Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

November 30, 2007

Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer", Jacob Appelbaum, 20:02
QEMU code_gen_buffer overflow POC, TeLeMan, 18:40
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method, research, 14:09
27Mhz based wireless security insecurities - Aka - "We know what you typed last summer", Max Moser, 14:09
Re: Aria-Security.net: CoolShot E-Lite POS 1.0, coolshot, 13:48
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script, research, 13:37
PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script, research, 13:26
SCARE metrics and tool release, Pete Herzog, 13:26
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, 3APA3A, 13:16
DOS in Realplayer 11 ActiveX on Win Vista and Win XP SP2, thesinoda, 13:16
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Matthew Leeds, 13:05
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Vincent Archer, 12:54
[ MDKSA-2007:224-3 ] - Updated samba packages fix regressions, security, 12:43
[Full-disclosure] rPSA-2007-0254-1 idle python, rPath Update Announcements, 11:51

November 29, 2007

Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Steve Shockley, 19:56
AST-2007-025 - SQL Injection issue in res_config_pgsql, Asterisk Security Team, 19:35
[Full-disclosure] [USN-549-1] PHP vulnerabilities, Kees Cook, 19:13
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Valdis . Kletnieks, 19:13
AST-2007-026 - SQL Injection issue in cdr_pgsql, Asterisk Security Team, 19:02
[Full-disclosure] ERRATA: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service, Pierre-Yves Rofes, 18:30
FreeBSD Security Advisory FreeBSD-SA-07:09.random, FreeBSD Security Advisories, 15:23
FreeBSD Security Advisory FreeBSD-SA-07:10.gtar, FreeBSD Security Advisories, 14:11
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability, 3APA3A, 13:50
APC Management Vulnerability, garys, 13:39
Digital Armaments November-December Hacking Challenge: Diffuse Client Application (10.000$ extra), info, 13:28
[security bulletin] HPSBUX02292 SSRT071499 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code, security-alert, 12:56
[security bulletin] HPSBMA02283 SSRT071319 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS), security-alert, 12:56
[Full-disclosure] IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS, IRM Research, 09:07

November 28, 2007

[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities, security, 20:48
[USN-548-1] Pidgin vulnerability, Kees Cook, 20:27
rPSA-2007-0252-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 19:55
Re: Gekko <=0.8.2 (temp directory) Path Disclosure, J. Carlos Nieto, 19:55
[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities, security, 19:44
Some Data of POC2007, poc2007, 17:50
[ MDKSA-2007:232 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 17:29
SYM07-029 Symantec BEWS Multiple DoS in Job Engine, Secure, 15:14
Gekko <=0.8.2 (temp directory) Path Disclosure, sys-project, 14:01
RE: Win2K3 Priv Escalation, Thor (Hammer of God), 13:51
Re: Win2K3 Priv Escalation, Justin@ESC, 13:29
RE: Win2K3 Priv Escalation, Matt Ausmus, 12:47
Secunia Research: Symantec Backup Exec Job Engine Denial of Service, Secunia Research, 12:47
Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Rajesh Sethumadhavan, 12:37
Re: Win2K3 Priv Escalation, Jan Münther, 12:26
Re: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Expos, cocoruder., 00:15

November 27, 2007

Win2K3 Priv Escalation, justin, 22:52
PHPkit 1.6.1 (include.php?path=) Remote File Inclusion, sys-project, 18:34
PHPSlideShow XSS Update, morin . josh, 18:12
Liferay Enterprise Portal multiple XSS, morin . josh, 18:02
CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor, Core Security Technologies Advisories, 17:40
Re: Creating Backdoors in Cisco IOS using Tcl, michael, 17:19
Eurologon CMS Db credentials disclosure / files download, kingoftheworld92, 15:45
Eurologon CMS Multiple SQL Injection, kingoftheworld92, 15:34
Ruby/Gnome2 0.16.0 Format String Vulnerability, chris . rohlf, 13:58
[security bulletin] HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert, 13:47
OWASP Israel Conference 2007, Dec 3rd 2007, Ofer Shezaf, 13:37
National Computer and Information Security Conferences ACIS 2008 - COLOMBIA, Jeimy Cano, 13:16
Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl, Nicolas FISCHBACH, 12:23
[Full-disclosure] Announce: RFIDIOt release RFIDIOt-0.1r, November 2007, Adam Laurie, 10:28
[Full-disclosure] Creating Backdoors in Cisco IOS using Tcl, IRM Research, 07:23

November 26, 2007

[Full-disclosure] [USN-547-1] PCRE vulnerabilities, Kees Cook, 23:30
[Full-disclosure] [USN-546-1] Firefox vulnerabilities, Kees Cook, 22:38
[Full-disclosure] [USN-545-1] link-grammar vulnerability, Kees Cook, 21:56
CONFidence 2008 CfP, andrzej . targosz, 19:52
FIGIS (FILogin.do) Bypass SQL Injection Vulnerability, sys-project, 19:00
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure, kingoftheworld92, 18:49
ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability, zdi-disclosures, 18:49
JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability, sys-project, 18:49
Directory Traversal in SafeNet Sentinel Protection Server and Keys Server, Elliot Kendall, 18:07
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure, kingoftheworld92, 17:46
SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability, sys-project, 16:42
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection, kingoftheworld92, 15:59
DeluxeBB E-Mail Address Change Security Bypass, bugtraq, 15:59
2007-06 Sentinel Protection Server Directory Traversal, VulnerabilityResearch, 15:16
GWExtranet Script Injections & Privilege Escalation Vulnerability, DoZ, 14:55
Citrix NetScaler Web Management Cookie Weakness, nnposter, 14:44
FMDeluxe (index.php) Cross-Site Scripting Vulnerability, sys-project, 14:44
two bytehoard 2.1 bugs, Ernesto Alvarez, 14:33
Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection, sys-project, 14:11
PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability, sys-project, 14:01
Skype DoS, mail, 13:50
PHP 5.2.4 mail.force_extra_parameters unsecure, cxib, 13:39
HPSBST02291 SSRT071498 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062, security-alert, 13:28
Aria-Security.Net: Gouae DWD Realty SQL Injection, noreply, 13:17
company puts a new spin on infosec services, im obfuscated, 05:30

November 25, 2007

[Full-disclosure] [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities, Pierre-Yves Rofes, 19:24
[Full-disclosure] [ GLSA 200711-33 ] nss_ldap: Information disclosure, Pierre-Yves Rofes, 18:42

November 24, 2007

NetAuctionHelp Classified Ads v1.0 SQL Injection, no-reply, 19:47
Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection, no-reply, 19:47
vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable, cybermilitan, 18:46
Amber Script 1.0 (show_content.php id) Local File Inclusion Vulnerability, cybermilitan, 18:46
[ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check, ISecAuditors Security Advisories, 13:08
PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution, kingoftheworld92, 12:57
Re: Aria-Security.net: NetAuctionHelp SQL Injection, support, 12:57
Aria-Security.net: CoolShot E-Lite POS 1.0, no-reply, 12:47
Bitcomet Resource Browser v1.1 XSS, jplopezy, 12:36

November 23, 2007

[ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities, security, 19:42
Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, gynvael, 18:39
Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, emacs25, 17:06
Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability, cybermilitan, 16:55
Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, sdfkjsomcoismwevoiweo, 16:34
Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, gynvael, 15:11
Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, j00ru . vx, 14:50
Re: MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .., BlackHawk, 13:06
[0day Remote Command Execution] VigileCMS <= 1.8 Stealth, wegotyourbox, 13:06
Aria-Security.net: Irola My-Time v3.5 SQL Injection, no-reply, 12:45
Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, emacs25, 12:45

November 22, 2007

Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, gg_vuln, 19:39
[ MDKSA-2007:231 ] - Updated cacti packages fix SQL injection vulnerability, security, 18:05
Gadu-Gadu Local/Remote Buffer Overflow vulnerability, j00ru . vx, 17:54
[Full-disclosure] Using CSRF to Attack Mobile Phones, avivra, 17:44
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability, DoZ, 17:13
VigileCMS <= 1.8 Stealth Remote Command Execution Exploit, bugtraq, 16:41
MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .., security, 14:06
Re: Simple Machines Forum multiple sql injection flaws with exploit code., root, 13:35
[Argeniss] Data0: Next generation malware for stealing databases (Paper), Cesar, 13:14
Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de), zero-x, 13:03
GetBlog local File inclusion .., security, 12:52
[ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities, erdc, 12:52
Aria-Security.net: NetAuctionHelp SQL Injection, no-reply, 12:42
Wheatblog (wB) Remote File inclusion .., security, 12:42
[ MDKSA-2007:224-1 ] - Updated samba packages fix vulnerabilities, security, 12:31

November 21, 2007

SkyPortal vRC6 Multiple Remote Vulnerabilities, bugtraq, 20:17
Ucms <= 1.8 Backdoor Remote Command Execution Exploit, bugtraq, 19:56
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities, bugtraq, 19:45
[SECURITY] [DSA 1408-1] New kdegraphics packages fix arbitrary code execution, Moritz Muehlenhoff, 18:12
GWextranet Multiple Vulnerabilites, Joseph . giron13, 17:41
E-vanced Solutions Multiple Vulnerabilites, Joseph . giron13, 17:30
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC], Gadi Evron, 14:44
rPSA-2007-0245-1 kernel, rPath Update Announcements, 13:51
Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection, no-reply, 13:40
[ MDKSA-2007:230 ] - Updated tetex packages fix vulnerabilities, security, 13:30
[Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection, no-reply, 13:19
rPSA-2007-0245-2 kernel, rPath Update Announcements, 13:19
Re: Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN, Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH, 12:47
[Full-disclosure] rPSA-2007-0243-1 flac, rPath Update Announcements, 12:37
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC], Paul Schmehl, 12:26
[Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC], XSS Worm XSS Security Information Portal, 07:17

November 20, 2007

[ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities, security, 20:50
Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS), Adrian P, 19:47
[Full-disclosure] [ GLSA 200711-32 ] Feynmf: Insecure temporary file creation, Pierre-Yves Rofes, 19:04
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Kapetanakis Giannis, 18:54
[Full-disclosure] [ GLSA 200711-31 ] Net-SNMP: Denial of Service, Pierre-Yves Rofes, 18:43
[Full-disclosure] [ GLSA 200711-30 ] PCRE: Multiple vulnerabilities, Pierre-Yves Rofes, 18:21
[Full-disclosure] [ GLSA 200711-29 ] Samba: Execution of arbitrary code, Pierre-Yves Rofes, 17:59
EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow, eEye Advisories, 15:54
[ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities, security, 13:16
[security bulletin] HPSBUX02289 SSRT071461 rev.1 - HP-UX Running BIND 8, Remote DNS Cache Poisoning, security-alert, 13:05
[ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities, security, 13:05
Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN, joel, 12:54
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Nils Toedtmann, 12:54

November 19, 2007

[ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 20:45
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Graeme Fowler, 20:23
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Michal Zalewski, 20:23
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Kapetanakis Giannis, 19:51
rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements, 18:28
Alcatel OmniPCX Enterprise VoIP Vulnerability, daniel . stirnimann, 17:47
[Full-disclosure] [ GLSA 200711-28 ] Perl: Buffer overflow, Pierre-Yves Rofes, 17:46
Certificate spoofing issue with Mozilla, Konqueror, Safari 2, Nils Toedtmann, 16:54
Wordpress Cookie Authentication Vulnerability, Steven J. Murdoch, 16:44
Citrix NetScaler Web Management XSS, nnposter, 16:33
Re: IceBB 1.0rc6 <= Remote SQL Injection, aeroxteam-nospam, 16:22
[Aria-Secutiy Net] Click&BaneX SQL Injection, no-reply, 16:12
Belkin Wireless G Router DoS, r00t, 15:51
IceBB 1.0rc6 <= Remote SQL Injection, aeroxteam-nospam, 15:19
[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability, security, 14:58
VigileCMS 1.4 Multiple Remote Vulnerabilities, info, 14:36
[ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability, erdc, 12:49

November 18, 2007

[Full-disclosure] [ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 19:39
[Full-disclosure] [ GLSA 200711-26 ] teTeX: Multiple vulnerabilities, Pierre-Yves Rofes, 18:58
[Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service, Pierre-Yves Rofes, 18:27
[Full-disclosure] [ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities, Pierre-Yves Rofes, 18:06
[Full-disclosure] [ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities, Pierre-Yves Rofes, 17:45
[Full-disclosure] [ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 17:24
[Full-disclosure] Crash in LIVE555 Media Server 2007.11.01, Luigi Auriemma, 15:52
[Full-disclosure] Vulnerability Hash Database - Maillist, Sowhat, 02:52

November 17, 2007

Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, jf, 21:35
Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, Juha-Matti Laurio, 20:33
[Full-disclosure] [ GLSA 200711-21 ] Bochs: Multiple vulnerabilities, Pierre-Yves Rofes, 20:33
[ MDKSA-2007:224 ] - Updated samba packages fix vulnerabilities, security, 18:40
[ MDKSA-2007:223 ] - Updated pdftohtml packages fix vulnerabilities, security, 17:28
[ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities, security, 16:57
Sciurus Hosting Panel Code İnjection, admin, 15:42
security contact for mitsubishi electric?, Chris Withers, 13:39
Myspace Clone Script (index.php) Remote File Inclusion Vulnerability, verys-secret, 13:17
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability, verys-secret, 13:17
net-finity (links.php) Remote SQL Injection Vulnerability, verys-secret, 13:06
RE: Standing Up Against German Laws - Project HayNeedle, Quark IT - Hilton Travis, 12:56
[Full-disclosure] rPSA-2007-0241-1 samba samba-swat, rPath Update Announcements, 12:45
Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, CaseArmour.net Security Administrator, 12:45
JiRos Upload Manager SQL Injection, no-reply, 12:44
[Full-disclosure] [USN-544-2] Samba regression, Jamie Strandboge, 09:19

November 16, 2007

Re: Breaking RSA: Totient indirect factorization, Watson Ladd, 16:30
Re: Breaking RSA: Totient indirect factorization, Erick Galinkin, 16:30
Javamail login username and password same email problem, thetaung, 16:09
Re: [Full-disclosure] Some hashes for the record, Open Phugu, 13:01
[ MDKSA-2007:221 ] - Updated kdegraphics packages fix vulnerabilities in kpdf, security, 12:39
[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability, RISE Security, 12:28
[Full-disclosure] AhnLab AntiVirus Remote Kernel Memory Corruption, Sowhat, 11:45
[Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, cocoruder, 08:08
Re: Breaking RSA: Totient indirect factorization, gandlf, 00:16
[ MDKSA-2007:220 ] - Updated gpdf packages fix vulnerabilities, security, 00:05

November 15, 2007

[Full-disclosure] [USN-544-1] Samba vulnerabilities, Jamie Strandboge, 23:45
Re: [Full-disclosure] Some hashes for the record, Alexander Klimov, 21:41
[USN-543-1] VMWare vulnerabilities, Kees Cook, 19:38
PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter), research, 19:27
PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page, research, 19:06
[USN-542-2] KOffice vulnerabilities, Jamie Strandboge, 18:56
EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications, eEye Advisories, 17:53
[ MDKSA-2007:219 ] - Updated xpdf packages fix vulnerabilities, security, 17:42
[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability, Tobias Klein, 16:27
Aida-Web Information Exposure, MC Iglo, 16:06
Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges, Nick Boyce, 14:53
Re: Breaking RSA: Totient indirect factorization, Clifton Royston, 14:43
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability, Secunia Research, 13:40
[SAMBA] CVE-2007-5398 - Remote Code Execution in Samba's nmbd, Gerald (Jerry) Carter, 13:29
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd, Gerald (Jerry) Carter, 13:19
[security bulletin] HPSBUX02284 SSRT071483 rev.2 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access, security-alert, 13:08
Re: Breaking RSA: Totient indirect factorization, Alexander Klimov, 12:47

November 14, 2007

[Full-disclosure] Some hashes for the record, shadown, 21:27
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, sysman, 20:35
[Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability, iDefense Labs, 20:35
[Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability, iDefense Labs, 20:25
[Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability, iDefense Labs, 20:14
[Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability, iDefense Labs, 20:14
Re: Standing Up Against German Laws - Project HayNeedle, Frank Guthausen, 20:03
Breaking RSA: Totient indirect factorization, gandlf, 19:11
[Full-disclosure] [ GLSA 200711-20 ] Pioneers: Denial of Service, Pierre-Yves Rofes, 18:40
[Full-disclosure] [ GLSA 200711-19 ] TikiWiki: Multiple vulnerabilities, Pierre-Yves Rofes, 18:29
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability, DVLabs, 18:29
[Full-disclosure] [ GLSA 200711-18 ] Cpio: Buffer overflow, Pierre-Yves Rofes, 18:18
Re: Standing Up Against German Laws - Project HayNeedle, imipak, 17:57
[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities, Pierre-Yves Rofes, 17:46
Re: Standing Up Against German Laws - Project HayNeedle, Raj Mathur, 16:54
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Sysman, 16:33
[security bulletin] HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS), security-alert, 16:12
[ MDKSA-2007:218 ] - Updated mono packages fix arbitrary code execution vulnerability, security, 14:59
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Florian Streck, 13:56
Konqueror Remote Denial Of Service, laurent . gaffie, 13:45
Re: [Full-disclosure] Oracle 11g/10g Installation Vulnerability, Peter Dawson, 13:35
DocuSafe "Search" SQL Injection, No-Reply, 13:13
Free Forums "search" Sql Injection, No-Reply, 13:02
Aria-Security.Net: MetaCart SQL Injection, No-Reply, 12:41
[Full-disclosure] Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0, IRM Research, 11:37
[Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server, Alla Bezroutchko, 09:44
[Full-disclosure] [USN-542-1] poppler vulnerabilities, Kees Cook, 02:41

November 13, 2007

ExoPHPdesk user profile XSS / profile SQL injection, Joseph . giron13, 20:09
Re: Standing Up Against German Laws - Project HayNeedle, Stefano Zanero, 18:56
[Full-disclosure] [USN-541-1] Emacs vulnerability, Kees Cook, 18:46
Re: Standing Up Against German Laws - Project HayNeedle, Valdis . Kletnieks, 18:14
Re: Standing Up Against German Laws - Project HayNeedle, johan beisser, 18:04
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, johan beisser, 17:53
[ MDKSA-2007:217 ] - Updated libpng packages fix multiple vulnerabilities, security, 17:31
[Full-disclosure] [paper] protocol hopping covert channels, Steffen Wendzel, 17:20
Re: Standing Up Against German Laws - Project HayNeedle, Paul Wouters, 17:20
[USN-540-1] flac vulnerability, Kees Cook, 16:58
[Full-disclosure] iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability, iDefense Labs, 16:58
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Duncan Simpson, 16:37
Re: Standing Up Against German Laws - Project HayNeedle, Florian Echtler, 16:26
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Peter Conrad, 16:15
PHP <= 5.2.5 Gettext Lib Multiple Denial of service, laurent . gaffie, 16:05
[Full-disclosure] Oracle 11g/10g Installation Vulnerability, David Litchfield, 16:04
PHP <= 5.2.5 stream_wrapper_register() denial of service, laurent . gaffie, 15:54
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Timo Schoeler, 15:21
After 6 months - fix available for Microsoft DNS cache poisoning attack, Amit Klein, 15:00
[ MDKSA-2007:216 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 15:00
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Valdis . Kletnieks, 14:06
Re: Bosdev Multiple vulnerabilities, sales, 13:46
ATC-08 Call for papers (repost), atc08, 13:35
[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS, ISecAuditors Security Advisories, 12:42
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Paul Sebastian Ziegler, 10:46
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Sysman, 10:26

November 12, 2007

PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script, research, 20:03
[Full-disclosure] [ GLSA 200711-16 ] CUPS: Memory corruption, Pierre-Yves Rofes, 18:29
[ MDKSA-2007:204-1 ] - Updated cups packages fix vulnerability, security, 18:29
[Full-disclosure] [ GLSA 200711-15 ] FLAC: Buffer overflow, Pierre-Yves Rofes, 18:18
Re: Standing Up Against German Laws - Project HayNeedle, johan beisser, 17:57
[Full-disclosure] [ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities, Pierre-Yves Rofes, 17:47
AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service, L4teral, 17:46
HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges, security-alert, 16:44
RFID: Security Briefings, angelo, 16:33
Re: Standing Up Against German Laws - Project HayNeedle, Matt D. Harris, 16:12
Re: Standing Up Against German Laws - Project HayNeedle, johan beisser, 15:21
Cisco IOS Shellcode, Research, 15:21
[Full-disclosure] iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability, iDefense Labs, 14:38
PeopleAggregatory security advisory - re CVE-2007-5631, phil, 14:16
Aria-Security.Net Research: Rapid Classified HotList Image, Advisory, 14:16
PHP-Nuke Module Advertising Blind SQL Injection, Guns, 14:05
Re: Re: Simple Machine Forum - Private section/posts/info disclosure, rx, 13:44
Oracle 0-day to get SYSDBA access, pete, 13:33
Eggblog v3.1.0 XSS Vulnerability, mesut, 13:22
[48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow, [48bits] vulndev, 13:01
[Full-disclosure] CVE-2007-3694: Cross site scripting (XSS) in broadcast machine, Hanno BÃck, 12:08
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Jan Newger, 11:57
[Full-disclosure] Cisco IOS Shellcode, Research, 06:38
[Full-disclosure] FLEA-2007-0069-1 perl, Foresight Linux Essential Announcement Service, 02:00
[Full-disclosure] FLEA-2007-0064-1 pcre, Foresight Linux Essential Announcement Service, 01:49
[Full-disclosure] FLEA-2007-0068-1 ruby, Foresight Linux Essential Announcement Service, 01:39
[Full-disclosure] FLEA-2007-0067-1 pidgin, Foresight Linux Essential Announcement Service, 01:28
[Full-disclosure] FLEA-2007-0066-1 ImageMagick, Foresight Linux Essential Announcement Service, 01:28
[Full-disclosure] FLEA-2007-0065-1 libpng, Foresight Linux Essential Announcement Service, 01:28

November 11, 2007

[Full-disclosure] Alice - dns spoofer, fabio, 17:14

November 10, 2007

SQL injection bug found in TBSource., drakomo, 16:02
Re: [Full-disclosure] Standing Up Against German Laws - ProjectHayNeedle, nate . mcfeters, 15:09
[Full-disclosure] Standing Up Against German Laws - Project HayNeedle, Paul Sebastian Ziegler, 14:07
[Full-disclosure] FLEA-2007-0063-1 perl, Foresight Linux Essential Announcement Service, 02:39

November 09, 2007

[Full-disclosure] iDefense Security Advisory 11.09.07: IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability, iDefense Labs, 18:44
[Full-disclosure] iDefense Security Advisory 11.09.07: AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities, iDefense Labs, 18:12
Re: Simple Machine Forum - Private section/posts/info disclosure, Jindrich Kubec, 16:47
Re: SiteMinder Agent: Cross Site Scripting, Williams, James K, 14:07
xoops mylinks module - sql injection, root, 14:07
Re: Simple Machine Forum - Private section/posts/info disclosure, klynn . securityfocus, 13:56
[ MDKSA-2007:214 ] - Updated flac packages fix vulnerability, security, 13:25
li-guestbook sql inj, abc . seo, 13:14
Re: Re: SiteMinder Agent: Cross Site Scripting, overet, 13:04
[ MDKSA-2007:215 ] - Updated openldap packages fix vulnerability, security, 12:53
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's, Dragos Ruiu, 12:42

November 08, 2007

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application, The Asterisk Development Team, 20:20
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting, Thijs Kinkhorst, 19:59
[SECURITY] [DSA 1404-1] New gallery2 packages fix privilege escalation, Thijs Kinkhorst, 19:48
[ MDKSA-2007:212 ] - Updated pcre packages fix vulnerability, security, 18:56
[ MDKSA-2007:213 ] - Updated pcre packages fix vulnerability, security, 18:34
Aria-Security.Net Research: Lotfian BROCHURE Management System, Advisory, 18:24
[ MDKSA-2007:211 ] - Updated pcre packages fix vulnerability, security, 18:13
[security bulletin] HPSBUX02285 SSRT071484 rev.1 - HP-UX Running Aries PA Emulator, Local Unauthorized Access, security-alert, 17:19
[Full-disclosure] [ GLSA 200711-13 ] 3proxy: Denial of Service, Pierre-Yves Rofes, 17:09
[Full-disclosure] [ GLSA 200711-12 ] Tomboy: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 16:14
[Full-disclosure] [ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows, Pierre-Yves Rofes, 15:53
Re: SiteMinder Agent: Cross Site Scripting, securityfocus, 13:17
Simple Machine Forum - Private section/posts/info disclosure, h3llcode, 12:55
Aria-Security.Net Research: Request For Travel Sql Injection, Advisory, 12:55
Re: iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability, buzzy, 12:45

November 07, 2007

[Full-disclosure] [ GLSA 200711-10 ] Mono: Buffer overflow, Pierre-Yves Rofes, 19:34
[Full-disclosure] iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability, iDefense Labs, 17:48
[Full-disclosure] [ GLSA 200711-09 ] MadWifi: Denial of Service, Pierre-Yves Rofes, 17:16
[Full-disclosure] [ GLSA 200711-08 ] libpng: Multiple Denials of Service, Pierre-Yves Rofes, 16:43
[Full-disclosure] [ GLSA 200711-07 ] Python: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 16:21
[Full-disclosure] [ GLSA 200711-06 ] Apache: Multiple vulnerabilities, Pierre-Yves Rofes, 16:01
Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities, Secunia Research, 13:03
Secunia Research: AbiWord Link Grammar "separate_sentence()" Buffer Overflow, Secunia Research, 12:41
Secunia Research: Link Grammar "separate_sentence()" Buffer Overflow, Secunia Research, 12:31
SiteMinder Agent: Cross Site Scripting, Giuseppe Gottardi, 12:30

November 06, 2007

[Full-disclosure] [ GLSA 200711-05 ] SiteBar: Multiple issues, Pierre-Yves Rofes, 19:22
[ MDKSA-2007:210 ] - Updated xfs package prevents arbitrary code execution vulnerabilities, security, 19:11
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution, Florian Weimer, 18:50
[Full-disclosure] [ GLSA 200711-04 ] Evolution: User-assisted remote execution of arbitrary code, Pierre-Yves Rofes, 18:39
MyWebFTP Password Disclosure, [NO-REPLY], 18:08
[Full-disclosure] rPSA-2007-0231-1 pcre, rPath Update Announcements, 17:16
[Full-disclosure] iDefense Security Advisory 11.06.07: Microsoft DebugView Privilege Escalation Vulnerability, iDefense Labs, 17:16
Re: IM upgrade automated social engineering attack, Dragos Ruiu, 17:16
PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection, Guns, 17:05
Cypress BX script backdoored?, Chris, 16:55
[Full-disclosure] rPSA-2007-0232-1 perl, rPath Update Announcements, 16:44
Re: SMF .htaccess bypass, anuj tenani, 16:44
IDMOS v1.0 Alpha Multiple RFI Vulnerability, Guns, 16:44
Re: SMF .htaccess bypass, Matt D. Harris, 15:21
SMF .htaccess bypass, h3llcode, 14:50
Re: IM upgrade automated social engineering attack, Roman Shirokov, 14:39
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix, mj, 14:29
[ MDKSA-2007:209 ] - Updated netpbm packages fix vulnerability, security, 13:24
rPSA-2007-0232-1 perl, rPath Update Announcements, 13:13
[ MDKSA-2007:208 ] - Updated ghostscript packages fix vulnerability, security, 13:13
[ MDKSA-2007:207 ] - Updated perl packages fix vulnerability, security, 13:02
[Full-disclosure] [USN-539-1] CUPS vulnerability, Kees Cook, 03:04

November 05, 2007

[Full-disclosure] ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability, zdi-disclosures, 19:43
[Full-disclosure] ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability, zdi-disclosures, 19:42
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability, zdi-disclosures, 19:32
ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability, zdi-disclosures, 19:21
[Full-disclosure] iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability, iDefense Labs, 17:56
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution, Florian Weimer, 17:15
[Full-disclosure] sometimes peepee goes in my mouf, Dirty Sanchez, 16:43
Leopard's firewall damages Skype and WoW, Juergen Schmidt, 16:32
Re: Comments re ISC's announcement on bind9 security, Tim, 16:22
[Full-disclosure] iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability, iDefense Labs, 13:34
[Tool] sqlmap: a blind SQL injection tool (release 0.5), Bernardo Damele, 13:02
JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit, gmdarkfig, 12:39
Skalinks <= 1_5 Cross Site Request Forgery Add Admin, djvincy, 12:29
Re: [Full-disclosure] stop cross posting, Dude VanWinkle, 00:49
[Full-disclosure] Bank Of America Vulnerable, Jamal Al-Aseer, 00:49
[SECURITY] [DSA 1397-1] New mono packages fix integer overflow, Moritz Muehlenhoff, 00:49
[ MDKSA-2007:206 ] - Updated pwlib packages fix vulnerability, security, 00:49
phphelpdesk Multiple vulnerabilities, Joseph . giron13, 00:49
Re: [Full-disclosure] mac trojan in-the-wild, David Harley, 00:48
Re: [Full-disclosure] mac trojan in-the-wild -- antair restored, gjgowey, 00:48
RE: mac trojan in-the-wild, Memisyazici, Aras, 00:48
[ MDKSA-2007:205 ] - Updated opal packages fix vulnerability, security, 00:48
[Full-disclosure] DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365), Roman Medina-Heigl Hernandez, 00:48
Re: [Full-disclosure] mac trojan in-the-wild, Dude VanWinkle, 00:48
Re: [Full-disclosure] mac trojan in-the-wild, J. Oquendo, 00:48
Re: [Full-disclosure] mac trojan in-the-wild, Dude VanWinkle, 00:48
Re: Comments re ISC's announcement on bind9 security, Tim, 00:48
Re: [Full-disclosure] [UPH-07-01] Firefly Media Server DoS, nnp, 00:48
Re: [Full-disclosure] [UPH-07-03] Firefly Media Server remote format string vulnerability, nnp, 00:48
[Full-disclosure] [UPH-07-03] Firefly Media Server remote format string vulnerability, nnp, 00:48
[Full-disclosure] [UPH-07-02] Firefly Media Server DoS, nnp, 00:48
[Full-disclosure] [UPH-07-01] Firefly Media Server DoS, nnp, 00:48
Re: mac trojan in-the-wild, Nick FitzGerald, 00:48
[Full-disclosure] [USN-537-2] Compiz vulnerability, Kees Cook, 00:48
Re: Comments re ISC's announcement on bind9 security, Shane Kerr, 00:48
Scribe <= 2.0 Remote PHP Code Execution, kingoftheworld92, 00:48
Re: Comments re ISC's announcement on bind9 security, Shane Kerr, 00:48
Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows, Secunia Research, 00:48
IM upgrade automated social engineering attack, Dragos Ruiu, 00:48
Re: [Full-disclosure] the heart of the problem [was: RE: mac trojan in-the-wild], Roger A. Grimes, 00:47
Re: [Full-disclosure] mac trojan in-the-wild, Dude VanWinkle, 00:47
Re: [Full-disclosure] [funsec] the heart of the problem [was: RE: mac trojan in-the-wild], Drsolly, 00:47

November 02, 2007

Re: [Full-disclosure] mac trojan in-the-wild, Robert McArdle, 07:13
Re: [Full-disclosure] mac trojan in-the-wild, Robert McArdle, 06:52
[Full-disclosure] the heart of the problem [was: RE: mac trojan in-the-wild], Gadi Evron, 06:21
Re: [Full-disclosure] mac trojan in-the-wild, Roger A. Grimes, 06:21
Re: [Full-disclosure] mac trojan in-the-wild, Nick FitzGerald, 02:25

November 01, 2007

Re: [Full-disclosure] mac trojan in-the-wild, Thor (Hammer of God), 22:58
Re: [Full-disclosure] mac trojan in-the-wild, Paul Schmehl, 22:47
Re: [Full-disclosure] mac trojan in-the-wild, Paul Schmehl, 22:36
Re: [Full-disclosure] mac trojan in-the-wild, Peter Besenbruch, 22:15
Re: [Full-disclosure] mac trojan in-the-wild, Gadi Evron, 21:44
Re: [Full-disclosure] mac trojan in-the-wild, Roger A. Grimes, 21:44
Re: [Full-disclosure] mac trojan in-the-wild, Jim Harrison, 21:44
Re: [Full-disclosure] [botnets] re MAC trojan (fwd), Gadi Evron, 21:44
Re: [Full-disclosure] mac trojan in-the-wild, Adam St. Onge, 21:23
Re: [Full-disclosure] mac trojan in-the-wild, Peter Besenbruch, 20:20
[Full-disclosure] [ GLSA 200711-03 ] Gallery: Multiple vulnerabilities, Pierre-Yves Rofes, 19:59
Re: [Full-disclosure] mac trojan in-the-wild, nnp, 19:49
[Full-disclosure] [ GLSA 200711-02 ] OpenSSH: Security bypass, Pierre-Yves Rofes, 19:49
Re: [Full-disclosure] mac trojan in-the-wild, Dude VanWinkle, 19:49
[Full-disclosure] [ GLSA 200711-01 ] gFTP: Multiple vulnerabilities, Pierre-Yves Rofes, 19:28
RE: Cryptome: NSA has access to Windows Mobile smartphones, Kurt Dillard, 19:07
Re: [Full-disclosure] mac trojan in-the-wild, nnp, 19:07
RE: mac trojan in-the-wild, Alex Eckelberry, 18:46
RE: mac trojan in-the-wild, Alex Eckelberry, 18:35
Re: Comments re ISC's announcement on bind9 security, Tim, 18:13
Re: [Full-disclosure] mac trojan in-the-wild, Paul Schmehl, 18:13
Re: [Full-disclosure] mac trojan in-the-wild, Nick FitzGerald, 18:13
Re: [Full-disclosure] mac trojan in-the-wild, Thor (Hammer of God), 18:03
[ MDKSA-2007:204 ] - Updated cups packages fix vulnerability, security, 18:02
Re: mac trojan in-the-wild, Matthew Leeds, 17:41
Re: [Full-disclosure] mac trojan in-the-wild, Steven Block, 17:31
Re: Comments re ISC's announcement on bind9 security, Theo de Raadt, 17:20
[ MDKSA-2007:203 ] - Updated xen packages fix multiple vulnerabilities, security, 16:48
Re: [Full-disclosure] mac trojan in-the-wild, nnp, 16:47
Re: Airkiosk/formlib application is XSS vuln, Raymond Pete, 16:15
Re: Re: Comments re ISC's announcement on bind9 security, ntn, 16:05
Cryptome: NSA has access to Windows Mobile smartphones, Juha-Matti Laurio, 16:05
Two XSS on Blue Coat ProxySG Management Console, research, 15:12
Re: Airkiosk/formlib application is XSS vuln, skien, 14:40
Re: Comments re ISC's announcement on bind9 security, Network Protocol Security, 14:29
mac trojan in-the-wild, Gadi Evron, 13:36
(tool announce) Orizon v0.50 announce, Paolo Perego, 13:25
CFP: International workshop on Secure Software Engineering - Deadline extended!, secse08, 12:52
Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure, kingoftheworld92, 12:41
sBlog 0.7.3 Beta Cross Site Request Forgery, Guns, 12:41
Re: Comments re ISC's announcement on bind9 security, Henrik Langos, 12:19
[Full-disclosure] SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client, Bernhard Mueller, 08:41