Bugtraq: by date

603 messages starting Apr 01 06 and ending Apr 30 06
Date index | Thread index | Author index

Saturday, 01 April

Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Steven M. Christey
linksubmit <= All version Html Tag Injector in index.php ali
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron
Re: [Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried
SQuery <= 4.5 Remote File Inclusion Exploit uid0
RE: recursive DNS servers DDoS as a growing DDoS problem gboyce
FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan
Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried
Re: Re: Re: phpBB 2.06 search.php SQL injection theguywhocouldwipeyourphpBB
DoS-ing sysklogd? Milen Rangelov
PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit uid0
GeSWall 2.2 – Free Intrusion Prevention System for Windows GentleSecurity Team
Re: recursive DNS servers DDoS as a growing DDoS problem Paul Stepowski
SiteMan <= All version SQL injection in admin_login.asp ali

Monday, 03 April

Phpwebgallery <= 1.4.1 SQL injection Vulnerability t4h4
Secunia Research: AN HTTPD Script Source Disclosure Vulnerability Secunia Research
Re: On product vulnerability history and vulnerability complexity Crispin Cowan
[USN-266-1] dia vulnerabilities Martin Pitt
[SECURITY] [DSA 1000-2] New Apache2::Request packages fix denial of service Martin Schulze
Another Internet Explorer Address Bar Spoofing Vulnerability hainamluke
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC) paolo . difebbo
Flaw in commonly used bash random seed method coderpunk
Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature cxib
RE: DoS-ing sysklogd? Justin Shore
VWar <= 1.5.0 R12 Remote File Inclusion Exploit uid0
Multiple Vulnerabilities in LucidCMS crasher
MyBB 1.10 New CrossSiteScripting o . y . 6
Re: Flaw in commonly used bash random seed method Matthijs
RE: recursive DNS servers DDoS as a growing DDoS problem Geo.
Re: On product vulnerability history and vulnerability complexity Gadi Evron
Re: On product vulnerability history and vulnerability complexity Steven M. Christey
SQL Injection in Softbiz Image Gallery xx_hack_xx_2004
Re: On product vulnerability history and vulnerability complexity ArkanoiD
Re: WebVulnCrawl searching excluded directories for hackable web servers Dennis Brown
Re: Cantv/Movilnet's Web SMS vulnerability. raven
Re: On classifying attacks john mullee
Re: recursive DNS servers DDoS as a growing DDoS problem Geo.
Re: On product vulnerability history and vulnerability complexity Forrest J. Cavalier III
[ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability security
[ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities security
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov
ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution rgod
SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability CS_Advisories Mailbox
Bypassing ISA Server 2004 with IPv6 Romain . Le . Guen

Tuesday, 04 April

Re: Flaw in commonly used bash random seed method Dave English
Re: Bypassing ISA Server 2004 with IPv6 3APA3A
RUXCON 2006 Call for Papers cfp
SMART Technologies SynchronEyes Remote Denial of Services dennis
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov
Re: On product vulnerability history and vulnerability complexity Gadi Evron
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov
RE: recursive DNS servers DDoS as a growing DDoS problem Geo.
Format string in Doomsday 1.8.6 Luigi Auriemma
Re: On product vulnerability history and vulnerability complexity Steven M. Christey
[USN-267-1] mailman vulnerability Martin Pitt
Re: On product vulnerability history and vulnerability complexity Javor Ninov
RE: recursive DNS servers DDoS as a growing DDoS problem Måns Nilsson
[ GLSA 200604-01 ] MediaWiki: Cross-site scripting vulnerability Stefan Cornelius
Re: DoS-ing sysklogd? Bernhard Fischer
Barracuda LHA archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux
Re: DoS-ing sysklogd? Christophe Garault
Barracuda ZOO archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux
[security bulletin] HPSBPI2109 SSRT061141 rev.1 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information security-alert
[ GLSA 200604-02 ] Horde Application Framework: Remote code execution Stefan Cornelius
Re: recursive DNS servers DDoS as a growing DDoS problem Tim
[ GLSA 200604-03 ] FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module Matthias Geerdsen
RE: recursive DNS servers DDoS as a growing DDoS problem Thomas Guyot-Sionnest
Buffer-overflow in Ultr@VNC 1.0.1 viewer and server Luigi Auriemma
Re: Flaw in commonly used bash random seed method Matthijs
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi
RE: recursive DNS servers DDoS as a growing DDoS problem Geo.
Re: Another Internet Explorer Address Bar Spoofing Vulnerability franz
ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz o . y . 6
Re: Flaw in commonly used bash random seed method Matthijs
NOD32 local privilege escalation vulnerability visitbipin
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene
Another way to spoof Internet Explorer Address Bar hainamluke
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sen mailinglist mailinglist
Re: Limbo CMS code execution gergero
Re: recursive DNS servers DDoS as a growing DDoS problem Marco Ivaldi
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data John Bond
Black Hat Call for Papers and Registration now open Jeff Moss
[Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security Jean-Sébastien Guay-Leroux
[SECURITY] [DSA 1022-1] New storebackup packages fix several vulnerabilities Moritz Muehlenhoff
Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle
Re: recursive DNS servers DDoS as a growing DDoS problem Tim
Re: recursive DNS servers DDoS as a growing DDoS problem Simon Boulet
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato
[SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability Richard Horsman
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato

Wednesday, 05 April

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene
Re: Flaw in commonly used bash random seed method Dave Korn

Sunday, 09 April

Linux Kernel Local DoS vulnerability. fingerout
[FLSA-2006:152873] Updated xine package fixes security issues Marc Deslauriers
Re: Re: Bypassing ISA Server 2004 with IPv6 Romain . Le-Guen
Re: Bypassing ISA Server 2004 with IPv6 Christine Kronberg
[SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff
Cisco Security Advisory: Cisco 11500 Content Services Switch HTTP Request Vulnerability Cisco Systems Product Security Incident Response Team
[FLSA-2006:152896] Updated mod_python package fixes a security issue Marc Deslauriers
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server Luigi Auriemma
[ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty security
Autonomous LAN party File iNclusion codexploder
[FLSA-2006:156139] Updated tcpdump packages fix security issues Marc Deslauriers
Xss In SaphpLesson3.0 w3 . _
[FLSA-2006:156290] Updated cyrus-imapd packages fix security issues Marc Deslauriers
[FLSA-2006:170411] Updated imap packages fix security issue Marc Deslauriers
[FLSA-2006:183571-1] Updated tar package fixes security issue Marc Deslauriers
[FLSA-2006:183571-2] Updated tar package fixes security issue Marc Deslauriers
[FLSA-2006:180159] Updated unzip package fixes security issue Marc Deslauriers
[eVuln] Null news SQL Injection Vulnerability alex
[FLSA-2006:184074] Updated pine package fixes security issue Marc Deslauriers
[FLSA-2006:184098] Updated libc-client packages fixes security issue Marc Deslauriers
[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue Marc Deslauriers
Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle
[eVuln] phpNewsManager Multiple SQL Injections alex
SQL Injection in Chipmunk Guestbook dr . jr7
Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload simo64
[Kaffeine Security Advisory] Heap based buffer overflow in http_peek() Dirk Mueller
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron
Re: recursive DNS servers DDoS as a growing DDoS problem Geo.
Re: recursive DNS servers DDoS as a growing DDoS problem Ross Wheeler
Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey
Re: Bypassing ISA Server 2004 with IPv6 offtopic
Welcome to XCon2006 in China! xcon
[SECURITY] [DSA 1031-1] New cacti packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation Martin Schulze
google xss almfnod
RE: Another way to spoof Internet Explorer Address Bar Memisyazici, Aras
[security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert
[ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities security
Re: recursive DNS servers DDoS as a growing DDoS problem Erwan David
Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability pc . tech2
[KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack addmimistrator
[eVuln] VSNS Lemon Multiple Vulnerabilities alex
PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions) rgod
[ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability security
Matt Wright Guestbook Xss Script İnjection liz0
[eVuln] vCounter - sourceworkshop SQL Injection Vulnerability alex
[USN-268-1] Kaffeine vulnerability Martin Pitt
LayerOne 2006 - Finalized Speaker Line-Up Announced Layer One
PHPMyChat <= 0.14.5 remote commands execution rgod
Re: SQL injection in Invision Power Board v2.1.5 optix_prorat100
[SECURITY] [DSA 1028-1] New libimager-perl packages fix denial of service Martin Schulze
[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure eufrato
[ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities security
[ GLSA 200604-05 ] Doomsday: Format string vulnerability Stefan Cornelius
MAXDEV CMS Multiple vulnerabilities king_purba
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities Moritz Muehlenhoff
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov
[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability alex
[ GLSA 200604-04 ] Kaffeine: Buffer overflow Sune Kloppenborg Jeppesen
Shadowed Portal Cross Site Scripting liz0
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi
[SECURITY] [DSA 1027-1] New mailman packages fix denial of service Martin Schulze
Re: Another Internet Explorer Address Bar Spoofing Vulnerability sh0rtie

Monday, 10 April

Re: Flaw in commonly used bash random seed method Steve VanDevender
XSS Bug in Cherokee Webserver rubengarrote
[SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities Martin Schulze
Google Reader "preview" and "lens" script improper feed validation Debasis Mohanty
Virtual War File İnclusion liz0
Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities Cisco Systems Product Security Incident Response Team
Re: Format string in Doomsday 1.8.6 Alexey Dobriyan
[SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities Martin Schulze
Multiple vulnerability in jupiter CMS king_purba
[SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution Moritz Muehlenhoff
[ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server jalvare7
[SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution Martin Schulze
Re: Bios Information Leakage darmawan_salihun
[security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access security-alert
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution Martin Schulze
IE6 Crash tel
RE: recursive DNS servers DDoS as a growing DDoS problem Geo.
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) Damian Put
Re: IE6 Crash H D Moore
XMB Forum 1.9.5-Final XSS r0xes . ratm
Oracle read-only user can insert/update/delete data via specially crafted views ak
Re[2]: Bypassing ISA Server 2004 with IPv6 3APA3A
TUGZip Archive Extraction Directory traversal h e
Vulnerabilities in SPIP crasher
PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection rgod
phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 cxib
function *() php/apache Crash PHP 4.4.2 and 5.1.2 cxib
tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2 cxib
copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 cxib
MyBB 1.10 'newthread.php' < CrossSiteScripting > o . y . 6
Myspace.com - Intricate Script Injection silentproducts
Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God)
RE: google xss Andy Meyers
Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God)
Vegadns blind sql injection and cross site scripting king_purba
PHPList <= 2.10.2 remote commands execution rgod
[eVuln] phpNewsManager Multiple SQL Injections alex
Jbook Cross Site Scripting root__
phpMyForum Cross Site Scripting & CRLF injection root__
PHPWebGallery Multiple Cross Site Scripting Vulnerabilities root__

Tuesday, 11 April

[USN-269-1] xscreensaver vulnerability Martin Pitt
Re: PHPList <= 2.10.2 remote commands execution secfoc
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski
Confixx 3.1.2 <= Cross Site Scripting Vuln sn4k3 . 23
INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit selfar2002
[ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability security
Multiple vulnerabilities in Blur6ex crasher
phpListPro <= 2.0 - Remote File Include Vulnerability admin
Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities Sowhat
[eVuln] [V]Book Multiple Vulnerabilities alex
ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability zdi-disclosures
Manila <= 9.5 - XSS Vulnerabilities d4igoro
Confixx 3.1.2 <= SQL Injection sn4k3 . 23
Tritanium Bulletin Board 1.2.3 - XSS d4igoro
IBM ptt
[eVuln] VNews Multiple Vulnerabilities alex
Re: google xss Jim Ley
Re: Re: PHPList <= 2.10.2 remote commands execution rg . viza
[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access SRC Telindus
AzDGVote File inclusion selfar2002
Re: Bypassing ISA Server 2004 with IPv6 noreply
[ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability security
[ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability security
IMF 2006 - Submission Deadline Extension Oliver Goebel
IT Underground, London 2006 - call for papers it_underground
Re: google xss pagvac
SAXoPRESS - directory traversal securiteam
2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (Comp)
Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability Sowhat
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC phaas

Wednesday, 12 April

[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation Moritz Muehlenhoff
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities alex
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Steven M. Christey
Simplog <=0.9.2 multiple vulnerabilities rgod
[SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities Moritz Muehlenhoff
Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2] 86400s
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting Esteban Martinez Fayo

Thursday, 13 April

[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert
[USN-270-1] xpdf vulnerabilities Martin Pitt
Clansys Multiple Xss Vulnerabilities Soothackers
Re: phpWebsite <= SQL Injection (friend.php) & (article.php) shaun
PatroNet CMS Xss Vuln Soothackers
Windows Help Heap Overflow c0ntexb
SimpleBBS v1.1(posts.php) remote command execution stormhacker
[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1 bugtraq
[eVuln] qliteNews SQL Injection Vulnerability alex
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2 bugtraq
Remote File Inclusion in VBulletin ImpEx dr . jr7
[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 bugtraq
Re: Multiple vulnerabilities in Blur6ex Steven M. Christey
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit selfar2002
RevoBoard [email] tag XSS r0xes . ratm
Re: google xss Vladimir Levijev
Recon 2006: speaker lineup announcement Recon
Re: Confixx 3.1.2 <= SQL Injection iovdin
MyBB 1.10 New XSS ' member.php ' o . y . 6
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski
QuickBlogger v1.4 Cross-Site Scripting botan
RE: IBM Michael Scheidell
phpMyAdmin 2.7.0-pl1 kr4ch
Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors. anonss
MyBB 1.10 New CrossSiteScripting ' member.php ' o . y . 6
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit selfar2002
Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities Secunia Research
SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Bernhard Mueller
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow zdi-disclosures
Re: IBM stend
TalentSoft Web+Shop Path Disclosure revnic
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 bugtraq

Friday, 14 April

Re: RE: IBM Juha-Matti Laurio
[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities alex
Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability izimask
PowerClan 1.14 - SQL Injection d4igoro
Re: Simplog <=0.9.2 multiple vulnerabilities Jeremy Ashcraft
[eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities alex
Vulnerabilities in lifetype crasher
Vulnerabilities in Papoo crasher
Vulnerabilities in MODx crasher
Farsinews Cross-Site Scripting & Path disclosure vulnerability aminrayden
osCommerce "extras/" information/source code disclosure rgod
Re: phpMyAdmin 2.7.0-pl1 Kevin Waterson
Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS n0m3rcy
phpBB Admin command execution noch22
Serendipity Blog vuln moep
[SECURITY] [DSA 1034-1] New horde2 packages fix several vulnerabilities Moritz Muehlenhoff
phpBB template file code execution noch22
Re: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 sp3x
Avast Linux Home Edition (vulnerability on a temporary folder creation) Julien L.
[ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb Thierry Carrez
Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure franz
Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Thierry Zoller
Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit Kevin Wilcox
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability tranceformer
[Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Dave Korn
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Brandon S. Allbery KF8NH
PAJAX Remote Code Injection and File Inclusion Vulnerability RedTeam Pentesting
Xss In ar-blog v 5.2 W3 . _
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Stan Bubrouski
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Derek Soeder
planetSearch+ - XSS Vulnerabilities d4igoro
Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion robert
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup A . L . M . Buxey
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup dumdidumdideldey
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Joachim Schipper
Re: SAXoPRESS - directory traversal aka Saxotech Online securiteam
Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ? iovdin
a Yahoo Vulnerability r57shell
Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg
Dokeos 1.6.4 SQL Injection Vulnerability Alvaro Olavarria

Saturday, 15 April

manila.userland cross site scriptable Aaron Kaplan
Re: QuickBlogger v1.4 Cross-Site Scripting Steven M. Christey
ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability zdi-disclosures
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting addmimistrator
[KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack addmimistrator
Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure Eliah Kagan
[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities alex
[SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation Moritz Muehlenhoff
Re[3]: Bypassing ISA Server 2004 with IPv6 3APA3A
PHP Album <= 0.3.2.3 remote commnads execution rgod
RE: osCommerce "extras/" information/source code disclosure Michael Scheidell
Tiny Web Gallery <= 1.4 XSS qex
PhpGuestbook <= 1.0 XSS qex
FlexBB <= 0.5.7 BETA XSS qex
Boardsolution <= 1.12 XSS qex
phpFaber TopSites Script Cross-Site Scripting botan
Snipe Gallery <= 3.1.4 Multiple XSS qex
Re: Vulnerabilities in MOD Victor Brilon

Monday, 17 April

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
DbbS<=2.0-alpha Multiple Vulnerabilities yamcho
Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack Dariusz Kolasinski
Xss In bMachine 2٫7 W3 . _
FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass] kr4ch
Calendarix "yearcal.php" XSS Attacking botan
Re: Snipe Gallery <= 3.1.4 Multiple XSS nobody
MyEvent Remote File Execution And XSS Attacking botan
BetaBoard Cross Site Scripting vulnerability easy . mask
PhpWebFTP 3.2 Login Script arko . dhar
[SECURITY] [DSA 1036-1] New bsdgames packages fix local privilege escalation Moritz Muehlenhoff
- PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - rgod
ShoutBOOK <= 1.1 XSS qex
Neuron Blog <= 1.1 XSS qex
[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities alex
Tiny PHP forum - vulns hessam
AnimeGenesis <= XSS qex
ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability zdi-disclosures
[ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability Thierry Carrez
FlexBB 0.5.5 Bypass Exploit o . y . 6
Neon Responder (Dos,Exploit) Stefan Lochbihler
[Argeniss] Alert - Yahoo! Webmail XSS Cesar
gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner
[eVuln] Wire Plastik wpBlog SQL Injection Vulnerability alex
[SA-03] Example of Grsecurity protection avoid. adam

Tuesday, 18 April

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III
RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik
Linpha 1.1.0 - XSS Vulnerabilities d4igoro
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov
Remote Xine Format String Vulnerability c0ntexb
Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood
Another flaw in Firefox 1.5.0.2: to open files from remote miky
Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - JiM / aEGIS
axoverzicht.cgi <= XSS qex
blur6ex Local File Inclusion and SQL injection . h e
Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Ansgar -59cobalt- Wiechers
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer
[ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities security
phpLister v. 0.4.1 XSS Attacking botan
[KAPDA::#41] - Mambo/Joomla rss component vulnerability alireza hassani
Multiple critical and high risk issues in Oracle's database server NGSSoftware Insight Security Research
[Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation Secure
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas

Wednesday, 19 April

CuteNews 1.4.1 <= Cross Site Scripting sn4k3 . 23
SQL Injection in package SYS.DBMS_LOGMNR_SESSION ak
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu FreeBSD Security Advisories
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability admin
Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo
XSS Vulnerability in Guest-book script powered by Community Architect susam . pal
Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities Cisco Systems Product Security Incident Response Team
Re: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 office
Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability rey . gigataras
Re: Multiple vulnerabilities in Linux based Cisco products Ilker Temir
[security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert
Multiple vulnerabilities in Linux based Cisco products assurance.com.au
RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities info
ThWboard <= 3 Beta 2.84 SQL Injection Qex
Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance Cisco Systems Product Security Incident Response Team
Re: phpBB Admin command execution dave . de
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Paul Wouters
redirection vuln crawlers breed & security through obscurity Ivan Sergio Borgonovo
Shbablek Mail Vulnerablitiy - Cross-Site Scripting n0m3rcy
Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup john
WWWThread RC 3 MultBugs o . y . 6
ContentBoxx Login.php Cross-Site Scripting botan
Fortinet28 box does not resist has small synflood! testx444
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup no . spam
Re: Multiple Vulnerabilities in LucidCMS zachofalltrades
Tlen.PL e-mail XSS vulnerability. koper
RE: redirection vuln crawlers breed & security through obscurity Evans, Arian
Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup somebody
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo.
Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God)
Confixx SQL Injection exploit (confixx_exploit.pl) defa
EasyGallery Cross-Site Scripting botan
Re[3]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities alex
Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup somerandomaddress99
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Jamie Riden
Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg
SQL Injection in incredibleindia.org susam_pal
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities alex
PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn rgod
[USN-271-1] Firefox vulnerabilities Martin Pitt
Strengthen OpenSSH security? Brett Glass
ASPSitem <= 1.83 Remote SQL Injection Vulnerability Mustafa Can Bjorn IPEKCI
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup robsekeris

Thursday, 20 April

[eVuln] MWGuest XSS Vulnerability alex
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn rgod
ThWboard 3 Beta 2.84 Cross Site Scripting CrAzY . CrAcKeR
axoverzicht.cgi<==Remote File Inclusion CrAzY . CrAcKeR
Re: CuteNews 1.4.1 <= Cross Site Scripting Steven M. Christey
[security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access security-alert
[security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS) security-alert
Ad-Aware Revisited Roy . Batty
New site about security conferences : www.security-briefings.com newslist () security-briefings com
Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability kim
RE: (addendum) redirection vuln crawlers breed & security through obscurity Evans, Arian
[Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure Cesar
Re: Strengthen OpenSSH security? Mike Hoskins
Re: Strengthen OpenSSH security? Carson Gaspar
Re: Strengthen OpenSSH security? Kd
Re: Re[3]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God)
Re: Strengthen OpenSSH security? MaddHatter
Re: Strengthen OpenSSH security? Damien Miller
Re: Re[3]: Bypassing ISA Server 2004 with IPv6 offtopic
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Mario Contestabile
RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Nick FitzGerald
4images <= 1.7 XSS qex
Websense Filter Bypass qex
Re: Strengthen OpenSSH security? c0redump
Mini-NUKE v2.3<<--- SQL Injection CrAzY . CrAcKeR

Friday, 21 April

[ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service Sune Kloppenborg Jeppesen
[ GLSA 200604-10 ] zgv, xzgv: Heap overflow Sune Kloppenborg Jeppesen
[SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI François Harvey
BK Forum <<--V.4.0 SQL Injection CrAzY . CrAcKeR
Re: Strengthen OpenSSH security? Theo de Raadt
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities alex
r57shell.php <= 1.3 XSS qex
bloggage Remote SQL Injection omnipresent
[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution Martin Schulze
RE: [BULK] - Websense Filter Bypass Hubbard, Dan
Re: Mini-NUKE v2.3<<--- SQL Injection nukedx
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites simo64
Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error advisory
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key advisory
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability advisory
Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows advisory
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities secure

Saturday, 22 April

[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution Martin Schulze
VWar <= ver 1.21 Remote Code Execution Exploit ali
dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities. Mustafa Can Bjorn IPEKCI
vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI
Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI
[ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution Thierry Carrez

Sunday, 23 April

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo.
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: Strengthen OpenSSH security? Bob Goodman
FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection o . y . 6
Re: redirection vuln crawlers breed & security through obscurity Thomas Hochstein
Yahoo! Mail XSS Vulnerability Cheng Peng Su
MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski

Monday, 24 April

[USN-272-1] cyrus-sasl2 vulnerability Martin Pitt
NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability NSFOCUS Security Team
NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability NSFOCUS Security Team
[SECURITY] [DSA 1040-1] New gdm packages fix local root exploit Martin Schulze
[SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities Martin Schulze
Scry Gallery XSS Vulnerability arko . dhar
[ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import Sune Kloppenborg Jeppesen
[ GLSA 200604-13 ] fbida: Insecure temporary file creation Sune Kloppenborg Jeppesen
[ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez
[eVuln] RateIt SQL Injection Vulnerability alex
FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility n0m3rcy
XSS Bug in OpenGear Server Website Aditya
BK Forum <= 4.0 Remote SQL Injection n0m3rcy
[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability admin
[USN-273-1] Ruby vulnerability Martin Pitt
RIblog Remote SQL Injection Exploit omnipresent
Re: evoBlog Remote Name tag Script injection daniel
Buffer-overflow and crash in Fenice OMS 1.10 Luigi Auriemma
Denial of service bugs in OpenTTD 0.4.7 Luigi Auriemma
Multiple PHP4/PHP5 vulnerabilities infocus
Format string bug in Skulltag 0.96f Luigi Auriemma
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. Mustafa Can Bjorn IPEKCI
Apple Mac OS X Safari 2.0.3 Vulnerability
Firefox Remote Code Execution and DoS 1.5.0.2 chris
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability admin
VWar Path Disclosure arko . dhar
vbulletin<--3.0.x SQL Injection CrAzY . CrAcKeR
Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI
ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ntwak0
RE: [BULK] - Websense Filter Bypass John E. Fleming
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow Kaveh Razavi
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Colin Keigher
Re: vbulletin<--3.0.x SQL Injection scott

Tuesday, 25 April

[ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities. security
[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability security
photokorn 1.53 , 1.542 << Sql Dr-Jr7
NextAge Shopping Cart Software XSS AminRayden
[ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities security
PhpWebFtp Cross Site Scripting Vulnerability arko . dhar
[SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution Martin Schulze
NASL 'Split' function Buffer overflow Vulnerability OS2A BTO
Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS fabio
Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS Andreas Beck
Invision Vulnerabilities, including remote code execution spam
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Tom Ferris
Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service Martin Schulze
Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison
Fenice - Open Media Streaming Server remote BOF exploit Kaveh Razavi
PowerPoint Phishing Trojan Lance James
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Duncan Simpson
Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance Moonen, Ralph
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Sean Scott
Multiple browsers Windows mailto protocol Office 2003 file attachment exploit inge . henriksen
Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. nukedx
Instant Photo Gallery <= Multiple XSS qex
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Billy Bues
Instant Photo Gallery <= Multiple XSS qex
DCForumLite V 3.0<--XSS/SQL Injection Breeeeh

Wednesday, 26 April

Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield
[ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities security
[ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities security
[ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities security
[ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability security
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
MySmartBB<---v 1.1.x SQL Injection/XSS BoNy-m
DevBB <= 1.0.0 XSS qex
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow Secunia Research
[ GLSA 200604-15 ] xine-ui: Format string vulnerabilities Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution Martin Schulze
[ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability Sune Kloppenborg Jeppesen
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities alex
SQL Injection On DUportal outlaw
ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability zdi-disclosures
XXS Attack On FarsiNews outlaw
Open Bulletin Board < Multiple Vulnerability qex
Local XXS Attack On CuteNews outlaw
Re: Apple Mac OS X Safari 2.0.3 Vulnerability jens
Re: XV multiple buffer overflows (update) kvea
Re: Invision Vulnerabilities, including remote code execution Steven M. Christey
[EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow eEye Advisories
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Aaron Phillips

Thursday, 27 April

Re: Invision Vulnerabilities, including remote code execution mattmecham
MyBB 1.1.1 Local SQL Injections o . y . 6
[no subject] Yannick von Arx
[USN-274-1] MySQL vulnerability Martin Pitt
Land Down Under 802 and below version Path Disclosure Vulnerability Advisory
[security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access security-alert
Re: Instant Photo Gallery <= Multiple XSS security curmudgeon
[ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors Sune Kloppenborg Jeppesen
[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006 security-alert
SQL injection exploit IPB <= 2.1.4 satanchild123
Re: Instant Photo Gallery <= Multiple XSS Steven M. Christey
[USN-275-1] Mozilla vulnerabilities Martin Pitt
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities Martin Schulze
BL4's SMTP server BufferOverflow Vulnerable the_day

Friday, 28 April

Re: Recent Oracle exploit is _actually_ an 0day with no patch Steven M. Christey
Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability Secunia Research
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability the_day
WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability Sowhat
Cireos Portal Cross Site Scripting outlaw
[Argeniss] Alert - Yahoo! Mail XSS vulnerability Cesar
Re: Recent Oracle exploit is _actually_ an 0day with no patch Cesar
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP) botan
[ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability botan
RE: Recent Oracle exploit is _actually_ an 0day with no patch Kornbrust, Alexander
Neomail.pl Local Cross Site Scripting outlaw
Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield
[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability botan

Sunday, 30 April

Re: phpMyForum Cross Site Scripting & CRLF injection chris
Invision Power Board 2.1.5 POC Javier Olascoaga
Re: VWar Path Disclosure spic
W-Agora 4.20 XSS r0xes . ratm
TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability mfoxhacker
TextFileBB 1.0.16 Multiple XSS r0xes . ratm
Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield
Re: Apple Mac OS X Safari 2.0.3 Vulnerability Ian MacPhedran
RE: Invision Vulnerabilities, including remote code execution Mike Weller
poll.pl<--remote commands execution exploit CrAzY . CrAcKeR
XSS Attack On DirectAdmin Hosting Managment outlaw

Previous period

Next period