Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

December 31, 2007

Re: Cryptome: NSA has real-time access to Hushmail servers, Rob Thompson, 15:57
Re: Cryptome: NSA has real-time access to Hushmail servers, Jay Hennigan, 15:46
RE: Cryptome: NSA has real-time access to Hushmail servers, Craig Wright, 15:35
RE: Cryptome: NSA has real-time access to Hushmail servers, Thor (Hammer of God), 15:24
[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise, zinho, 15:04
Re: Cryptome: NSA has real-time access to Hushmail servers, J. Oquendo, 14:32
Re: Cryptome: NSA has real-time access to Hushmail servers, mark seiden-via mac, 14:00
RE: Cryptome: NSA has real-time access to Hushmail servers, Kevin Reiter, 13:50
Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities, oldguy, 13:50
Re: Cryptome: NSA has real-time access to Hushmail servers, Seth, 13:39
RE: Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 13:06
Instant Softwares DatingSite SQL Injection, The-0utl4w-noreply, 13:06
LiveCart Multiple Cross-Site Scripting Vulnerabilities, DoZ, 12:56
Re: Re: Cryptome: NSA has real-time access to Hushmail servers, gb, 12:45
milliscripts (dir.php) Cross-Site Scripting Vulnerability, sys-project, 12:45
Bitweaver source code disclosure, arbitrary file upload, admin, 12:23
Fingerprints in Astaro Security Gateway v7.1, morin . josh, 12:23

December 30, 2007

[Full-disclosure] [ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution, Pierre-Yves Rofes, 14:55
[Full-disclosure] [ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code, Robert Buchholz, 14:24
[Full-disclosure] [ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities, Robert Buchholz, 14:13
[Full-disclosure] [ GLSA 200712-22 ] Opera: Multiple vulnerabilities, Pierre-Yves Rofes, 13:42

December 29, 2007

CCMS v3.1 Demo <= SQL Injection Vulnerability 0day, pawel2827, 17:54
CuteNews Arbitrary File Download AllVersion, pawel2827, 17:54
TK53 Advisory #2: Multiple vulnerabilities in ClamAV, Lolek of TK53, 15:19
[Full-disclosure] [ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities, Robert Buchholz, 12:52
[Full-disclosure] [ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities, Robert Buchholz, 12:42
[Full-disclosure] [ GLSA 200712-19 ] Syslog-ng: Denial of Service, Robert Buchholz, 12:42
[Full-disclosure] [ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities, Robert Buchholz, 10:38
[Full-disclosure] [ GLSA 200712-17 ] exiftags: Multiple vulnerabilities, Pierre-Yves Rofes, 10:28
[Full-disclosure] [ GLSA 200712-16 ] Exiv2: Integer overflow, Pierre-Yves Rofes, 10:07
[Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities, Pierre-Yves Rofes, 09:56

December 28, 2007

[Full-disclosure] Buffer-overflow in CoolPlayer 217, Luigi Auriemma, 14:52
[SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution, Thijs Kinkhorst, 13:18
[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection, Thijs Kinkhorst, 12:25
[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression, Thijs Kinkhorst, 12:25
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities, Florian Weimer, 12:15
2z-project 0.9.6.1 Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:14
FAQMasterFlexPlus multiple vulnerabilities, Juan Galiana, 12:03
OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities, Juan Galiana, 11:53
[Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities, Juan Galiana, 00:18

December 27, 2007

Re: Cryptome: NSA has real-time access to Hushmail servers, Steve Shockley, 15:33
Re: Cryptome: NSA has real-time access to Hushmail servers, Kurt Buff, 15:22
Re: Re: Re: TotalPlayer 3.0 .m3u crash, david130490, 15:12
[Full-disclosure] Multiple vulnerabilities in libnemesi 0.6.4-rc1, Luigi Auriemma, 14:07
[Full-disclosure] Multiple vulnerabilities in Feng 0.1.15, Luigi Auriemma, 13:56
[Full-disclosure] Buffer-overflow in Extended Module Player 2.5.1, Luigi Auriemma, 13:56
Re: Re: TotalPlayer 3.0 .m3u crash, david130490, 13:45
[Full-disclosure] rIP BETA - reverse IP tool, disfigure, 13:23
Re: Multiple xss in mambo 4.6.2, Hanno BÃck, 13:12
Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma, 13:01
PHP -> set_time_limit, brancohat, 13:01
[security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 12:51
Re: Cryptome: NSA has real-time access to Hushmail servers, Valdis . Kletnieks, 12:51
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, blackredyellow, 12:40
Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf, 12:29
Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma, 12:08
IPortalX Forums Cross-Site Scripting Vulnerability, DoZ, 11:58
XZero Community Classifieds <= v4.95.11 LFI & SQL Injection, office, 11:58
Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection, sys-project, 11:47

December 26, 2007

RE: Cryptome: NSA has real-time access to Hushmail servers, M. Burnett, 16:36
RE: Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 16:25
Bid 24744 ?, balrog, 16:15
Re: Microsoft Office Publisher, fagian, 16:15
Re: Re: PHP <= 5.2.5 Safe Mode Bypass, Alireza Hassani, 16:04
Confixx Professional RFİ, erne, 13:08

December 25, 2007

TotalPlayer 3.0 .m3u crash, david130490, 13:08
Multiple vulnerabilities in RUNCMS 1.6 by DSecRG, Digital Security Research Group, 12:48

December 24, 2007

Re: PHP <= 5.2.5 Safe Mode Bypass, shsuff, 14:34
Double directory traversal in ImgSvr 0.6.21, Luigi Auriemma, 14:24
[Full-disclosure] Unicode buffer-overflow in Zoom Player 6.00b2, Luigi Auriemma, 14:23
Buffer-overflow and format string in VideoLAN VLC 0.8.6d, Luigi Auriemma, 14:13
Update: Clients buffer-overflow in Live for Speed 0.5X10, Luigi Auriemma, 14:02
SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability, sys-project, 14:02
[CVE-2007-5342] Apache Tomcat's default security policy is too open, Mark Thomas, 13:21
PHP <= 5.2.5 Safe Mode Bypass, admin, 13:00
Jupiter Cms Multiple Vulnerabilities, admin, 12:49
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5, come2waraxe, 12:49
pdflib long filename multiple bufferoverflows, poplix, 12:39
Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability, Mesut Timur, 12:28
Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities, yannick . warnier, 12:28
[ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack, ISecAuditors Security Advisories, 12:17
Logaholic Web Analytics Software, malibu . r, 12:17

December 22, 2007

Re: Re: Moodle SQL Injection, bar, 17:01
[HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities, DoZ, 17:01
Microsoft Office Publisher, jplopezy, 13:16
Re: Moodle SQL Injection, foo, 13:16
My Blog Rfi, beenudel1986, 13:05

December 21, 2007

America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution, evanchik, 20:29
Word 2003 denial of service, jplopezy, 19:36
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 19:36
[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability, Williams, James K, 16:52
[Full-disclosure] Buffer-overflow in WinUAE 1.4.4, Luigi Auriemma, 16:09
RE: Cryptome: NSA has real-time access to Hushmail servers, Thor (Hammer of God), 15:59
RE: Cryptome: NSA has real-time access to Hushmail servers, Jim Harrison, 15:17
Cryptome: NSA has real-time access to Hushmail servers, Juha-Matti Laurio, 13:41
Moodle SQL Injection, root, 12:28
CFP CISIS '08, hjan, 12:07
[Full-disclosure] [USN-559-1] MySQL vulnerabilities, Jamie Strandboge, 03:52

December 20, 2007

Re: Design flaw in AS3 socket handling allows port probing, fukami, 19:32
[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 19:11
Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability, nbbn, 18:07
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio, 17:35
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability, antonio, 17:14
PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability, sys-project, 16:20
[security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access, security-alert, 15:49
[security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS), security-alert, 15:38
SiteScape Forum TCL injection, lolo lolo, 15:38
[security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos), security-alert, 15:28
[Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection, The-0utl4w-noreply, 15:28
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability, mj, 15:17
iSupport v1.8 Local file include vulnerability, ahcrew, 15:17
Black Hat Briefings Call for Papers and Happy Happy Joy Joy, jmoss, 15:06

December 19, 2007

xeCMS 1.x.x Remote File Disclosure Vulnerability., p4imi0, 18:53
Re: Wordpress - Broken Access Control, otto, 18:32
Re: Wordpress - Broken Access Control, Abel Cheung, 18:11
HP laptops Software Update tool vulnerability, porkythepig, 17:39
Array overflow in id3lib (devel CVS), Luigi Auriemma, 14:42
SYMSA-2007-015, research, 14:00
Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module, Cisco Systems Product Security Incident Response Team, 13:07
smbfs and apache+php source code disclosure, Maciej Gąsiorowski, 12:57
Re: MS Office 2007: Digital Signature does not protect Meta-Data, Henrich C. Poehls, 12:05
[Full-disclosure] [USN-558-1] Linux kernel vulnerabilities, Kees Cook, 11:23

December 18, 2007

[Full-disclosure] [USN-557-1] GD library vulnerability, Jamie Strandboge, 22:09
[Full-disclosure] [ GLSA 200712-14 ] CUPS: Multiple vulnerabilities, Robert Buchholz, 19:03
Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability, recklessb, 17:40
[Full-disclosure] [ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows, Robert Buchholz, 17:29
AST-2007-027 - Database matching order permits host-based authentication to be ignored, Security Officer, 16:58
[Full-disclosure] Google Toolbar Dialog Spoofing Vulnerability, avivra, 16:58
Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, blackredyellow, 16:47
rPSA-2007-0269-1 kernel, rPath Update Announcements, 16:25
[USN-556-1] Samba vulnerability, Kees Cook, 16:15
[Full-disclosure] iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability, iDefense Labs, 15:00
[Full-disclosure] iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability, iDefense Labs, 15:00
[security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069, security-alert, 14:29
Re: RE: TCP Port randomization paper, Amit Klein, 13:47
Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.., carlo . feller, 13:15
Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, arsalan1991, 13:04
SyScan'08 Call For Paper/Training, organiser@syscan.org, 12:53
iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit, retrog, 12:10
Re: Wordpress - Broken Access Control, th3 . r00k . nospam, 12:10
Multiple xss in mambo 4.6.2, beenudel1986, 12:00
Rosoft Media Player 4.1.7 crash, jplopezy, 11:39

December 17, 2007

[Full-disclosure] ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability, zdi-disclosures, 20:52
[Full-disclosure] ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability, zdi-disclosures, 20:41
[Full-disclosure] ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability, zdi-disclosures, 20:21
rPSA-2007-0268-1 kdebase, rPath Update Announcements, 18:48
Apple OS X Software Update Remote Command Execution, Moritz Jodeit, 18:37
Uber Uploader <= 5.3.6 Remote File Upload Vulnerability, sys-project, 18:06
SurgeMail v.38k4 webmail Host header crash, retrog, 17:02
RaidenHTTPD 2.0.19 ulang cmd exec poc exploit, retrog, 16:52
rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 16:41
[Full-disclosure] Heap overflow in PeerCast 0.1217, Luigi Auriemma, 13:52
PHP Security Framework: Vuln and Security Bypass, gmdarkfig, 13:41
Re: Wordpress - Broken Access Control, otto, 13:31
release uhooker v1.3, Hernan Ochoa, 13:31
Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, theredc0ders, 12:59
jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow, gforce, 12:48
neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss), hadihadi_zedehal_2006, 12:48
Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service, Balazs Scheidler, 12:38
ZSA-2007-029: syslog-ng Denial of Service, Balazs Scheidler, 12:27

December 15, 2007

Wordpress - Broken Access Control, th3 . r00k . nospam, 15:43
PHP RPG - Sql Injection and Session Information Disclosure., th3 . r00k . nospam, 15:02
ClubHack2007: Presentation are online now, `ClubHack `, 14:51
Oreon/Centreon - Multiple Remote File Inclusion, th3 . r00k . nospam, 14:41
Anon Proxy Server - Remote Code Execution, th3 . r00k . nospam, 14:20
[security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 13:59
Phpay - Local File Inclusion, th3 . r00k . nospam, 13:38

December 14, 2007

[Full-disclosure] BackTrack 3 Beta Released, Mati Aharoni, 22:56
POC for samba send_mailslot(), x 86, 18:28
ANNOUNCE: SquirrelMail 1.4.13 Released, Jon Angliss, 14:48
[ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities, security, 13:55
[ISR] - Novell Groupwise client remote stack overflow silently patched., ISR-noreply, 13:34
AW: MS Office 2007: Digital Signature does not protect Meta-Data, Naujoks, Hans-Dietmar, 12:30
HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, security-alert, 12:30
Re: MS Office 2007: Digital Signature does not protect Meta-Data, Henrich C. Poehls, 12:19
PHP MySQL Banner Exchange 2.2.1 remote mysql database bug, arsalan1991, 12:09

December 13, 2007

Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data, webmaster@networkdefense.biz, 19:35
+ Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338, swhite, 19:23
[ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service, security, 18:27
[Full-disclosure] [ GLSA 200712-12 ] IRC Services: Denial of Service, Pierre-Yves Rofes, 17:22
[Full-disclosure] [ GLSA 200712-11 ] Portage: Information disclosure, Pierre-Yves Rofes, 16:59
SECURITY: 1.4.12 Package Compromise, Jon Angliss, 16:06
AW: MS Office 2007: Digital Signature does not protect Meta-Data, Naujoks, Hans-Dietmar, 14:01
MS Office 2007: Target of Hyperlinks not covered by Digital Signatures, poehls, 13:30
Hosting Controller - Multiple Security Bugs (Extremely Critical), admin, 12:37
SQL MKPortal M1.1 Rc1, Sw33t . h4cK3r, 12:37
[security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS), security-alert, 12:27
OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents, poehls, 12:15
RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass, Hubbard, Dan, 12:04
[security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, security-alert, 12:04
QK SMTP Server 3 - Denial of service, jplopezy, 11:43
[Full-disclosure] [USN-550-3] Cairo regression, Kees Cook, 01:22

December 12, 2007

[Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass, The Security Community, 20:06
Re: Re: Cpanel Vulnerability?, gdfuego, 17:37
rPSA-2007-0264-1 mod_dav_svn subversion, rPath Update Announcements, 17:15
[Full-disclosure] iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability, iDefense Labs, 16:21
[Full-disclosure] iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability, iDefense Labs, 15:59
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day, Matthew Leeds, 15:16
MS Office 2007: Digital Signature does not protect Meta-Data, poehls, 14:01
Re: TCP Port randomization paper, Fernando Gont, 12:13
Re: Cpanel Vulnerability?, Charles Hardin, 12:13
Cpanel Vulnerability?, Francisco Pecorella, 12:03
[SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 11:52
[ MDKSA-2007:244 ] - Updated samba packages fix vulnerability, security, 11:41

December 11, 2007

[Full-disclosure] ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability, zdi-disclosures, 19:03
[Full-disclosure] ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability, zdi-disclosures, 19:03
ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption, zdi-disclosures, 19:03
[Full-disclosure] ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability, zdi-disclosures, 18:52
[Full-disclosure] TOP 10 Vulnerability Trends for 2008, Sowhat, 18:20
Black Hat Briefings Call for Papers, jmoss, 17:38
HP notebooks remote code execution vulnerability (multiple series), porkythepig, 16:15
SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS, imei Addmimistrator, 16:04
rPSA-2007-0262-1 e2fsprogs, rPath Update Announcements, 15:22
[ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities, security, 12:54
[SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier, 12:43
[Full-disclosure] TrendMicro AntiVirus UUE Processing Vulnerability, Sowhat, 12:22
[ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities, security, 12:11
RE: TCP Port randomization paper, Amit Klein, 12:00
[ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability, security, 12:00
Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release, coderman, 02:22

December 10, 2007

Re: Dell / Dell Financial Services - Contact, Juha-Matti Laurio, 19:45
[Full-disclosure] ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities, zdi-disclosures, 19:35
WASC Announcement: The Script Mapping Project Results and Call for Participation, announcements, 18:53
Dell / Dell Financial Services - Contact, Justin@InfoTek, 18:11
[Full-disclosure] [USN-550-2] Cairo regression, Kees Cook, 17:39
[Full-disclosure] [ GLSA 200712-10 ] Samba: Execution of arbitrary code, Pierre-Yves Rofes, 17:27
[Full-disclosure] Multiple vulnerabilities in BadBlue 2.72b, Luigi Auriemma, 17:07
[Full-disclosure] Filesystem access in DOSBox 0.72, Luigi Auriemma, 17:07
[Full-disclosure] Multiple vulnerabilities in BarracudaDrive 3.7.2, Luigi Auriemma, 17:07
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day, Rob Thompson, 16:46
WordPress Charset SQL injection vulnerability (re-resend), Abel Cheung, 16:35
[Full-disclosure] rPSA-2007-0261-1 samba samba-swat, rPath Update Announcements, 16:24
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953), Stefan Kanthak, 16:13
[SECURITY] Buffer overrun in send_mailslot(), Gerald (Jerry) Carter, 16:03
Advisory: Websense XSS Vulnerability, Liquidmatrix Security Digest, 16:03
[Full-disclosure] WordPress Charset SQL injection vulnerability (resend), Abel Cheung, 15:31
Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability, Secunia Research, 14:59
Falt4 CMS Security Report/Advisory, Mesut Timur, 14:37
squids ICAP implementation lacks a defer check when reading from ICAP server, Martin Huter, 14:37
SQL injection - GestDownV1.00Beta, bebe, 14:05
bttlxeForum Multiple SQL Injection And Cross Site Scripting, noreply, 13:02
Security and hacking papers, Ork, 12:51
Bitweaver XSS & SQL Injection Vulnerability, DoZ, 12:41
CVE-2007-6205, Hanno BÃck, 12:30
Call for Papers - Security and High Performance Computing System 2008, shpcs08, 12:30
Flat PHP Board <= 1.2 Multiple Vulnerabilities, kingoftheworld92, 12:30
Unsanitized scripting in RoundCube webmail, Tomas Kuliavas, 12:19
Two vulnerabilities in SquirrelMail GPG plugin, Tomas Kuliavas, 12:08
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability, brainheadbrainhead, 11:58
[Full-disclosure] WordPress Charset SQL injection vulnerability, Abel Cheung, 11:47
Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection, no-reply, 11:47
[Full-disclosure] Advisory: Websense XSS Vulnerability, Liquidmatrix Security Digest, 10:35
[Full-disclosure] The Cookie Tools v0.3 -- first public release, michele dallachiesa, 10:24

December 09, 2007

[Full-disclosure] [ GLSA 200712-09 ] Ruby-GNOME2: Format string error, Pierre-Yves Rofes, 18:50
[Full-disclosure] [ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities, Pierre-Yves Rofes, 18:29
[Full-disclosure] [ GLSA 200712-07 ] Lookup: Insecure temporary file creation, Pierre-Yves Rofes, 18:29
[Full-disclosure] [ GLSA 200712-06 ] Firebird: Multiple buffer overflows, Pierre-Yves Rofes, 18:18
[Full-disclosure] [ GLSA 200712-05 ] PEAR::MDB2: Information disclosure, Pierre-Yves Rofes, 17:47
[Full-disclosure] [ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities, Pierre-Yves Rofes, 17:05
[Full-disclosure] [ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code, Pierre-Yves Rofes, 16:44

December 08, 2007

Media Player Classic 6.4.9 MP4 Stack Overflow 0-day, gforce, 12:31
Windows media player 6.4 MP4 Stack Overflow 0-day, gforce, 12:11
Nullsoft Winamp MP4 tags Stack Overflow, gforce, 12:11
[Full-disclosure] [USN-555-1] e2fsprogs vulnerability, Kees Cook, 02:04

December 07, 2007

[Full-disclosure] Upload directory traversal in Easy File Sharing 4.5, Luigi Auriemma, 19:13
[Full-disclosure] Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699, Luigi Auriemma, 19:13
Two vulnerabilities in Simple HTTPD 1.38, Luigi Auriemma, 18:51
Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146), Luigi Auriemma, 18:51
[ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw, security, 18:10
Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability, jaakkoNOSPAM, 18:10
R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities, advisory, 14:08
Re: Phorm v3.0 Remote File Upload Vulnerability, security curmudgeon, 13:04
[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS, ISecAuditors Security Advisories, 13:04
Re: BellaBiblio Admin Login Bypass, security curmudgeon, 12:54
Re: Friend Script 2.5 - 2.4 Remote File İnclude, security curmudgeon, 12:21
Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability, security curmudgeon, 12:11
[ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability, security, 12:00
Potential SQL injection vulnerability in Apache::AuthCAS, Matthias Bethke, 11:49
[CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities, Williams, James K, 11:39

December 06, 2007

[Full-disclosure] rPSA-2007-0260-1 firefox, rPath Update Announcements, 23:38
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows, zdi-disclosures, 19:19
[Full-disclosure] ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability, zdi-disclosures, 19:08
[ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow, security, 18:05
[Full-disclosure] [USN-554-1] teTeX and TeX Live vulnerabilities, Jamie Strandboge, 18:05
[Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks, Sarasa, 16:08
[XSS] OpenNewsletter v2.5 Multipe XSS Attacks, bugtraq, 14:53
Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection, NetAuctionHelp Support, 14:00
SQUID-2007:2, Dec 4, 2007, Adrian Chadd, 13:38
NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability, NSFOCUS Security Team, 13:17
[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert, 12:13
HITBSecConf2007 Malaysia Videos Now Available, Praburaajan, 12:13
Aria-Security.Net: PenPals Login and search page SQL Injection, no-reply, 12:02
Re: [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability, Code Audit Labs, 04:25
[Full-disclosure] Avast! AntiVirus TAR Processing Remote Heap Corruption, Sowhat, 03:53
[Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability, cocoruder, 02:08

December 05, 2007

[Full-disclosure] UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code, Pierre-Yves Rofes, 19:55
ezContents Version 1.4.5 Remote File Disclosure Vulnerability., p4imi0, 19:34
SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.., kingoftheworld92, 19:33
[Full-disclosure] [ GLSA 200712-02 ] Cacti: SQL injection, Pierre-Yves Rofes, 19:11
[Full-disclosure] [ GLSA 200712-01 ] Hugin: Insecure temporary file creation, Pierre-Yves Rofes, 18:51
Re: Sql Injection in wordpress 2.3.1, shino, 17:04
Firefox 2.0.0.11 INPUT Denial Of Service, azizov, 16:53
Re: Sql Injection in wordpress 2.3.1, alan, 16:10
[SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation, Thijs Kinkhorst, 15:49
[ELEYTT] Public Advisory 05-12-2007, Michal Bucko, 13:54
[Full-disclosure] Information about recent malware exploited vulnerabilities - a blog post, uday kumar, 13:44
Advisory: Cross Site Scripting in CiscoWorks, Liquidmatrix Security Digest, 12:50
Sql Injection in wordpress 2.3.1, beenudel1986, 12:50
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability, erdc, 12:40
Opera 9.50 beta and prior remote DoS (freeze), gynvael, 12:29
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer", Michal Bucko, 12:19
Blind Sql-Injection in Joomla 1.5 RC3, beenudel1986, 12:19
[ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability, security, 12:08
[ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability, security, 11:57
Re: [Full-disclosure] need help in managing administrators, happy nino, 05:57
[Full-disclosure] rPSA-2007-0257-1 rsync, rPath Update Announcements, 01:49

December 04, 2007

[Full-disclosure] The recent number of unpatched QuickTime flaws is: two, Juha-Matti Laurio, 21:21
[Full-disclosure] [USN-553-1] Mono vulnerability, Kees Cook, 21:11
[Full-disclosure] [USN-552-1] Perl vulnerability, Kees Cook, 21:11
Re: sing (debian) vunlerability?, Moritz Muehlenhoff, 19:58
[Full-disclosure] [USN-546-2] Firefox regression, Kees Cook, 17:32
RFI and Multiple XSS in PhpMyChat, beenudel1986, 15:47
[Full-disclosure] SecNiche Garbage Dumps on mailinglists, Lamer Buster, 15:05
CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability, CORE Security Technologies Advisories, 14:33
Re: Powerschool 404 Admin Exposure, bob, 14:33
Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets), Thomas Roessler, 14:22
[security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access, security-alert, 14:12
[Full-disclosure] TIBCO Rendezvous Exploitation Video, IRM Research, 14:01
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection, research, 14:01
The first release of SWFIntruder is out !, Stefano Di Paola, 13:29
(Re-post) ATC-08 CFP, atc08, 13:18
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd), Gadi Evron, 13:07
[ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability, security, 12:46
Snitz2000 SQL Injection: A user can gain admin level, admin, 12:35
[ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities, security, 12:24
[MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets, Thomas Roessler, 11:52
[Full-disclosure] SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability, Bernhard Mueller, 10:28
[Full-disclosure] [USN-549-2] PHP regression, Kees Cook, 00:48
[Full-disclosure] [USN-551-1] OpenLDAP vulnerabilities, Jamie Strandboge, 00:06

December 03, 2007

[USN-550-1] Cairo vulnerability, Kees Cook, 18:29
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software, research, 17:57
Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, imipak, 15:51
Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, guiness.stout, 15:09
McAfee SecurityCenter Privacy Service HTML Execution Vulnerability, DoZ, 14:58
Re: SQL Injection in SaphpLesson2.0 "show.php", security curmudgeon, 13:34
sing (debian) vunlerability?, Milen Rangelov, 13:03
Lotfian Brochure and cataloge Script XSS And SQL Injection, noreply, 13:03
PR06-09: BEA Plumtree portal full version disclosure vulnerability, research, 12:31
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users, research, 12:20
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps, AKS aka (0kn0ck), 12:09
Re: SQL Injection in saphp "showcat.php", security curmudgeon, 12:09
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability, research, 11:37
Re: [Full-disclosure] need help in managing administrators, Joel R. Helgeson, 01:11

December 02, 2007

Re: [Full-disclosure] need help in managing administrators, Valdis . Kletnieks, 16:56
Re: [Full-disclosure] need help in managing administrators, James Matthews, 16:05
Re: [Full-disclosure] need help in managing administrators, Valdis . Kletnieks, 15:54
[Full-disclosure] need help in managing administrators, happy nino, 06:16

December 01, 2007

Realplayer 11 DOS attack when processing a malformed AU file on MS Vista and XP, thesinoda, 13:14
[Full-disclosure] rPSA-2007-0255-1 nss_ldap, rPath Update Announcements, 12:21
[Full-disclosure] DC4420 - London DEFCON chapter Christmas Party - 11th December, Major Malfunction, 07:11