Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

January 31, 2008

nilson's blogger 0.11 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 19:30
[Full-disclosure] [USN-573-1] PulseAudio vulnerability, Jamie Strandboge, 18:57
sflog! 0.96 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 15:06
Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 14:44
[Full-disclosure] Attackers can SkypeFind you, avivra, 14:02
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14, come2waraxe, 11:42
[DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 11:31
[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack, security, 11:31
contactforms "cforms-css.php" Remote File Inclusion, Sw33t . h4cK3r, 11:20
[Full-disclosure] [ GLSA 200801-22 ] PeerCast: Buffer overflow, Pierre-Yves Rofes, 07:22
[Full-disclosure] [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution, Pierre-Yves Rofes, 07:22
Re: [Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Jamie Haggett, 07:01

January 30, 2008

[ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities, Pierre-Yves Rofes, 19:40
[ GLSA 200801-19 ] GOffice: Multiple vulnerabilities, Pierre-Yves Rofes, 19:29
[ GLSA 200801-20 ] libxml2: Denial of Service, Pierre-Yves Rofes, 19:19
rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 18:57
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU, Pete Finnigan, 15:09
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability, Cisco Systems Product Security Incident Response Team, 13:54
RE: Recent Web Hacks: WHID update for Janury 30th 2008, Michael Wojcik, 13:54
Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj., g0rk3m-31, 13:23
[ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities, security, 13:12
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14, come2waraxe, 13:02
Webspell 4.01.02 2 Vulnerabilites, nbbn, 12:51
tinyBB v0.2 Message Board Remote File Inc., g0rk3m-31, 12:51
Recent Web Hacks: WHID update for Janury 30th 2008, Ofer Shezaf, 12:19

January 29, 2008

[Full-disclosure] [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service, Raphael Marichez, 20:00
[Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Raphael Marichez, 19:40
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340), Daniel Roethlisberger, 17:45
AmpJuke-0.7.0 (index.php) Xss VuLn., g0rk3m-31, 15:50
Re: Remote File Disclosure in phpCMS 1.2.2, 3APA3A, 15:39
[!!FIX Information ] Nucleus 3.31 XSS in path, Digital Security Research Group, 14:58
Remote File Disclosure in phpCMS 1.2.2, Digital Security Research Group, 14:27
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities, nbbn, 14:27
Nucleus 3.31 XSS in path, Digital Security Research Group, 14:06
CSRF/XSS in Sungard Banner, banner, 13:55
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, pete . sage, 12:53
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, pete . sage, 12:53
Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, pete . sage, 12:42
[Full-disclosure] Advisory: Tripwire Enterprise/Server XSS Vulnerability, Liquidmatrix Security Digest, 10:47
[Full-disclosure] [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities, Raphael Marichez, 06:10

January 28, 2008

Re: Exploit in IE6,7, Nick FitzGerald, 19:40
Exploit in IE6,7, r2t, 18:05
Uninformed Journal Release Announcement: Volume 9, Uninformed Journal, 16:30
VB Marketing "tseekdir.cgi" Local File Inclusion, Sw33t . h4cK3r, 15:25
[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories, 14:10
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability, nbbn, 13:25
ASPired2Protect bypass, milad_sa2007, 13:14
Re: OneCMS Vulnerabilities, webmaster, 13:04
Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities, dev, 12:53
eTicket 'index.php' Cross Site Scripting Path Vulnerability, Alessandro Tanasi, 12:53
ClanSphere 2007.4.4 Remote File Disclosure Vulnerability., p4imi0, 12:42
Facebook security contact, Alexander Sotirov, 12:31
Metasploit Framework v3.1 Released, H D Moore, 11:59
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS, admin, 11:59

January 27, 2008

[Full-disclosure] [ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code, Robert Buchholz, 13:39
[Full-disclosure] [ GLSA 200801-13 ] ngIRCd: Denial of Service, Robert Buchholz, 13:18
[Full-disclosure] [ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code, Robert Buchholz, 13:08
[Full-disclosure] [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability, Robert Buchholz, 12:57

January 26, 2008

[Full-disclosure] phpIP 4.3.2 - Numerous SQL Injection Vulnerablities, Charles Hooper, 21:43
PhPress-0.3.0 Read All Sql Information For Config, r2t, 14:12
F5 BIG-IP Web Management ASM Security Report XSS, nnposter, 14:11
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability, security, 14:11
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting, Thijs Kinkhorst, 13:40

January 25, 2008

[Full-disclosure] Tool availability - browser DOM Checker, Michal Zalewski, 20:53
Two vulnerabilities for PatchLink Update Client for Unix., lcashdol, 17:36
Re: PIX Privilege Escalation Vulnerability, Aaron Collins, 17:26
[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities, security, 17:15
Re: [Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 16:22
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, Eyal Udassin, 15:50
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, Eyal Udassin, 15:40
C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, Eyal Udassin, 15:19
gdb bug, digit2004, 13:01
[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure), Admin, 12:50
Pre Hotel and Resorts reservation portal login bypass, milad_sa2007, 12:40
Pre Dynamic Institution bypass, milad_sa2007, 12:29
E-SMART CART bypass, milad_sa2007, 12:18
Re: Re: PIX Privilege Escalation Vulnerability, tbbunn, 12:07

January 24, 2008

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability, nbbn, 17:30
rPSA-2008-0030-1 CherryPy, rPath Update Announcements, 17:20
rPSA-2008-0029-1 bind bind-utils, rPath Update Announcements, 17:09
[Full-disclosure] iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability, iDefense Labs, 16:26
[Full-disclosure] iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability, iDefense Labs, 15:33
Re: PIX Privilege Escalation Vulnerability, Eloy Paris, 14:51
Tiger PHP News System SQL Injection, 0in . email, 14:08
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability, security, 13:36
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities, security, 13:25
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities, security, 13:14
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities, security, 13:04
ImageShack Toolbar FileUploader Class insecurities, retrog, 12:53
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities, security, 12:42
PIX Privilege Escalation Vulnerability, tbbunn, 12:32
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphaël Marichez, 12:10

January 23, 2008

[Full-disclosure] [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphael Marichez, 20:19
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability, nbbn, 17:01
RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability, Eric Davis, 16:50
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability, Felipe M. Aragon, 14:55
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities, Felipe M. Aragon, 14:44
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities, Felipe M. Aragon, 14:24
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities, security, 13:42
Web Wiz NewsPad Directory traversal, admin, 13:31
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server, admin, 13:31
Web Wiz Forums Directory traversal, admin, 13:20
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS), security-alert, 12:06
PHP 5.2.5 cURL safe_mode bypass, cxib, 12:06
SDL_Image 1.2.6 and prior GIF handling buffer overflow, Gynvael Coldwind, 11:55

January 22, 2008

[Full-disclosure] UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 22:02
Apache mod_negotiation Xss and Http Response Splitting, Minded Security Research Labs, 19:17
XSRF under Deanâs Permalinks Migration 1.0, g30rg3_x, 17:42
Re: PR07-38: XSS on sIFR, bugs+securityfocus, 16:29
Re: [Full-disclosure] Skype videomood XSS, avivra, 15:47
Belong Site Builder 0.1b Bypass Admincp, رومانسي هكر, 14:30
DeluxeBB 1.1 XSS Vulnerabilitie, nbbn, 14:09
PacerCMS Multiple Vulnerabilities (XSS/SQL), db, 13:06
Re: common dns misconfiguration can lead to "same site" scripting, David Malone, 12:56
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability, security, 12:56
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities, security, 12:45
Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 12:34
RE: Country by Country ISA Computer Sets, Jim Harrison, 12:24
Troopers 08 Security Conference, Call for Papers, Enno Rey, 12:13
PR07-38: XSS on sIFR, ProCheckUp Research, 12:02
[Full-disclosure] Some hashes for the record, Sergio 'shadown' Alvarez, 11:31

January 21, 2008

Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split, mparker, 17:01
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11, come2waraxe, 15:03
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities, security, 15:03
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01, come2waraxe, 15:03
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability, gmdarkfig, 13:58
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include, رومانسي هكر, 13:36
Pass-The-Hash Toolkit v1.2 released., Hernan Ochoa, 13:25
boastMachine <=3.1 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 13:14
Flaw in Alice gate2 pluswifi adsl modem, wargame89, 13:03
WifiZoo v1.3 released (minor release), Hernan Ochoa, 12:52
Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 12:42
MegaBBS ASP Forum Cross-Site Scripting, grossman, 12:42
AXIGEN 5.0.x AXIMilter Format String Exploit, hempel, 12:30
Php Search Remote Inclusion, effectiveness63, 12:20
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure, admin, 12:09
RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 11:59
[Full-disclosure] Call Jacking: Phreaking the BT Home Hub, Adrian P, 07:00

January 20, 2008

[Full-disclosure] [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities, Robert Buchholz, 18:08

January 19, 2008

[Full-disclosure] [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code, Robert Buchholz, 21:16
[Full-disclosure] [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities, Robert Buchholz, 21:05
Re: common dns misconfiguration can lead to "same site" scripting, Kurt Grutzmacher, 13:53
BitDefender Update Server - Unauthorized Remote File Access Vulnerability, oliver karow, 13:43
[Full-disclosure] [USN-571-2] X.org regression, Kees Cook, 04:36
[Full-disclosure] silentbaker trojan sample, J B, 00:30

January 18, 2008

[Full-disclosure] [USN-572-1] apt-listchanges vulnerability, Kees Cook, 19:33
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, michael . lambie, 19:33
RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 19:22
Re: Re: Utimaco Safeguard Easy vulnerability, joachim . schneider, 18:29
MyBB 1.2.11 Multiple XSRF Vulnerabilities, nbbn, 17:57
Re: Country by Country ISA Computer Sets, Richard Powell, 17:05
RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 16:54
Re: Country by Country ISA Computer Sets, GomoR, 16:33
Re: Article DashBoard all version SQL Injection Vulnerability, hey, 16:33
Re: mcGuestbook v1.2 Remote File Inc., the . tiger100, 16:22
RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 16:12
SinFP fingerprinting tool online demo, GomoR, 16:12
Re: Country by Country ISA Computer Sets, The Fungi, 16:01
Making big money..., jmacaranas, 15:50
SocksCap Stack Overflow (<= 2.40-051231), azizov, 15:50
Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php), m3venge, 14:34
common dns misconfiguration can lead to "same site" scripting, Tavis Ormandy, 13:29
New search engine for exploits, Security Basic, 13:28
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities, houssamix, 12:45
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH), Robert Scheck, 12:02
[Full-disclosure] [USN-571-1] X.org vulnerabilities, Kees Cook, 03:21

January 17, 2008

[Full-disclosure] ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability, zdi-disclosures, 20:15
Re: [Full-disclosure] what is this?, Valdis . Kletnieks, 19:54
[Full-disclosure] IMF 2008 - Call for Papers, Oliver Goebel, 19:00
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow, CORE Security Technologies Advisories, 18:06
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability, iDefense Labs, 17:14
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities, iDefense Labs, 17:14
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability, iDefense Labs, 17:14
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities, iDefense Labs, 17:04
Re: [Full-disclosure] Skype videomood XSS, avivra, 16:53
[CSNC] OKI C5510MFP Printer Password Disclosure, Adrian Leuenberger, 16:42
Clever Copy <=3.0 Multiple Remote Vulnerabilities, hadihadi_zedehal_2006, 14:46
Re: Utimaco Safeguard Easy vulnerability, benleavett, 13:28
rPSA-2008-0021-1 kernel, rPath Update Announcements, 13:07
JoomlaFlash Component Multiple Remote File Inclusion, Smasher, 13:07
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities, security, 12:56
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples, linlei99, 12:45
rPSA-2008-0018-1 mysql mysql-bench mysql-server, rPath Update Announcements, 12:25
PHPEchoCMS Multible remote vulnerabilitis, security, 12:24
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 12:03
Re: [Full-disclosure] what is this?, SilentRunner, 04:38

January 16, 2008

Re: [Full-disclosure] what is this?, damncon, 23:18
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities, security, 20:11
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities, security, 19:50
[Full-disclosure] [USN-570-1] boost vulnerabilities, Jamie Strandboge, 19:19
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit, sys-project, 18:46
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10, come2waraxe, 17:52
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10, come2waraxe, 17:41
SQL scalar function to convert big int to dot notation, Thor (Hammer of God), 17:30
Country by Country Computer Sets now available for ISA 2004, Thor (Hammer of God), 17:09
[Full-disclosure] TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability, DVLabs, 17:09
mcGuestbook v1.2 Remote File Inc., gokhankaya, 15:45
[Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 15:24
[Aria-Security.Net] Real Estate Web SQL Injection, no-reply, 13:34
8e6 Technologies R3000 Internet Filter Bypass by Request Split, nnposter, 13:13
[DSECRG-08-002] Local File Include in arias 0.99-6, Digital Security Research Group [DSecRG], 13:02
cPanel Hosting Manager (dohtaccess.html), no-reply, 12:41
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit, sys-project, 12:20
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 12:19
Re: Defeating audio captcha systems, 3APA3A, 11:57
Re: what is this?, Yousef Syed, 11:57

January 15, 2008

[Full-disclosure] TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability, DVLabs, 22:10
[Full-disclosure] rPSA-2008-0017-1 libxml2, rPath Update Announcements, 22:10
[Full-disclosure] rPSA-2008-0016-1 postgresql postgresql-server, rPath Update Announcements, 22:10
[Full-disclosure] rPSA-2008-0015-1 cairo, rPath Update Announcements, 22:00
[Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability, iDefense Labs, 19:43
Re: Linksys WRT54 GL - Session riding (CSRF), Valdis . Kletnieks, 16:54
Re: Linksys WRT54 GL - Session riding (CSRF), Daniel Weber, 16:43
Re[2]: what is this?, none, 16:32
RE: what is this?, Memisyazici, Aras, 16:11
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities, iDefense Labs, 15:50
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities, iDefense Labs, 15:39
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities, iDefense Labs, 15:39
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability, iDefense Labs, 15:28
Re: what is this?, Jamie Riden, 15:06
Pipe to FOR Crashes CMD, James C. Slora Jr., 14:45
Re: [Full-disclosure] what is this?, Gadi Evron, 14:45
MicroNews Admin Direct Access vulnerability, xcross87, 14:34
Max's File Uploader File Upload Vulnerability, xcross87, 14:23
Re[2]: what is this?, Denis, 14:12
Article DashBoard all version SQL Injection Vulnerability, xcross87, 14:12
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS), sp3x, 14:02
Re: [Full-disclosure] Hacking The Interwebs, Ed Carp, 14:01
Re[2]: what is this?, Denis, 13:51
Re: [Full-disclosure] what is this?, crazy frog crazy frog, 13:51
Re: [Full-disclosure] Hacking The Interwebs, Fredrick Diggle, 13:18
Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 13:18
Exploiting the SpamBam plugin for wordpress, "JosÂÃ M. PalazÃn Romero", 13:18
Country by Country ISA Computer Sets, Thor (Hammer of God), 13:07
Defeating audio captcha systems, "JosÂÃ M. PalazÃn Romero", 13:07
Re: what is this?, Denis, 12:45
FreeBSD Security Advisory FreeBSD-SA-08:02.libc, FreeBSD Security Advisories, 12:34
FreeBSD Security Advisory FreeBSD-SA-08:01.pty, FreeBSD Security Advisories, 12:23
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module, security, 12:12
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities, security, 12:12
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002, security-alert, 12:01
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code, security-alert, 12:01
Re: [Full-disclosure] what is this?, crazy frog crazy frog, 04:59
Re: [Full-disclosure] what is this?, Nick FitzGerald, 03:16
Re: [Full-disclosure] what is this?, crazy frog crazy frog, 02:45

January 14, 2008

[Full-disclosure] [USN-569-1] libxml2 vulnerability, Kees Cook, 21:15
Re: what is this?, Gadi Evron, 19:41
Re: [Full-disclosure] what is this?, 3APA3A, 18:04
[Full-disclosure] [USN-568-1] PostgreSQL vulnerabilities, Jamie Strandboge, 18:04
Hacking The Interwebs, pdp (architect), 17:43
Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 16:50
Re: Garment Center (index.cgi) Local File Inclusion, Smasher, 16:39
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily, sys-project, 16:39
RE: what is this?, Mario Contestabile, 16:28
Re: Linksys WRT54 GL - Session riding (CSRF), J. Oquendo, 16:07
Re: Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 15:46
Re: what is this?, admin, 15:35
[Full-disclosure] ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability, zdi-disclosures, 15:35
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, snagg, 14:31
Re: At long last -- Extra Outlooks!, Francois Labreque, 14:20
RE: At long last -- Extra Outlooks!, Thor (Hammer of God), 14:09
Re: [Full-disclosure] what is this?, Jose Nazario, 13:59
Re: At long last -- Extra Outlooks!, Casper . Dik, 13:47
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration, security, 13:26
SQID v0.3 - SQL Injection Digger., Metaeye SG, 13:14
F5 BIG-IP Web Management List Search XSS, nnposter, 12:53
Re: [Full-disclosure] what is this?, Robert McArdle, 12:32
RE: Linksys WRT54 GL - Session riding (CSRF), Tomaz, 12:32
Re: [Full-disclosure] what is this?, crazy frog crazy frog, 12:31
Re: [Full-disclosure] what is this?, Robert McArdle, 12:10
Re: [Full-disclosure] what is this?, Robert McArdle, 12:10
Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 11:59
Garment Center (index.cgi) Local File Inclusion, Smasher, 11:59
Re: [Full-disclosure] what is this?, crazy frog crazy frog, 10:26
Re: [Full-disclosure] what is this?, Nick FitzGerald, 08:22
Re: [Full-disclosure] what is this?, 3APA3A, 06:30

January 13, 2008

Re: [Full-disclosure] what is this?, crazy frog crazy frog, 14:05
[Full-disclosure] what is this?, crazy frog crazy frog, 12:32
[Full-disclosure] Hacking The Interwebs, pdp (architect), 10:59

January 12, 2008

Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, void, 19:37
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 13:18
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration, security, 13:18
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities, security, 13:07
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability, security, 12:56
[Full-disclosure] Safari 2 Denial of Service, S21sec labs, 12:36

January 11, 2008

[Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3, Hanno BÃck, 20:20
Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 17:49
RE: At long last - Extra Outlooks!, Thor (Hammer of God), 16:01
Re: At long last -- Extra Outlooks!, Alexander Bochmann, 15:30
Naymz multiple XSS, morin . josh, 15:29
Member Area System (MAS) Remote File Include Vulnerability (view_func.php), ship_nx, 13:04
CFP: EuroSec Workshop (March 31st, 2008), Stefano Zanero, 12:53
Re: Buffer-overflow in Quicktime Player 7.3.1.70, str0ke, 12:53
ImageAlbum Remote SQL Injection Vulnerabilities, db, 12:43
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability, sp3x, 12:21
Re: Linksys WRT54 GL - Session riding (CSRF), Florian Weimer, 12:21
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability, sp3x, 12:10
[ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities, security, 12:10
At long last -- Extra Outlooks!, Thor (Hammer of God), 12:00
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, none, 12:00
[Full-disclosure] re-resting of zzuf results, Hanno BÃck, 01:35

January 10, 2008

Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 18:38
[Full-disclosure] [USN-567-1] Dovecot vulnerability, Kees Cook, 18:37
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability, security, 18:26
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability, Noah Meyerhans, 18:15
MTCMS <=2.0 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 16:08
[Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 15:16
Word 2007 Email as PDF path disclosure flaw, ebk_lists, 13:53
[Full-disclosure] SunOS 5.10 ICMP Remote Kernel Crash Exploit Code, kcope, 13:52
Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit, info, 12:27
uCon 2008 call for participation - Recife, Brazil, ucon, 12:16
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager, ProCheckUp Research, 11:55
Simple Machines Forum Cross-Site Scripting Vulnerabilities, DoZ, 11:55
[Full-disclosure] BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP, Adrian P, 08:50

January 09, 2008

[Full-disclosure] [USN-566-1] OpenSSH vulnerability, Kees Cook, 23:01
[SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure, Thijs Kinkhorst, 20:05
[Full-disclosure] [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities, Robert Buchholz, 19:55
[ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities, security, 19:44
[USN-565-1] Squid vulnerability, Kees Cook, 19:22
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service, Thijs Kinkhorst, 19:11
[Full-disclosure] [ GLSA 200801-05 ] Squid: Denial of Service, Pierre-Yves Rofes, 18:39
[Full-disclosure] [ GLSA 200801-04 ] OpenAFS: Denial of Service, Pierre-Yves Rofes, 18:28
[Full-disclosure] [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation, Pierre-Yves Rofes, 18:17
[Full-disclosure] iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability, iDefense Labs, 18:06
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 17:24
[Full-disclosure] [ GLSA 200801-02 ] R: Multiple vulnerabilities, Pierre-Yves Rofes, 16:52
Re: First (Major) web hacking incidents for 2008. Sign of the year to come?, Paul Schmehl, 16:30
[INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected, infocus, 16:20
[ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities, security, 15:27
[Full-disclosure] Pre-auth remote commands execution in SAP MaxDB 7.6.03.07, Luigi Auriemma, 14:22
Privileg escalation in Omegasoft Insel 7, MC Iglo, 14:11
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 14:01
First (Major) web hacking incidents for 2008. Sign of the year to come?, Ofer Shezaf, 12:26
[INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS, infocus, 12:26
[security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution, security-alert, 12:05
LFI in Tuned Studios Templates, Digital Security Research Group [DSecRG], 12:05
[Full-disclosure] [USN-564-1] Net-SNMP vulnerability, Jamie Strandboge, 11:23
[Full-disclosure] [USN-561-1] pwlib vulnerability, Kees Cook, 02:44
[Full-disclosure] [USN-563-1] CUPS vulnerabilities, Kees Cook, 02:44
[Full-disclosure] [USN-562-1] opal vulnerability, Kees Cook, 02:44

January 08, 2008

[Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution, Robert Buchholz, 21:15
ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow, Robert Buchholz, 18:38
Re: Joomla 1.0.13 CSRF, J. Carlos Nieto, 15:21
Joomla 1.0.13 CSRF, J. Carlos Nieto, 15:10
Level-One WBR-3460A Grants Root Access, anastasiosm, 13:23
HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:41
HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:30
Corsaire Security Advisory: Sun J2RE DoS issue, advisories, 12:19
sysHotel On Line Remote File Disclosure Vulnerability., p4imi0, 12:08
[ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 11:47

January 07, 2008

[Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 22:55
[Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 22:44
[Full-disclosure] VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 22:34
[Full-disclosure] VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1, VMware Security team, 22:23
RE: [HSC] Snitz Forums Multiple Vulnerabilities, Aaron Cake, 17:52
[Full-disclosure] iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability, iDefense Labs, 17:41
Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 17:30
CORE-2007-1106: SynCE Remote Command Injection, CORE Security Technologies Advisories, 17:20
[Full-disclosure] PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes, Reed Arvin, 16:58
[Full-disclosure] PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes., Reed Arvin, 16:58
Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 16:47
Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability., p4imi0, 16:16
LayerOne 2008 - CFP Released, Layer One, 15:44
SocialURL Login Page Cross-Site Scripting, morin . josh, 14:18
PostgreSQL 2007-01-07 Cumulative Security Release, Josh Berkus, 14:07
Re: vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 13:56
Linksys WRT54 GL - Session riding (CSRF), tomaz . bratusa, 13:35
[Reversemode Paper] Exploiting WDM Audio Drivers, Reversemode, 13:14
New Web Hacking Incidents at WHID, Ofer Shezaf, 13:03
OneCMS Vulnerabilities, admin, 12:21
eTicket 1.5.5.2 Multiple Vulnerabilities, L4teral, 12:11
netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss), hadihadi_zedehal_2006, 12:11
[HSC] Snitz Forums Multiple Vulnerabilities, DoZ, 12:00
vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 11:49

January 05, 2008

Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207, Robbie Gill, 13:53
rPSA-2008-0008-1 cups, rPath Update Announcements, 13:43
rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 13:43
[ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service, security, 13:32
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT, underwater, 13:11
NetRisk 1.9.7 Remote File Inclusion Vulnerability, erne, 13:11
rPSA-2008-0006-1 libexif, rPath Update Announcements, 13:01

January 04, 2008

[Full-disclosure] iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability, iDefense Labs, 18:09
Re: FortiGuard: URL Filtering Application Bypass Vulnerability, 3APA3A, 16:06
Some DoS in some telnet servers, Luigi Auriemma, 15:12
[Full-disclosure] Pre-auth buffer-overflow in mySQL through yaSSL, Luigi Auriemma, 14:30
[Full-disclosure] Multiple vulnerabilities in yaSSL 1.7.5, Luigi Auriemma, 14:30
Re: rPSA-2008-0001-1 dovecot, Jonathan Smith, 13:38
Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 12:19
AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability, Aufmuth Andreas, 12:19
Re: Latest round of web hacking incidents for 2007 & Project news, s f, 12:07
Re: rPSA-2008-0001-1 dovecot, Steven M. Christey, 11:57
FortiGuard: URL Filtering Application Bypass Vulnerability, Danux, 11:46

January 03, 2008

rPSA-2008-0004-1 tshark wireshark, rPath Update Announcements, 20:16
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 19:35
Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 17:59
Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, admin, 17:48
[Full-disclosure] securityvulns.com russian vulnerabilities digest, 3APA3A, 17:16
Re: Latest round of web hacking incidents for 2007 & Project news, Peter Watkins, 17:06
rPSA-2008-0001-1 dovecot, rPath Update Announcements, 16:44
[Full-disclosure] multiple CAPTCHA automation test bypass digest, 3APA3A, 16:23
RE: Latest round of web hacking incidents for 2007 & Project news, Memisyazici, Aras, 15:41
RE: Re: Cryptome: NSA has real-time access to Hushmail servers, M. Burnett, 15:20
RE: Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf, 14:59
Re: Cryptome: NSA has real-time access to Hushmail servers, Lee Dilkie, 14:58
Re: Cryptome: NSA has real-time access to Hushmail servers, John Simpson, 14:37
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 14:26
[ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 13:23
xss in w3-msql error page, vivek_infosec, 12:18
[security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 11:47
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 10:03
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, Michal Zalewski, 07:59
[Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 03:12

January 02, 2008

AST-2008-001: Crash from transfer using BYE with Also header, Asterisk Security Team, 19:06
phpBB2 2.0.22 Cross Site Scripting Vulnerability, bugtraq, 17:21
[Full-disclosure] Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003, Luigi Auriemma, 16:27
[Full-disclosure] Buffer-overflow and format string in White_Dune 0.29beta791, Luigi Auriemma, 16:27
XSS Vulnerabilities in Common Shockwave Flash Files, rich cannings, 15:56
MODx CMS Source code disclosure, local file inclusion, admin, 11:54

January 01, 2008

Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search, Audun Larsen, 13:54