOt1, 2006/05/19
Sphider Multiple Xss Vulnerabilities, Soothackers, 2006/05/19
PhpRemoteView Multiple Xss Vulnerabilities, Soothackers, 2006/05/19
[Full-disclosure] re: RealVNC 4.1.1 Remote Compromise, plato, 2006/05/19
DeluxeBB 1.06 Remote SQL Injection Exploit, kingofska, 2006/05/19
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability, geinblues, 2006/05/19
Confixx 3.1.2 <= Code Injection, Snake_23, 2006/05/19
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 2006/05/19
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector), Leandro Meiners, 2006/05/19
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector), Leandro Meiners, 2006/05/19
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/19
tyree[at]users.sourceforge.net, tyree, 2006/05/19
Azboard <= 1.0 Multiple Sql Injections, geinblues, 2006/05/19
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit, rgod, 2006/05/19
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop', KF (lists), 2006/05/19
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection, bonsite, 2006/05/19
90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat, 2006/05/19
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat, 2006/05/22
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., Kamil Sienicki, 2006/05/22
[Full-disclosure] [USN-284-1] Quagga vulnerabilities, Martin Pitt, 2006/05/19
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Marc Schoenefeld, 2006/05/19
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, William Starling, 2006/05/19
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Leif Erik Andersen (at Seven), 2006/05/19
Is MS06-018 a DoS or a system compromise ?, Nick Boyce, 2006/05/19
- RE: Is MS06-018 a DoS or a system compromise ?, Maxime Ducharme, 2006/05/19
- RE: Is MS06-018 a DoS or a system compromise ?, Hayes, Bill, 2006/05/19
  - Re: Is MS06-018 a DoS or a system compromise ?, Nick Boyce, 2006/05/19
[Full-disclosure] Novell NDPS Remote Vulnerability (Server & Client), Ryan Smith, 2006/05/19
[Full-disclosure] [USN-274-2] MySQL vulnerability, Martin Pitt, 2006/05/19
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid), rgod, 2006/05/19
[Full-disclosure] RealVNC 4.1.1 Remote Compromise, James Evans, 2006/05/19
- RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Dixon, Wayne, 2006/05/19
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Joachim Schipper, 2006/05/19
- [Full-disclosure] Re: RealVNC 4.1.1 Remote Compromise, Dave \"No, not that one\" Korn, 2006/05/19
- Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Juha-Matti Laurio, 2006/05/19
- RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Krpata, Tyler, 2006/05/19
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Matt Venzke, 2006/05/20
[Full-disclosure] POC exploit for freeSSHd version 1.0.9, Tauqeer Ahmad, 2006/05/19
- Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9, David Maciejak, 2006/05/19
Soho firewall - OpenWRT -WhiteRussian Question, jfvanmeter, 2006/05/19
SQL-Injection in e107 allows attacker to become a site admininstrator, socsam, 2006/05/19
Gphotos Directory Traversal and Cross Site Scripting, doz, 2006/05/19
# MHG Security Team --- Gallery Upload Vulnerabilities, Dj_ReMix_20, 2006/05/13
PHP Live Helper ASP(chat.php) XSS, mster-X, 2006/05/13
Several flaws in e-business designer (eBD), Pedro AndÃjar, 2006/05/13
[Full-disclosure] [FLSA-2006:185355] Updated gnupg package fixes security issues, Marc Deslauriers, 2006/05/13
[Full-disclosure] [FLSA-2006:164512] Updated fetchmail packages fix security issues, Marc Deslauriers, 2006/05/13
[Full-disclosure] [FLSA-2006:152923] Updated xloadimage package fixes security issues, Marc Deslauriers, 2006/05/13
[Full-disclosure] [FLSA-2006:152904] Updated ncpfs package fixes security issues, Marc Deslauriers, 2006/05/13
[Full-disclosure] [FLSA-2006:152898] Updated emacs packages fix a security issue, Marc Deslauriers, 2006/05/13
[Full-disclosure] [FLSA-2006:152868] Updated tetex packages fix security issues, Marc Deslauriers, 2006/05/13
Ipswitch WhatsUp Professional multiple flaws, David Maciejak, 2006/05/13
Dovecot IMAP: Mailbox names list disclosure with mboxes, Timo Sirainen, 2006/05/12
Dokeos LDAP hole fixed, thomas . depraetere, 2006/05/12
[Full-disclosure] Socket unreachable in GNUnet rev 2780, Luigi Auriemma, 2006/05/12
[Full-disclosure] Multiple vulnerabilities in Outgun 1.0.3 bot 2, Luigi Auriemma, 2006/05/12
[Full-disclosure] Buffer-overflow and NULL pointer crash in Genecys 0.2, Luigi Auriemma, 2006/05/12
[Full-disclosure] Server crash in Empire 4.3.2, Luigi Auriemma, 2006/05/12
[Full-disclosure] Multiple vulnerabilities in Raydium rev 309, Luigi Auriemma, 2006/05/12
PHPBB 2.0.20 persistent issues with avatars, rgod, 2006/05/12
- Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski, 2006/05/19
- Re: PHPBB 2.0.20 persistent issues with avatars, s89df987 s9f87s987f, 2006/05/19
  - Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski, 2006/05/20
[Full-disclosure] RE: How secure is software X?, Ferguson, Justin (IARC), 2006/05/12
- [Full-disclosure] Re: How secure is software X?, David Litchfield, 2006/05/13
  - [Full-disclosure] Re: How secure is software X?, Mike Hoskins, 2006/05/19
TSLSA-2006-0026 - kernel, Trustix Security Advisor, 2006/05/12
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB], botan, 2006/05/12
Apple QuickDraw/QuickTime Multiple Vulnerabilities, Avert, 2006/05/12
yet more XSS in older versions of ColdFusion, zuxncwaruio, 2006/05/12
Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability, jason . gerfen, 2006/05/12
[Full-disclosure] SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure, Bernhard Mueller, 2006/05/12
[Full-disclosure] Apple QuickTime udta ATOM Heap Overflow, Sowhat, 2006/05/12
[Full-disclosure] How secure is software X?, David Litchfield, 2006/05/12
- Re: [Full-disclosure] How secure is software X?, Michael Silk, 2006/05/12
  - Re: [Full-disclosure] How secure is software X?, David Litchfield, 2006/05/12
- [Full-disclosure] Re: How secure is software X?, Adam Shostack, 2006/05/12
- [Full-disclosure] Re: How secure is software X?, Tim Newsham, 2006/05/12
- [Full-disclosure] Re: How secure is software X?, Paul B. Saitta, 2006/05/12
- Re: How secure is software X?, Fabian Becker, 2006/05/19
  - Re: How secure is software X?, Matt . Carpenter, 2006/05/19
    - Re: How secure is software X?, Duncan Simpson, 2006/05/24
  - Re: How secure is software X?, Crispin Cowan, 2006/05/24
[Full-disclosure] Kenshoto Report: IIS 6.0 Remote Exploit PoC, Kenshoto CTF, 2006/05/12
[Full-disclosure] ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability, zdi-disclosures, 2006/05/11
phpBB "charts.php" XSS and SQL-Injection, sn4k3 . 23, 2006/05/11
- Re: phpBB "charts.php" XSS and SQL-Injection, g30rg3x, 2006/05/12
- Re: phpBB "charts.php" XSS and SQL-Injection, phpbb, 2006/05/19
[Full-disclosure] [EEYEB-20060307] Apple QuickTime FPX Integer Overflow, eEye Advisories, 2006/05/11
Verizon Voicewing and Linksys PAP2-VN, securityfocus, 2006/05/11
Microsoft MSDTC NdrAllocate Validation Vulnerability, avert, 2006/05/11
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/11
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion, rgod, 2006/05/11
Re: Oracle - the last word, Steven M. Christey, 2006/05/11
- RE: Oracle - the last word, Lee Kelly, 2006/05/12
  - RE: Oracle - the last word, Iggy E, 2006/05/19
- Re: Oracle - the last word, Stefano Di Paola, 2006/05/13
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities, security, 2006/05/11
[Full-disclosure] [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen, 2006/05/11
[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution (2), Thierry Zoller, 2006/05/11
[Full-disclosure] RE: Oracle - the last word, Joseph Finley, 2006/05/11
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, Greg owens, 2006/05/11
- RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, John Stuppi (jstuppi), 2006/05/11
Kerio WinRoute Firewall Protocol Inspection Denial, SnoBMSN, 2006/05/10
[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL, 48Bits.com [I+D Team], 2006/05/10
vbulletin security Alert, aura, 2006/05/10
- Re: vbulletin security Alert, scott, 2006/05/11
PhpListPro 2.01 Remote File Include Vulnerability, SnoBMSN, 2006/05/10
- Re: PhpListPro 2.01 Remote File Include Vulnerability, not, 2006/05/26
[Full-disclosure] ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability, zdi-disclosures, 2006/05/10
mybb v1.1.1(showthread.php) SQL Injection Exploit, Breeeeh, 2006/05/10
Firefox 1.5.0.3 - DoS, p4 . werterxyz, 2006/05/10
- Re: Firefox 1.5.0.3 - DoS, Chris Horry, 2006/05/10
  - Re: Firefox 1.5.0.3 - DoS, RSnake, 2006/05/12
- Re: Firefox 1.5.0.3 - DoS, Flavio Visentin, 2006/05/12
- Re: Firefox 1.5.0.3 - DoS, Ronald van den Blink, 2006/05/19
- Re: Firefox 1.5.0.3 - DoS, marrob, 2006/05/13
- Re: Re: Firefox 1.5.0.3 - DoS, Ronald, 2006/05/19
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities, security, 2006/05/10
UBlog Remote XSS Exploit, SnoBMSN, 2006/05/10
Re: Milliscript 1.4 Multiple Vulnerabilities, webmaster, 2006/05/10
Hackmaster Group DMCounter Remote File Include, c-w-m, 2006/05/10
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability, security, 2006/05/10
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code, Brian Gallagher, 2006/05/10
[Full-disclosure] [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow, Sune Kloppenborg Jeppesen, 2006/05/10
[Full-disclosure] [ GLSA 200605-11 ] Ruby: Denial of Service, Sune Kloppenborg Jeppesen, 2006/05/10
[Full-disclosure] [ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution, Sune Kloppenborg Jeppesen, 2006/05/10
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities, Dj_ReMix_20, 2006/05/10
[Full-disclosure] Oracle - the last word, David Litchfield, 2006/05/10
IBM Websphere Application Server Multiple Vulnerabilities, SnoBmsn, 2006/05/10
[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution, Thierry Zoller, 2006/05/09
[Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode, 2006/05/09
- Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, marco . correnti, 2006/05/12
  - Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode, 2006/05/12
Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, Thilo Schulz, 2006/05/09
IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba, 2006/05/09
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Thierry Zoller, 2006/05/10
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Hugo van der Kooij, 2006/05/10
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Felipe openglx, 2006/05/13
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba, 2006/05/12
[Full-disclosure] ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability, zdi-disclosures, 2006/05/09
[Full-disclosure] [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow, eEye Advisories, 2006/05/09
[Full-disclosure] [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service, eEye Advisories, 2006/05/09
# MHG Security Team --- DuGallery V2.x SQL Injection, Dj_ReMix_20, 2006/05/09
plaNetStat Admin ByPass, alp_eren, 2006/05/09
# MHG Security Team --- OzzyWork Gallery SQL Injection, Dj_ReMix_20, 2006/05/09
tseekdir.cgi<--Local File Include, BoNy-m, 2006/05/09
- Re: tseekdir.cgi<--Local File Include, security curmudgeon, 2006/05/22
- Re: tseekdir.cgi<--Local File Include, Steven M. Christey, 2006/05/10
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/09
[Full-disclosure] ICQ Client Cross-Application Scripting (XAS), 3APA3A, 2006/05/09
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities, rgod, 2006/05/08
SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, research, 2006/05/08
- Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, Matthew Cerha, 2006/05/08
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability, admin, 2006/05/08
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago, 2006/05/08
- Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity), 2006/05/19
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, VSR Advisories, 2006/05/08
- VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, Matthew Cerha, 2006/05/08
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/08
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability, Secunia Research, 2006/05/08
[Kurdish Security # 5] phpRaid Remote File Include [SMF], botan, 2006/05/08
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB), botan, 2006/05/08
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, infocus, 2006/05/08
- Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, Andrea Rimicci, 2006/05/09
singapore v0.9.7 XSS Vulnerabilities, alp_eren, 2006/05/08
Claroline Open Source e-Learning 1.7.5 Remote File Include, beford, 2006/05/08
[Full-disclosure] [ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 2006/05/08
Multiple Vulnerabilities In IdealBB ASP Bulletin Board, CodeScan Labs, 2006/05/08
Dokeos Learning Management System 1.6.4 Remote File Include, beford, 2006/05/08
[Full-disclosure] [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Thierry Carrez, 2006/05/08
CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability, Williams, James K, 2006/05/08
Re: BankTown's ActiveX Buffer Overflow Vulnerability, lkh1348, 2006/05/08
AngelineCMS Multiple Vulnerabilities, admin, 2006/05/08
[Full-disclosure] ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability, zdi-disclosures, 2006/05/08
[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack, addmimistrator, 2006/05/08
OpenEngine (PHP CMS), ck, 2006/05/08
Phil's Bookmark script admin By-pass, alp_eren, 2006/05/08
- Re: Phil's Bookmark script admin By-pass, Steven M. Christey, 2006/05/09
- Re: Re: Phil's Bookmark script admin By-pass, theproffx, 2006/05/12
Limbo CMS (option=weblinks) SQL injection exploit, SnoBMSN, 2006/05/08
X-POLL admin By-Pass, alp_eren, 2006/05/08
[Full-disclosure] [USN-283-1] MySQL vulnerabilities, Martin Pitt, 2006/05/08
[Full-disclosure] [USN-282-1] Nagios vulnerability, Martin Pitt, 2006/05/08
[Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen, 2006/05/07
URL Bug On 1ASPHost and DomainDLX Hosting Services, spymeta, 2006/05/06
Firefox 1.5.0.3 code execution exploit, yesn, 2006/05/06
- Re: Firefox 1.5.0.3 code execution exploit, James_gmail-ij, 2006/05/10
- Re: Firefox 1.5.0.3 code execution exploit, Flavio Visentin, 2006/05/10
- Re: Firefox 1.5.0.3 code execution exploit, Daniel Veditz, 2006/05/10
- Re: Firefox 1.5.0.3 code execution exploit, Ismail Donmez, 2006/05/10
- Re: Firefox 1.5.0.3 code execution exploit, Juha-Matti Laurio, 2006/05/10
phpBB 2.0.20 Full Path Disclosure and SQL Errors, cxib, 2006/05/06
- Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski, 2006/05/11
  - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Maksymilian Arciemowicz, 2006/05/10
    - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski, 2006/05/13
Intel wireless service s24evmon.exe confidential information disclosure., ruben, 2006/05/06
Alexadex.com players.py XSS Exploit, skinnypuppy, 2006/05/06
Re: DB_eSession deleteSession() SQL injection, interact, 2006/05/06
X7Chat <= 2.0.2 avatar XSS injection, zerogue, 2006/05/06
WebsiteBaker CMS lack of sanitizing, zerogue, 2006/05/06
- Re: WebsiteBaker CMS lack of sanitizing, ryan, 2006/05/22
VisionSource CMS <= 0.6 XSS vectors, zerogue, 2006/05/06
PassMasterFlex (and PassMasterFlex+) XSS injection, zerogue, 2006/05/06
myBloggie <= 2.1.3 XSS, zerogue, 2006/05/06
FlexCustomer <= 0.0.4 sql injection, zerogue, 2006/05/06
[Full-disclosure] [ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution, Thierry Carrez, 2006/05/06
ChipmunkBoard Multiple Attack vectors, zerogue, 2006/05/06
ChipmunkBlogger improper input sanitizing, zerogue, 2006/05/06
JetBox CMS Remote File Include, beford, 2006/05/06
OpenFAQ - HTML injection and XSS (Cross Site Scripting), Kamil Sienicki, 2006/05/06
[Full-disclosure] [ GLSA 200605-05 ] rsync: Potential integer overflow, Sune Kloppenborg Jeppesen, 2006/05/06
TSLSA-2006-0024 - multi, Trustix Security Advisor, 2006/05/05
Cryptomathic ActiveX Buffer Overflow (TDC Digital signature), CIRT.DK Advisory, 2006/05/05
SaPHPLesson 3.0 Multbugs, o . y . 6, 2006/05/05
Invision Community Blog .. Bugs, o . y . 6, 2006/05/05
- Re: Invision Community Blog .. Bugs, mattmecham, 2006/05/08
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability, security, 2006/05/05
CuteNews 1.4.1 Multiple vulnerabilities, k4p0k4p0, 2006/05/05
modules name(Downloads)SQL Injection Exploit, Mster-X, 2006/05/05
- Re: modules name(Downloads)SQL Injection Exploit, Paul Laudanski, 2006/05/10
  - Re: modules name(Downloads)SQL Injection Exploit, znx, 2006/05/13
modules name(Sections)SQL Injection Exploit, Mster-X, 2006/05/05
- Re: modules name(Sections)SQL Injection Exploit, security curmudgeon, 2006/05/22
- RE: modules name(Sections)SQL Injection Exploit, Evans, Arian, 2006/05/25
WebCalendar User Account Enumeration Weakness, David Maciejak, 2006/05/05
- Re: WebCalendar User Account Enumeration Weakness, David Maciejak, 2006/05/05
[Full-disclosure] Idle scan rediscovered!!!, Joel Jose, 2006/05/05
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, leonleon77, 2006/05/04
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Tonnerre Lombard, 2006/05/06
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability, rewterz, 2006/05/04
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret, 2006/05/04
libero.it XSS vulnerability - HTML injection, Davide Denicolo, 2006/05/04
[Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret, 2006/05/04
321soft PhP Gallery 0.9 - directory travel & XSS, d4igoro, 2006/05/04
Fast Click <= 2.3.8 Remote File Inclusion, Aminrayden, 2006/05/04
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion, Aminrayden, 2006/05/04
zawhttpd - Buffer Overflow, Kamil Sienicki, 2006/05/04
PunBB 1.2.11 Cross-Site Scripting, o . y . 6, 2006/05/04
CuteGuestbook XSS attack, omnipresent, 2006/05/04
[Full-disclosure] bigwebmaster guestbook multiply XSS, Javor Ninov, 2006/05/04
[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability, rewterz, 2006/05/04
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert, 2006/05/04
ISA Server 2004 Log Manipulation, beSIRT, 2006/05/04
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey, 2006/05/05
  - Re: ISA Server 2004 Log Manipulation, beSIRT, 2006/05/05
    - Re: ISA Server 2004 Log Manipulation, Thor (Hammer of God), 2006/05/06
- Re: ISA Server 2004 Log Manipulation, Shaun Colley, 2006/05/06
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey, 2006/05/09
[Full-disclosure] [USN-280-1] X.org server vulnerability, Martin Pitt, 2006/05/04
[Full-disclosure] [USN-281-1] Linux kernel vulnerabilities, Martin Pitt, 2006/05/04
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities, security, 2006/05/03
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump, 2006/05/03
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, David F. Skoll, 2006/05/03
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Joachim Schipper, 2006/05/04
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Kurt Seifried, 2006/05/05
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump, 2006/05/06
    - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Giancarlo Razzolini, 2006/05/10
Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication., gdehanot, 2006/05/03
[Full-disclosure] [USN-279-1] libnasl/nessus vulnerability, Martin Pitt, 2006/05/03
[Full-disclosure] [USN-278-1] gdm vulnerability, Martin Pitt, 2006/05/03
Dynamic Evaluation Vulnerabilities in PHP applications, Steven M. Christey, 2006/05/03
- Re: Dynamic Evaluation Vulnerabilities in PHP applications, Michael Schlenker, 2006/05/04
[Full-disclosure] [USN-277-1] TIFF library vulnerabilities, Martin Pitt, 2006/05/03
SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023), Ludwig Nussel, 2006/05/03
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability, security, 2006/05/03
[Full-disclosure] BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park, 2006/05/03
- [Full-disclosure] BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park, 2006/05/03
[Full-disclosure] [USN-276-1] Thunderbird vulnerabilities, Martin Pitt, 2006/05/03
[Full-disclosure] Quagga RIPD unauthenticated route injection, Konstantin V. Gavrilenko, 2006/05/03
- [Full-disclosure] Re: Quagga RIPD unauthenticated route injection, Paul Jakma, 2006/05/03
[Full-disclosure] Quagga RIPD unauthenticated route table broadcast, Konstantin V. Gavrilenko, 2006/05/03
[Full-disclosure] RE: Oracle, where are the patches???, Kornbrust, Alexander, 2006/05/02
- Re: [Full-disclosure] RE: Oracle, where are the patches???, Cesar, 2006/05/03
[Full-disclosure] Hola Distro Help me, Edgardo Zavala, 2006/05/02
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution., Stefano Di Paola, 2006/05/02
MySQL Anonymous Login Handshake - Information Leakage., Stefano Di Paola, 2006/05/02
Oracle, where are the patches???, David Litchfield, 2006/05/02
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???), Michael Shigorin, 2006/05/04
Invision Gallery 2.0.6 ( SQL Injection ), o . y . 6, 2006/05/02
- Re: Invision Gallery 2.0.6 ( SQL Injection ), mattmecham, 2006/05/04
- Re: Re: Invision Gallery 2.0.6 ( SQL Injection ), an0n, 2006/05/06
[Full-disclosure] [ GLSA 200605-04 ] phpWebSite: Local file inclusion, Sune Kloppenborg Jeppesen, 2006/05/02
TyroCms beta V1.0 multiple XSS injections, zerogue, 2006/05/02
[Full-disclosure] [ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam, Sune Kloppenborg Jeppesen, 2006/05/02
[Full-disclosure] [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension, Sune Kloppenborg Jeppesen, 2006/05/02
Russcom.net Loginphp multiple vulnerabilties, zerogue, 2006/05/02
FileProtection Express <= 1.0.1 authentification bypass, zerogue, 2006/05/02
SF-Users V1.0 XSS injection, zerogue, 2006/05/02
Cmscout <= V1.10 multiple XSS attack vectors, zerogue, 2006/05/02
sBlog SQL Injection and Path Disclosure Vulnerability, admin, 2006/05/02
geoBlog Mutiple XSS Vulnerability, admin, 2006/05/02
Ejabberd : Symlink vulnerability during installation process, Julien L., 2006/05/02
- Re: Ejabberd : Symlink vulnerability during installation process, mickael . remond, 2006/05/03
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck, 2006/05/02
X7 Chat <=2.0 remote commands execution, rgod, 2006/05/02
JSBoard XSS vulnerability, Alexander Klink, 2006/05/02
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability, security, 2006/05/02
VHCS --- Virtual Hosting Control System Cross Site Scripting, outlaw, 2006/05/02
FTP Fuzzer, infocus, 2006/05/02
- Re: FTP Fuzzer, Alexey Biznya, 2006/05/03
[Full-disclosure] Oracle, where are the patches???, David Litchfield, 2006/05/02
Re: Poll: Emerging Threats, Jon R. Kibler, 2006/05/02
RE: Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo, 2006/05/01
Blog Mod <= 0.2.x SQL Injection, qex, 2006/05/01
XINE format string bugs when handling non existen file, king_purba, 2006/05/01
CoolMenus Event Remote File Inclusion exploit, AminRayden, 2006/05/01
- Re: CoolMenus Event Remote File Inclusion exploit, Steven M. Christey, 2006/05/01
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N, AminRayden, 2006/05/01
OpenBB 1.0.8 Full Path Disclosure, o . y . 6, 2006/05/01
Invision Power Board v2.1.5 Remote SQL Injection, o . y . 6, 2006/05/01
- Re: Invision Power Board v2.1.5 Remote SQL Injection, mattmecham, 2006/05/04
4images<-- 1.7.1 SQL Injection, CrAzY . CrAcKeR, 2006/05/01
Thyme 1.3 Cross Site Scripting, outlaw, 2006/05/01
Image file crashes Finder, Safari and other apps, cmertes, 2006/05/01
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, buggy, 2006/05/01
Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability, Secunia Research, 2006/05/01
free-php.net Poll 1.0 admin login, tugr, 2006/05/01
planetGallery admin login, tugr, 2006/05/01
JMK's Picture Gallery admin login, alp_eren, 2006/05/01
DMCounter Remote File Include, beford, 2006/05/01
[Full-disclosure] [ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow, Sune Kloppenborg Jeppesen, 2006/05/01