Vulnerability Development (thread)

[Full-disclosure] [ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities, Raphael Marichez, 2007/09/30
Public Media Manager <= 1.3 Remote File Inclusion Vulnerability, 0in . email, 2007/09/29
[Full-disclosure] [USN-522-1] OpenSSL vulnerabilities, Kees Cook, 2007/09/29
Re: 0trace - traceroute on established connections, tyter9, 2007/09/28
- Re: 0trace - traceroute on established connections, Tony Rall, 2007/09/28
feedreader3 has XSS vulnerability, Guy Mizrahi, 2007/09/28
- Re: [Full-disclosure] feedreader3 has XSS vulnerability, avivra, 2007/09/30
Owning Big Brother: How to Crack into Axis IP cameras, research, 2007/09/28
[ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability, security, 2007/09/28
Ruby Net::HTTPS library does not validate server certificate CN, Chris Clark, 2007/09/28
[Full-disclosure] [USN-521-1] libmodplug vulnerability, Kees Cook, 2007/09/27
Promise NAS NS4300N GUI bug, Tor Houghton, 2007/09/27
rPSA-2007-0202-1 kernel, rPath Update Announcements, 2007/09/27
[ MDKSA-2007:189 ] - Updated t1lib packages fix vulnerability, security, 2007/09/27
[Full-disclosure] [ GLSA 200709-17 ] teTeX: Multiple buffer overflows, Raphael Marichez, 2007/09/27
[SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 2007/09/27
[ GLSA 200709-16 ] Lighttpd: Buffer overflow, Pierre-Yves Rofes, 2007/09/27
[Full-disclosure] iDefense Security Advisory 09.27.07: Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities, iDefense Labs, 2007/09/27
OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow, Moritz Jodeit, 2007/09/27
[waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12, come2waraxe, 2007/09/27
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS, come2waraxe, 2007/09/27
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta, come2waraxe, 2007/09/27
[CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities, Williams, James K, 2007/09/27
[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11, come2waraxe, 2007/09/27
- Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11, Bugsman, 2007/09/27
[SECURITY] [DSA 1343-2] New file packages fix arbitrary code execution, Florian Weimer, 2007/09/26
Joomla multiple vulerabilities (1.0.X >= ), security, 2007/09/26
- Re: Joomla multiple vulerabilities (1.0.X >= ), Gavin Hanover, 2007/09/26
- Re: Joomla multiple vulerabilities (1.0.X >= ), packet, 2007/09/27
Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 2007/09/26
- Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 2007/09/27
- Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, none, 2007/09/27
- Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, rocheml, 2007/09/27
  - Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling, Rob Thompson, 2007/09/27
[Full-disclosure] ERNW Tool Release: CVSS Calculator, mozilla, 2007/09/26
Re: [Full-disclosure] defining 0day, full-disclosure, 2007/09/26
[Full-disclosure] [USN-520-1] fetchmail vulnerabilities, Kees Cook, 2007/09/26
Re: [Full-disclosure] 0-day inquiry, Joey Mengele, 2007/09/25
- Re: [Full-disclosure] 0-day inquiry, Juergen Marester, 2007/09/25
[Full-disclosure] [USN-519-1] elinks vulnerability, Kees Cook, 2007/09/25
Re: [Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, full-disclosure, 2007/09/25
Possible Windows Explorer bad PNG file preview integer overflow handling, rocheml, 2007/09/25
- Re: Possible Windows Explorer bad PNG file preview integer overflow handling, none, 2007/09/27
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink, security, 2007/09/25
SimpNews version 2.41.03 File Content Disclosure Vulnerability, securityresearch, 2007/09/25
SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities, securityresearch, 2007/09/25
SimpGB version 1.46.02 File Content Disclosure Vulnerability, securityresearch, 2007/09/25
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities, securityresearch, 2007/09/25
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities, securityresearch, 2007/09/25
SimpGB version 1.46.02 Information Disclosure Vulnerability, securityresearch, 2007/09/25
SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities, securityresearch, 2007/09/25
Re: Multiple vulnerabilities in rFactor 1.250, superfreak, 2007/09/25
- Re: Multiple vulnerabilities in rFactor 1.250, babutski, 2007/09/27
[Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, Core Security Technologies Advisories, 2007/09/25
- Re: [Full-disclosure] CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software, avivra, 2007/09/25
New Shell For Linux & Windows, crazy_king, 2007/09/25
- Re: New Shell For Linux & Windows, Vladimir Vitkov, 2007/09/26
n.runs AG puts §202 law to the test - Tools back online, Thierry Zoller, 2007/09/25
[waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke, come2waraxe, 2007/09/25
[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11, come2waraxe, 2007/09/25
- Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11, gmdarkfig, 2007/09/28
[Full-disclosure] rPSA-2007-0199-1 openssl openssl-scripts, rPath Update Announcements, 2007/09/25
Simple PHP Blog Multiple Vulnerabilities, luca . carettoni, 2007/09/25
[Full-disclosure] iDefense Security Advisory 09.25.07: Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability, iDefense Labs, 2007/09/25
Re: LFI On SMF 1.1.3, alex . tracer, 2007/09/25
JSPWiki Multiple Vulnerabilities, Jason Kratzer, 2007/09/25
[Full-disclosure] [USN-518-1] Linux kernel vulnerabilities, Kees Cook, 2007/09/25
ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability, zdi-disclosures, 2007/09/24
sk.log v0.5.3 Remote File Inclusion, h3llcode, 2007/09/24
Auditing clients program in Oracle, fryxar fryxar, 2007/09/24
[USN-517-1] kdm vulnerability, Kees Cook, 2007/09/24
rPSA-2007-0198-1 kernel, rPath Update Announcements, 2007/09/24
Google Urchin password theft madness, pagvac, 2007/09/24
Arbitrary Command Inclusion, darkbunny91, 2007/09/24
New bypass shell for linux, ernealizm, 2007/09/24
- Re: New bypass shell for linux, none, 2007/09/24
Re: New Zeroday published, Joey Mengele, 2007/09/24
[security bulletin] HPSBOV02261 SSRT071449 rev.1 - HP OpenVMS running BIND, Remote DNS Cache Poisoning, security-alert, 2007/09/24
Service Pack 3 for Microsoft Sharepoint Services broken, jimbob1, 2007/09/24
- Re: Service Pack 3 for Microsoft Sharepoint Services broken, bobbyh, 2007/09/27
Nuke Mobile Entartainment Local File Inclusion, h3llcode, 2007/09/24
Oracle 11g Password algorithm revealed, pete, 2007/09/24
- Re: [Full-disclosure] Oracle 11g Password algorithm revealed, Thierry Zoller, 2007/09/24
- Re: Oracle 11g Password algorithm revealed, ak, 2007/09/24
- Re: Re: Oracle 11g Password algorithm revealed, pete, 2007/09/24
[Full-disclosure] COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability, Wojciech Purczynski, 2007/09/24
- Re: [Full-disclosure] COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability, Robert Swiecki, 2007/09/26
[Full-disclosure] [ GLSA 200709-15 ] BEA JRockit: Multiple vulnerabilities, Raphael Marichez, 2007/09/23
HITBSecConf2007 - Malaysia Materials & Photos are up !, Praburaajan, 2007/09/22
xcms all version arbitrary code execution, x0kster, 2007/09/22
[ MDKSA-2007:187 ] - Updated PHP packages fix numerous vulnerabilities, security, 2007/09/22
2 vanilla XSS on Wordpress ‘wp-register.php’, Adrian P, 2007/09/22
Procedure for publishing a new vulnerability?, vinod sharma, 2007/09/21
- RE: Procedure for publishing a new vulnerability?, William J. Mills, 2007/09/26
[Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities, iDefense Labs, 2007/09/21
EEYE: Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops, eEye Advisories, 2007/09/21
[Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability, iDefense Labs, 2007/09/21
greensql firewall permanent xss, laurent . gaffie, 2007/09/21
[Full-disclosure] DEFCON London DC4420 meet - Monday 24th September, Major Malfunction, 2007/09/21
[CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities, Williams, James K, 2007/09/21
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability, iDefense Labs, 2007/09/21
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities, iDefense Labs, 2007/09/21
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability, iDefense Labs, 2007/09/21
[Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities, iDefense Labs, 2007/09/21
DDIVRT-2007-04 NetSupport Manager Authentication Bypass, VulnerabilityResearch, 2007/09/21
[ISR] - Barracuda Spam Firewall. Cross-Site Scripting, ISR-noreply, 2007/09/21
TSLSA-2007-0028 - multi, Trustix Security Advisor, 2007/09/21
[Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature, Aditya K Sood, 2007/09/21
- Re: [Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature, J. Oquendo, 2007/09/21
Neuron News 1.0 Local file inclusion (index.php), h3llcode, 2007/09/21
[Full-disclosure] ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage, zdi-disclosures, 2007/09/21
List all the comment + entry belong to the Yahoo 360 public blog and more..., vnn95, 2007/09/21
ToorCon Final Lineup Announcement, David Hulton, 2007/09/21
Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu, Colin Alston, 2007/09/21
- Re: [Full-disclosure] [irc-security] Multiple vulnerabilities in ircu, Tom Laermans, 2007/09/21
Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele, 2007/09/21
- Re: [Full-disclosure] 0day: PDF pwns Windows, Gadi Evron, 2007/09/21
- Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin, 2007/09/21
  - RE: [Full-disclosure] 0day: PDF pwns Windows, Michael Bitow, 2007/09/21
- RE: [Full-disclosure] 0day: PDF pwns Windows, Jeff Wells (jmwells), 2007/09/21
- Re: [Full-disclosure] 0day: PDF pwns Windows, Rohit Srivastwa, 2007/09/21
  - Re: [Full-disclosure] 0day: PDF pwns Windows, pdp (architect), 2007/09/21
- Re: [Full-disclosure] 0day: PDF pwns Windows, Glenn.Everhart, 2007/09/25
- Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele, 2007/09/25
[Full-disclosure] [USN-516-1] xfsdump vulnerability, Kees Cook, 2007/09/20
[Full-disclosure] [ GLSA 200709-14 ] ClamAV: Multiple vulnerabilities, Pierre-Yves Rofes, 2007/09/20
[ MDKSA-2007:186 ] - Updated openoffice.org packages fix TIFF parser vulnerability, security, 2007/09/20
[Full-disclosure] rPSA-2007-0194-1 kdebase, rPath Update Announcements, 2007/09/20
[Full-disclosure] [ GLSA 200709-13 ] rsync: Two buffer overflows, Raphael Marichez, 2007/09/20
Vigile CMS v1.8 Multiple Remote XSS Vulnerability, x0kster, 2007/09/20
PHP-Nuke add admin ALL Versions, h3llcode, 2007/09/20
- Re: PHP-Nuke add admin ALL Versions, Blaine Elzey, 2007/09/22
- Re: PHP-Nuke add admin ALL Versions, n0de, 2007/09/21
- Re: Re: PHP-Nuke add admin ALL Versions, h3llcode, 2007/09/21
WebED-0.8999 Multiple Remote File Inclusion Vulnerability, h3llcode, 2007/09/20
PhpBB Xs 2 profile.php Permanent Xss Vulnerability, h3llcode, 2007/09/20
WebBatch Applications Cross Site Scripting Vulrnability, DoZ, 2007/09/20
SimplePHPBlog Hacking, webmaster666, 2007/09/20
- Re: SimplePHPBlog Hacking, luca . carettoni, 2007/09/21
[security bulletin] HPSBUX02249 SSRT071442 rev.2 - HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert, 2007/09/20
[security bulletin] HPSBUX02251 SSRT071449 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert, 2007/09/20
[Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM, Aditya K Sood, 2007/09/20
0day: PDF pwns Windows, pdp (architect), 2007/09/20
- Re: 0day: PDF pwns Windows, Gadi Evron, 2007/09/20
  - Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, coderman, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Steven Adair, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Wayne D. Hoxsie Jr., 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, bugtraq, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Casper . Dik, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan, 2007/09/23
    - Re: 0day: PDF pwns Windows, Chad Perrin, 2007/09/24
    - Re: 0day: PDF pwns Windows, Crispin Cowan, 2007/09/24
    - Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo, 2007/09/25
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Lamont Granquist, 2007/09/25
    - Re: 0day: PDF pwns Windows, Roland Kuhn, 2007/09/25
    - RE: 0day: PDF pwns Windows, Thor (Hammer of God), 2007/09/25
    - defining 0day, Gadi Evron, 2007/09/25
    - Re: defining 0day, Brian Loe, 2007/09/25
    - Re: [Full-disclosure] defining 0day, Gadi Evron, 2007/09/25
    - Re: defining 0day, Brian Loe, 2007/09/25
    - Re: defining 0day, Adrian Griffis, 2007/09/25
    - Re: defining 0day, Brian Loe, 2007/09/25
    - Re: defining 0day, Andrew Weaver, 2007/09/25
    - RE: defining 0day, David Gillett, 2007/09/25
    - Re: defining 0day, Charles Miller, 2007/09/25
    - Re: defining 0day, Gadi Evron, 2007/09/25
    - Re: [Full-disclosure] defining 0day, Zow, 2007/09/27
    - Re: defining 0day, Chad Perrin, 2007/09/27
    - RE: defining 0day, Marvin Simkin, 2007/09/28
    - Re: defining 0day, Chad Perrin, 2007/09/28
    - [Full-disclosure] defining 0day, Gadi Evron, 2007/09/25
    - Re: [Full-disclosure] defining 0day, Juergen Marester, 2007/09/25
    - Re: [Full-disclosure] defining 0day, Juergen Marester, 2007/09/25
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Lawrence Paul MacIntyre, 2007/09/25
    - Re: 0day: PDF pwns Windows, Steve Shockley, 2007/09/25
    - Re: 0day: PDF pwns Windows, Iggy E, 2007/09/25
- Re: [Full-disclosure] 0day: PDF pwns Windows, Aditya K Sood, 2007/09/20
  - Re: 0day: PDF pwns Windows, pdp (architect), 2007/09/20
    - Re: [Full-disclosure] 0day: PDF pwns Windows, Antivirus Taneja, 2007/09/21
    - Re: [Full-disclosure] 0day: PDF pwns Windows, pdp (architect), 2007/09/21
- Re: [Full-disclosure] 0day: PDF pwns Windows, Thierry Zoller, 2007/09/21
  - Re: [Full-disclosure] 0day: PDF pwns Windows, Kevin Finisterre (lists), 2007/09/21
  - Re: [Full-disclosure] 0day: PDF pwns Windows, Aaron Collins, 2007/09/21
- Re: Re: 0day: PDF pwns Windows, rmk115, 2007/09/21
- Re: Re: 0day: PDF pwns Windows, johanfunsale, 2007/09/24
  - Re: Re: 0day: PDF pwns Windows, Lamont Granquist, 2007/09/24
Security Advisory for Bugzilla 3.0.1 and 3.1.1, mkanat, 2007/09/20
- Re: Security Advisory for Bugzilla 3.0.1 and 3.1.1, tkevans, 2007/09/20
[Full-disclosure] VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player, VMware Security team, 2007/09/20
Update? Question on BID 19000, Michael Scheidell, 2007/09/19
[Full-disclosure] [ GLSA 200709-12 ] Poppler: Two buffer overflow vulnerabilities, Raphael Marichez, 2007/09/19
Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), Panda Security Response, 2007/09/19
- Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), 3APA3A, 2007/09/21
- Re: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again), Panda Security Response, 2007/09/24
rPSA-2007-0193-1 gdm, rPath Update Announcements, 2007/09/19
[USN-515-1] t1lib vulnerability, Kees Cook, 2007/09/19
- Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, 3APA3A, 2007/09/21
  - Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, Ismail Dönmez, 2007/09/21
  - Re: [Full-disclosure] [USN-515-1] t1lib vulnerability, Kees Cook, 2007/09/21
PHPBBPLUS 1.5.3 RFI BUG, Mehrad1989, 2007/09/19
WBR3404TX Broadband Router XSS, azizov, 2007/09/19
[security bulletin] HPSBUX02259 SSRT071439 rev.1 - HP-UX Running logins(1M), Remote Unauthorized Access, security-alert, 2007/09/19
[Full-disclosure] Multiple vulnerabilities in the gMotor2 engine, Luigi Auriemma, 2007/09/19
file upload vulnerability in joomla media component, vinodsharma . mmit, 2007/09/19
- Re: file upload vulnerability in joomla media component, Gavin Hanover, 2007/09/19
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval, come2waraxe, 2007/09/19
[security bulletin] HPSBST02260 SSRT071471 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054, security-alert, 2007/09/19
Re: eyeOS checksum prediction, jose, 2007/09/19
[Full-disclosure] rPSA-2007-0190-1 kdebase, rPath Update Announcements, 2007/09/19
[Full-disclosure] rPSA-2007-0189-1 openoffice.org, rPath Update Announcements, 2007/09/19
[Full-disclosure] FLEA-2007-0056-1 openoffice.org, Foresight Linux Essential Announcement Service, 2007/09/19
[Full-disclosure] [USN-514-1] X.org vulnerability, Kees Cook, 2007/09/18
[Full-disclosure] [ GLSA 200709-11 ] GDM: Local Denial of Service, Raphael Marichez, 2007/09/18
[Full-disclosure] [ GLSA 200709-10 ] PhpWiki: Authentication bypass, Raphael Marichez, 2007/09/18
A little advisory content correction., j00ru . vx, 2007/09/18
[Full-disclosure] [USN-513-1] Qt vulnerability, Kees Cook, 2007/09/18
Uninformed Journal Release Announcement: Volume 8, Uninformed Staff, 2007/09/18
[Full-disclosure] TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability, TSRT, 2007/09/18
WifiZoo v1.1, Hernan Ochoa, 2007/09/18
Plague in (security) software drivers & BSDOhook utility, Matousec - Transparent security Research, 2007/09/18
security notice: Backdooring Windows Media Files, pdp (architect), 2007/09/18
- Re: [Full-disclosure] security notice: Backdooring Windows Media Files, jf, 2007/09/18
- RE: security notice: Backdooring Windows Media Files, Memisyazici, Aras, 2007/09/18
  - Re: [Full-disclosure] security notice: Backdooring Windows Media Files, pdp (architect), 2007/09/18
    - RE: security notice: Backdooring Windows Media Files, Memisyazici, Aras, 2007/09/18
    - Re: [Full-disclosure] security notice: Backdooring Windows Media Files, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 2007/09/18
    - Re: [Full-disclosure] security notice: Backdooring Windows Media Files, Rahul Mohandas, 2007/09/19
    - Re: [Full-disclosure] security notice: Backdooring Windows Media Files, pdp (architect), 2007/09/19
[ MDKSA-2007:185 ] - Updated avahi packages fix vulnerability, security, 2007/09/18
[security bulletin] HPSBUX02153 SSRT061181 rev.6 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 2007/09/18
XSS on Obedit v3.03, fuxxx0rz, 2007/09/18
GCALDaemon Remote DoS, luca . carettoni, 2007/09/18
[ MDKSA-2007:184 ] - Updated cacti packages fix vulnerability, security, 2007/09/18
b1gmail Cross Site Scripting, malibu . r, 2007/09/17
rPSA-2007-0188-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements, 2007/09/17
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion, L4teral, 2007/09/17
[Full-disclosure] iDefense Security Advisory 09.17.07: Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities, iDefense Labs, 2007/09/17
[Full-disclosure] FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass, Foresight Linux Essential Announcement Service, 2007/09/17
[Full-disclosure] FLEA-2007-0054-1 lighttpd, Foresight Linux Essential Announcement Service, 2007/09/17
SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure, research, 2007/09/17
TSLSA-2007-0026 - multi, Trustix Security Advisor, 2007/09/17
Alcatel-Lucent OmniPCX Remote Command Execution, RedTeam Pentesting GmbH, 2007/09/17
Media Player Classic Denial of Service, yeikos, 2007/09/17
WinImage 8.10 vulnerabilities, j00ru . vx, 2007/09/17
[Full-disclosure] IE (Internet Explorer) pwns SecondLife, pdp (architect), 2007/09/17
[Full-disclosure] Patch for idle scan in Microsoft windows based systems, Joel Jose, 2007/09/16
- Re: [Full-disclosure] Patch for idle scan in Microsoft windows based systems, Slythers Bro, 2007/09/16
[Full-disclosure] [ GLSA 200709-09 ] GNU Tar: Directory traversal vulnerability, Raphael Marichez, 2007/09/15
Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities, Seth Fogie, 2007/09/15
rPSA-2007-0187-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 2007/09/15
[Full-disclosure] [ GLSA 200709-08 ] id3lib: Insecure temporary file creation, Matthias Geerdsen, 2007/09/15
[Full-disclosure] [ GLSA 200709-07 ] Eggdrop: Buffer overflow, Matthias Geerdsen, 2007/09/15
[Full-disclosure] [USN-512-1] Quagga vulnerability, Kees Cook, 2007/09/15
[Full-disclosure] [ GLSA 200709-06 ] flac123: Buffer overflow, Raphael Marichez, 2007/09/14
[Full-disclosure] [ GLSA 200709-05 ] RealPlayer: Buffer overflow, Raphael Marichez, 2007/09/14
rPSA-2007-0184-1 samba samba-swat, rPath Update Announcements, 2007/09/14
Gelato SQL Injection exploit, s0cratex, 2007/09/14
AIM Local File Display in Notification Window, shell, 2007/09/14
[security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation, security-alert, 2007/09/14
new XSS vulnerability in php-stats -tracking.php, root, 2007/09/14
[ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability, security, 2007/09/14
Boa (with Intersil Extensions) - HTTP Basic Authentication Bypass, luca . carettoni, 2007/09/14
[Full-disclosure] [GOODFELLAS-VULN] FileFind class from MFC Library cause heap overflow, GOODFELLAS SRT, 2007/09/14
[Full-disclosure] [GOODFELLAS-VULN] ActiveX hpqutil!ListFiles hpqutil.dll - Remote heap overflow, GOODFELLAS SRT, 2007/09/14
[Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl, rPath Update Announcements, 2007/09/14
[Full-disclosure] rPSA-2007-0183-1 lighttpd, rPath Update Announcements, 2007/09/14
[ MDKSA-2007:182 ] - Updated quagga packages fix vulnerability and bugs, security, 2007/09/13
[Full-disclosure] [ GLSA 200709-04 ] po4a: Insecure temporary file creation, Raphael Marichez, 2007/09/13
[Full-disclosure] [ GLSA 200709-03 ] Streamripper: Buffer overflow, Raphael Marichez, 2007/09/13
[ GLSA 200709-02 ] KVIrc: Remote arbitrary code execution, Raphael Marichez, 2007/09/13
WinSCP < 4.04 url protocol handler flaw, Kender . Security, 2007/09/13
NDSS 2008 CfP Papers Due September 21, Crispin Cowan, 2007/09/13
[ MDKSA-2007:180 ] - Updated id3lib packages fix vulnerability, security, 2007/09/13
[ MDKSA-2007:181 ] - Updated librpcsecgss packages fix vulnerabilities, security, 2007/09/13
[Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 2007/09/13
- Re: Next generation malware: Windows Vista's gadget API, Todd Manning, 2007/09/13
  - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, avivra, 2007/09/14
- RE: Next generation malware: Windows Vista's gadget API, Roger A. Grimes, 2007/09/14
  - RE: Next generation malware: Windows Vista's gadget API, Peter Gutmann, 2007/09/15
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 2007/09/15
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Thierry Zoller, 2007/09/16
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 2007/09/16
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Strykar, 2007/09/17
    - Re: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Peter Gutmann, 2007/09/17
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Roger A. Grimes, 2007/09/17
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Tim Brown, 2007/09/17
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Peter Gutmann, 2007/09/18
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Ed Patterson, 2007/09/18
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API, Eric Chien, 2007/09/17
ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability, zdi-disclosures, 2007/09/12
Apache2 Undefined Charset UTF-7 XSS Vulnerability, cxib, 2007/09/12
AIM Arbitrary HTML Display in Notification Window, shell, 2007/09/12
SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor, research, 2007/09/12
CS Guestbook Admin Name & Md5 Security Vuln, crazy_king, 2007/09/12
Re Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, laurent . gaffie, 2007/09/12
[Full-disclosure] CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities, Code Audit Labs, 2007/09/12
- Re: [Full-disclosure] CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities, Florian Weimer, 2007/09/21
Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information, Integrigy Alerts, 2007/09/12
RSA EnVision Reflected XSS Hole, Stelios Tigkas, 2007/09/12
Boinc Forum Cross Site Scripting Vulrnability, DoZ, 2007/09/12
[ MDKSA-2007:179 ] - Updated fetchmail packages fix DoS vulnerability, security, 2007/09/12
[Full-disclosure] 0DAY: QuickTime pwns Firefox, pdp (architect), 2007/09/12
[ MDKSA-2007:178 ] - Updated x11-server packages fix vulnerability, security, 2007/09/12
RE: ScanAlert Security Advisory, Nick Merritt, 2007/09/12
[Full-disclosure] S21SEC-036-EN Ekiga <= 2.0.5 Denial of service, S21sec Labs, 2007/09/12
[Full-disclosure] [ GLSA 200709-01 ] MIT Kerberos 5: Multiple vulnerabilities, Matthias Geerdsen, 2007/09/11
[Full-disclosure] iDefense Security Advisory 09.11.07: Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer Overflow Vulnerability, iDefense Labs, 2007/09/11
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities, Thijs Kinkhorst, 2007/09/11
Assurent VR - Microsoft Agent Crafted URL Stack Buffer Overflow, VR-Subscription-noreply, 2007/09/11
NuclearBB Alpha 2 Remote File Inclusion, b14ck1c3, 2007/09/11
PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, laurent . gaffie, 2007/09/11
- Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, Ronald Chmara, 2007/09/12
- Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass, Ben Wheeler, 2007/09/12
[Full-disclosure] XSS using Atom feed in www.ibm.com, HASEGAWA Yosuke, 2007/09/11
[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default, Gerald (Jerry) Carter, 2007/09/11
[Full-disclosure] RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability, OS2A BTO, 2007/09/11
[Full-disclosure] rPSA-2007-0181-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements, 2007/09/11
ekoparty 3rd edition CFP, ekoparty, 2007/09/10
New Whitepaper : g00gle CrewBots, matteo, 2007/09/10
XSIO - Cross Site Image Overlaying, Sven Vetsch / Disenchant, 2007/09/10
- Re: XSIO - Cross Site Image Overlaying, Tod Beardsley, 2007/09/10
[Aria-Security Team] social-networkin SQL Injection, Advisory, 2007/09/10
Symantec Product Security: Symantec Device Driver Local Elevation of Privilege, secure, 2007/09/10
/* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */, laurent . gaffie, 2007/09/10
PHP <=5.2.4 open_basedir bypass & code exec & denial of service, laurent . gaffie, 2007/09/10
- Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service, azurIt, 2007/09/10
Announcing ShmooCon 08 and the CFP, B Potter, 2007/09/10
Husrev Forums v2.0.1:PoWerBoard Sql, yollubunlar, 2007/09/10
Proxy Anket v3.0.1 Sql injection Vulnerable, yollubunlar, 2007/09/10
phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities, yollubunlar, 2007/09/10
Netjuke 1.0-rc2 - sql injection & XSS, cod3in, 2007/09/08
ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability, zdi-disclosures, 2007/09/08
TxxCMS_Multiple File inclusion Vulnerabilies, nnc, 2007/09/08
[Full-disclosure] IMF 2007 - 2nd Call for Participation, Oliver Goebel, 2007/09/08
[Full-disclosure] ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability, zdi-disclosures, 2007/09/07
hack.lu 2007 18-20 October, Luxembourg, info, 2007/09/07
[ MDKSA-2007:174-1 ] - Updated krb5 packages fix vulnerabilities, security, 2007/09/07
Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc, retrog, 2007/09/07
[Full-disclosure] [USN-511-2] Kerberos vulnerability, Kees Cook, 2007/09/07
Safari 3.0.3 (522.15.5) Buffer overflow, azizov, 2007/09/07
[ MDKSA-2007:177 ] - Updated MySQL packages fix vulnerabilities, security, 2007/09/07
Buffalo AirStation WHR-G54S CSRF vulnerability, Henri Lindberg - Smilehouse Oy, 2007/09/07
- Re: Buffalo AirStation WHR-G54S CSRF vulnerability, Adrian P, 2007/09/07
[Full-disclosure] FLEA-2007-0053-1 fetchmail, Foresight Linux Essential Announcement Service, 2007/09/07
[Full-disclosure] FLEA-2007-0051-1 star, Foresight Linux Essential Announcement Service, 2007/09/07
[Full-disclosure] FLEA-2007-0052-1 gd, Foresight Linux Essential Announcement Service, 2007/09/07
[Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation, Foresight Linux Essential Announcement Service, 2007/09/06
- [Full-disclosure] FLEA-2007-0050-1 krb5 krb5-workstation, Foresight Linux Essential Announcement Service, 2007/09/07
[ MDKSA-2007:176 ] - Updated kdebase and kdelibs packages fix location bar spoofing issues, security, 2007/09/06
[HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal, Gynvael Coldwind, 2007/09/06
[ MDKSA-2007:174 ] - Updated krb5 packages fix vulnerabilities, security, 2007/09/06
iTunes 7.3.x - Heap overflow in album cover parsing, David Thiel, 2007/09/06
[ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow, security, 2007/09/06
[Full-disclosure] rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 2007/09/06
PHP <= 5.2.4 multiple Iconv functions denial of service, laurent . gaffie, 2007/09/06
[HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities, Gynvael Coldwind, 2007/09/06
[HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal, Gynvael Coldwind, 2007/09/06
Sophos Anti-Virus 6.5.4 Vulnerability, disclosure, 2007/09/06
[Full-disclosure] Apache Tomcat remote xss, handrix cobra, 2007/09/06
updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer, Tom Yu, 2007/09/05
rPSA-2007-0177-1 kdebase kdelibs, rPath Update Announcements, 2007/09/05
rPSA-2007-0178-1 fetchmail, rPath Update Announcements, 2007/09/05
[Full-disclosure] Format string and clients disconnection in Alien Arena 2007 6.10, Luigi Auriemma, 2007/09/05
PHP <=5.2.4 iconv_substr() denial of service, laurent . gaffie, 2007/09/05
PHP < 5.2.3 fnmatch() denial of service, laurent . gaffie, 2007/09/05
PHP < 5.2.4 setlocale() denial of service, laurent . gaffie, 2007/09/05
PHP < 5.2.3 glob() denial of service, laurent . gaffie, 2007/09/05
- Re: PHP < 5.2.3 glob() denial of service, Jonathan Yu, 2007/09/06
Cisco Security Advisory: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities, Cisco Systems Product Security Incident Response Team, 2007/09/05
[ MDKSA-2007:173 ] - Updated tar packages fix vulnerabilities, security, 2007/09/05
rPSA-2007-0176-1 gd php php-mysql php-pgsql php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements, 2007/09/05
[Full-disclosure] [USN-511-1] Kerberos vulnerability, Kees Cook, 2007/09/04
Digital Armaments 2007 September-October Hacking Challenge: Symbian, info, 2007/09/04
New version of Pass-The-Hash Toolkit v1.1, Hernan Ochoa, 2007/09/04
Tutorial on Fuzzled, Tim Brown, 2007/09/04
MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer, Tom Yu, 2007/09/04
Re: Built2Go_PHP_Link_Portal_v1.79 >> RFI, scoutt_42, 2007/09/04
[security bulletin] HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 2007/09/04
Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability, tusharvartak, 2007/09/04
- Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability, Mark Thomas, 2007/09/05
Wireshark DNP3 Dissector Infinite Loop Vulnerability, Aviram Jenik, 2007/09/04
212cafeBoard Sql injection, Lopez Bran, 2007/09/04
[security bulletin] HPSBUX02156 SSRT061236 rev.3 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 2007/09/04
Marshal MailMarshal TAR Unpacking Vulnerability, S. Vandersee, 2007/09/04
DeepSec IDSC 2007 Vienna Registration Now Open, Paul Böhm, 2007/09/03
Multiple vulnerabilities in Joomla 1.5 RC 1, Omid, 2007/09/03
- Re: Multiple vulnerabilities in Joomla 1.5 RC 1, admin, 2007/09/04
Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll (v.1) remote arbitrary registry key manipulation, retrog, 2007/09/03
Re: MkPortal "All Guests are Admin" Exploit, nospam, 2007/09/03
Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Sergio Alvarez, 2007/09/03
- Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Jan Münther, 2007/09/03
  - Re: [Full-disclosure] [Sec] Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, Thierry Zoller, 2007/09/03
SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion, home_edition2001, 2007/09/01
Re: ePersonnel_RC_2004 Remote File Bug, the . tiger100, 2007/09/01
[Paper] The Anatomy of Third Party Pop Up Attacks., Aditya K Sood, 2007/09/01
[ MDKSA-2007:172 ] - Updated clamav packages vulnerabilities, security, 2007/09/01
Toms Gstebuch 1.00 - XSS, cod3in, 2007/09/01
- Re: Toms Gstebuch 1.00 - XSS, administrator, 2007/09/07
- Re: Re: Toms Gstebuch 1.00 - XSS, hd1979, 2007/09/08
- Re: Re: Re: Toms Gstebuch 1.00 - XSS, administrator, 2007/09/19
Olate Download 3.4.2~uploads folder ~ directory traversal, imei Addmimistrator, 2007/09/01
Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files, imei Addmimistrator, 2007/09/01
- Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files, lcat, 2007/09/05
Re: Sony: The Return Of The Rootkit, Jason Brooke, 2007/09/01
- Re: Sony: The Return Of The Rootkit, Paul Sebastian Ziegler, 2007/09/01
  - Re: Sony: The Return Of The Rootkit, Tyler Reguly, 2007/09/01
  - Re: Sony: The Return Of The Rootkit, John Hammond, 2007/09/01
- Re: Sony: The Return Of The Rootkit, Chad Perrin, 2007/09/01
- Re: Sony: The Return Of The Rootkit, Juha-Matti Laurio, 2007/09/01
[Full-disclosure] WHITE PAPER: For my next trick… hacking Web2.0, pdp (architect), 2007/09/01