Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

March 31, 2008

[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities, Thijs Kinkhorst, 23:32
EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI), irancrash, 23:32
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, Razi Shaban, 23:01
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, evilrabbi, 22:40
Re: [Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, Nate McFeters, 14:02
[Full-disclosure] CAU-2008-0001 - Slowly Closing Door Race Condition, I)ruid, 13:52
[Full-disclosure] iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability, iDefense Labs, 07:40
Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]", Amit Klein, 07:40
rPSA-2008-0132-1 lighttpd, rPath Update Announcements, 06:47
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit, r57blg, 05:44
[Full-disclosure] Directory traversal in 2X ThinClientServer v5.0_sp1-r3497, Luigi Auriemma, 04:31
Efestech Video v5,0 (id) Remote Sql Injection, dj_remix_20, 04:21
Proviso SiteKiosk File Download Vulnerability, nebelfrost23, 04:10
Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities, omnipresent, 03:49
Re: Internet explorer 7.0 spoofing, mouss, 03:28

March 30, 2008

[Full-disclosure] London DEFCON meet - DC4420 - New Venue - Wednesday 2nd April, 2008, Major Malfunction, 19:40

March 29, 2008

[Full-disclosure] [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption, Tobias Klein, 21:33
CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities, hadihadi_zedehal_2006, 01:41
Re: Internet explorer 7.0 spoofing, w0lfd33m, 01:30
[ MDVSA-2008:080 ] - Updated Firefox packages fix multiple vulnerabilities, security, 01:09

March 28, 2008

[Full-disclosure] VMSA-2008-0006 Updated libxml2 service console package, VMware Security team, 09:17
Internet explorer 7.0 spoofing, jplopezy, 05:04
Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, Mike Duncan, 05:04
Re: XChat 2.8.4-1 - Multiple Vulnerabilities, fabio, 04:10
Immunity Debugger 1.5, Nicolas Waisman, 03:27
Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, fake, 02:33
Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, Jindrich Kubec, 02:23
XChat 2.8.4-1 - Multiple Vulnerabilities, evilcry, 02:01
CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability, Williams, James K, 02:01
[security bulletin] HPSBOV02278 SSRT071479 rev.1 - HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access, security-alert, 01:39
Re: Heap overflow in Sybase MobiLink 10.0.1.3629, jsavill, 01:39
[security bulletin] HPSBGN02319 SSRT080027 rev.1 - HP Compaq Notebook PC BIOS, Local Unauthorized Access, security-alert, 01:29
[security bulletin] HPSBGN02305 SSRT080004 rev.1 - HP Compaq Business Notebook PC BIOS, Local Denial of Service (DoS), security-alert, 01:06
Smf 1.1.4 Remote File Inclusion Vulnerabilities, sibertrwolf, 00:45
[ MDVSA-2008:079 ] - Updated sarg packages fix multiple vulnerabilities, security, 00:03

March 27, 2008

rPSA-2008-0128-1 firefox, rPath Update Announcements, 03:19
Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities, Christos Zoulas, 03:08
Re: JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities, str0ke, 02:14
[SECURITY] [DSA 1531-1] New policyd-weight packages fix insecure temporary files, Thijs Kinkhorst, 01:20
JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities, r57blg, 00:58
[securityreason] *BSD libc (strfmon) Multiple vulnerabilities, cxib, 00:24
TopperMod 2.0 Remote SQL Injection Vulnerability, r57blg, 00:24
[ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking, security, 00:02

March 26, 2008

Multiple XSS in DigiDomain, xx_hack_xx_2004, 23:29
[ MDVSA-2008:077 ] - Updated perl-Tk packages fix GIF processing vulnerability, security, 23:29
[Full-disclosure] [USN-596-1] Ruby vulnerabilities, Kees Cook, 06:58
[Full-disclosure] [USN-595-1] SDL_image vulnerabilities, Kees Cook, 06:58
[Full-disclosure] [USN-594-1] libnet-dns-perl vulnerability, Kees Cook, 06:58
[Full-disclosure] [USN-593-1] Dovecot vulnerabilities, Kees Cook, 06:47
[ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities, security, 05:54
[Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018, Luigi Auriemma, 05:11
Re: hacking the mitsubishi GB-50A, Chris Withers, 03:15
Invision Power Board <=2.3.x iFrame Vuln, shaheemirza, 02:54
[Full-disclosure] ZDI-08-013: Novell eDirectory for Linux Stack Overflow, zdi-disclosures, 02:22
Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS, Cisco Systems Product Security Incident Response Team, 01:06
[Full-disclosure] [USN-592-1] Firefox vulnerabilities, Jamie Strandboge, 00:35
Re: Logaholic Web Analytics Software, andre, 00:24
php-addressbook v2.0 SQL Injection Vulnerbility, hadihadi_zedehal_2006, 00:02

March 25, 2008

Re: hacking the mitsubishi GB-50A, Steven M. Christey, 23:52
Aztech ADSL2/2+ 4 Port remote root, sipherr, 23:51
[security bulletin] HPSBTU02322 SSRT080011 rev.1 - HP Tru64 UNIX running SSH/SFTP Server, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert, 23:41
Blackboard Academic Suite Multiple XSS Vulnerabilities, knight4vn, 23:41
phpBB PJIRC mod LFI, 0in . email, 06:15
[Full-disclosure] CORE-2007-1212: SILC pkcs_decode buffer overflow, Core Security Technologies Advisories, 05:43
[DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1, Digital Security Research Group, 03:33
rPSA-2008-0123-1 ruby, rPath Update Announcements, 03:22
Cuteflow Bin v1.5.0 Local File Inclusion Vuln, r57blg, 03:11
rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server, rPath Update Announcements, 02:50
e107 My_Gallery Plugin Arbitrary File Download Vulnerability, Jerome Athias, 01:25
[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities, Noah Meyerhans, 01:14
Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A, Joe, 00:31
Re: hacking the mitsubishi GB-50A, Chris Withers, 00:10
Re: hacking the mitsubishi GB-50A, Vincent Archer, 00:00

March 24, 2008

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection, arsalan1991, 23:49
Re: Linksys phone adapter denial of service, Michael VERGOZ, 23:38
[Full-disclosure] [ GLSA 200803-32 ] Wireshark: Denial of Service, Pierre-Yves Rofes, 17:44
[Full-disclosure] [USN-590-1] bzip2 vulnerability, Kees Cook, 17:12
[Full-disclosure] [ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities, Robert Buchholz, 15:59
[Full-disclosure] [USN-591-1] libicu vulnerabilities, Jamie Strandboge, 15:26
[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting, Thijs Kinkhorst, 15:26
HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de), zero-x, 15:14
RE: hacking the mitsubishi GB-50A, James C. Slora Jr., 15:04
Re: Linksys phone adapter denial of service, J. Oquendo, 14:53
Re: Linksys phone adapter denial of service, orsino, 14:42
Re: Re: Linksys phone adapter denial of service, sipherr, 14:31
Hamachi Password Disclosure Vulnerability, evilcry, 14:21
[DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b, Digital Security Research Group, 14:00
[DSECRG-08-020] RFI-LFI in PowerClan 1.14a, Digital Security Research Group, 13:49
[DSECRG-08-019] LFI in PowerBook 1.21, Digital Security Research Group, 13:28
[SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation, Thijs Kinkhorst, 13:07
Re: XSS in cPanel 11.x, morin . josh, 12:57
Re: Linksys phone adapter denial of service, J. Oquendo, 12:36
RE: hacking the mitsubishi GB-50A, Desai, Ashish, 12:25
Alkacon OpenCms users_list.jsp searchfilter XSS, nnposter, 12:02
Linksys phone adapter denial of service, sipherr, 11:51
F5 BIG-IP Web Management Audit Log XSS, nnposter, 11:51
[ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability, security, 11:40
Re: Potential SQL injection vulnerability in Apache::AuthCAS, dcastro, 11:40
EfesTech E-Kontr (id) Remote SQL INJECTION, dj_remix_20, 11:29

March 23, 2008

[Full-disclosure] ircu/snircd remote crash vulnerability, Chris Porter, 22:13

March 22, 2008

Safari browser 3.1 (525.13) spoofing, jplopezy, 14:59
Google SoC 2008: Security Projects, jkouns, 14:49
phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities, Guns, 14:38
hacking the mitsubishi GB-50A, Chris Withers, 14:27
Fedora, Ubuntu publish wrong advisories for CVE-2007-6318, Abel Cheung, 14:07
rPSA-2008-0118-1 bzip2, rPath Update Announcements, 13:56
rPSA-2008-0116-1 unzip, rPath Update Announcements, 13:35
Safari 3.1 for windows download bug, jplopezy, 13:13
Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS, vermsky, 13:03
XSS in cPanel 11.x, xx_hack_xx_2004, 12:42

March 21, 2008

[Full-disclosure] Buffer-overflow in ASUS Remote Console 2.0.0.24, Luigi Auriemma, 18:44
{securityreason.com}PHP 5 *printf() - Integer Overflow, cxib, 15:37
webutil.pl is still vulnerable against Remote Command Execution., zero-x, 15:27
DotNetNuke Default Machine Key Exposure, labs, 13:12
[ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation, security, 13:12
[MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling., Minded Security Research Labs, 13:01
Re: Horde Webmail file inclusion proof of concept & patch., David Morton, 12:51
MS08-014, Anonymous, 12:51
[INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow, infocus, 12:40
CanSecWest 2008 PWN2OWN - Mar 26-28, Dragos Ruiu, 12:30
[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling., Minded Security Research Labs, 12:30

March 20, 2008

[ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability, security, 21:20
[ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability, security, 20:17
[Full-disclosure] [USN-589-1] unzip vulnerability, Kees Cook, 17:06
[Full-disclosure] Multiple heap overflows in xine-lib 1.1.11, Luigi Auriemma, 16:45
Note about recently publicized CA BrightStor ActiveX exploit code, Williams, James K, 16:24
KAPhotoservice (album.asp) Remote SQL Injection Exploit, sys-project, 15:52
Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability, info, 14:15
Pizco vulnerable to buffer overflow in activex, david130490, 14:04
[ MDVSA-2008:071 ] - Updated Kerberos packages fix multiple vulnerabilities, security, 12:57
[ MDVSA-2008:070 ] - Updated Kerberos packages fix multiple vulnerabilities, security, 12:13
[ MDVSA-2008:069 ] - Updated Kerberos packages fix multiple vulnerabilities, security, 11:51
[Full-disclosure] [USN-588-1] MySQL vulnerabilities, Jamie Strandboge, 08:37
[Full-disclosure] Adobe Flash CS3 Professional FLA File Parsing Multiple Local Code Execute Vulnerabilities, cocoruder, 00:49

March 19, 2008

[Full-disclosure] rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 23:56
[Full-disclosure] [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure, Robert Buchholz, 21:40
[Full-disclosure] [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities, Tobias Heinlein, 19:15
[Full-disclosure] [ GLSA 200803-28 ] OpenLDAP: Denial of Service vulnerabilities, Pierre-Yves Rofes, 18:22
IBM Rational ClearQuest Web Multiple XSS Vulnerabilities, swhite, 16:36
CS-Cart XSS, swhite, 15:53
Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?, James Connery, 13:28
HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access, security-alert, 13:18
AST-2008-004: Format String Vulnerability in Logger and Manager, Asterisk Security Team, 12:46
[ MDVSA-2008:068 ] - Updated unzip packages vulnerability, security, 12:13
AST-2008-002: Two buffer overflows in RTP Codec Payload Handling, Asterisk Security Team, 12:03
AST-2008-003: Unauthenticated calls allowed from SIP channel driver, Asterisk Security Team, 11:20
Mambo/joomla com_intellect "page" LFI [Aria-Security], no-reply, 11:09
phpBB 2.0.23 Session Hijacking Vulnerability, nbbn@gmx.net, 11:09
AST-2008-005: HTTP Manager ID is predictable, Asterisk Security Team, 10:58
[Full-disclosure] [USN-587-1] Kerberos vulnerabilities, Kees Cook, 01:47

March 18, 2008

[Full-disclosure] [ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities, Pierre-Yves Rofes, 19:04
[ MDVSA-2008:067 ] - Updated nagios packages fix multiple vulnerabilities, security, 18:42
iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability, iDefense Labs, 18:31
[SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities, Noah Meyerhans, 17:06
MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject), raeburn, 16:56
[Full-disclosure] CORE-2008-0123: Leopard Server Remote Path Traversal, Core Security Technologies Advisories, 16:55
MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc, raeburn, 15:19
MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc, raeburn, 15:19
Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit, info, 15:09
[Full-disclosure] [ GLSA 200803-26 ] Adobe Acrobat Reader: Insecure temporary file creation, Robert Buchholz, 14:47
cPanel 11.x => List Directories and Folders, xx_hack_xx_2004, 13:33
[security bulletin] HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-014 to MS08-017, security-alert, 13:11
Internet Explorer 7.0 crash, jplopezy, 13:01
eForum 0.4 XSS, omnipresent, 12:17
Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc, 11:34
Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc, 11:13
[Full-disclosure] [ GLSA 200803-25 ] Dovecot: Multiple vulnerabilities, Robert Buchholz, 08:48
[Full-disclosure] Airscanner Mobile Security Advisory #08031201: FlexiSPY Multiple Issues, Seth Fogie, 00:11

March 17, 2008

[Full-disclosure] VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues, VMware Security team, 22:38
[Full-disclosure] [ GLSA 200803-24 ] PCRE: Buffer overflow, Tobias Heinlein, 21:36
[Full-disclosure] Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125, Hanno BÃck, 19:09
Agile Hacking, Petko D. Petkov, 17:35
Home FTP Server DoS, 0in . email, 17:03
Multiple vulnerabilities in Net Inspector 6.5.0.828, Luigi Auriemma, 14:47
[Full-disclosure] Buffer-overflow in BootManage TFTPD 1.99, Luigi Auriemma, 14:46
[Full-disclosure] VLC highlander bug, Luigi Auriemma, 14:04
Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), greentea-lemon, 14:04
Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities, sys-project, 13:42
Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, david130490, 13:21
Security Advisory on RSA Web ID (XSS), quentin . berdugo, 13:11
raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition), Collin R. Mulliner, 13:00
EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities, sys-project, 12:39
vuln in snewscms Rus v 2.3, www . yo . by, 12:39
RE: Local persistent DoS in Windows XP SP2 Taskmgr, Thor (Hammer of God), 12:28
Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), neodwija, 11:56
Re: Local persistent DoS in Windows XP SP2 Taskmgr, paraw, 11:45
Joomla components com_guide "category" Remote SQL Injection [Aria-Security], no-reply, 11:35

March 16, 2008

[Full-disclosure] eeye diffing suite?, crazy frog crazy frog, 08:29

March 15, 2008

[Full-disclosure] [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage, Pierre-Yves Rofes, 17:54
XNview 1.92.1 Long Filename Overflow, Sylvain, 17:23
Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow, opexoc, 17:12
Troopers08 Security Conference, April 23/24 (Munich/Germany), Enno Rey, 16:00
[Full-disclosure] [USN-586-1] mailman vulnerability, Kees Cook, 15:08
Local persistent DoS in Windows XP SP2 Taskmgr, SkyOut, 14:47
Black Hat Announcements: New CFP system and Japan '08 confirmed, jmoss, 13:45
Re: [Full-disclosure] Firewire Attack on Windows Vista, Pavel Kankovsky, 13:34

March 14, 2008

EasyGallery <= 5.0tr - Multiple Remote Vulnerabilities, sys-project, 15:35
Re: Office XP Remote SQL Injection, Steve Shockley, 12:59
Airspan WiMAX ProST Authentication Bypass Vulnerability, admin, 12:17
Re: [Full-disclosure] hacking a pacemaker, Randal T. Rioux, 10:42
Re: [Full-disclosure] [ GLSA 200803-17 ] PDFlib: Multiple buffer overflows, Philip Thiessen, 02:47

March 13, 2008

[ MDVSA-2008:066 ] - Updated gcc packages fix directory traversal vulnerability in fastjar, security, 19:52
Office XP Remote SQL Injection, no-reply, 19:21
PR08-02: Plone CMS Security Research - the Art of Plowning, ProCheckUp Research, 18:39
[Full-disclosure] [ GLSA 200803-22 ] LIVE555 Media Server: Denial of Service, Pierre-Yves Rofes, 18:38
Re: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, sad_wabi_user, 18:28
Update+Errata: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability", Amit Klein, 17:56
[Full-disclosure] ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability, zdi-disclosures, 17:25
[Full-disclosure] ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability, zdi-disclosures, 17:25
Zabbix (zabbix_agentd) denial of service, Milen Rangelov, 12:27
Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability, kralor, 12:16
Re: Firewire Attack on Windows Vista, Stefan Kanthak, 11:54
Rise of the spammers, vulns, 11:33
Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, app, 11:33
Re: PHP-Nuke Module NukeC30 sql injection, my_msn_my_msn_my, 11:21
Directory traversal in EdiorCMS V3.0, wsn1983, 11:11
XSS in PHP-Nuke (eWeather module), nima_501, 11:00
Re: Directory traversal and DoS in WinIPDS G52-33-021, ph, 10:39
Re: [Full-disclosure] Firewire Attack on Windows Vista, Eric Rachner, 02:09

March 12, 2008

rPSA-2008-0108-1 dovecot, rPath Update Announcements, 17:33
[Full-disclosure] Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0), Luigi Auriemma, 16:09
[Full-disclosure] [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code, Raphael Marichez, 15:25
Powered by phpBB 2001, 2006 (SQL), turkish-warriorr, 15:05
[Full-disclosure] rPSA-2008-0106-1 lighttpd, rPath Update Announcements, 14:54
[Full-disclosure] ZDI-08-010: Java Web Start encoding Stack Buffer Overflow, zdi-disclosures, 13:51
[Full-disclosure] ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow, zdi-disclosures, 13:51
Cisco ACS UCP Remote Pre-Authentication Buffer Overflows, Felix 'FX' Lindner, 13:51
hacking a pacemaker, Gadi Evron, 13:09
Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, Maximiliano MÃller, 12:48
travelsized cms 0.4.1 multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab, 11:55
uberghey cms 0.3.1 multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab, 11:44

March 11, 2008

[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection, iDefense Labs, 19:47
[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability, iDefense Labs, 19:36
[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability, iDefense Labs, 19:24
TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability, DVLabs, 19:24
PHP-Nuke Module ZClassifieds [cat] SQL Injection, lovebug, 18:52
[Full-disclosure] [ GLSA 200803-20 ] International Components for Unicode: Multiple vulnerabilities, Pierre-Yves Rofes, 18:30
[Full-disclosure] [ GLSA 200803-19 ] Apache: Multiple vulnerabilities, Pierre-Yves Rofes, 18:08
[Full-disclosure] ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability, zdi-disclosures, 17:57
[Full-disclosure] CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection, Core Security Technologies Advisories, 17:15
[Full-disclosure] Advisory Adobe LiveCycle Workflow XSS Vulnerability, Liquidmatrix Security Digest, 16:53
Re: [Full-disclosure] Firewire Attack on Windows Vista, FD, 15:50
ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1), ACROS Security, 13:54
ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2), ACROS Security, 13:43
Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer, patrick, 13:22
PHP-Nuke Module NukeC30 sql injection, houssamix, 13:12
[security bulletin] HPSBUX02313 SSRT080015 rev.2 - HP-UX Running Apache, Remote Cross Site Scripting (XSS), security-alert, 13:12
Re: Firewire Attack on Windows Vista, Steve Shockley, 13:12
Mambo Components ensenanzas "id" Remote SQL Injection, no-reply, 13:12
Advisory: SQL-Injections in Mapbender, RedTeam Pentesting GmbH, 13:12
Re: [Full-disclosure] Firewire Attack on Windows Vista, Jacob Appelbaum, 13:11
[security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code, security-alert, 13:11
Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5, titon, 13:10
Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5, Luigi Auriemma, 13:10
[Full-disclosure] [USN-585-1] Python vulnerabilities, Kees Cook, 13:06

March 10, 2008

Re: [Full-disclosure] Invalid memory access in Acronis True Image Group Server 1.5.19.191, Dmitry, 19:08
[Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5, Luigi Auriemma, 18:57
[Full-disclosure] Invalid memory access in Acronis True Image Group Server 1.5.19.191, Luigi Auriemma, 18:46
NULL pointer in Remotely Anywhere 8.0.668, Luigi Auriemma, 18:46
[Full-disclosure] Multiple vulnerabilities in ASG-Sentry 7.0.0, Luigi Auriemma, 18:46
[Full-disclosure] Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076, Luigi Auriemma, 18:46
[Full-disclosure] NULL pointer in Acronis True Image Windows Agent 1.0.0.54, Luigi Auriemma, 18:46
Denial of Service in PacketTrap TFTP server 2.0.3901.0, Luigi Auriemma, 18:35
[Full-disclosure] Directory traversal in Argon Client Management Services 1.31, Luigi Auriemma, 18:35
[Full-disclosure] [ GLSA 200803-18 ] Cacti: Multiple vulnerabilities, Pierre-Yves Rofes, 18:35
[Full-disclosure] iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability, iDefense Labs, 18:35
[Full-disclosure] iDefense Security Advisory 03.10.08: SAP MaxDB Signedness Error Heap Corruption Vulnerability, iDefense Labs, 18:24
[Full-disclosure] [ GLSA 200803-17 ] PDFlib: Multiple buffer overflows, Pierre-Yves Rofes, 18:02
[Full-disclosure] [ GLSA 200803-16 ] MPlayer: Multiple buffer overflows, Pierre-Yves Rofes, 17:31
Re: [Full-disclosure] Firewire Attack on Windows Vista, Ansgar -59cobalt- Wiechers, 15:47
Summer Camp 2008 - La Garrotxa, Gerardo García Peña, 13:41
Firebird remote BOF POC, underwater, 13:41
PHP-Nuke SQL injection Module "Hadith" [cat], lovebug, 13:09
[ MDVSA-2008:065 ] - Updated pulseaudio packages fix denial of service vulnerabilities, security, 12:25
Re: [Full-disclosure] Firewire Attack on Windows Vista, Jacob Appelbaum, 12:14
Re: [Full-disclosure] Firewire Attack on Windows Vista, Stefan Kanthak, 12:04
VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit, gmdarkfig, 12:04
[security bulletin] HPSBUX02306 SSRT071463 rev.2 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS), security-alert, 11:29
Re: [Full-disclosure] Firewire Attack on Windows Vista, Kern, 10:57
Re: [Full-disclosure] Firewire Attack on Windows Vista, Jardel Weyrich, 00:10

March 09, 2008

Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 23:59
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 23:38
Re: [Full-disclosure] Firewire Attack on Windows Vista, Stefan Kanthak, 22:26
Re: [Full-disclosure] Firewire Attack on Windows Vista, Erik Trulsson, 22:26
[Full-disclosure] [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability, Pierre-Yves Rofes, 17:08

March 08, 2008

Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 19:23
WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability, nbbn, 18:51
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 18:50
[TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability, Tobias Klein, 18:19
Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure, nnposter, 16:56
F5 BIG-IP Web Management Console XSS, nnposter, 16:35
Re: Horde Webmail file inclusion proof of concept & patch., Ben Klang, 16:04
Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 15:02
[Full-disclosure] [ GLSA 200803-14 ] Ghostscript: Buffer overflow, Pierre-Yves Rofes, 14:51
[Full-disclosure] [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability, Tobias Klein, 09:54
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 08:40

March 07, 2008

Re: [Full-disclosure] Firewire Attack on Windows Vista, Bryon Roche, 19:49
[Full-disclosure] [ GLSA 200803-13 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes, 19:27
XSS in Neptune Web Server, nima_501, 19:07
[ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling, security, 18:56
rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11, rPath Update Announcements, 18:45
Re: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God), 16:18
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 16:18
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 16:06
Re: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God), 16:06
Re: Firewire Attack on Windows Vista, Nathanael Hoyle, 15:45
[Full-disclosure] Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13, Luigi Auriemma, 15:24
Re: Firewire Attack on Windows Vista, Tonnerre Lombard, 15:02
PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding, r080cy90r, 14:19
Re: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God), 14:07
[ MDVSA-2008:063 ] - Updated Evolution packages fix critical vulnerability, security, 12:32
Horde Webmail file inclusion proof of concept & patch., ppelanne, 12:32
WordPress Multiple Cross-Site Scripting Vulnerabilities, DoZ, 12:10
[ MDVSA-2008:062 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 12:10

March 06, 2008

Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 22:05
Re: [Full-disclosure] Firewire Attack on Windows Vista, Glenn.Everhart, 22:05
[Full-disclosure] [USN-582-2] Thunderbird vulnerabilities, Jamie Strandboge, 22:04
Re: [Full-disclosure] Firewire Attack on Windows Vista, Thor (Hammer of God), 22:04
Re: Multiple vulnerabilities in Double-Take 5.0.0.2865, Steve Shockley, 22:04
[ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities, security, 22:04
Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 22:04
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 22:04
RE: Firewire Attack on Windows Vista, bzhbfzj3001, 22:04
Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 22:03
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 22:03
Re: [Full-disclosure] Firewire Attack on Windows Vista, Tim, 22:03
Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability, H D Moore, 22:03
PHP-Nuke KutubiSitte "kid" SQL Injection, lovebug, 22:03
[Full-disclosure] Directory traversal in MicroWorld eScan Server 9.0.742.98, Luigi Auriemma, 22:03
Checkpoint VPN-1 UTM Edge cross-site scripting, Henri Lindberg - Smilehouse Oy, 22:03
Sun JDK image parsing vulnerabilities, Chris Evans, 22:03
Re: [Full-disclosure] Firewire Attack on Windows Vista, Larry Seltzer, 22:02
[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability, Alexandr Polyakov, 22:02
[ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities, security, 22:02
Re: [Full-disclosure] Firewire Attack on Windows Vista, Tonnerre Lombard, 22:00
Re: [Full-disclosure] Firewire Attack on Windows Vista, Peter Watkins, 22:00
Re: [Full-disclosure] Firewire Attack on Windows Vista, Daniel O'Connor, 22:00
Re: [Full-disclosure] Firewire Attack on Windows Vista, TheM ., 21:59
[ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities, security, 21:59

March 05, 2008

[Full-disclosure] [USN-584-1] OpenLDAP vulnerabilities, Jamie Strandboge, 19:51
[Full-disclosure] [ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation, Pierre-Yves Rofes, 19:08
RE: Firewire Attack on Windows Vista, Roger A. Grimes, 18:58
[Full-disclosure] [ GLSA 200803-12 ] Evolution: Format string vulnerability, Pierre-Yves Rofes, 18:47
[ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability, security, 18:36
[Full-disclosure] [USN-583-1] Evolution vulnerability, Kees Cook, 17:32
Multiple vulnerabilities in Perforce Server 2007.3/143793, Luigi Auriemma, 17:32
[Full-disclosure] [ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities, Pierre-Yves Rofes, 17:32
[Full-disclosure] ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities, Robert Buchholz, 17:11
Re: Firewire Attack on Windows Vista, Thierry Zoller, 15:26
[Full-disclosure] Firewire Attack on Windows Vista, Bernhard Mueller, 12:35
[SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution, Thijs Kinkhorst, 12:13

March 04, 2008

Dovecot mail_extra_groups setting is often used insecurely, Timo Sirainen, 21:07
Minigal 2 critical XSS, jose, 19:33
[Full-disclosure] [ GLSA 200803-09 ] Opera: Multiple vulnerabilities, Pierre-Yves Rofes, 19:22
[Full-disclosure] [ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities, Pierre-Yves Rofes, 18:29
SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit, nyubicrew, 17:26
[Full-disclosure] Arbitrary commands execution in Versant Object Database 7.0.1.3, Luigi Auriemma, 17:26
Re: Crafty Syntax Xss Vulnerability, cmzs, 16:23
[Full-disclosure] CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK, Core Security Technologies Advisories, 14:47
PHP-Nuke Module "seminar" Local FIle Inclusion, no-reply, 13:22
PHP-Nuke Module eGallery "pid" Remote SQL Injection, no-reply, 12:09
[ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities, security, 12:09

March 03, 2008

[Full-disclosure] VMSA-2008-0004 Low: Updated e2fsprogs service console package, VMware Security team, 19:02
Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities, Seth Fogie, 18:41
[SECURITY] [DSA 1511-1] New libicu packages fix multiple problems, Steve Kemp, 18:18
[Full-disclosure] [ GLSA 200803-07 ] Paramiko: Information disclosure, Pierre-Yves Rofes, 17:57
DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability, vulnerabilityresearch, 17:56
[Full-disclosure] [ GLSA 200803-06 ] SWORD: Shell command injection, Pierre-Yves Rofes, 17:46
[Full-disclosure] [ GLSA 200803-05 ] SplitVT: Privilege escalation, Pierre-Yves Rofes, 17:35
[Full-disclosure] [ GLSA 200803-04 ] Mantis: Cross-Site Scripting, Pierre-Yves Rofes, 17:35
[Full-disclosure] Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities, Seth Fogie, 17:24
LayerOne 2008 Update, Layer One, 16:52
[Full-disclosure] Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03, Luigi Auriemma, 16:52
Cross-site Scripting and CSRF in TorrentTrader Classic v1.08, Valery Marchuk, 16:41
Multiple integer overflows in Borland StarTeam server 10.0.0.57, Luigi Auriemma, 16:41
Re: CSRF in joomla 1.0.11 stable version, zinho, 16:10
DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability, vulnerabilityresearch, 15:39
CSRF in joomla 1.0.11 stable version, vivek_infosec, 14:46
[DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities, Digital Security Research Group, 13:32
XSS in XP Book version 3.0, xx_hack_xx_2004, 13:11
Re: Crafty Syntax Xss Vulnerability, erics, 13:00
Squid Analysis Report Generator <= 2.2.3.1 buffer overflow, L4teral, 12:39
Recon 2008 - Call For Paper, Recon, 12:39
kcwiki 1.0 multiple remote file inclusion vulnerabilities., muuratsalo experimental hack lab, 12:28
Dynamic photo gallery V1.02 SQL Injection, no-reply, 12:18

March 02, 2008

[Full-disclosure] [ GLSA 200803-03 ] Audacity: Insecure temporary file creation, Pierre-Yves Rofes, 20:07
[Full-disclosure] [ GLSA 200803-02 ] Firebird: Multiple vulnerabilities, Pierre-Yves Rofes, 19:56
[Full-disclosure] [ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities, Pierre-Yves Rofes, 19:46

March 01, 2008

The Router Hacking Challenge is Over!, Petko D. Petkov, 19:17
Livebox Router vulnerability to REMOTE BUFFER OVERFLOW DoS (FTPD)_, 0in . email, 18:26
PHP-Nuke Copyright 2005 SQL, turkish-warriorr, 16:11
h2desk helpdesk path disclosure vulnerability, joseph . giron13, 13:34
Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability, sys-project, 13:24
Mambo com_Musica "id" Remote SQL Injection, no-reply, 13:13