Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

January 31, 2007

Re: Defeating CAPTCHAs via Averaging, Lou Katz, 19:32
Technika - Attack Scripting Environment, pdp (architect), 19:12
Re: [Full-disclosure] stompy the session stomper - tool availability, Michal Zalewski, 18:22
BBED - Oracle Block Browser and Editor, pete, 18:12
Windows Vista and unexported kernel symbols (Part II, 32bits version), Matthieu Suiche, 17:51
[Full-disclosure] [ GLSA 200701-27 ] ELinks: Arbitrary Samba command execution, Raphael Marichez, 17:01
[Full-disclosure] [ GLSA 200701-26 ] KSirc: Denial of Service vulnerability, Raphael Marichez, 16:51
[Full-disclosure] [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access, Raphael Marichez, 16:51
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron, 15:30
Re: Defeating CAPTCHAs via Averaging, Fred Leeflang, 15:20
Re: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Casey Marshall, 15:00
[ECHO_ADV_63$2007] Cadre remote file inclusion, y3dips, 14:50
Oracle 10g R2 Enterprise Manager Directory Traversal, NGS Software Insight Security Research, 12:28
Remote Unauthenticated Resource Exhaustion CA Mobile BackupService, NGS Software Insight Security Research, 12:18
Remote DOS BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research, 12:08
OWASP JBroFuzz 0.4 Fuzzer Released!, subere, 12:08
Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops, NGS Software Insight Security Research, 11:58
Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup, NGS Software Insight Security Research, 11:48
[Full-disclosure] 2007 Security OPUS CFP: Closed (Agenda included), Sharkey, 08:57

January 30, 2007

Re: BOGUS: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Mailinglists Address, 18:01
[ MDKSA-2007:030 ] - Updated bind packages fix DoS vulnerabilities, security, 17:41
Re: Defeating CAPTCHAs via Averaging, Alexander Klimov, 15:39
Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, trzindan, 15:29
EncapsCMS 0.3.6 (common_foot.php) Remote File Include, trzindan, 15:19
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001, 13:07
PhP Generic library & framework (include_path) Remote File Include Exploit, umutc4n, 13:07
Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, Francesco Laurita, 12:37
RBL - ASP (scripts with db) SQL injection, sn0oPy . team, 12:27
rPSA-2007-0020-2 rmake, rPath Update Announcements, 12:07
COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched), Coseinc, 12:07
Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, Clay Seaman-Kossmeyer, 01:12

January 29, 2007

Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, Clay Seaman-Kossmeyer, 21:50
RBL - ASP (scripts with db) SQL injection, sn0oPy . team, 20:29
[Full-disclosure] [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue, Uwe Hermann, 20:19
VII National Computer and Information Security Conference ACIS 2007 - COLOMBIA, Jeimy Cano, 20:09
Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Stefano Zanero, 19:19
Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, 3B.Security Researcher, 19:08
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Simple Nomad, 18:08
Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, shatter, 18:08
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero, 17:37
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects, Chris Travers, 17:17
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Gadi Evron, 16:57
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 16:47
Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder, 16:27
Re: Phorum HTML Injection Vulnerability, brian, 16:06
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 16:06
AdMentor (banners) admin SQL injection, sn0oPy . team, 15:46
gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, trzindan, 15:36
Phorum HTML Injection Vulnerability, DoZ, 15:06
Defeating CAPTCHAs via Averaging, noreply9871234, 14:35
CVSTrac 2.0.0 Denial of Service (DoS) vulnerability, Ralf S. Engelschall, 14:15
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Stefano Zanero, 13:55
Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001, 13:45
Re: Dexia website security alert, Thierry Zoller, 13:35
Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities, h4cked . eg, 13:15
MDPro 1.0.76 - Multiple Remote Vulnerabilities, adexior, 12:33
[Full-disclosure] Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases, David Litchfield, 12:03
[OpenPKG-SA-2007.007] OpenPKG Security Advisory (bind), OpenPKG GmbH, 12:03
Re: Open Conference Systems = 2.8.2 Remote File Inclusion, MichaÅ Melewski, 11:53
[Full-disclosure] Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS), Alexander Sotirov, 01:18

January 28, 2007

Re: [Full-disclosure] stompy the session stomper - tool availability, Rogan Dawes, 11:02
Re: [Full-disclosure] stompy the session stomper - tool availability, Michal Zalewski, 05:20

January 27, 2007

Re: [Full-disclosure] stompy the session stomper - tool availability, Simon Smith, 16:32
[Full-disclosure] [ GLSA 200701-25 ] X.Org X server: Multiple vulnerabilities, Matthias Geerdsen, 14:31
RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani, 14:21
local Calendar System v1.1 (lcStdLib.inc) Remote File Include, trzindan, 14:11
AdMentor (banners) admin SQL injection, sn0oPy . team, 13:51
[ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security, 13:41
Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan, 13:30
Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw, 13:10
Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872, Chris Travers, 12:50
[ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability, security, 12:20
Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati, 12:10
WS_FTP 2007 Professional SCP handling format string vulnerability, Michal Bucko, 11:40
[Full-disclosure] stompy the session stomper - tool availability, Michal Zalewski, 08:08

January 26, 2007

[Full-disclosure] [USN-398-4] Firefox regression, Kees Cook, 21:03
Re: Remove all admin->root authorization prompts from OSX, John Smith, 17:31
Re: Remove all admin->root authorization prompts from OSX, Ben Bucksch, 17:21
Re: Remove all admin->root authorization prompts from OSX, Baptiste Malguy, 17:11
FdScript <= v1.3.2 Remote File Disclosure Vulnerability, ajannhwt, 15:59
PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ, 15:19
[Full-disclosure] iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs, 15:09
Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, hainamluke, 15:09
[Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs, 14:59
Re: SMF "index.php?action=pm" Cross Site-Scripting, Lise Moorveld, 13:37
[ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities, security, 12:47
Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, sirdarckcat, 12:16
Movable Type <= 3.33 XSS Exploit, teracci2002, 12:16
[Full-disclosure] [ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen, 08:54
[Full-disclosure] [ GLSA 200701-23 ] Cacti: Command execution and SQL injection, Matthias Geerdsen, 08:34
[Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati, 03:21

January 25, 2007

[Full-disclosure] [USN-410-2] teTeX vulnerability, Kees Cook, 20:28
[Full-disclosure] rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements, 19:48
[Full-disclosure] rPSA-2007-0020-1 rmake, rPath Update Announcements, 19:48
Medium Risk Vulnerability in PGP Desktop, NGSSoftware Insight Security Research, 19:07
RubyGems 0.9.0 and earlier installation exploit, Eric Hodel, 18:57
Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, anonym, 18:57
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct, 18:37
Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities, DoZ, 18:27
Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Steven M. Christey, 18:16
Vulnerability disclosure comments, Shawna McAlearney, 18:06
Re: Remove all admin->root authorization prompts from OSX, A. Shaw, 17:46
The certification password of Internet Explorer 7 and operation of auto complete, support, 17:46
Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig, 17:36
RE: Remove all admin->root authorization prompts from OSX, Marvin Simkin, 17:16
high5 Review script Security Risk, anon, 17:16
Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Steven M. Christey, 16:15
[x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta, 16:05
[Full-disclosure] Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux, Sebastian Wolfgarten, 15:55
[Full-disclosure] Dexia website security alert, Jos Kirps, 15:44
GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability, ajannhwt, 15:34
[Full-disclosure] [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities, Matthias Geerdsen, 15:34
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta, 15:24
phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, me you, 14:32
Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig, 14:00
[Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories, 14:00
makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability, ajannhwt, 13:29
Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, str0ke, 13:29
Re: [Full-disclosure] rPSA-2007-0011-1 wget, Ron DuFresne, 13:19
EzDatabase Multiple Cross-Site Scripting Vulnerability, DoZ, 13:09
ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability, ajannhwt, 13:09
uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability, ajannhwt, 12:59
Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity, xorontr, 12:59
ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability, ajannhwt, 12:39
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, bounce, 12:28
Remove all admin->root authorization prompts from OSX, K F (lists), 12:18
[CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, Williams, James K, 11:38
[Full-disclosure] BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.], Lebbeous Weekley, 10:06
[Full-disclosure] rPSA-2007-0019-1 gtk, rPath Update Announcements, 04:04

January 24, 2007

Multiple Remote Vulnerabilities in Wordpress, bmatheny, 20:50
[security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access, security-alert, 20:29
DoS against Telligent Community Server, bmatheny, 20:19
Weaknesses in Pingback Design, bmatheny, 19:48
[Full-disclosure] [USN-414-1] Squid vulnerabilities, Kees Cook, 19:28
[Full-disclosure] Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Team SHATTER, 19:28
Re: phpAdsNew 2.0.7 Remote File Include, matteo, 19:18
[Full-disclosure] Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Team SHATTER, 18:47
[Full-disclosure] Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT, Team SHATTER, 18:47
[Full-disclosure] Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD, Team SHATTER, 18:47
[Full-disclosure] Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE, Team SHATTER, 18:37
[Full-disclosure] Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY, Team SHATTER, 18:37
Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide, 17:06
Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 16:35
[Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed, Matteo Beccati, 15:54
Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, Stefano Zanero, 15:44
Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, Stefano Zanero, 15:24
Maxtricity Tagger Password Disclosure Vulnerability, beks, 15:04
[Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 15:03
ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, me you, 14:43
[Full-disclosure] [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution, Matthias Geerdsen, 14:23
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, mail, 14:23
[CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities, Williams, James K, 14:02
Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 13:42
Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research, 13:32
Toxiclab Shoutbox Password Disclosure Vulnerability, beks, 13:11
[Aria-Security Team] MyBB Cross-Site Scripting, Advisory, 12:51
Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Robert Tasarz, 12:40
[ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities, security, 11:18
SUSE Security Announcement: xine (SUSE-SA:2007:013), Thomas Biege, 01:43
Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, me you, 00:53
PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability, ProCheckUp Research, 00:23

January 23, 2007

[Full-disclosure] [USN-413-1] BlueZ vulnerability, Kees Cook, 21:31
[Full-disclosure] [USN-412-1] GeoIP vulnerability, Kees Cook, 20:50
subscribe (pwd.txt) Remote Password Disclosur, the . tiger100, 20:50
[Full-disclosure] [ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling, Raphael Marichez, 20:20
[ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities, security, 18:49
Re: DoS against AVM Fritz!Box 7050 (and others), Matthias Wenzel, 18:18
[Full-disclosure] [USN-411-1] libsoup vulnerability, Kees Cook, 17:57
RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur, the . tiger100, 17:57
[Full-disclosure] [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation, Raphael Marichez, 17:46
SUSE Security Announcement: squid (SUSE-SA:2007:012), Thomas Biege, 17:26
[Full-disclosure] [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities, Raphael Marichez, 17:16
[ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:46
[ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion, y3dips, 15:55
Re: Windows logoff bug possible security vulnerability and exploit., Bart ...., 15:35
Re: phpAdsNew 2.0.7 Remote File Include, l . d . 0, 15:15
Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, nospam, 14:55
Adobe ColdFusion Information Disclosure, zck zck, 14:24
Re: Bluetooth DoS by obex push [readable], hornung, 14:14
xss filter to protect from xss attacks, Anurag Agarwal, 13:44
Bluetooth DoS by obex push, Armin Hornung, 13:24
Bluetooth DoS by obex push, hornung, 13:03
AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct, 12:43
[ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability, security, 12:42
Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again, Mailinglists Address, 12:12
Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Jose Avila III, 12:02
Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw, 12:02
[Full-disclosure] rPSA-2007-0014-1 libgtop, rPath Update Announcements, 07:30
[Full-disclosure] rPSA-2007-0015-1 libsoup, rPath Update Announcements, 07:30
[Full-disclosure] rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 07:30
[Full-disclosure] rPSA-2007-0012-1 ed, rPath Update Announcements, 07:19
[Full-disclosure] rPSA-2007-0011-1 wget, rPath Update Announcements, 07:19
[Full-disclosure] [ GLSA 200701-17 ] libgtop: Privilege escalation, Matthias Geerdsen, 04:18

January 22, 2007

SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before, Rolf Huisman, 20:15
Re: FishCart [injection sql], Michael Brennen, 20:04
Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability, me you, 19:34
UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability, me you, 19:14
[Full-disclosure] [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities, Raphael Marichez, 18:54
[x0n3-h4ck] bitweaver 1.3.1 XSS Exploit, corrado . liotta, 18:54
Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, alexbove, 18:34
[Full-disclosure] [ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez, 18:14
[Full-disclosure] [ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service, Raphael Marichez, 17:42
Fantastic News <=- (news.php) Remote File Include Vulnerability, me you, 17:22
Full Path Disclosure in Open-Realty ( v2.3.4 ), xx_hack_xx_2004, 16:52
PHP Link Directory XSS Vulnerability version <= 3.0.6, jussi . vuokko, 16:42
phpAdsNew 2.0.7 Remote File Include, mr alkomandoz, 16:22
Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability, porkythepig, 16:22
[Full-disclosure] [ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure, Matthias Geerdsen, 15:51
cmsimple 2.7 Remote File Include, mr alkomandoz, 15:51
SQL Injection in Unique Ads ( UDS ), xx_hack_xx_2004, 15:41
XSS in Guestbook ( v.4.00 beta ), xx_hack_xx_2004, 15:21
Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, security@yospot.de, 15:10
XMB "U2U Instant Messenger" Cross-Site Scripting, Advisory, 15:10
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Troy Bollinger, 14:49
Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, jn, 14:08
FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, me you, 13:58
Re: Multiple OS kernel insecure handling of stdio file descriptor, Carson Gaspar, 13:28
FishCart [injection sql], saps . audit, 13:28
Re: SMF "index.php?action=pm" Cross Site-Scripting, lfx4sodas, 13:07
Wiki-how path disclosure, iamtheevil1, 12:37
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit, luoluonet, 12:27
XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ), xx_hack_xx_2004, 12:07
Re: [Full-disclosure] Check Point Connectra End Point security bypass, Felix Lindner, 11:06
[Full-disclosure] Check Point Connectra End Point security bypass, Roni Bachar, 01:12

January 20, 2007

Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Michele Cicciotti, 19:01
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, eugeny gladkih, 16:09
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 12:18
Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, info, 12:08
SMF "index.php?action=pm" Cross Site-Scripting, Advisory, 11:57
Paypal Subscription Manager Multiple HTML Injections, DoZ, 11:47
Login Manager Multiple HTML Injections, DoZ, 11:37
a-forum xss, sn0oPy, 11:27
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Mario D, 10:57

January 19, 2007

Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Shiva Persaud, 19:01
[RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability, RISE Security, 18:51
DIMVA 2007: Final Call for Papers, Robin Sommer, 17:10
Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, advisory07, 16:30
Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop, porkythepig, 14:29
TSLSA-2007-0003 - multi, Trustix Security Advisor, 12:58
Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability, dh, 12:58
MyShoutBox Multiple Cross-Site Scripting Vulnerability, DoZ, 12:47
Re: CMS Made Simple non-permanent XSS, ted, 12:27
EUSecWest 2007 Papers, Dragos Ruiu, 12:17
[Full-disclosure] DoS against AVM Fritz!Box 7050 (and others), collin, 10:56
[Full-disclosure] WzdFTPD < 8.1 Denial of service, S21sec Labs, 07:04

January 18, 2007

Re: Windows logoff bug possible security vulnerability and exploit., Rage Coder, 19:18
[ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability, security, 18:27
[x0n3-h4ck] sabros.us 1.7 XSS Exploit, corrado . liotta, 18:07
[ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability, security, 17:57
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 17:47
Re: Multiple OS kernel insecure handling of stdio file descriptor, Peter Jeremy, 17:47
[ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability, security, 17:27
[ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability, security, 17:16
[ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability, security, 17:06
Re: [Full-disclosure] [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge - Bayesian Filter detected spam, Simon Smith, 17:06
[ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability, security, 16:46
Directory Traversal in ArsDigita Community System, Elliot Kendall, 16:26
[security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS), security-alert, 15:56
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 14:35
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 14:25
Re: FW: [cacti-announce] Cacti 0.8.6j Released, Steve Friedl, 13:44
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, 3APA3A, 13:34
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Roman Medina-Heigl Hernandez, 13:04
[USN-410-1] poppler vulnerability, Martin Pitt, 12:53
CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, CYBSEC Advisories, 12:43
FW: [cacti-announce] Cacti 0.8.6j Released, Warner Moore, 12:33
Multiple OS kernel insecure handling of stdio file descriptor, XFOCUS Security Team, 12:13
[security bulletin] HPSBST02184 SSRT071296 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-001 Through MS07-004, security-alert, 12:03
[security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS), security-alert, 11:53

January 17, 2007

Re: Windows logoff bug possible security vulnerability and exploit., 3APA3A, 18:05
Microsoft Help Workshop .CNT contents files buffer overflow vulnerability, porkythepig, 17:15
[x0n3-h4ck] myBloggie 2.1.5 XSS exploit, corrado . liotta, 15:34
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Tim Newsham, 15:04
[ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS, ISecAuditors Security Advisories, 15:04
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Jim Manico, 12:22
Windows logoff bug possible security vulnerability and exploit., Rage Coder, 11:42
Re: MS07-004 VML Integer Overflow Exploit, lifeasageek, 11:32
[Full-disclosure] New tool for "evil twins" wireless attacks, noreply, 05:19

January 16, 2007

[Full-disclosure] ADTool.exe Updated, Luis Alberto Cortes Zavala, 21:26
[Full-disclosure] ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability, zdi-disclosures, 19:54
Re: WMF CreateBrushIndirect vulnerability (DoS), temp0_123, 19:13
SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal, research, 19:13
Re: Trevorchan <= v0.7 Remote File Include Vulnerability, Stefano Zanero, 18:53
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, HACKPL - bugtraq/sapheal, 18:23
[Full-disclosure] [ GLSA 200701-12 ] Mono: Information disclosure, Raphael Marichez, 18:13
[Full-disclosure] [ GLSA 200701-11 ] Kronolith: Local file inclusion, Raphael Marichez, 18:13
[ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability, security, 17:22
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, Eliah Kagan, 17:12
vulnerability script indexu all versions, gamr-14, 16:01
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 15:21
Re: Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio, 15:21
Announcement: The Cross-site Request Forgery FAQ, bugtraq, 15:11
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Blue Boar, 15:11
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, John McGuire, 15:01
Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, krasza, 14:50
[x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit, corrado . liotta, 14:40
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 14:40
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Blue Boar, 14:20
Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, Chris Kelly, 14:20
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, K F (lists), 14:10
dt_guestbook version 1.0f XSS vulnerability, jesper . jurcenoks, 14:00
[ MDKSA-2007:016 ] - Updated fetchmail packages fix vulnerability, security, 13:39
[KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability, Dirk Mueller, 13:19
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, Simon Smith, 13:09
[ MDKSA-2007:015 ] - Updated cacti packages SQL injection vulnerability, security, 12:59
[ MDKSA-2007:017 ] - Updated wget packages fix ftp vulnerability, security, 12:49
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, K F (lists), 12:39
MS07-004 VML Integer Overflow Exploit, LifeAsaGeek, 12:29
Re: [Full-disclosure] iDefense Q-1 2007 Challenge, Simon Smith, 12:19
PHPATM Remote Password Disclosure Vulnerablity, nightmare, 12:19
Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability, me you, 11:48
[Full-disclosure] rPSA-2007-0007-1 kdenetwork, rPath Update Announcements, 01:13

January 15, 2007

[Full-disclosure] [ GLSA 200701-10 ] WordPress: Multiple vulnerabilities, Raphael Marichez, 19:00
[Full-disclosure] rPSA-2007-0008-1 gd, rPath Update Announcements, 18:50
liens_dynamiques xss and admin authentification, sn0oPy . team, 18:30
[Full-disclosure] [ GLSA 200701-09 ] oftpd: Denial of Service, Raphael Marichez, 18:00
Uninformed Journal Release Announcement: Volume 6, H D Moore, 17:49
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities, bmatheny, 17:39
InstantForum.NET Multiple Cross-Site Scripting Vulnerability, DoZ, 17:29
wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity, ilkerkandemir, 17:09
Jax Petition Book (languagepack) Remote File Include Vulnerabilities, ilkerkandemir, 16:59
Outpost Bypassing Self-Protection using file links Vulnerability, Matousec - Transparent security Research, 16:19
Re: Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, recklessb, 15:28
Remedy Action Request System 5.01.02 - User Enumeration, Davide Del Vecchio, 14:57
[Full-disclosure] [USN-409-1] ksirc vulnerability, Martin Pitt, 13:46
Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability, ilkerkandemir, 13:26
Oracle Passwords and OraBrute, paulw, 13:05
[Full-disclosure] [USN-408-1] krb5 vulnerability, Martin Pitt, 12:45
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, 3APA3A, 12:35
London DC4420 meet - Wednesday 17th January, 2007, Major Malfunction, 11:24
Ovidentia 5.6x Series Remote File İnclude, hotturk, 11:04
[Full-disclosure] [USN-407-1] libgtop2 vulnerability, Martin Pitt, 07:42
Re: [Full-disclosure] Web Honeynet Project: announcement, exploit URLs this Wednesday, Stefan Kelm, 06:21
[Full-disclosure] ADtool Beta 1.0 Release, Luis Alberto Cortes Zavala, 01:40

January 13, 2007

Re: [Full-disclosure] 0trace - traceroute on established connections, Robert ÅwiÄcki, 19:28
Trevorchan <= v0.7 Remote File Include Vulnerability, ilkerkandemir, 12:25
RE: seeking comments on disclosure articles, Michael Scheidell, 12:15
PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability, paisterist, 11:55
Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, maxpost, 11:45
Re: phpBB (privmsg.php) XSS Exploit, neothermic, 11:35

January 12, 2007

Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, sapheal, 19:08
[ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability, security, 18:58
Re: Vendor guidelines regarding security contacts, Steven M. Christey, 18:48
Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, me you, 17:47
AIOCP Login Bypass Vulnerability, coloss7, 17:37
AIOCP SQL Injection Vulnerability, coloss7, 17:27
Re: slocate leaks filenames of protected directories, Ben Wheeler, 17:17
[Full-disclosure] [ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities, Raphael Marichez, 16:26
[Full-disclosure] [ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities, Raphael Marichez, 16:26
[Full-disclosure] [ GLSA 200701-06 ] w3m: Format string vulnerability, Raphael Marichez, 16:16
[ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:16
[Full-disclosure] [ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service, Raphael Marichez, 16:16
Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, Jim Manico, 16:06
seeking comments on disclosure articles, smcalearney, 15:46
Wordpress disclosure of Table Prefix Weakness, process, 15:46
Re: phpBB (privmsg.php) XSS Exploit, neothermic, 15:16
Re: [Full-disclosure] Web Honeynet Project: announcement,, Gadi Evron, 15:16
Re: xss in phpmyadmin <= 2.8.1, alfa, 15:06
[CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities, Williams, James K, 14:56
Re: slocate leaks filenames of protected directories, Dave Moore, 14:46
Micro CMS <= 3.5 Remote File Include Exploit, ilkerKandemir, 14:35
Re: [Full-disclosure] Web Honeynet Project: announcement,, bugtraq, 14:35
Re: Vendor guidelines regarding security contacts, Ben Bucksch, 14:15
Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability], Lubomir Kundrak, 14:05
Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, advisories, 13:55
Re (3): Circumventing CSFR Form Token Defense, bugtraq, 13:45
[ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 13:05
xss in phpmyadmin <= 2.8.1, alfa, 12:45
Ezboxx multiple vulnerabilities., Info, 12:24
LunarPoll (PollDir) Remote File Include Vulnerabilities, ilkerKandemir, 12:14
[Full-disclosure] Web Honeynet Project: announcement, exploit URLs this Wednesday, Gadi Evron, 09:12
[Full-disclosure] [USN-406-1] OpenOffice.org vulnerability, Kees Cook, 05:31

January 11, 2007

Nwom topsites v3.0, lunY, 18:36
LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability, advisories, 18:16
Re: Perforce client: security hole by design, Crispin Cowan, 18:06
[security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert, 17:25
[ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities, security, 17:15
Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability, info, 17:04
easy-content filemanager, hackerbinhphuoc, 16:34
[Full-disclosure] [USN-405-1] fetchmail vulnerability, Kees Cook, 16:14
LayerOne 2007 CFP Announced, Layer One, 15:54
[security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files, security-alert, 15:54
rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 14:33
[Full-disclosure] ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability, zdi-disclosures, 14:23
[Full-disclosure] ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability, zdi-disclosures, 14:23
[Full-disclosure] ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability, zdi-disclosures, 14:13
FreeBSD Security Advisory FreeBSD-SA-07:01.jail, FreeBSD Security Advisories, 14:13
Re: slocate leaks filenames of protected directories, Ben Wheeler, 13:52
RE: Circumventing CSFR Form Token Defense, James C. Slora Jr., 13:12
phpBB (privmsg.php) XSS Exploit, info, 13:02
[Full-disclosure] Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability, Calyptix Advisories, 13:01
Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), hlangos-bugtraq, 13:01
Re: SAP Security Contact, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 12:51
Jshop Server 1.3, irvian, 12:31
Xine-ui format string Vulnerabilties., saik0pod, 12:21
WMF CreateBrushIndirect vulnerability (DoS), Alexander Sotirov, 12:11
Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability, advisories, 12:00
[ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability, security, 12:00
Re: Vendor guidelines regarding security contacts, Juha-Matti Laurio, 11:50
[ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability, security, 11:40
[ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability, security, 11:40
Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), Dave \"No, not that one\" Korn, 11:30
DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS, K F (lists), 11:20

January 10, 2007

Re: Circumventing CSFR Form Token Defense, Peter Watkins, 20:09
Re: Vendor guidelines regarding security contacts, Chris Wysopal, 19:49
Re: Circumventing CSFR Form Token Defense, bugtraq, 19:28
sazcart v1.5 (cart.php) Remote File include, emel_gw_ini, 19:08
A Major design Bug in Camouflage 1.2.1 (latest), thesinoda, 18:58
Re: SAP Security Contact, Thor (Hammer of God), 18:28
A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), thesinoda, 18:17
Re: SAP Security Contact, Nick Boyce, 18:07
Re: Circumventing CSFR Form Token Defense, Florian Weimer, 17:57
Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq, 17:47
CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability, ahmed_labib_hilmy, 17:37
Re: slocate leaks filenames of protected directories, Dennis Jackson, 17:17
VLC Format String Vulnerability also in XINE, Sven . Czaja, 17:07
Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, null_hack, 16:57
[Full-disclosure] [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez, 16:37
[ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability, security, 16:06
Re: [Full-disclosure] [Dailydave] Adobe Reader Remote Heap Memory Corruption - SubroutinePointer Overwrite, Dave Korn, 14:16
[Full-disclosure] iDefense Q-1 2007 Challenge, contributor, 14:16
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Ralph Angenendt, 12:25
[OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos), OpenPKG GmbH, 12:04
slocate leaks filenames of protected directories, steven, 11:44
[Full-disclosure] Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite, Piotr Bania, 00:40

January 09, 2007

[Full-disclosure] iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability, iDefense Labs, 20:28
[Full-disclosure] VMware ESX server security updates, VMware Security team, 19:28
edit-x ecommerce (include_dir) Remote File include, emel_gw_ini, 19:07
[ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 17:57
Circumventing CSFR Form Token Defense, Jim Manico, 17:27
[Full-disclosure] rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 17:17
[Full-disclosure] rPSA-2007-0004-1 bzip2, rPath Update Announcements, 17:17
[Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability, iDefense Labs, 17:06
[Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability, iDefense Labs, 17:06
[Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability, iDefense Labs, 17:06
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice, Williams, James K, 16:56
Easy Banner Pro Version 2.8 <= Remote File Inclusion, stormhacker, 16:56
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Marvin Simkin, 16:46
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Spector, 16:36
Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 16:16
Re: Cracking Steganography Application in less than ONE minute, Michal Spadlinski, 15:15
MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers, Tom Yu, 15:05
[Full-disclosure] [USN-404-1] MadWifi vulnerability, Kees Cook, 15:05
MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer, Tom Yu, 14:55
[Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability, iDefense Labs, 14:35
rPSA-2007-0003-1 fetchmail, rPath Update Announcements, 14:24
[Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability, iDefense Labs, 14:24
[Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability, iDefense Labs, 14:24
[Full-disclosure] [USN-403-1] X.org vulnerabilities, Kees Cook, 14:14
magic photo storage website Multiple Remote File Inclusion, emel_gw_ini, 13:44
ppc engine Multiple file inclusion, emel_gw_ini, 13:14
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Brian Eaton, 13:04
Re: SAP Security Contact, Stan Bubrouski, 13:04
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Stripling, 12:24
Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, recklessb, 12:24
Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, yorn, 12:03
Re: OpenPinboard <= Remote File Include, Steven M. Christey, 11:53
[KDE Security Advisory] ksirc Denial of Service vulnerability, Dirk Mueller, 11:53
[ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability, security, 11:43
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico, 11:23
Re: [Full-disclosure] [DCC SPAM] 0trace - traceroute on established connections, Lance James, 11:13
Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 06:21
Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide, 03:29
Re: [Full-disclosure] 0trace - traceroute on established connections, Alessandro Dellavedova, 03:19
[Full-disclosure] Sina UC ActiveX Multiple Remote Stack Overflow, Sowhat, 02:49

January 08, 2007

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 23:38
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Guy Podjarny, 23:28
Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq, 23:08
Re: FON Router allows anonymous web access, Thierry Zoller, 22:47
Re: SAP Security Contact, Nicob, 22:37
Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), socket69, 22:17
Re: a cheesy Apache / IIS DoS vuln (+a question), Gadi Evron, 22:07
Cracking Steganography Application in less than ONE minute, thesinoda, 21:47
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 21:37
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 21:37
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 20:36
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 20:16
[ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability, security, 19:56
Re: Vendor guidelines regarding security contacts, security curmudgeon, 19:36
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Manico, 19:15
GForge Cross Site Scripting vulnerability, jose . palanco, 18:25
Re: cisco nac bypass vulnerability - cisco trust agent, Stefano Zanero, 18:15
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 17:54
createauction (cats.asp) Remote SQL Injection Vulnerability, emel_gw_ini, 17:34
Re: Sun java System Messenger Express XSS, b2wang, 17:14
Vendor guidelines regarding security contacts, Steven M. Christey, 16:54
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 16:44
cisco nac bypass vulnerability - cisco trust agent, thorben schroeder, 16:44
Re: Universal XSS with PDF files: highly dangerous, Jeff Williams, 16:14
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 15:53
Packeteer PacketWise CLI overflow DoS, kian . mohageri, 15:33
magic photo storage website Remote File Inclusion, k1tk4t, 15:23
QASEC Announcement: Writing Software Security Test Cases, bugtraq, 15:13
HP Multiple Products PML Driver Local Privilege Escalation, Sowhat, 15:03
Re: Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, rudeyak, 14:53
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, The Anarcat, 14:53
MKPortal Full Path Disclosure, info, 14:43
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 14:33
Re: SAP Security Contact, Ansgar -59cobalt- Wiechers, 14:23
TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling, Lolek of TK53, 14:23
GeoBB Georgian Bulletin Board Remote File Include Vuln., ShaFuq31, 14:12
Re: Perforce client: security hole by design, The Fungi, 14:02
Dayfox Blog Remote File Include Vuln., ShaFuq31, 14:02
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 13:52
NUNE News Script (custom_admin_path) Remote File Include Vulnerablity, xorontr, 13:32
Uguestbook Remote Password Disclosure Vulnerability, beks, 13:32
Webulas Remote Password Disclosure Vulnerability, beks, 13:22
HarikaOnline v2.0 Remote Password Disclosure Vulnerability, beks, 13:12
M-Core Remote Password Disclosure Vulnerability, beks, 13:01
MitiSoft Remote Password Disclosure Vulnerability, beks, 12:51
EMembersPro 1.0 Remote Password Disclosure Vulnerability, beks, 12:41
AJLogin v3.5 Remote Password Disclosure Vulnerability, beks, 12:21
@lex Guestbook <= 4.0.2 Remote Command Execution Exploit, gmdarkfig, 12:11
[Full-disclosure] rPSA-2007-0001-1 openoffice.org, rPath Update Announcements, 12:11
Re: OpenPinboard <= Remote File Include, jgraef, 11:30
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, M.B.Jr., 09:39

January 07, 2007

[Full-disclosure] RFID open source library - RFIDIOt code release - version 0.1k, Adam Laurie, 12:21

January 06, 2007

Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 20:04
[Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski, 19:04
[OpenPKG-SA-2007.005] OpenPKG Security Advisory (wordpress), OpenPKG GmbH, 15:42
FON Router allows anonymous web access, l . friedrichs, 15:32
shopstorenow (orange.asp) sql injection, emel_gw_ini, 15:32
[Full-disclosure] NNL-Labs & MNIN - F5 FirePass Security Advisory, Greg Sinclair, 13:11
Fix & Chips CMS v1.0, luny, 12:31
[OpenPKG-SA-2007.004] OpenPKG Security Advisory (fetchmail), OpenPKG GmbH, 12:21
[OpenPKG-SA-2007.003] OpenPKG Security Advisory (drupal), OpenPKG GmbH, 12:11
Yet Another Link Directory v1.0, lunY, 12:01
ohhASP Remote Password Disclosure, Advisory, 11:51
fetchmail security announcement 2006-02 (CVE-2006-5867), Matthias Andree, 11:30
fetchmail security announcement 2006-03 (CVE-2006-5974), Matthias Andree, 11:20
Re: SAP Security Contact, Thor (Hammer of God), 11:10

January 05, 2007

[Full-disclosure] iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability, iDefense Labs, 17:23
[OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2), OpenPKG GmbH, 17:03
[Full-disclosure] ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability, zdi-disclosures, 16:43
Kolayindir Download (Yenionline) (tr) SqL Injection Vuln., ShaFuq31, 15:02
Flog 1.1.2 Remote Admin Password Disclosure, corrado . liotta, 14:42
Multiple bugs in EditTag, nj, 14:02
Re: SAP Security Contact, Fritz . Bauspiess, 13:41
RI Blog 1.3 XSS Vuln., ShaFuq31, 13:31
Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit, gmdarkfig, 13:00
Intranet Open Source Remote Password Disclosure "intranet.mdb", Advisory, 12:50
[Full-disclosure] [USN-402-1] Avahi vulnerability, Kees Cook, 12:50
[Full-disclosure] iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability, iDefense Labs, 12:40
[Full-disclosure] iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability, iDefense Labs, 12:40
Uber Uploader 4.2 Arbitrary File Upload Vulnerability, null_hack, 12:40
IG Calendar SQL Injection, asdfj38, 12:30
IG Shop remote code execution, asdfj38, 12:20
MkPortal Admin XSS, info, 12:10
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Stefano Di Paola, 11:50
[Full-disclosure] Fwd: Re: Universal XSS with PDF files: highly dangerous, Tõnu Samuel, 11:39
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 11:39
[Full-disclosure] Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability, Stefan Esser, 11:29
[Full-disclosure] Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability, Stefan Esser, 11:29
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Kristina Lein, 11:29
[Full-disclosure] [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue, Uwe Hermann, 06:57
[Full-disclosure] [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue, Uwe Hermann, 06:57

January 04, 2007

[Full-disclosure] [USN-400-1] Thunderbird vulnerabilities, Kees Cook, 22:03
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 20:23
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, Pete Connolly, 20:23
CMS Made Simple non-permanent XSS, nanoymaster, 19:52
Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, rudeyak, 19:42
SAP Security, Mark Litchfield, 19:32
Perforce client: security hole by design, Ben Bucksch, 19:22
[Full-disclosure] [USN-401-1] D-Bus vulnerability, Kees Cook, 19:02
Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 18:31
DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability', K F (lists), 18:21
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal, 18:11
Re: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), Michal Zalewski, 18:01
Re: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), Larry Seltzer, 17:51
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 17:51
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, David Litchfield, 17:41
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Rude Yak, 17:30
[Full-disclosure] Concurrency strikes MSIE (potentially exploitable msxml3 flaws), Michal Zalewski, 17:30
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, Florian Weimer, 17:00
Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites), NGSSoftware Insight Security Research, 16:29
Re: a cheesy Apache / IIS DoS vuln (+a question), Rob Sherwood, 15:38
[Full-disclosure] [ GLSA 200701-03 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez, 15:38
[Full-disclosure] [ GLSA 200701-02 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez, 15:38
Wordpress <= 2.x dictionnary & Bruteforce attack, kadaj-diabolik, 15:18
[Full-disclosure] [USN-398-3] Firefox theme regression, Kees Cook, 15:08
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Ronald Chmara, 14:48
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Bill Nash, 14:38
SAP Security Contact, Mark Litchfield, 14:38
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 14:18
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Lawrence Paul MacIntyre, 14:08
Re: [Full-disclosure] [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution), RSnake, 13:57
Re: [Full-disclosure] Universal PDF XSS After Party(posible solution), Darren Bounds, 13:47
[VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites, NGSSoftware Insight Security Research, 13:47
Re: [Full-disclosure] Universal PDF XSS After Party(posible solution), Noe Espinoza M., 13:37
Re: a cheesy Apache / IIS DoS vuln (+a question), Pieter de Boer, 13:07
Re: a cheesy Apache / IIS DoS vuln (+a question), Siim Põder, 13:07
[vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability, vulnpost-remove, 12:47
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 12:37
LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability, advisories, 12:27
MkPortal "All Guests are Admin" Exploit, info, 12:27
Re: [Full-disclosure] [WEB SECURITY]RE: Universal XSS with PDF files: highly dangerous, RSnake, 11:46
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, bugtraq, 11:46
Re: SMS handling OpenSER remote code executing, bogdan, 11:36
Re: OpenSER OSP Module remote code execution, bogdan, 11:26
Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 11:16
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, T Biehn, 11:16
Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 11:16
[Full-disclosure] Universal PDF XSS After Party, pdp (architect), 10:56
CFP for RAID 2007, Jeffrey Horton, 10:56
Re: a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 10:56
Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr., 10:46
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio, 09:05
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, HASEGAWA Yosuke , 08:55
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Larry Seltzer, 08:45
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio, 07:54
[Full-disclosure] 23C3 - Bluetooth hacking revisted [Summary and Code], Thierry Zoller, 07:54
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Thierry Zoller, 07:34
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico, 05:13

January 03, 2007

Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 20:30
a cheesy Apache / IIS DoS vuln (+a question), Michal Zalewski, 18:58
jgbbs, dr . t3rr0r1st, 18:48
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Larry Seltzer, 18:38
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jean-Jacques Halans, 18:28
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 18:18
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 17:48
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 17:48
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Dave Ferguson, 17:38
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake, 17:28
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 17:17
Re: OpenPinboard <= Remote File Include, Stefano Zanero, 16:07
[Full-disclosure] [USN-398-2] Firefox vulnerabilities, Kees Cook, 15:56
Simple Web Content Management System SQL Injection Exploit, gmdarkfig, 15:36
Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution, chinese soup, 15:16
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 15:06
Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution, 3APA3A, 14:56
WineGlass "data.mdb" Remote Password Disclosure, Advisory, 14:16
Black Hat New Years Updates (Free Stuff, too!), Jeff Moss, 14:06
OpenPinboard <= Remote File Include, zooz_998, 13:46
[Full-disclosure] [ GLSA 200701-01 ] DenyHosts: Denial of Service, Raphael Marichez, 13:35
WineGlass "data.mdb" Remote Password Disclosure, Advisory, 13:35
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities, Stefano Di Paola, 12:55
Hacking AJAX DWR Applications, shulman, 12:55
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, ascii, 12:45
Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution, 3APA3A, 12:25
openmedia local read file, exe_crack, 12:15
GuestBook v0.3a Remote Password Disclosure, Advisory, 11:55
Re: Windows Vista 64bits and unexported kernel symbols, Rik van Riel, 11:55
Whos Johny Pwnerseed?, K F, 11:35
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect), 10:34
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, sven . vetsch, 10:24
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein, 10:24
[Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect), 10:24
Re: [Full-disclosure] Apache 1.3.37 htpasswd buffer overflow vulnerability, Andrew Farmer, 04:52
Re: [Full-disclosure] [USN-398-1] Firefox vulnerabilities, Scott, 01:20

January 02, 2007

[Full-disclosure] [USN-399-1] w3m vulnerabilities, Kees Cook, 22:39
[Full-disclosure] [USN-398-1] Firefox vulnerabilities, Kees Cook, 22:09
[Full-disclosure] Apache 1.3.37 htpasswd buffer overflow vulnerability, Matias Soler, 18:28
Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, wihl, 18:17
[ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:36
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Darren Reed, 15:56
Windows NT Message Compiler 1.00.5239 arbitrary code execution, sapheal, 15:46
Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit, kadaj-diabolik, 15:36
[ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities, security, 15:26
[Full-disclosure] rPSA-2006-0234-2 firefox thunderbird, rPath Update Announcements, 14:15
Windows Vista 64bits and unexported kernel symbols, Matthieu Suiche, 13:45
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Dana Hudes, 13:45
AspBB Remote Password Disclosure, Advisory, 13:35
RE: PHP as a secure language? PHP worms?, Jim Harrison, 13:35
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 13:25
Re: PHP as a secure language? PHP worms?, Duncan Simpson, 13:04
[Full-disclosure] Inforamtion Discloser Vulnerabilities in "phpMyAdmin", Tal Argoni, 12:54
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Darren Reed, 12:54
Openforum Remote password Disclosure, Advisory, 12:44
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Kevin Waterson, 12:44
lblog Remote Password Disclosure, Advisory, 12:34
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution, sapheal, 11:53
Re: [Full-disclosure] simplog 0.9.3.2 SQL injection, Javor Ninov, 06:11
Welcome to Pwndertino..., K F (lists), 01:18
Dailymotion password reset vulnerability, daftrix, 00:58
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 00:48

January 01, 2007

Re: [Full-disclosure] simplog 0.9.3.2 SQL injection, str0ke, 23:07
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Chad Maron, 18:35
[Full-disclosure] simplog 0.9.3.2 SQL injection, Javor Ninov, 17:45
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Dana Hudes, 17:45
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Harrison, 17:05
Re: XSS with Vbulletin (new idea !), marco . van . herwaarden, 16:44
Re: Re: Mozilla Firefox 2.0 denial of service vulnerability, sapheal, 16:34
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Tino Wildenhain, 16:14
Re: Mozilla Firefox 2.0 denial of service vulnerability, Jeroen Massar, 15:54
Mozilla Firefox 2.0 denial of service vulnerability, sapheal, 15:24
[OpenPKG-SA-2007.001] OpenPKG Security Advisory (cacti), OpenPKG GmbH, 15:14
AShop Shopping Cart Multiple XSS Vulnerabilities, DoZ, 15:14
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Kevin Waterson, 15:04
ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution, sapheal, 14:43
rblog Database Download Vulnerability, Advisory, 14:33
golden book XSS, sn0oPy . team, 14:23
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Bill Nash, 14:03
Kerio Fake 'iphlpapi' DLL injection Vulnerability, Matousec - Transparent security Research, 13:53
BattleBlog Database Download Vulnerability, Advisory, 13:43
[NGSEC] ngGame #3 - BrainStorming, labs@NGSEC, 13:33
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow, 76693223, 13:13
Re: PlatinumFTP 1.0.18 remote DoS, info, 13:13
vBulletin vCard PRO XSS, exexp, 13:02
PHPIrc_bot <= Remote File Include, zooz_998, 12:52
WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability, 76693223, 12:42
Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files, gregory_panakkal, 12:32
Spooky Login Multiple HTML Injection Vulnerability, DoZ, 11:32