Vulnerability Development (thread)

nilson's blogger 0.11 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 2008/01/31
[Full-disclosure] [USN-573-1] PulseAudio vulnerability, Jamie Strandboge, 2008/01/31
sflog! 0.96 remote file disclosure vulnerabilities, muuratsalo experimental hack lab, 2008/01/31
[Full-disclosure] Attackers can SkypeFind you, avivra, 2008/01/31
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14, come2waraxe, 2008/01/31
[DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 2008/01/31
- Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS., Digital Security Research Group, 2008/01/31
[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack, security, 2008/01/31
contactforms "cforms-css.php" Remote File Inclusion, Sw33t . h4cK3r, 2008/01/31
[Full-disclosure] [ GLSA 200801-22 ] PeerCast: Buffer overflow, Pierre-Yves Rofes, 2008/01/31
[Full-disclosure] [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution, Pierre-Yves Rofes, 2008/01/31
[ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities, Pierre-Yves Rofes, 2008/01/30
[ GLSA 200801-19 ] GOffice: Multiple vulnerabilities, Pierre-Yves Rofes, 2008/01/30
[ GLSA 200801-20 ] libxml2: Denial of Service, Pierre-Yves Rofes, 2008/01/30
rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 2008/01/30
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU, Pete Finnigan, 2008/01/30
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability, Cisco Systems Product Security Incident Response Team, 2008/01/30
Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj., g0rk3m-31, 2008/01/30
[ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities, security, 2008/01/30
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14, come2waraxe, 2008/01/30
Webspell 4.01.02 2 Vulnerabilites, nbbn, 2008/01/30
tinyBB v0.2 Message Board Remote File Inc., g0rk3m-31, 2008/01/30
Recent Web Hacks: WHID update for Janury 30th 2008, Ofer Shezaf, 2008/01/30
- RE: Recent Web Hacks: WHID update for Janury 30th 2008, Michael Wojcik, 2008/01/30
[Full-disclosure] [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service, Raphael Marichez, 2008/01/29
[Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Raphael Marichez, 2008/01/29
- Re: [Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service, Jamie Haggett, 2008/01/31
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340), Daniel Roethlisberger, 2008/01/29
AmpJuke-0.7.0 (index.php) Xss VuLn., g0rk3m-31, 2008/01/29
[!!FIX Information ] Nucleus 3.31 XSS in path, Digital Security Research Group, 2008/01/29
Remote File Disclosure in phpCMS 1.2.2, Digital Security Research Group, 2008/01/29
- Re: Remote File Disclosure in phpCMS 1.2.2, 3APA3A, 2008/01/29
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities, nbbn, 2008/01/29
Nucleus 3.31 XSS in path, Digital Security Research Group, 2008/01/29
CSRF/XSS in Sungard Banner, banner, 2008/01/29
[Full-disclosure] Advisory: Tripwire Enterprise/Server XSS Vulnerability, Liquidmatrix Security Digest, 2008/01/29
[Full-disclosure] [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities, Raphael Marichez, 2008/01/29
Exploit in IE6,7, r2t, 2008/01/28
- Re: Exploit in IE6,7, Nick FitzGerald, 2008/01/28
Uninformed Journal Release Announcement: Volume 9, Uninformed Journal, 2008/01/28
VB Marketing "tseekdir.cgi" Local File Inclusion, Sw33t . h4cK3r, 2008/01/28
[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories, 2008/01/28
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability, nbbn, 2008/01/28
ASPired2Protect bypass, milad_sa2007, 2008/01/28
eTicket 'index.php' Cross Site Scripting Path Vulnerability, Alessandro Tanasi, 2008/01/28
ClanSphere 2007.4.4 Remote File Disclosure Vulnerability., p4imi0, 2008/01/28
Facebook security contact, Alexander Sotirov, 2008/01/28
Metasploit Framework v3.1 Released, H D Moore, 2008/01/28
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS, admin, 2008/01/28
[Full-disclosure] [ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code, Robert Buchholz, 2008/01/27
[Full-disclosure] [ GLSA 200801-13 ] ngIRCd: Denial of Service, Robert Buchholz, 2008/01/27
[Full-disclosure] [ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code, Robert Buchholz, 2008/01/27
[Full-disclosure] [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability, Robert Buchholz, 2008/01/27
[Full-disclosure] phpIP 4.3.2 - Numerous SQL Injection Vulnerablities, Charles Hooper, 2008/01/26
PhPress-0.3.0 Read All Sql Information For Config, r2t, 2008/01/26
F5 BIG-IP Web Management ASM Security Report XSS, nnposter, 2008/01/26
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability, security, 2008/01/26
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting, Thijs Kinkhorst, 2008/01/26
[Full-disclosure] Tool availability - browser DOM Checker, Michal Zalewski, 2008/01/25
Two vulnerabilities for PatchLink Update Client for Unix., lcashdol, 2008/01/25
[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities, security, 2008/01/25
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, Eyal Udassin, 2008/01/25
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability, pete . sage, 2008/01/29
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, Eyal Udassin, 2008/01/25
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution, pete . sage, 2008/01/29
C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, Eyal Udassin, 2008/01/25
- Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, pete . sage, 2008/01/29
gdb bug, digit2004, 2008/01/25
[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure), Admin, 2008/01/25
Pre Hotel and Resorts reservation portal login bypass, milad_sa2007, 2008/01/25
Pre Dynamic Institution bypass, milad_sa2007, 2008/01/25
E-SMART CART bypass, milad_sa2007, 2008/01/25
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability, nbbn, 2008/01/24
rPSA-2008-0030-1 CherryPy, rPath Update Announcements, 2008/01/24
rPSA-2008-0029-1 bind bind-utils, rPath Update Announcements, 2008/01/24
[Full-disclosure] iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability, iDefense Labs, 2008/01/24
[Full-disclosure] iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability, iDefense Labs, 2008/01/24
Tiger PHP News System SQL Injection, 0in . email, 2008/01/24
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability, security, 2008/01/24
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities, security, 2008/01/24
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities, security, 2008/01/24
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities, security, 2008/01/24
ImageShack Toolbar FileUploader Class insecurities, retrog, 2008/01/24
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities, security, 2008/01/24
PIX Privilege Escalation Vulnerability, tbbunn, 2008/01/24
- Re: PIX Privilege Escalation Vulnerability, Eloy Paris, 2008/01/24
- Re: Re: PIX Privilege Escalation Vulnerability, tbbunn, 2008/01/25
  - Re: PIX Privilege Escalation Vulnerability, Aaron Collins, 2008/01/25
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphaël Marichez, 2008/01/24
[Full-disclosure] [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities, Raphael Marichez, 2008/01/23
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability, nbbn, 2008/01/23
RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability, Eric Davis, 2008/01/23
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability, Felipe M. Aragon, 2008/01/23
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities, Felipe M. Aragon, 2008/01/23
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities, Felipe M. Aragon, 2008/01/23
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities, security, 2008/01/23
Web Wiz NewsPad Directory traversal, admin, 2008/01/23
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server, admin, 2008/01/23
Web Wiz Forums Directory traversal, admin, 2008/01/23
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS), security-alert, 2008/01/23
PHP 5.2.5 cURL safe_mode bypass, cxib, 2008/01/23
SDL_Image 1.2.6 and prior GIF handling buffer overflow, Gynvael Coldwind, 2008/01/23
[Full-disclosure] UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 2008/01/22
Apache mod_negotiation Xss and Http Response Splitting, Minded Security Research Labs, 2008/01/22
XSRF under Deanâs Permalinks Migration 1.0, g30rg3_x, 2008/01/22
Belong Site Builder 0.1b Bypass Admincp, رومانسي هكر, 2008/01/22
DeluxeBB 1.1 XSS Vulnerabilitie, nbbn, 2008/01/22
PacerCMS Multiple Vulnerabilities (XSS/SQL), db, 2008/01/22
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability, security, 2008/01/22
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities, security, 2008/01/22
Troopers 08 Security Conference, Call for Papers, Enno Rey, 2008/01/22
PR07-38: XSS on sIFR, ProCheckUp Research, 2008/01/22
- Re: PR07-38: XSS on sIFR, bugs+securityfocus, 2008/01/22
[Full-disclosure] Some hashes for the record, Sergio 'shadown' Alvarez, 2008/01/22
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11, come2waraxe, 2008/01/21
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities, security, 2008/01/21
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01, come2waraxe, 2008/01/21
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability, gmdarkfig, 2008/01/21
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include, رومانسي هكر, 2008/01/21
Pass-The-Hash Toolkit v1.2 released., Hernan Ochoa, 2008/01/21
boastMachine <=3.1 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 2008/01/21
Flaw in Alice gate2 pluswifi adsl modem, wargame89, 2008/01/21
WifiZoo v1.3 released (minor release), Hernan Ochoa, 2008/01/21
MegaBBS ASP Forum Cross-Site Scripting, grossman, 2008/01/21
AXIGEN 5.0.x AXIMilter Format String Exploit, hempel, 2008/01/21
Php Search Remote Inclusion, effectiveness63, 2008/01/21
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure, admin, 2008/01/21
[Full-disclosure] Call Jacking: Phreaking the BT Home Hub, Adrian P, 2008/01/21
[Full-disclosure] [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities, Robert Buchholz, 2008/01/20
[Full-disclosure] [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code, Robert Buchholz, 2008/01/19
[Full-disclosure] [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities, Robert Buchholz, 2008/01/19
BitDefender Update Server - Unauthorized Remote File Access Vulnerability, oliver karow, 2008/01/19
[Full-disclosure] [USN-571-2] X.org regression, Kees Cook, 2008/01/19
[Full-disclosure] silentbaker trojan sample, J B, 2008/01/19
[Full-disclosure] [USN-572-1] apt-listchanges vulnerability, Kees Cook, 2008/01/18
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm, michael . lambie, 2008/01/18
MyBB 1.2.11 Multiple XSRF Vulnerabilities, nbbn, 2008/01/18
Making big money..., jmacaranas, 2008/01/18
SocksCap Stack Overflow (<= 2.40-051231), azizov, 2008/01/18
common dns misconfiguration can lead to "same site" scripting, Tavis Ormandy, 2008/01/18
- Re: common dns misconfiguration can lead to "same site" scripting, Kurt Grutzmacher, 2008/01/19
- Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 2008/01/21
  - Re: common dns misconfiguration can lead to "same site" scripting, David Malone, 2008/01/22
    - Re: common dns misconfiguration can lead to "same site" scripting, Florian Weimer, 2008/01/22
New search engine for exploits, Security Basic, 2008/01/18
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities, houssamix, 2008/01/18
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH), Robert Scheck, 2008/01/18
[Full-disclosure] [USN-571-1] X.org vulnerabilities, Kees Cook, 2008/01/18
[Full-disclosure] ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability, zdi-disclosures, 2008/01/17
[Full-disclosure] IMF 2008 - Call for Papers, Oliver Goebel, 2008/01/17
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow, CORE Security Technologies Advisories, 2008/01/17
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability, iDefense Labs, 2008/01/17
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities, iDefense Labs, 2008/01/17
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability, iDefense Labs, 2008/01/17
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities, iDefense Labs, 2008/01/17
Re: [Full-disclosure] Skype videomood XSS, avivra, 2008/01/17
- Re: [Full-disclosure] Skype videomood XSS, avivra, 2008/01/22
[CSNC] OKI C5510MFP Printer Password Disclosure, Adrian Leuenberger, 2008/01/17
Clever Copy <=3.0 Multiple Remote Vulnerabilities, hadihadi_zedehal_2006, 2008/01/17
Re: Utimaco Safeguard Easy vulnerability, benleavett, 2008/01/17
- Re: Re: Utimaco Safeguard Easy vulnerability, joachim . schneider, 2008/01/18
rPSA-2008-0021-1 kernel, rPath Update Announcements, 2008/01/17
JoomlaFlash Component Multiple Remote File Inclusion, Smasher, 2008/01/17
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities, security, 2008/01/17
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples, linlei99, 2008/01/17
rPSA-2008-0018-1 mysql mysql-bench mysql-server, rPath Update Announcements, 2008/01/17
PHPEchoCMS Multible remote vulnerabilitis, security, 2008/01/17
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update, security-alert, 2008/01/17
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities, security, 2008/01/16
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities, security, 2008/01/16
[Full-disclosure] [USN-570-1] boost vulnerabilities, Jamie Strandboge, 2008/01/16
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit, sys-project, 2008/01/16
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10, come2waraxe, 2008/01/16
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10, come2waraxe, 2008/01/16
SQL scalar function to convert big int to dot notation, Thor (Hammer of God), 2008/01/16
Country by Country Computer Sets now available for ISA 2004, Thor (Hammer of God), 2008/01/16
[Full-disclosure] TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability, DVLabs, 2008/01/16
mcGuestbook v1.2 Remote File Inc., gokhankaya, 2008/01/16
- Re: mcGuestbook v1.2 Remote File Inc., the . tiger100, 2008/01/18
[Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 2008/01/16
- Re: [Full-disclosure] Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5, Luigi Auriemma, 2008/01/25
[Aria-Security.Net] Real Estate Web SQL Injection, no-reply, 2008/01/16
8e6 Technologies R3000 Internet Filter Bypass by Request Split, nnposter, 2008/01/16
- Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split, mparker, 2008/01/21
[DSECRG-08-002] Local File Include in arias 0.99-6, Digital Security Research Group [DSecRG], 2008/01/16
cPanel Hosting Manager (dohtaccess.html), no-reply, 2008/01/16
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit, sys-project, 2008/01/16
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities, Digital Security Research Group [DSecRG], 2008/01/16
[Full-disclosure] TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability, DVLabs, 2008/01/15
[Full-disclosure] rPSA-2008-0017-1 libxml2, rPath Update Announcements, 2008/01/15
[Full-disclosure] rPSA-2008-0016-1 postgresql postgresql-server, rPath Update Announcements, 2008/01/15
[Full-disclosure] rPSA-2008-0015-1 cairo, rPath Update Announcements, 2008/01/15
[Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability, iDefense Labs, 2008/01/15
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities, iDefense Labs, 2008/01/15
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities, iDefense Labs, 2008/01/15
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities, iDefense Labs, 2008/01/15
[Full-disclosure] iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability, iDefense Labs, 2008/01/15
Pipe to FOR Crashes CMD, James C. Slora Jr., 2008/01/15
MicroNews Admin Direct Access vulnerability, xcross87, 2008/01/15
Max's File Uploader File Upload Vulnerability, xcross87, 2008/01/15
Article DashBoard all version SQL Injection Vulnerability, xcross87, 2008/01/15
- Re: Article DashBoard all version SQL Injection Vulnerability, hey, 2008/01/18
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS), sp3x, 2008/01/15
Exploiting the SpamBam plugin for wordpress, "JosÂÃ M. PalazÃn Romero", 2008/01/15
Country by Country ISA Computer Sets, Thor (Hammer of God), 2008/01/15
- Message not available
  - Re: Country by Country ISA Computer Sets, The Fungi, 2008/01/18
    - RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 2008/01/18
    - Re: Country by Country ISA Computer Sets, Richard Powell, 2008/01/18
- Re: Country by Country ISA Computer Sets, GomoR, 2008/01/18
  - RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 2008/01/18
  - RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 2008/01/18
- Message not available
  - RE: Country by Country ISA Computer Sets, Thor (Hammer of God), 2008/01/21
    - RE: Country by Country ISA Computer Sets, Jim Harrison, 2008/01/22
Defeating audio captcha systems, "JosÂÃ M. PalazÃn Romero", 2008/01/15
- Re: Defeating audio captcha systems, 3APA3A, 2008/01/16
FreeBSD Security Advisory FreeBSD-SA-08:02.libc, FreeBSD Security Advisories, 2008/01/15
FreeBSD Security Advisory FreeBSD-SA-08:01.pty, FreeBSD Security Advisories, 2008/01/15
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module, security, 2008/01/15
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities, security, 2008/01/15
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002, security-alert, 2008/01/15
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code, security-alert, 2008/01/15
[Full-disclosure] [USN-569-1] libxml2 vulnerability, Kees Cook, 2008/01/14
[Full-disclosure] [USN-568-1] PostgreSQL vulnerabilities, Jamie Strandboge, 2008/01/14
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily, sys-project, 2008/01/14
Re: what is this?, admin, 2008/01/14
[Full-disclosure] ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability, zdi-disclosures, 2008/01/14
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration, security, 2008/01/14
SQID v0.3 - SQL Injection Digger., Metaeye SG, 2008/01/14
F5 BIG-IP Web Management List Search XSS, nnposter, 2008/01/14
Garment Center (index.cgi) Local File Inclusion, Smasher, 2008/01/14
- Re: Garment Center (index.cgi) Local File Inclusion, Smasher, 2008/01/14
[Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/13
- Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/13
  - Re: [Full-disclosure] what is this?, Robert McArdle, 2008/01/14
- Re: [Full-disclosure] what is this?, 3APA3A, 2008/01/14
  - Re: [Full-disclosure] what is this?, Nick FitzGerald, 2008/01/14
    - Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/14
- Re: [Full-disclosure] what is this?, Robert McArdle, 2008/01/14
  - Re: [Full-disclosure] what is this?, Robert McArdle, 2008/01/14
- Re: [Full-disclosure] what is this?, Jose Nazario, 2008/01/14
  - Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/14
  - RE: what is this?, Mario Contestabile, 2008/01/14
  - Re: [Full-disclosure] what is this?, 3APA3A, 2008/01/14
- Re: what is this?, Gadi Evron, 2008/01/14
  - Re: [Full-disclosure] what is this?, damncon, 2008/01/16
    - Re: [Full-disclosure] what is this?, Valdis . Kletnieks, 2008/01/17
- Re: what is this?, Denis, 2008/01/15
  - Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/15
    - Re: [Full-disclosure] what is this?, Nick FitzGerald, 2008/01/15
    - Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/15
    - Re: [Full-disclosure] what is this?, Gadi Evron, 2008/01/15
    - Re: [Full-disclosure] what is this?, crazy frog crazy frog, 2008/01/15
    - Re[2]: what is this?, none, 2008/01/15
  - Re: what is this?, Jamie Riden, 2008/01/15
    - Re[2]: what is this?, Denis, 2008/01/15
  - RE: what is this?, Memisyazici, Aras, 2008/01/15
    - Re[2]: what is this?, Denis, 2008/01/15
- Re: what is this?, Yousef Syed, 2008/01/16
- Re: [Full-disclosure] what is this?, SilentRunner, 2008/01/17
[Full-disclosure] Hacking The Interwebs, pdp (architect), 2008/01/13
- Hacking The Interwebs, pdp (architect), 2008/01/14
- Re: [Full-disclosure] Hacking The Interwebs, Fredrick Diggle, 2008/01/15
  - Re: [Full-disclosure] Hacking The Interwebs, Ed Carp, 2008/01/15
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 2008/01/12
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration, security, 2008/01/12
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities, security, 2008/01/12
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability, security, 2008/01/12
[Full-disclosure] Safari 2 Denial of Service, S21sec labs, 2008/01/12
[Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3, Hanno BÃck, 2008/01/11
RE: At long last - Extra Outlooks!, Thor (Hammer of God), 2008/01/11
Naymz multiple XSS, morin . josh, 2008/01/11
Member Area System (MAS) Remote File Include Vulnerability (view_func.php), ship_nx, 2008/01/11
- Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php), m3venge, 2008/01/18
CFP: EuroSec Workshop (March 31st, 2008), Stefano Zanero, 2008/01/11
ImageAlbum Remote SQL Injection Vulnerabilities, db, 2008/01/11
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability, sp3x, 2008/01/11
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability, sp3x, 2008/01/11
[ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities, security, 2008/01/11
At long last -- Extra Outlooks!, Thor (Hammer of God), 2008/01/11
- Re: At long last -- Extra Outlooks!, Alexander Bochmann, 2008/01/11
  - Re: At long last -- Extra Outlooks!, Casper . Dik, 2008/01/14
  - RE: At long last -- Extra Outlooks!, Thor (Hammer of God), 2008/01/14
  - Re: At long last -- Extra Outlooks!, Francois Labreque, 2008/01/14
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, none, 2008/01/11
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, str0ke, 2008/01/11
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70, snagg, 2008/01/14
[Full-disclosure] re-resting of zzuf results, Hanno BÃck, 2008/01/11
[Full-disclosure] [USN-567-1] Dovecot vulnerability, Kees Cook, 2008/01/10
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability, security, 2008/01/10
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability, Noah Meyerhans, 2008/01/10
MTCMS <=2.0 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 2008/01/10
[Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 2008/01/10
- Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 2008/01/10
  - Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 2008/01/11
    - Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, void, 2008/01/12
    - Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 2008/01/14
    - Re: Buffer-overflow in Quicktime Player 7.3.1.70, Marcello Barnaba (void), 2008/01/14
  - Re: Buffer-overflow in Quicktime Player 7.3.1.70, Luigi Auriemma, 2008/01/14
Word 2007 Email as PDF path disclosure flaw, ebk_lists, 2008/01/10
[Full-disclosure] SunOS 5.10 ICMP Remote Kernel Crash Exploit Code, kcope, 2008/01/10
Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit, info, 2008/01/10
uCon 2008 call for participation - Recife, Brazil, ucon, 2008/01/10
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager, ProCheckUp Research, 2008/01/10
Simple Machines Forum Cross-Site Scripting Vulnerabilities, DoZ, 2008/01/10
- Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities, dev, 2008/01/28
[Full-disclosure] BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP, Adrian P, 2008/01/10
[Full-disclosure] [USN-566-1] OpenSSH vulnerability, Kees Cook, 2008/01/09
[SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure, Thijs Kinkhorst, 2008/01/09
[Full-disclosure] [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities, Robert Buchholz, 2008/01/09
[ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities, security, 2008/01/09
[USN-565-1] Squid vulnerability, Kees Cook, 2008/01/09
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service, Thijs Kinkhorst, 2008/01/09
[Full-disclosure] [ GLSA 200801-05 ] Squid: Denial of Service, Pierre-Yves Rofes, 2008/01/09
[Full-disclosure] [ GLSA 200801-04 ] OpenAFS: Denial of Service, Pierre-Yves Rofes, 2008/01/09
[Full-disclosure] [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation, Pierre-Yves Rofes, 2008/01/09
[Full-disclosure] iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability, iDefense Labs, 2008/01/09
[Full-disclosure] [ GLSA 200801-02 ] R: Multiple vulnerabilities, Pierre-Yves Rofes, 2008/01/09
[INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected, infocus, 2008/01/09
[ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities, security, 2008/01/09
[Full-disclosure] Pre-auth remote commands execution in SAP MaxDB 7.6.03.07, Luigi Auriemma, 2008/01/09
Privileg escalation in Omegasoft Insel 7, MC Iglo, 2008/01/09
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 2008/01/09
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues, security, 2008/01/09
First (Major) web hacking incidents for 2008. Sign of the year to come?, Ofer Shezaf, 2008/01/09
- Re: First (Major) web hacking incidents for 2008. Sign of the year to come?, Paul Schmehl, 2008/01/09
[INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS, infocus, 2008/01/09
[security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution, security-alert, 2008/01/09
LFI in Tuned Studios Templates, Digital Security Research Group [DSecRG], 2008/01/09
[Full-disclosure] [USN-564-1] Net-SNMP vulnerability, Jamie Strandboge, 2008/01/09
[Full-disclosure] [USN-561-1] pwlib vulnerability, Kees Cook, 2008/01/09
[Full-disclosure] [USN-563-1] CUPS vulnerabilities, Kees Cook, 2008/01/09
[Full-disclosure] [USN-562-1] opal vulnerability, Kees Cook, 2008/01/09
[Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution, Robert Buchholz, 2008/01/08
ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow, Robert Buchholz, 2008/01/08
Joomla 1.0.13 CSRF, J. Carlos Nieto, 2008/01/08
- Re: Joomla 1.0.13 CSRF, J. Carlos Nieto, 2008/01/08
Level-One WBR-3460A Grants Root Access, anastasiosm, 2008/01/08
HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 2008/01/08
HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 2008/01/08
Corsaire Security Advisory: Sun J2RE DoS issue, advisories, 2008/01/08
sysHotel On Line Remote File Disclosure Vulnerability., p4imi0, 2008/01/08
[ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 2008/01/08
[Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 2008/01/07
- [Full-disclosure] [USN-560-1] Tomboy vulnerability, Jamie Strandboge, 2008/01/07
[Full-disclosure] VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, VMware Security team, 2008/01/07
[Full-disclosure] VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1, VMware Security team, 2008/01/07
[Full-disclosure] iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability, iDefense Labs, 2008/01/07
CORE-2007-1106: SynCE Remote Command Injection, CORE Security Technologies Advisories, 2008/01/07
[Full-disclosure] PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes, Reed Arvin, 2008/01/07
[Full-disclosure] PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes., Reed Arvin, 2008/01/07
Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability., p4imi0, 2008/01/07
LayerOne 2008 - CFP Released, Layer One, 2008/01/07
SocialURL Login Page Cross-Site Scripting, morin . josh, 2008/01/07
PostgreSQL 2007-01-07 Cumulative Security Release, Josh Berkus, 2008/01/07
Linksys WRT54 GL - Session riding (CSRF), tomaz . bratusa, 2008/01/07
- Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 2008/01/07
- Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 2008/01/07
- Re: Linksys WRT54 GL - Session riding (CSRF), Florian Weimer, 2008/01/11
  - RE: Linksys WRT54 GL - Session riding (CSRF), Tomaz, 2008/01/14
    - Re: Linksys WRT54 GL - Session riding (CSRF), J. Oquendo, 2008/01/14
    - Re: Linksys WRT54 GL - Session riding (CSRF), Jan Heisterkamp, 2008/01/15
    - Re: Linksys WRT54 GL - Session riding (CSRF), Valdis . Kletnieks, 2008/01/15
- Re: Linksys WRT54 GL - Session riding (CSRF), Daniel Weber, 2008/01/15
[Reversemode Paper] Exploiting WDM Audio Drivers, Reversemode, 2008/01/07
New Web Hacking Incidents at WHID, Ofer Shezaf, 2008/01/07
OneCMS Vulnerabilities, admin, 2008/01/07
- Re: OneCMS Vulnerabilities, webmaster, 2008/01/28
eTicket 1.5.5.2 Multiple Vulnerabilities, L4teral, 2008/01/07
netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss), hadihadi_zedehal_2006, 2008/01/07
[HSC] Snitz Forums Multiple Vulnerabilities, DoZ, 2008/01/07
- RE: [HSC] Snitz Forums Multiple Vulnerabilities, Aaron Cake, 2008/01/07
vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 2008/01/07
- Re: vBulletin 3.6.8 XSRF/XSS Vulnerability, nbbn, 2008/01/07
Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207, Robbie Gill, 2008/01/05
rPSA-2008-0008-1 cups, rPath Update Announcements, 2008/01/05
rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements, 2008/01/05
[ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service, security, 2008/01/05
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT, underwater, 2008/01/05
NetRisk 1.9.7 Remote File Inclusion Vulnerability, erne, 2008/01/05
rPSA-2008-0006-1 libexif, rPath Update Announcements, 2008/01/05
[Full-disclosure] iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability, iDefense Labs, 2008/01/04
Some DoS in some telnet servers, Luigi Auriemma, 2008/01/04
[Full-disclosure] Pre-auth buffer-overflow in mySQL through yaSSL, Luigi Auriemma, 2008/01/04
[Full-disclosure] Multiple vulnerabilities in yaSSL 1.7.5, Luigi Auriemma, 2008/01/04
- SinFP fingerprinting tool online demo, GomoR, 2008/01/18
FortiGuard: URL Filtering Application Bypass Vulnerability, Danux, 2008/01/04
- Re: FortiGuard: URL Filtering Application Bypass Vulnerability, 3APA3A, 2008/01/04
rPSA-2008-0004-1 tshark wireshark, rPath Update Announcements, 2008/01/03
[Full-disclosure] securityvulns.com russian vulnerabilities digest, 3APA3A, 2008/01/03
rPSA-2008-0001-1 dovecot, rPath Update Announcements, 2008/01/03
- Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 2008/01/03
- Re: rPSA-2008-0001-1 dovecot, Steven M. Christey, 2008/01/04
  - Re: rPSA-2008-0001-1 dovecot, Dominic Hargreaves, 2008/01/04
  - Re: rPSA-2008-0001-1 dovecot, Jonathan Smith, 2008/01/04
[Full-disclosure] multiple CAPTCHA automation test bypass digest, 3APA3A, 2008/01/03
RE: Latest round of web hacking incidents for 2007 & Project news, Memisyazici, Aras, 2008/01/03
- RE: Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf, 2008/01/03
- Re: Latest round of web hacking incidents for 2007 & Project news, Peter Watkins, 2008/01/03
- Re: Latest round of web hacking incidents for 2007 & Project news, s f, 2008/01/04
Re: Cryptome: NSA has real-time access to Hushmail servers, John Simpson, 2008/01/03
- Re: Cryptome: NSA has real-time access to Hushmail servers, Lee Dilkie, 2008/01/03
- RE: Re: Cryptome: NSA has real-time access to Hushmail servers, M. Burnett, 2008/01/03
[ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities, security, 2008/01/03
xss in w3-msql error page, vivek_infosec, 2008/01/03
[security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access, security-alert, 2008/01/03
[Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 2008/01/03
- Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, Michal Zalewski, 2008/01/03
  - Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication, avivra, 2008/01/03
AST-2008-001: Crash from transfer using BYE with Also header, Asterisk Security Team, 2008/01/02
phpBB2 2.0.22 Cross Site Scripting Vulnerability, bugtraq, 2008/01/02
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 2008/01/03
- Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, admin, 2008/01/03
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability, neothermic, 2008/01/03
  - AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability, Aufmuth Andreas, 2008/01/04
[Full-disclosure] Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003, Luigi Auriemma, 2008/01/02
[Full-disclosure] Buffer-overflow and format string in White_Dune 0.29beta791, Luigi Auriemma, 2008/01/02
XSS Vulnerabilities in Common Shockwave Flash Files, rich cannings, 2008/01/02
MODx CMS Source code disclosure, local file inclusion, admin, 2008/01/02
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search, Audun Larsen, 2008/01/01