Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

November 30, 2006

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle, 23:31
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION, blueshisha, 23:31
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt, 23:01
contentserv 4.x, capt . nem0, 22:51
safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer, 22:31
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection, 22:11
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 22:11
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt, 21:40
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS, mr_kaliman, 21:30
[Full-disclosure] [ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez, 20:20
[Full-disclosure] [USN-390-1] evince vulnerability, Kees Cook, 19:39
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 19:09
Secunia Research: MailEnable IMAP Service Two Vulnerabilities, Secunia Research, 18:49
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities, security, 16:58
[Full-disclosure] iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs, 16:37
[Full-disclosure] msf3 3Com TFTP exploit, Kurt Grutzmacher, 14:16
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle, 10:45

November 29, 2006

Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, Stuart Moore, 20:19
[Full-disclosure] [USN-389-1] GnuPG vulnerability, Kees Cook, 20:19
Potentially OT: AJAX article, clappymonkey, 20:19
[Aria-Security Team] FipsSHOP SQL Injection, Advisory, 19:59
[Full-disclosure] [USN-388-1] KOffice vulnerability, Kees Cook, 19:28
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks, 19:28
New Windows tool - PWDumpX v1.0, Reed Arvin, 19:08
RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Shawn Fitzgerald, 18:58
OWASP JBroFuzz 0.3 Fuzzer Released!, subere, 18:38
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability, jesper . jurcenoks, 18:18
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability, Mike Prosser, 18:08
Multiple Vulnerabilities in AlternC version 0.9.5, Vincent A.Menard, 18:08
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability, Secunia Research, 17:48
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security, 17:37
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 17:07
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, philip anselmo, 16:47
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, raven, 15:57
[Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 15:16
b2evolution Remote File inclusion Vulnerability, tarkus, 15:06
[Full-disclosure] iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability, iDefense Labs, 13:15
Re: [Full-disclosure] ProFTPD mod_tls pre-authentication buffer overflow, Mark Wadham, 11:03
Re: [Full-disclosure] New report on Teredo security, Jeroen Massar, 01:39

November 28, 2006

[Full-disclosure] New report on Teredo security, Jim Hoagland, 23:58
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, yalnifj, 22:37
b2evolution XSS Vulnerabilities, tarkus, 18:35
[Full-disclosure] [USN-387-1] Dovecot vulnerability, Kees Cook, 18:25
[Full-disclosure] [ GLSA 200611-23 ] Mono: Insecure temporary file creation, Raphael Marichez, 18:15
[Full-disclosure] [ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability, Raphael Marichez, 17:44
[Full-disclosure] [ GLSA 200611-24 ] LHa: Multiple vulnerabilities, Raphael Marichez, 17:34
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, Mefisto, 17:24
TSLSA-2006-0066 - multi, Trustix Security Advisor, 16:14
evince buffer overflow exploit (gv), kspecial, 15:43
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 15:43
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steven M. Christey, 14:33
Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, Jon Hart, 14:23
[Full-disclosure] ProFTPD mod_tls pre-authentication buffer overflow, research, 06:49
Re: [WEB SECURITY] The state of JavaScript Hacking, bugtraq, 03:58
uPhotoGallery (v 1.1) SQL Injection, Advisory, 03:08
CVE-2006-5815: remote code execution in ProFTPD, John Morrissey, 02:27
GnuPG 1.4 and 2.0 buffer overflow, Werner Koch, 02:07
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, research, 01:47
ClickContact SQL Injection, Advisory, 01:07
AIDE problem handling symlinks, fryxar fryxar, 00:56

November 27, 2006

Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield, 23:46
[Full-disclosure] [USN-386-1] ImageMagick vulnerability, Kees Cook, 23:36
2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (AT), 22:45
RE: Cracking String Encryption in Java Obfuscated Bytecode, Jeremy Epstein, 22:35
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, sflist, 22:15
[Full-disclosure] [USN-385-1] tar vulnerability, Kees Cook, 21:35
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, Francesco Laurita, 19:54
[Full-disclosure] ProFTPD 1.3.0 remote stack overflow, research, 19:33
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, x___ . _, 19:13
Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit), str0ke, 18:52
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 18:32
CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo, 18:22
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), liuqx, 18:12
Re: [Full-disclosure] The state of JavaScript Hacking, Martin Johns, 16:40
VMware 5.5.1 Local Buffer Overflow (HTML Exploit), NormandiaN_MailID, 16:30
ClickGallery Sql Injection, Advisory, 16:20
Clickblog Sql Injection, Advisory, 16:10
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename), liuqx, 16:10
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Tim Newsham, 15:50
[Full-disclosure] rPSA-2006-0219-1 info install-info texinfo, rPath Update Announcements, 14:29
[Full-disclosure] rPSA-2006-0218-1 ImageMagick, rPath Update Announcements, 14:19
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability, Advisory, 14:08
[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability, Advisory, 13:48
[Full-disclosure] The state of JavaScript Hacking, pdp (architect), 12:58
[Full-disclosure] MHL-2006-003 Public Advisory: "mboard" file creation issue, Mayhemic Labs Security, 08:46
[Full-disclosure] [ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen, 06:05
[Full-disclosure] [ GLSA 200611-22 ] Ingo H3: Folder name shell command injection, Sune Kloppenborg Jeppesen, 05:45

November 26, 2006

[Full-disclosure] iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability, iDefense Labs, 17:40
[Full-disclosure] iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs, 17:30
[Full-disclosure] Mambo component "jambook" Html injection Vulnerability, 0o_zeus_o0 elitemexico.org, 17:20

November 25, 2006

mAlbum v0.3 local file inclusion, tux025, 18:52
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God), 18:42
Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky, 17:31
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl, 17:21
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 17:11
Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer, 15:00
Free tool for pattern identification (for researchers), Gary Golomb, 14:50
Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz, 14:40
Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74, 14:30
Siap Cms Sql Injection (login.asp), nagazakig74, 14:20
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God), 14:10
Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin, 13:50
[Full-disclosure] AttackAPI 2.0 alpha, pdp (architect), 13:09

November 24, 2006

Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise, 21:54
New Windows tool - NBTEnum 3.3, Reed Arvin, 21:23
DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar, 21:03
WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory, 20:53
CPanel 11 Multiple Cross-Site Scription, Advisory, 20:43
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child, 20:23
[Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory, 19:33
Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig, 18:52
[Full-disclosure] [ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen, 18:02
Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij, 17:21
[Full-disclosure] [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen, 17:11
[Aria-Security Team] iNews News Manager SQL Injection, Advisory, 17:01
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory, 16:21
[Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory, 16:01
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory, 15:30
Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto, 15:10
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst, 14:50
Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET, 14:39
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory, 14:39
Wolflab Burning Board Lite 1.0.2 two sql injections, retrog, 14:29
mmgallery Multiple vulnerabilities, saudi, 14:09
Cross site scripting & fullpath disclosure, saudi, 13:59
Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico, 13:39
[Full-disclosure] [ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen, 10:58

November 23, 2006

Cracking String Encryption in Java Obfuscated Bytecode, subere, 21:02
Active PHP Bookmarks (apb.php) Remote file include, philip anselmo, 20:22
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories, 18:41
[Full-disclosure] [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen, 18:31
Re: *BSD banner INT overflow vulnerability, admin, 17:31
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security, 17:11
Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include, webmaster, 17:11
Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio, 16:20
Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A, 16:10
Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI, 15:20
Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell, 14:59
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc, 14:49
CFP - VII National Computer and Information Security Conference, Jeimy Cano, 14:49
NVIDIA nView (keystone) local Denial Of service, no-reply, 14:29
Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik, 13:59

November 22, 2006

Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on, 21:32
XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14, 21:12
Perl proxy checker using samair.ru, Iko Riyadi, 21:12
CONFidence 2007 CFP, andrzej . targosz, 21:02
Re: *BSD banner INT overflow vulnerability, Bob Beck, 20:31
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito, 20:11
Re: Re: *BSD banner INT overflow vulnerability, evilrabbi, 19:10
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito, 19:00
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security, 18:50
Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato, 18:10
Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim, 17:39
"Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover, 15:38
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 15:18
Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti, 14:37
*BSD banner INT overflow vulnerability, Gruzicki Wlodek, 13:57
Re: *BSD banner INT overflow vulnerability, Steve Shockley, 13:47
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research, 13:17
RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K, 12:51

November 21, 2006

Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni, 23:42
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team, 22:00
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 21:50
RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K, 21:50
Vulnerability in PostNuke, sni-labs, 21:29
Clarifying integer overflows vs. signedness errors, Steven M. Christey, 20:59
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 20:38
JiRos Links Manager[injection sql & xss permanent], saps . audit, 19:58
creadirectory [injection sql & xss], saps . audit, 19:28
Link Exchange Lite [injection sql], saps . audit, 19:07
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin, 18:27
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge, 17:57
aBitWhizzy [local file include], saps . audit, 17:26
[Full-disclosure] [USN-381-1] Firefox vulnerabilities, Kees Cook, 17:26
[Full-disclosure] [USN-382-1] Thunderbird vulnerabilities, Kees Cook, 17:16
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research, 17:06
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit, 16:46
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev, 15:45
[KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani, 15:15
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories, 15:05
Re: [Full-disclosure] [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research, 14:55
Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl, 14:45
Which is more secure? Oracle vs. Microsoft, David Litchfield, 14:35
[Full-disclosure] [ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen, 13:04
[Full-disclosure] [ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen, 12:23
The Classified Ad System [multiple xss & injection sql], saps . audit, 06:11
[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security, 05:51
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r, 04:50
Re: GPhotos 1.5 Multiple vulnerabilities, packet, 04:00
Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 03:30
Classified System [injection sql], saps . audit, 02:49
my little weblog => Cross Site Scripting, the_3dit0r, 01:59
mAlbum v0.3 Multiple vulnerabilitizzz, tux025, 01:19
Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r, 00:08

November 20, 2006

[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security, 23:28
BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r, 23:08
[Full-disclosure] [USN-384-1] OpenLDAP vulnerability, Kees Cook, 22:27
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r, 22:27
Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 22:17
The Week of Oracle Database Bugs, Cesar, 21:17
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security, 20:56
LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r, 20:56
Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r, 20:06
mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r, 19:46
mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r, 19:36
iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r, 19:16
enomphp => 4.0 Remote Traversal Directory, the_3dit0r, 19:05
klf-realty [injection sql], saps . audit, 18:45
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r, 18:25
dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r, 18:04
[Full-disclosure] [ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen, 17:54
[Full-disclosure] [ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 17:44
Shopping_Catalog Remote File Include exploit, the_3dit0r, 17:34
RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen, 17:34
[Full-disclosure] [ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen, 17:34
[Full-disclosure] [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:14
gNews Publisher SQL Injection Vulnerabilites, Advisory, 16:53
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r, 16:53
Rialto 1.6[admin login bypass & multiples injections sql], saps . audit, 16:33
eClassifieds [injection sql], saps . audit, 16:23
Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 16:13
PHPOLL => 0.96 Cross Site Scripting, the_3dit0r, 16:03
ehomes [multiples injections sql], saps . audit, 15:53
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt, 15:33
PhpBB Module Dimension Remote File Include, bluespy . ok, 15:23
Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r, 15:12
Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit, 15:02
Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info, 14:52
Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis, 14:32
Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen, 14:12

November 18, 2006

Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, security-list, 20:25
Re: Phpjobscheduler 3.0 - Multiple Remote File Include, str0ke, 20:15
GPhotos 1.5 Multiple vulnerabilities, tux025, 20:05
Re: Phpjobscheduler 3.0 - Multiple Remote File Include, Stefano Zanero, 19:25
Re: A-Cart PRO SQL Injection, gmdarkfig, 19:15
Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, gmdarkfig, 18:54
A-Cart 2.0 SQL Injection, Advisory, 17:44
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite, Advisory, 16:53
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues, admin, 16:33
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, Advisory, 16:13
PhpBB Module Dimension Remote File Include, bluespy . ok, 15:53
BLOG:CMS <= 4.1.3 XSS, katatafish, 15:43
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 15:43
Vikingboard (0.1.2) [ multiples vulnerability ], saps . audit, 15:33
Drone Armies C&C Report - 17 Nov 2006, c2report, 15:23
Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection, gmdarkfig, 15:03
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues, admin, 14:32
A-Cart PRO SQL Injection, Advisory, 14:22
[Full-disclosure] Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING, pagvac, 11:21

November 17, 2006

[Full-disclosure] linksys wrt54g v5 authentication bypass fixed, Ginsu Rabbit, 22:36
Re: dev_wms => 1.5 Remote File Include Vulnerabilities, Stefano Zanero, 22:36
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability, security, 22:16
Infinitytechs Restaurants CM, saps . audit, 21:56
Re: Airmagnet management interfaces multiple vulnerabilities, ckuan, 21:46
Re: blogcms => 4.0.0 Remote File Include, Stefano Zanero, 21:25
Dating Site [ login bypass & xss], saps . audit, 20:35
MosReporter Joomla Component Remote File Inclusion Exploi, crackers_child, 20:15
XSS vBulletin 3.6.X Admin Control Painel, insanity, 19:54
20/20 datashed [ multiples injection sql ], saps . audit, 19:44
igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote, info, 19:04
Aspmforum [ multiples injection sql (get&post)], saps . audit, 18:44
Sphpblog => 0.8 Remote File Include Vulnerabilities, the_3dit0r, 18:24
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Reversemode, 18:14
TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability, liuqx, 17:53
20/20 real estate [ multiples injection sql ], saps . audit, 17:33
20/20 auto gallery [ multiples injection sql ], saps . audit, 17:13
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory], Advisory, 17:03
Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), dean, 15:52
TSLSA-2006-0065 - libpng, Trustix Security Advisor, 15:32
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS), security-alert, 15:02
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png), OpenPKG, 14:32
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities, security, 14:22
[Full-disclosure] [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 10:10
[Full-disclosure] [ GLSA 200611-09 ] libpng: Denial of Service, Sune Kloppenborg Jeppesen, 09:39
[Full-disclosure] [USN-383-1] libpng vulnerability, Kees Cook, 06:58
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities, security, 05:47
Active News Manager [ injection sql (post&get)], saps . audit, 05:27
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd), OpenPKG, 04:57
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities, security, 04:37
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities, security, 04:27
Kerio WebSTAR local privilege escalation, K F (lists), 04:17
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities, security, 03:57
Pilot Cart V.7.2 [ injection sql (post) ], saps . audit, 03:16
Storystream => 4.0 Remote File Include Vulnerability Exploit, the_3dit0r, 03:06
RED Blog => Remote File Include Vulnerability Exploit, the_3dit0r, 02:46
blogcms => 4.0.0 Remote File Include, the_3dit0r, 02:36
ASPintranet SQL Injection, Advisory, 02:16
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit, the_3dit0r, 02:06
Image gallery with Access Database SQL Injection, Advisory, 01:56
UK Security Convention - Continuity 2006, Manchester 2600, 00:55
RE: VBulletin DoS Exploit [ all Versions ], Bart Seresia, 00:45
Secunia Research: Panda ActiveScan Multiple Vulnerabilities, Secunia Research, 00:35
eggblog=> 3.1.0 Cross Site Scripting, the_3dit0r, 00:25
Hot Links download backup authorized vulnerabilities (re-post with some edit), hack2prison, 00:15

November 16, 2006

worksystem => Remote File Include Vulnerability Exploit, the_3dit0r, 23:55
ASP Cart [multiples injection sql (post & get)], saps . audit, 23:35
Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include, AG- Spider, 23:35
BlogTorrent-preview => 0.92 Cross Site Scripting, the_3dit0r, 23:24
Sphpblog => 0.8 Cross Site Scripting, the_3dit0r, 23:14
i-Gallery 3.4 Cross Site Scripting, Advisory, 23:04
Myphotos => Remote File Include Vulnerability Exploit, the_3dit0r, 22:34
Helm Cross Site Scripting, Advisory, 22:24
BaalAsp forum [login bypass ,injections sql(post), xss(post)], saps . audit, 22:14
CandyPress Store[ multiples injection sql ], saps . audit, 22:03
Vulnerabilities in Client Service for NetWare, Avert, 21:53
Whitepaper: Implementing and Detecting a PCI Rootkit, John Heasman, 21:43
eShopping Cart [injection sql], saps . audit, 21:23
Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Marcello Barnaba, 21:13
Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), revenge, 20:52
discloser => 0.0.4 Remote File Include Vulnerability Exploit, the_3dit0r, 20:32
dev_wms => 1.5 Remote File Include Vulnerabilities, the_3dit0r, 20:22
Re: Apple Safari "match" Buffer Overflow Vulnerability, J. Oquendo, 19:52
Secunia Research: MDaemon Insecure Default Directory Permissions, Secunia Research, 19:42
Chetcpasswd 2.x: multiple vulnerabilities, riclem, 19:11
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues, admin, 18:11
Bloo => 1.00 Remote File Include Vulnerability, the_3dit0r, 17:51
OdysseusBlog => 1.0.0 Cross Site Scripting, the_3dit0r, 17:20
PhpMyAdmin all version [multiples vulnerability], saps . audit, 16:50
Hot Links download backup authorized vulnerabilities, hack2prison, 16:40
discloser => 0.0.4 Remote File Include Vulnerabilities, the_3dit0r, 15:59
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection, Advisory, 15:39
MetaCart e-Shop [multiples injection sql (get & post)], saps . audit, 15:19
E-commerce Kit 1 PayPal Edition [ injection sql ], saps . audit, 15:09
Bloo => 1.00 Cross Site Scripting, the_3dit0r, 14:49
Re: [Full-disclosure] FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Lucas Holt, 13:38
[Full-disclosure] rPSA-2006-0211-1 libpng, rPath Update Announcements, 10:06
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability, security, 04:04
Helm Cross-Site Scripting (XSS), Advisory, 03:13
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research, 02:33
E-Calendar Pro 3.0 [ login bypass & injection sql (post)], saps . audit, 02:03

November 15, 2006

[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability, security, 23:30
TSLSA-2006-0063 - multi, Trustix Security Advisor, 23:00
[Full-disclosure] ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability, zdi-disclosures, 21:50
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo), OpenPKG, 19:08
MultiCalendars [ multiples injection sql ], saps . audit, 15:46
[Full-disclosure] TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 14:56
[Full-disclosure] FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 14:55
[Full-disclosure] DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 14:45
[Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 14:45
Dragon calendar [ login bypass & injection sql ], saps . audit, 14:25
Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner, 12:04
hpecs shopping cart[login bypass & injection sql (post)], saps . audit, 00:39
A-Cart pro[ injection sql (post&get)], saps . audit, 00:18

November 14, 2006

A+ Store E-Commerce[ injection sql & xss (post) ], saps . audit, 23:58
[Full-disclosure] Links smbclient command execution, Teemu Salmela, 23:38
EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, eEye Advisories, 23:18
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux], K F (lists), 22:27
[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'], K F (lists), 22:07
Property Site Manager [login bypass ,multiples injection sql & xss (get)], saps . audit, 20:46
Blogme v3 [admin login bypass & xss (post)], saps . audit, 20:36
Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner, 20:26
FunkyASP Glossary v1.0 [injection sql], saps . audit, 20:16
Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php), navairum, 19:55
Evolve Merchant[ injection sql ], saps . audit, 19:35
Car Site Manager [injection sql & xss (get)], saps . audit, 19:25
Inventory Manager [injection sql & xss (get)], saps . audit, 19:05
[Full-disclosure] ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability, zdi-disclosures, 18:45
Apple Safari "match" Buffer Overflow Vulnerability, jbh_cg, 17:54
BPG Content Management System SQL Injection, Advisory, 17:34
Engine Manager SQL Injection, Advisory, 17:24
ECommerce Store Shop Builder, Advisory, 17:03
[Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, zdi-disclosures, 16:43
eShopping SQL Injection, Advisory, 16:33
Ustore SQL Injection, Advisory, 16:13
Re: [Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Glynn Clements, 15:52
WWWeb Cocepts SQL Injection, Advisory, 15:52
SiteXpress SQL Injection, Advisory, 15:22
[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Stefan Esser, 15:12
ASPintranet SQL Injection, Advisory, 15:12
Real Estate Listing System SQL Injection, Advisory, 14:52
Re: GNU gv Stack Overflow Vulnerability, Noam Rathaus, 02:35
Re: [Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick FitzGerald, 02:05
Re: Wordpress File Inclusion, Expanders, 02:05
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit, ajannhwt, 01:25
New Bug MiniBB Forum <= 2 Remote File Include (index.php), philip anselmo, 01:05
[Full-disclosure] VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue, VMware Security team, 00:45
[Full-disclosure] VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2, VMware Security team, 00:34
[Full-disclosure] VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2, VMware Security team, 00:34
Challenges faced by automated web application security assessment tools, bugtraq, 00:34
[Full-disclosure] VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1, VMware Security team, 00:34
SinFP 2.04 release, works under Windows, GomoR, 00:04

November 13, 2006

Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt, 23:53
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4, VMware Security team, 23:43
DirectAdmin Multiple Cross Site Scription, Advisory, 23:23
Challenges faced by automated web application security assessment tools, bugtraq, 23:23
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability, ajannhwt, 22:33
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit, ajannhwt, 22:02
Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, Noam Rathaus, 21:52
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt, 21:32
CPanel Multiple Cross Site Scription, Advisory, 21:12
[Full-disclosure] [ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities, Raphael Marichez, 21:01
Re: [Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez, 20:51
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability, ajannhwt, 20:51
[Full-disclosure] [ GLSA 200611-08 ] RPM: Buffer overflow, Raphael Marichez, 20:41
[Full-disclosure] [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows, Raphael Marichez, 20:41
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability, ajannhwt, 20:31
Phpdebug 1.1.0 - Remote File Include by Firewall, Firewall1954, 20:11
Phpjobscheduler 3.0 - Multiple Remote File Include, Firewall1954, 19:50
Digipass Go3 Token Dumper (at least for 2006), fcollyer, 19:30
Web Interface remote file inclusion, navairum, 19:10
VBulletin DoS Exploit [ all Versions ], root, 19:10
Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", rvirtue, 18:49
infinicart [ multiples injection sql & xss (post) ], saps . audit, 18:29
shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit, crackers_child, 18:29
XSS in Email Signature Script, miladkaleh, 18:09
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit, ajannhwt, 17:29
Re: Wordpress File Inclusion, emc3, 17:29
Re: feedsplitter considered harmful, wmodes, 17:19
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability, ajannhwt, 17:19
NuRems 1.0 Remote XSS/SQL Injection Exploit, ajannhwt, 16:58
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick Boyce, 16:57
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit, ajannhwt, 16:37
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability, ajannhwt, 16:27
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit, ajannhwt, 16:07
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit, ajannhwt, 15:47
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure], benjilenoob, 15:47
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue, admin, 15:27
TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability, stormhacker, 15:27
Wordpress File Inclusion, vannovax, 15:17
Mega Mall [ multiples injection sql & full path disclosure ], saps . audit, 15:17
Exophpdesk V1.2 - Remote File Include, firewall1954, 14:56
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, philipp . niedziela, 14:36
[Full-disclosure] Team Evil - Incident #2, beSIRT, 14:16
encapscms 0.3.6 - Remote File Include by Firewall, firewall1954, 14:16
[Full-disclosure] AVG Anti-Virus - Arbitrary Code Execution (remote), security, 13:05
[Full-disclosure] [FLSA-2006:211760] Updated gzip package fixes security issues, David Eisenstein, 05:22
[Full-disclosure] ELOG Web Logbook Remote Denial of Service Vulnerability, OS2A BTO, 04:12

November 12, 2006

[Full-disclosure] Old SAP exploits, Nicob, 16:46

November 10, 2006

[Full-disclosure] [USN-380-1] Avahi vulnerability, Kees Cook, 23:49
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit, corrado . liotta, 17:05
[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, corrado . liotta, 16:15
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap), OpenPKG, 15:24
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 15:14
[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability, zdi-disclosures, 15:04
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities, security, 14:54
[Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez, 12:32

November 09, 2006

[Full-disclosure] rPSA-2006-0207-1 openssh openssh-client openssh-server, rPath Update Announcements, 22:36
[Full-disclosure] rPSA-2006-0206-1 firefox thunderbird, rPath Update Announcements, 22:36
[Full-disclosure] rPSA-2006-0205-1 php php-mysql php-pgsql, rPath Update Announcements, 22:36
[Full-disclosure] rPSA-2006-0204-1 kernel, rPath Update Announcements, 22:36
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert, 20:35
Wheatblog [multiple xss (post) & full path disclosure], saps . audit, 20:25
LandShop Real Estate [multiple injection sql & xss], saps . audit, 19:55
GNU gv Stack Overflow Vulnerability, Renaud Lifchitz, 19:35
bitweaver <=1.3.1 [injection sql (post) & xss (post)], saps . audit, 19:24
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability, security, 19:14
omnistar article manager [multiples injection sql], saps . audit, 18:54
Re: [Full-disclosure] Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob, 18:44
[Full-disclosure] [ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities, Matthias Geerdsen, 18:34
[Full-disclosure] [USN-379-1] texinfo vulnerability, Kees Cook, 17:13
[Full-disclosure] ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow, zdi-disclosures, 15:32
[Full-disclosure] iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, iDefense Labs, 15:01
Antwort: Joomla 1.0.11 Remote File Include, srunschke, 00:15

November 08, 2006

FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive, FreeBSD Security Advisories, 23:04
FreeWebshop <=2.2.2 [local file include & xss], saps . audit, 22:44
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research, 22:03
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities, security, 21:43
Speedwiki 2.0 Arbitrary File Upload Vulnerability, saps . audit, 21:03
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability, h4ck3riran, 20:33
Abarcar Realty Portal [injection sql], saps . audit, 19:02
Re: Hotmail and Windows Live Mail XSS Vulnerabilities, HASEGAWA Yosuke , 18:32
phpsatk => Remote File Include Vulnerability EXploit, h4ck3riran, 17:51
Portix-PHP [login bypass & xss (post)], saps . audit, 17:41
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability, security, 16:30
Y.A.N.S sql injection, navairum, 16:10
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability, ajannhwt, 16:00
[Full-disclosure] TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability, TSRT, 15:40
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities, ajannhwt, 15:30
[Full-disclosure] iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs, 15:10
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities, security, 14:59
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006, Manh Tho, 14:39
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh), OpenPKG, 14:29
[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error, security, 14:19
[Full-disclosure] iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities, iDefense Labs, 12:47
[Full-disclosure] Lotus Notes pre-login User.ID key leak, Andrew Christensen, 10:57
Re: [Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 00:32

November 07, 2006

XSS in Kayako SupportSuite v3.00.32, hacker hackers, 21:10
[Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez, 20:09
Minimizing error cascades in vulnerability information management, Steven M. Christey, 19:08
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability, security, 18:48
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, jesper . jurcenoks, 18:48
Re: IE7 website security certificate discrediting exploit, inge_eivind . henriksen, 18:28
News publication system remote File include, navairum, 18:08
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities, security, 16:27
GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability, skulmatic, 16:06
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability, security, 15:56
Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, simo64, 14:45
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob, 14:25
[Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow, Joxean Koret, 07:22
[Full-disclosure] WarFTPd 1.82.00-RC11 Remote Denial Of Service, Joxean Koret, 07:22
[Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow, Joxean Koret, 07:12
[Full-disclosure] DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, Jesper Jurcenoks, 04:11

November 06, 2006

IE7 website security certificate discrediting exploit, inge_eivind . henriksen, 22:08
Re: Firefox 1.5.0.7 Exploit, Lubomir Kundrak, 21:17
[Full-disclosure] [USN-376-2] imlib2 regression fix, Kees Cook, 20:57
Re: Firefox 1.5.0.7 Exploit, OOZIE, 20:57
VulnDisco Pack for Metasploit, Evgeny Legerov, 20:37
Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, broken-proxy, 20:27
Hotmail and Windows Live Mail XSS Vulnerabilities, applesoup, 20:06
XSS Vulnerability in Zend Framework Preview 0.2.0, security, 19:46
Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New), ajannhwt, 18:46
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues, admin, 18:15
TSLSA-2006-0061 - multi, Trustix Security Advisor, 18:15
Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server, ProCheckUp Research, 17:45
Joomla 1.0.11 Remote File Include, root, 17:25
MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-, 17:15
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss], saps . audit, 17:05
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jerome Athias, 16:55
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability, erdc, 16:44
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability, erdc, 16:24
Re: @cid stats v2.3 File Include, Heiko Wundram, 16:24
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability, erdc, 16:04
Mail Drives Security Considerations, darkz . gsa, 16:04
[Full-disclosure] ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability, zdi-disclosures, 15:54
[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability, erdc, 15:44
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jan Heisterkamp, 15:34
PHP Rapid Kill All Version File Injection, null_hack, 15:23
Stanford university SCARF user editing, navairum, 15:13
Article Script v1.*and v1.6.3 Sql injection, liz0, 15:03
@cid stats v2.3 File Include, mahmood ali, 14:42
[Full-disclosure] [ GLSA 200611-02 ] Qt: Integer overflow, Matthias Geerdsen, 11:31
Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes, 06:19

November 05, 2006

Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Joshua Gimer, 14:42

November 04, 2006

Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan, 19:24
IF-CMS multiples XSS vunerabilities, saps . audit, 17:53
Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, saps . audit, 17:43
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues, admin, 17:03
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind), OpenPKG, 16:22
Web Directory Pro bypass Vulnerabilities, hack2prison, 16:02
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php), OpenPKG, 15:42
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Paul Laudanski, 15:32
MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, admin, 15:12
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby), OpenPKG, 14:52
Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Thierry Zoller, 10:50
Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan, 01:57
[Full-disclosure] [USN-378-1] RPM vulnerability, Kees Cook, 00:56

November 03, 2006

[Full-disclosure] [USN-377-1] NVIDIA vulnerability, Kees Cook, 22:45
[Full-disclosure] [USN-376-1] imlib2 vulnerabilities, Kees Cook, 21:35
[Full-disclosure] ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability, zdi-disclosures, 19:34
XSS in script Mobile, m-0-t, 19:14
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 18:54
SIMPLOG 0.9.3 injection sql & multiple xss, saps . audit, 18:33
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, harrisonholland, 16:22
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales, 16:12
Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A, 16:02
Re: Firefox 1.5.0.7 Exploit, Martin Pitt, 15:42
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities, security, 15:32
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue, security, 15:11
Re: phpMyConferences <= 8.0.2 Remote File Inclusion, Steven M. Christey, 15:01
EUSecWest/London CFP extended to Nov. 7, Dragos Ruiu, 14:51
[Full-disclosure] [ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability, Matthias Geerdsen, 11:09

November 02, 2006

Re: [Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes, 21:40
Re: Firefox 1.5.0.7 Exploit, Bram Dumolin, 21:30
RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Richard Stanway, 21:20
Re: Firefox 1.5.0.7 Exploit, Robert McGrew, 21:10
[Full-disclosure] Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability, Stefan Esser, 21:00
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä, 20:49
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä, 20:29
Educational write-up by Amit Klein: "A Refreshing Look at Redirection", Amit Klein, 20:09
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS), security-alert, 18:48
iodine client 0.3.2 buffer overflow, poplix, 17:48
Firefox 1.5.0.7 Exploit, koenig, 17:38
[Full-disclosure] [USN-375-1] PHP vulnerability, Martin Pitt, 17:27
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], securfrog, 17:07
[Full-disclosure] Internet Explorer 7.0 mhtml stack overflow, noreply, 08:53
[Full-disclosure] Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00, Nicob, 08:23
[Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability, Stefan Esser, 06:53

November 01, 2006

[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege, security-alert, 21:39
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access, security-alert, 20:28
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution, security-alert, 20:08
[Full-disclosure] Internet Explorer 7 - Still Spyware Writers' Heaven, avivra, 19:57
Re: PLS-Bannieres 1.21 (bannieres.php) File Include, Stefano Zanero, 19:57
[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert, 19:37
rPSA-2006-0202-1 tshark wireshark, rPath Update Announcements, 19:17
Outpost Insufficient validation of 'SandBox' driver input buffer, Matousec - Transparent security Research, 18:57
tikiwiki 1.9.5 mysql password disclosure & xss, securfrog, 18:16
[Full-disclosure] [USN-374-1] wvWare vulnerability, Kees Cook, 16:45
Asterisk Local and Remote Denial of Service vulnerability, sil, 16:14
Re: phpLedAds 2.0(dir) File Include, Stefano Zanero, 15:44
Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion, 15:33
[Full-disclosure] [USN-373-1] mutt vulnerabilities, Kees Cook, 15:33
[Full-disclosure] [USN-371-1] Ruby vulnerability, Kees Cook, 13:42
[Full-disclosure] [USN-370-1] screen vulnerability, Kees Cook, 13:42
Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A, 13:22
Re: Re: Simple Machines Forum (SMF) XSS issue, oldiesmann, 13:02
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0, security, 12:52
[Full-disclosure] [USN-369-2] postgresql-8.1 vulnerabilities, Martin Pitt, 09:10
[Full-disclosure] [USN-372-1] imagemagick vulnerability, Martin Pitt, 09:10