Bugtraq: by author
569 messages
starting Aug 30 06 and
ending Aug 21 06
Date index |
Thread index |
Author index
addmimistrator
[KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack addmimistrator (Aug 30)
vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit addmimistrator (Aug 05)
[KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack addmimistrator (Aug 30)
admin
[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue admin (Aug 03)
AG Spider
WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider (Aug 01)
Virtual War v1.5.0 Remote File Include (vwar_root) AG Spider (Aug 07)
WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider (Aug 01)
alex
[eVuln] MyBB 'Avatar URL' XSS Vulnerability alex (Aug 02)
ali
JS ASP Faq Manager v1.10 sql injection ali (Aug 29)
alireza hassani
[KAPDA::#55] - Joomla poll component vulnerability alireza hassani (Aug 18)
Allie Daneman
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Allie Daneman (Aug 14)
amir . scorpino
ModuleBased CMS alfa 1 Multiple Remote File Inclusion amir . scorpino (Aug 31)
Amit Klein (AKsecurity)
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash Amit Klein (AKsecurity) (Aug 14)
Sending multipart/form-data requests from Flash (with arbitrary headers) Amit Klein (AKsecurity) (Aug 10)
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" Amit Klein (AKsecurity) (Aug 16)
Andreas Gal
Cisco NAC Appliance Agent Installation Bypass Vulnerability Andreas Gal (Aug 26)
Andreas Marx
Re: when will AV vendors fix this??? Andreas Marx (Aug 18)
Andre Braun
AW: Symantec Gateway Security DNS exploit Andre Braun (Aug 23)
Andy Meyers
RE: linksys WRT54g authentication bypass Andy Meyers (Aug 07)
anon
Re: [eVuln] B-net Software Multiple XSS Vulnerabilities anon (Aug 25)
ATR-Bugtraq
Assessment of Vista Kernel Mode Security ATR-Bugtraq (Aug 09)
auuw73
Directory Traversal vulnerability in IPCheck Monitor Server auuw73 (Aug 10)
Avert
Linux Kernel SCTP Privilege Elevation Vulnerability Avert (Aug 22)
Symantec Enterprise Security Manager Denial-of-Service Vulnerability Avert (Aug 22)
axel
Re: Symantec Gateway Security DNS exploit axel (Aug 25)
beford
TSEP <= 0.942 Remote File Include beford (Aug 03)
Benjamin Tobias Franz
Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Benjamin Tobias Franz (Aug 12)
bilkopat
Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability bilkopat (Aug 18)
Bipin Gautam
Re: [Full-disclosure] RE: when will AV vendors fix this??? Bipin Gautam (Aug 18)
Re: when will AV vendors fix this??? Bipin Gautam (Aug 11)
when will AV vendors fix this??? Bipin Gautam (Aug 07)
blood2_20032003
Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss blood2_20032003 (Aug 12)
Blwood
Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed Blwood (Aug 30)
botan
[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution botan (Aug 01)
[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability botan (Aug 19)
[Kurdish Security # 18 ] FAQ Script Remote Command Execution botan (Aug 01)
[Kurdish Security # 19 ] FileManager Remote Command Execution botan (Aug 01)
[Kurdish Security # 20 ] Quickie Remote Command Execution botan (Aug 01)
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution botan (Aug 01)
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution botan (Aug 01)
bozkurtserdar
DUpoll 3.1 security alert bozkurtserdar (Aug 29)
brom0815
VWar <= 1.50 R14 (n) Remote SQL Injection brom0815 (Aug 11)
camino
Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability camino (Aug 18)
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability camino (Aug 10)
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability camino (Aug 18)
carcabotx
JetBox cms (search_function.php) Remote File Include carcabotx (Aug 28)
interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability carcabotx (Aug 28)
Carsten Eilers
Re: PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability Carsten Eilers (Aug 24)
Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability Carsten Eilers (Aug 22)
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: contentpublisher Mambo Component Remote File Include Vulnerabilities Carsten Eilers (Aug 24)
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability Carsten Eilers (Aug 22)
Re: mambo-phphop Product Scroller Module R.F.I Carsten Eilers (Aug 22)
Re: mtg_myhomepage Component For Mambo R.F.I Carsten Eilers (Aug 22)
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 17)
Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 22)
Re: CuteNews 1.3.* Remote File Include Vulnerability Carsten Eilers (Aug 30)
Re: Modification For OpenSEF Remote file Inclusion Carsten Eilers (Aug 24)
Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include Carsten Eilers (Aug 24)
Re: Jupiter CMS 1.1.5 index.php Remote File Include Carsten Eilers (Aug 30)
Re: Mambo Component - EstateAgent Remote File Inclusion Carsten Eilers (Aug 24)
Re: Joomla RFİ ( ERNE ) Carsten Eilers (Aug 24)
Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) Carsten Eilers (Aug 24)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers (Aug 15)
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: JetBox cms (search_function.php) Remote File Include Carsten Eilers (Aug 30)
Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities Carsten Eilers (Aug 14)
Re: anjel Mambo Component Remote File Include Carsten Eilers (Aug 22)
c . boulton
XennoBB <= "avatar gallery" Directory Transversal c . boulton (Aug 10)
XennoBB <= 2.1.0 "birthday" SQL injection c . boulton (Aug 07)
XennoBB <= 2.2.1 "icon_topic" SQL Injection c . boulton (Aug 19)
C. Hamby
Re: BlackBoard Multiple Vulnerabilities (XSS) C. Hamby (Aug 23)
Cheng Peng Su
Bypassing script filters with variable-width encodings Cheng Peng Su (Aug 11)
ChironeX . FleckeriX
LBlog <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX (Aug 21)
SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX (Aug 21)
chris
SQL-Ledger serious security vulnerability and workaround chris (Aug 30)
chris_hasibuan
SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion chris_hasibuan (Aug 03)
SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion chris_hasibuan (Aug 07)
Chris Wysopal
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure Chris Wysopal (Aug 02)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Unintentional Password Modification in Cisco Firewall Products Cisco Systems Product Security Incident Response Team (Aug 23)
Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities Cisco Systems Product Security Incident Response Team (Aug 23)
Collin R. Mulliner
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service Collin R. Mulliner (Aug 10)
Core Security Technologies advisories
CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service Core Security Technologies advisories (Aug 15)
crackers_child
Lizge V.20 Web Portal File Include Vulnerability crackers_child (Aug 15)
Reporter Mambo Component Remote File İnclude crackers_child (Aug 16)
anjel Mambo Component Remote File Include crackers_child (Aug 18)
Mambo com_lm component (archive.php) Remote File Include Vulnerabilities crackers_child (Aug 16)
contentpublisher Mambo Component Remote File Include Vulnerabilities crackers_child (Aug 18)
Joomla Rssxt <= 1.0 Remote File Include Vulnerability crackers_child (Aug 18)
Joomla x-shop <= 1.7 Remote File Include Vulnerability crackers_child (Aug 18)
cyanid-E
0-day XP SP2 wmf exploit cyanid-E (Aug 07)
0-day XP SP2 wmf exploit (some details) cyanid-E (Aug 07)
D3nGeR
Jetbox CMS search_function.php Remote File D3nGeR (Aug 26)
PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) D3nGeR (Aug 22)
Jupiter CMS 1.1.5 index.php Remote File Include D3nGeR (Aug 26)
PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability D3nGeR (Aug 22)
Damian Put
[Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Damian Put (Aug 14)
Daniel Kobras
Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Daniel Kobras (Aug 16)
danil9470
Re: Opsware NAS 6.0 reveals MySQL 'root' password danil9470 (Aug 24)
darkz . gsa
DeluxeBB Multiple Vulnerabilities darkz . gsa (Aug 07)
Dave Wichers
Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers (Aug 18)
RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers (Aug 14)
David Litchfield
Informix - Discovery, Attack and Defense David Litchfield (Aug 14)
David Matousek
ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability David Matousek (Aug 01)
Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability David Matousek (Aug 18)
dc
Simpliciti Locked Browser Jail Breakout Vulnerability dc (Aug 22)
Denis Jedig
Re: when will AV vendors fix this??? Denis Jedig (Aug 07)
Dennis Lubert
Re: Gdiplus.dll division by 0 Dennis Lubert (Aug 01)
Design Properly
Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Design Properly (Aug 31)
dicomdk
UPDATE vBulletin Version 3.5.4 exploit dicomdk (Aug 18)
dinoboff
Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. dinoboff (Aug 07)
dkabs
Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug dkabs (Aug 22)
dm
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure dm (Aug 10)
Dmitry Yu. Bolkhovityanov
RE: [Full-disclosure] RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 14)
do
Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) do (Aug 31)
dr . t3rr0r1st
discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 17)
Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 18)
eEye Advisories
[EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow eEye Advisories (Aug 07)
[EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability eEye Advisories (Aug 17)
Eloy Paris
Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Eloy Paris (Aug 28)
erdc
[ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion erdc (Aug 07)
[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion erdc (Aug 31)
[ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability erdc (Aug 14)
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client erdc (Aug 04)
erne
Joomla RFİ ( ERNE ) erne (Aug 18)
EvilPacket
Simpliciti Locked Browser Jail Breakout Vulnerability EvilPacket (Aug 02)
exe_crack
XXS in learncenter.asp exe_crack (Aug 31)
exploitex
Tinyportal Shoutbox exploitex (Aug 05)
farhadkey
[KAPDA::#56] - FREEKOT SQL Injection Vulnerability farhadkey (Aug 30)
Francisco Amato
[ISR] - Novell Groupwise Webaccess (Cross-Site Scripting) Francisco Amato (Aug 09)
[ISR] - IBM eGatherer ActiveX Code Execution PoC Francisco Amato (Aug 31)
Frank Reißner
AW: JetBox cms (search_function.php) Remote File Include Frank Reißner (Aug 29)
AW: AW: JetBox cms (search_function.php) Remote File Include Frank Reißner (Aug 31)
AW: Virtual War v1.5.0 Remote File Include (vwar_root) Frank Reißner (Aug 08)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp FreeBSD Security Advisories (Aug 24)
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED] FreeBSD Security Advisories (Aug 25)
Geoff Vass
Google Picasa Listening on Port 80? Geoff Vass (Aug 14)
Gerardo Richarte
Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Gerardo Richarte (Aug 15)
giacomo collini
Re: Gdiplus.dll division by 0 giacomo collini (Aug 01)
Gianstefano Monni
Javascript software authentication brute force attack Gianstefano Monni (Aug 03)
Symantec Gateway Security DNS exploit Gianstefano Monni (Aug 23)
Ginsu Rabbit
Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
RE: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
linksys WRT54g authentication bypass Ginsu Rabbit (Aug 07)
gmdarkfig
Membrepass v1.5 Php code execution, Xss, Sql Injection gmdarkfig (Aug 31)
ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS gmdarkfig (Aug 30)
gooorguss
Re: RE: linksys WRT54g authentication bypass gooorguss (Aug 14)
gssincla
Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] gssincla (Aug 01)
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] gssincla (Aug 01)
guant a
Re: linksys WRT54g authentication bypass guant a (Aug 11)
Guillermo Marro
Security contact from Critical Path Inc Guillermo Marro (Aug 14)
h1kari () toorcon org
ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added h1kari () toorcon org (Aug 18)
h4ck3riran
Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ) h4ck3riran (Aug 29)
Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) h4ck3riran (Aug 29)
ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include h4ck3riran (Aug 21)
heintz
php local buffer underflow could lead to arbitary code execution heintz (Aug 07)
HeLiOsZ RooT
CivicSpace Version 0.8.5 HTML injection HeLiOsZ RooT (Aug 09)
Dragonfly CMS 9.0.6.1 and prior XSS HeLiOsZ RooT (Aug 10)
Henrik Stoerner
Hobbit monitor security bugfix release - 4.1.2p2 Henrik Stoerner (Aug 02)
Henry Jensen
Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Henry Jensen (Aug 21)
henry . sieff
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory henry . sieff (Aug 11)
Henry Sieff
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Henry Sieff (Aug 11)
Hessamx
Ezportal/Ztml v1.0 Multiple vulnerabilities Hessamx (Aug 30)
IwebNegar v1.1 Multiple vulnerabilities Hessamx (Aug 30)
hoangyenxinhdep
LinksCaffe no checker at admin hoangyenxinhdep (Aug 29)
infocus
MDaemon POP3 server remote buffer overflow (preauth) infocus (Aug 22)
istgha
Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability istgha (Aug 14)
Jacobo Avariento
POC & exploit for Apache mod_rewrite off-by-one Jacobo Avariento (Aug 21)
Jakob Balle
Secunia Research: AOL Insecure Default Directory Permissions Jakob Balle (Aug 18)
james
Re: vbulletin 3.5.4 IE exploit xss james (Aug 07)
Jan de Groot
Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Jan de Groot (Aug 22)
Joe Feise
Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Joe Feise (Aug 30)
Joe Orton
Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows Joe Orton (Aug 16)
jon
feedsplitter considered harmful jon (Aug 30)
Juha-Matti Laurio
New malware names and updates to PowerPoint FAQ document Juha-Matti Laurio (Aug 23)
New PowerPoint 0-day and Trojan - FAQ document ready Juha-Matti Laurio (Aug 21)
Re: Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio (Aug 08)
Major updates in PowerPoint FAQ document - not a 0-day issue Juha-Matti Laurio (Aug 22)
Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio (Aug 07)
New NT4/Windows botnet reported Juha-Matti Laurio (Aug 31)
Justin M. Forbes
rPSA-2006-0142-1 libtiff Justin M. Forbes (Aug 02)
rPSA-2006-0158-1 tshark wireshark Justin M. Forbes (Aug 25)
rPSA-2006-0147-1 mysql mysql-bench mysql-server Justin M. Forbes (Aug 08)
rPSA-2006-0143-1 gnupg Justin M. Forbes (Aug 02)
rPSA-2006-0159-1 ImageMagick Justin M. Forbes (Aug 29)
rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation Justin M. Forbes (Aug 09)
rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs Justin M. Forbes (Aug 25)
rPSA-2006-0152-1 squirrelmail Justin M. Forbes (Aug 11)
Kameron Gasso
RE: Google Picasa Listening on Port 80? Kameron Gasso (Aug 18)
Kenneth F. Belva
InfoSec Paper: Creating Business Through Virtual Trust Kenneth F. Belva (Aug 30)
K F (lists)
DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' K F (lists) (Aug 01)
king-hacker
faille include in "VeriTECH" isreal king-hacker (Aug 22)
king_purba
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY king_purba (Aug 07)
Krulewitch, Sean V
Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities Krulewitch, Sean V (Aug 25)
Kuon_at_Armorize_dot_com
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability Kuon_at_Armorize_dot_com (Aug 25)
Lance Seelbach
RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Lance Seelbach (Aug 14)
Ludwig Nussel
SUSE Security Announcement: clamav (SUSE-SA:2006:046) Ludwig Nussel (Aug 09)
Luigi Auriemma
Multiple buffer-overflows in AlsaPlayer 0.99.76 Luigi Auriemma (Aug 09)
Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006) Luigi Auriemma (Aug 07)
Multiple buffer-overflows in libmusicbrainz 2.1.2 Luigi Auriemma (Aug 14)
Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 Luigi Auriemma (Aug 09)
luny
OZJournal v1.5 - XSS luny (Aug 02)
Mailinglists Address
Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion Mailinglists Address (Aug 07)
Manh Tho
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006 Manh Tho (Aug 07)
mannion
Re: Concurrency-related vulnerabilities in browsers - expect problems mannion (Aug 18)
Marc Maiffret
EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable Marc Maiffret (Aug 22)
RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Marc Maiffret (Aug 18)
EEYE: research.eeye.com Marc Maiffret (Aug 02)
EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability Marc Maiffret (Aug 24)
Marc Ruef
[scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing Marc Ruef (Aug 16)
[scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting Marc Ruef (Aug 16)
Mariano Nuñez Di Croce
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service Mariano Nuñez Di Croce (Aug 10)
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow Mariano Nuñez Di Croce (Aug 10)
CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce (Aug 29)
Marius Huse Jacobsen
Re: when will AV vendors fix this??? Marius Huse Jacobsen (Aug 10)
Martin Johns
(somewhat) breaking the same-origin policy by undermining dns-pinning Martin Johns (Aug 14)
Martin Pitt
[USN-332-1] gnupg vulnerability Martin Pitt (Aug 03)
[USN-334-1] krb5 vulnerabilities Martin Pitt (Aug 16)
[USN-330-1] tiff vulnerabilities Martin Pitt (Aug 02)
[USN-335-1] heartbeat vulnerability Martin Pitt (Aug 16)
[USN-331-1] Linux kernel vulnerabilities Martin Pitt (Aug 03)
[USN-337-1] imagemagick vulnerability Martin Pitt (Aug 17)
[USN-336-1] binutils vulnerability Martin Pitt (Aug 17)
[USN-327-2] firefox regression Martin Pitt (Aug 01)
[USN-333-1] libwmf vulnerability Martin Pitt (Aug 09)
Martin Schulze
[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Aug 02)
[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution Martin Schulze (Aug 10)
[SECURITY] [DSA 1152-1] New trac packages fix information disclosure Martin Schulze (Aug 18)
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities Martin Schulze (Aug 02)
[SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution Martin Schulze (Aug 04)
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Aug 29)
[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting Martin Schulze (Aug 01)
[SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution Martin Schulze (Aug 02)
[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service Martin Schulze (Aug 03)
[SECURITY] [DSA 1159-1] New Mozilla Thunderbird packages fix several problems Martin Schulze (Aug 28)
[SECURITY] [DSA 1164-1] New sendmail packages fix denial of service Martin Schulze (Aug 31)
[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service Martin Schulze (Aug 04)
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation Martin Schulze (Aug 09)
[SECURITY] [DSA 1155-2] New sendmail packages fix denial of service Martin Schulze (Aug 24)
[SECURITY] [DSA 1143-1] New dhcp packages fix denial of service Martin Schulze (Aug 04)
[SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution Martin Schulze (Aug 18)
[SECURITY] [DSA 1155-1] New sendmail packages fix denial of service Martin Schulze (Aug 24)
[SECURITY] [DSA 1163-1] New gtetrinet packages fix arbitrary code execution Martin Schulze (Aug 30)
[SECURITY] [DSA 1136-1] New gpdf packages fix denial of service Martin Schulze (Aug 02)
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Martin Schulze (Aug 12)
[SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Aug 29)
[SECURITY] [DSA 1162-1] New libmusicbrainz packages fix arbitrary code execution Martin Schulze (Aug 30)
[SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service Martin Schulze (Aug 15)
Martin Vuagnoux
AUTODAFE: an Act of Software Torture [FUZZER] Martin Vuagnoux (Aug 07)
matdhule
Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities matdhule (Aug 14)
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities matdhule (Aug 26)
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion matdhule (Aug 04)
Matthew Hall
Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01] Matthew Hall (Aug 04)
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] Matthew Hall (Aug 03)
Matthias Geerdsen
[ GLSA 200608-13 ] ClamAV: Heap buffer overflow Matthias Geerdsen (Aug 08)
[ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite Matthias Geerdsen (Aug 01)
Matt Riddell (IT)
Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Matt Riddell (IT) (Aug 25)
MC Iglo
Tons of SQL-injections and XSS in Eichhorn Portal and vendor page MC Iglo (Aug 22)
XSS in HLstats 1.34 MC Iglo (Aug 30)
mfoxhacker
Virtual War v1.5.0 <= Sql Injection vuln. mfoxhacker (Aug 10)
Vwar v1.5.0 <= Sql Injection and XSS vuln. mfoxhacker (Aug 03)
Compersus ASP shopping cart <= DataBase Downloading vuln. mfoxhacker (Aug 10)
michael
Security Vulnerability in Ruby on Rails 1.1.x michael (Aug 11)
Michael Engert
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Michael Engert (Aug 14)
Michael Hale Ligh
Compression Plus and Tumblweed EMF Stack Overflow Michael Hale Ligh (Aug 31)
Michael Jennings
Suggested Fix for CVE-2006-4299 Michael Jennings (Aug 26)
Michael Wojcik
RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michael Wojcik (Aug 17)
Michal Zalewski
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 18)
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 15)
Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 12)
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 18)
Miguel Valentin
RE: linksys WRT54g authentication bypass Miguel Valentin (Aug 11)
mikeiscool
Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner mikeiscool (Aug 18)
Mike Prosser
SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege Mike Prosser (Aug 16)
mjw
Possible Myspace Worm mjw (Aug 28)
Moritz Muehlenhoff
[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code Moritz Muehlenhoff (Aug 01)
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities Moritz Muehlenhoff (Aug 28)
[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service Moritz Muehlenhoff (Aug 07)
[SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting Moritz Muehlenhoff (Aug 09)
[SECURITY] [DSA 1158-1] New streamripper packages fix arbitrary code execution Moritz Muehlenhoff (Aug 28)
[SECURITY] [DSA 1138-1] New cfs packages fix denial of service Moritz Muehlenhoff (Aug 02)
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities Moritz Muehlenhoff (Aug 08)
[SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities Moritz Muehlenhoff (Aug 09)
[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation Moritz Muehlenhoff (Aug 03)
[SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure Moritz Muehlenhoff (Aug 21)
[SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure Moritz Muehlenhoff (Aug 28)
MosT3mR
local file include in PHP-Nuke (autohtml.php) MosT3mR (Aug 15)
mr
Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability mr (Aug 14)
Mr . Niega
ShockwaveFlash 9 (Stack overflow) Mr . Niega (Aug 16)
Mustafa Can Bjorn IPEKCI
Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities Mustafa Can Bjorn IPEKCI (Aug 24)
Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability Mustafa Can Bjorn IPEKCI (Aug 24)
nareshhacker
Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows nareshhacker (Aug 17)
naveed
Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) naveed (Aug 18)
NGSSoftware Insight Security Research
Unauthorized Database Creation Privilege on Informix NGSSoftware Insight Security Research (Aug 14)
Arbitrary Library Loading in Informix NGSSoftware Insight Security Research (Aug 14)
Multiple Arbitrary Command Execution Vulnerabilities NGSSoftware Insight Security Research (Aug 14)
Informix Long Username Buffer Overflow Vulnerability NGSSoftware Insight Security Research (Aug 14)
Multiple Arbitrary File Access (Write/Read) Vulnerabilities NGSSoftware Insight Security Research (Aug 14)
Multiple Password Exposures Flaws NGSSoftware Insight Security Research (Aug 14)
Error logging buffer overflow in Informix NGSSoftware Insight Security Research (Aug 14)
SQLIDEBUG envariable overflow on Informix NGSSoftware Insight Security Research (Aug 14)
Multiple Buffer Overflow Vulnerabilities in Informix NGSSoftware Insight Security Research (Aug 14)
Nicholas Knight
Re: linksys WRT54g authentication bypass Nicholas Knight (Aug 11)
night_warrior-
DieselPay İndex.php Cross-Site Scripting Vulnerability night_warrior- (Aug 21)
Smart Traffic Remote File Include Vulnerability night_warrior- (Aug 21)
Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability night_warrior- (Aug 21)
Diesel Job Site forgot.php Cross-Site Scripting night_warrior- (Aug 21)
AlstraSoft Video Share Enterprise Remote File Include Vulnerability night_warrior- (Aug 26)
Nikolay Kubarelov
Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov (Aug 11)
NNP
Opera 9 Remote Denial of Service NNP (Aug 14)
noname
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability noname (Aug 14)
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability noname (Aug 14)
nop
[XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability nop (Aug 21)
[XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability nop (Aug 21)
[XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability nop (Aug 28)
[XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability nop (Aug 17)
[XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability nop (Aug 17)
NSFOCUS Security Team
NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability NSFOCUS Security Team (Aug 25)
nukedx
Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability nukedx (Aug 12)
Omid
Sql injection in Mambo & Joomla Omid (Aug 26)
Sql injection in Xoops Omid (Aug 26)
omnipresent
Simple one-file GuestBook 1.0 omnipresent (Aug 10)
Outlaw
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw (Aug 21)
Mambo Component - EstateAgent Remote File Inclusion Outlaw (Aug 21)
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw (Aug 21)
CMSimple Cross Site Scripting Outlaw (Aug 03)
Ako Comments (mod) Remote File Inclusion Outlaw (Aug 19)
Yabb XSS Outlaw (Aug 10)
mambo-phphop Product Scroller Module R.F.I Outlaw (Aug 18)
mtg_myhomepage Component For Mambo R.F.I Outlaw (Aug 18)
wheatblog ُSession.php Remote File Inclusion Outlaw (Aug 11)
Mambo CatalogShop Remote File Inclusion Outlaw (Aug 19)
fusionnews 3,7 Remote File Inclusion Outlaw (Aug 15)
Modification For OpenSEF Remote file Inclusion Outlaw (Aug 19)
Paul Schmehl
Re: when will AV vendors fix this??? Paul Schmehl (Aug 11)
Re: [Full-disclosure] RE: when will AV vendors fix this??? Paul Schmehl (Aug 18)
Re: [Full-disclosure] Re: when will AV vendors fix this??? Paul Schmehl (Aug 18)
pdp (architect)
XSSing the Lan 3 (web trojans.. not a new idea) pdp (architect) (Aug 11)
Attacking the local LAN via XSS pdp (architect) (Aug 07)
JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 14)
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
JavaScript Lazy Authorization Forcer and Visited Link Scaner pdp (architect) (Aug 18)
JavaScript port scanning pdp (architect) (Aug 01)
pedantic1
MS Terminal Server application session breakout pedantic1 (Aug 16)
pete
unwrapping PL/SQL pete (Aug 08)
Philip M. Gollucci
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Philip M. Gollucci (Aug 03)
philipp . niedziela
Sonium Enterprise Adressbook Version 0.2 (folder) RFI philipp . niedziela (Aug 18)
ME Download System 1.3 Remote File Inclusion philipp . niedziela (Aug 03)
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI philipp . niedziela (Aug 11)
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion philipp . niedziela (Aug 04)
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion philipp . niedziela (Aug 07)
Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability philipp . niedziela (Aug 09)
TSEP 0.9.4.2 <= Remote File Inclusion philipp . niedziela (Aug 01)
piiiiiii pppiiiiiiii
BlogHoster v2.2 Post Comment Html Injection piiiiiii pppiiiiiiii (Aug 09)
blur6ex 0.3 Comment title HTML inyection vuln. piiiiiii pppiiiiiiii (Aug 07)
Archangel Weblog 0.90.02 and prior Multiple HTML injections piiiiiii pppiiiiiiii (Aug 08)
simplog 0.9.3 and prior XSS piiiiiii pppiiiiiiii (Aug 07)
pingywon
Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] pingywon (Aug 02)
Pr070n
Re: Re: BlackBoard Multiple Vulnerabilities (XSS) Pr070n (Aug 31)
BlackBoard Multiple Vulnerabilities (XSS) Pr070n (Aug 22)
pr0t0n
Re: BlackBoard Multiple Vulnerabilities (XSS) pr0t0n (Aug 23)
preth00nker
Multiple xxs cPanel 10 preth00nker (Aug 18)
DoS 2wire Gateway preth00nker (Aug 21)
Pretorius, Wynand (ZA - Johannesburg)
RE: Symantec Gateway Security DNS exploit Pretorius, Wynand (ZA - Johannesburg) (Aug 23)
public
Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability public (Aug 14)
pucik
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow pucik (Aug 09)
qode
Nokia Browser Crash qode (Aug 11)
Raphael Marichez
[ GLSA 200608-27 ] Motor: Execution of arbitrary code Raphael Marichez (Aug 29)
[ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@) Raphael Marichez (Aug 10)
[ GLSA 200608-19 ] WordPress: Privilege escalation Raphael Marichez (Aug 11)
UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities Raphael Marichez (Aug 11)
[ GLSA 200608-28 ] PHP: Arbitary code execution Raphael Marichez (Aug 29)
[ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities Raphael Marichez (Aug 29)
[ GLSA 200608-21 ] Heimdal: Multiple local privilege escalation vulnerabilities Raphael Marichez (Aug 23)
[ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities Raphael Marichez (Aug 14)
[ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations Raphael Marichez (Aug 28)
[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows Raphael Marichez (Aug 26)
[ GLSA 200608-22 ] fbida: Arbitrary command execution Raphael Marichez (Aug 23)
ratboy727
XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php) ratboy727 (Aug 10)
Redworm
MyBB Html Injection ( XSS ) Redworm (Aug 26)
research
SYMSA-2006-009 research (Aug 29)
Reversemode
Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Reversemode (Aug 12)
rgod
Simple Machines Forum <=1.1RC2 unset() vulnerabilities rgod (Aug 22)
e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution rgod (Aug 29)
XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution rgod (Aug 14)
MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure rgod (Aug 05)
SendCard <= 3.4.0 unauthorized administrative access / remote commands execution rgod (Aug 03)
CubeCart <= 3.0.11 SQL injection & cross site scripting rgod (Aug 17)
Richard Lindberg
Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA Richard Lindberg (Aug 17)
Rodrigo Barbosa
Re: linksys WRT54g authentication bypass Rodrigo Barbosa (Aug 11)
Rodrigo Rubira Branco (BSDaemon)
Hackers to Hackers Conference III - Call for Papers Rodrigo Rubira Branco (BSDaemon) (Aug 30)
Roger A. Grimes
RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] Roger A. Grimes (Aug 02)
root
Netgear FVG318 is vunerable to DOS attack root (Aug 10)
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue. root (Aug 16)
Roy Hills
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills (Aug 02)
rPath Update Announcements
rPSA-2006-0162-1 kernel rPath Update Announcements (Aug 31)
rPSA-2006-0161-1 libmusicbrainz rPath Update Announcements (Aug 31)
s10242006
osCommerce < 2.2 Milestone 2 060817 POC Exploit s10242006 (Aug 30)
saudi . unix
powergap <= (s0x.php) Remote File Inclusion saudi . unix (Aug 17)
ScatterChat Advisories
ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability ScatterChat Advisories (Aug 12)
Schanulleke
Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke (Aug 07)
scott
Re: UPDATE vBulletin Version 3.5.4 exploit scott (Aug 18)
Sean Warnock
Security Contact Sean Warnock (Aug 10)
Secunia Research
Secunia Research: Jetbox Multiple Vulnerabilities Secunia Research (Aug 02)
Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions Secunia Research (Aug 03)
secure
Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege secure (Aug 17)
SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure secure (Aug 01)
(Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow Secure (Aug 12)
security
[ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 17)
[ MDKSA-2006:157 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities security (Aug 31)
[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities security (Aug 25)
[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability security (Aug 29)
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities security (Aug 01)
[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities security (Aug 01)
[ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability security (Aug 09)
[ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability security (Aug 14)
[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities security (Aug 01)
[ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities security (Aug 26)
[ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 22)
[ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 16)
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug security (Aug 31)
[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability security (Aug 09)
[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities security (Aug 25)
[ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities security (Aug 29)
[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities security (Aug 29)
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability security (Aug 09)
[ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities security (Aug 24)
[ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities security (Aug 22)
[ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities security (Aug 31)
[ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities security (Aug 24)
[ MDKSA-2006:144 ] - Updated php packages fix vulnerability security (Aug 21)
[ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability security (Aug 14)
[ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Aug 22)
security-alert
[security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert (Aug 02)
HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution security-alert (Aug 14)
[security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert (Aug 02)
[security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (Aug 02)
[security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (Aug 11)
[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation security-alert (Aug 03)
[security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert (Aug 11)
[security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) security-alert (Aug 15)
[security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS) security-alert (Aug 02)
[security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) security-alert (Aug 16)
[security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS) security-alert (Aug 17)
securityfocus
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability securityfocus (Aug 21)
segatom
Re: flatnuke <= 2.5.7 arbitrary php file upload segatom (Aug 07)
sehato
InfanView 3.98 (with plugins) - Access violation at processing images CUR files sehato (Aug 14)
InfanView 3.98 (with plugins) - Access violation at processing images ANI files sehato (Aug 10)
seppi
Local privilege Escalation in SmartLine DeviceLock 5.73 seppi (Aug 14)
sh3ll
Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability sh3ll (Aug 10)
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability sh3ll (Aug 11)
myEvent <= 1.4 Multiple Remote File Include Vulnerabilities sh3ll (Aug 12)
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability sh3ll (Aug 10)
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability sh3ll (Aug 11)
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability sh3ll (Aug 07)
Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability sh3ll (Aug 12)
SHiKaA-
Pheap CMS<= (lpref) Remote File Inclusion Exploit SHiKaA- (Aug 31)
simo64
SAPID CMS remote File Inclusion vulnerabilities simo64 (Aug 07)
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection simo64 (Aug 10)
Sowhat
Microsoft PowerPoint Malformed Record Memory Corruption Sowhat (Aug 08)
SPI Labs
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] SPI Labs (Aug 07)
ss_team
Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability ss_team (Aug 14)
stefan
vbulletin 3.5.4 IE exploit xss stefan (Aug 03)
XSS in Vbulletin 3.6.0 in IE 0nly Stefan (Aug 04)
Stefan Cornelius
[ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities Stefan Cornelius (Aug 03)
Stefan Esser
Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities Stefan Esser (Aug 24)
PHP: Zend_Hash_Del_Key_Or_Index Vulnerability Stefan Esser (Aug 07)
Stefan Friedli
Content Management Framework "G3" - XSS Vulnerability in Search Function Stefan Friedli (Aug 02)
Steve Kemp
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow Steve Kemp (Aug 01)
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow Steve Kemp (Aug 01)
Steven M. Christey
Re: JetBox cms (search_function.php) Remote File Include Steven M. Christey (Aug 31)
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Steven M. Christey (Aug 17)
Re: AW: JetBox cms (search_function.php) Remote File Include Steven M. Christey (Aug 30)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Steven M. Christey (Aug 14)
Steve VanDevender
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Steve VanDevender (Aug 07)
stormhacker
CuteNews 1.3.* Remote File Include Vulnerability stormhacker (Aug 25)
Sune Kloppenborg Jeppesen
[ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-05 ] LibVNCServer: Authentication bypass Sune Kloppenborg Jeppesen (Aug 04)
[ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability Sune Kloppenborg Jeppesen (Aug 04)
[ GLSA 200608-11 ] Webmin, Usermin: File Disclosure Sune Kloppenborg Jeppesen (Aug 07)
[ GLSA 200608-18 ] Net::Server: Format string vulnerability Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-23 ] Heartbeat: Denial of Service Sune Kloppenborg Jeppesen (Aug 24)
[ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Aug 05)
[ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code Sune Kloppenborg Jeppesen (Aug 07)
ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 08)
[ GLSA 200608-14 ] DUMB: Heap buffer overflow Sune Kloppenborg Jeppesen (Aug 08)
[ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-10 ] pike: SQL injection vulnerability Sune Kloppenborg Jeppesen (Aug 07)
[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 05)
support
Re: Directory Traversal vulnerability in IPCheck Monitor Server support (Aug 24)
susam . pal
CGI Script Source Code Disclosure Vulnerability in Apache for Windows susam . pal (Aug 10)
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 14)
Tamriel
GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities Tamriel (Aug 04)
GaesteChaos <= 0.2 Multiple Vulnerabilities Tamriel (Aug 04)
CounterChaos <= 0.48c SQL Injection Vulnerability Tamriel (Aug 04)
tbratusa
Kaspersky Anti-Hacker personal firewall unstealthy stealth mode tbratusa (Aug 14)
TeamXMM Consulting, Inc.
RE: linksys WRT54g authentication bypass TeamXMM Consulting, Inc. (Aug 14)
The Cute Group
Bugtraq ID: 18402 The Cute Group (Aug 23)
Thierry Carrez
[ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities Thierry Carrez (Aug 03)
[ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez (Aug 03)
Thierry Zoller
Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)
Re: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)
Thijs Kinkhorst
SquirrelMail 1.4.8 released - fixes variable overwriting attack Thijs Kinkhorst (Aug 11)
Thomas Biege
SUSE Security Announcement: libtiff (SUSE-SA:2006:044) Thomas Biege (Aug 01)
SUSE Security Announcement: freetype2 (SUSE-SA:2006:045) Thomas Biege (Aug 01)
Thomas D.
RE: [Full-disclosure] RE: when will AV vendors fix this??? Thomas D. (Aug 11)
RE: when will AV vendors fix this??? Thomas D. (Aug 11)
Thor (Hammer of God)
Re: MS Terminal Server application session breakout Thor (Hammer of God) (Aug 16)
tinywebgallery
Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability tinywebgallery (Aug 16)
tomas
(exploit) firefox 1.5.0.6 linux DoS tomas (Aug 22)
Tom Yu
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu (Aug 08)
UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu (Aug 17)
Tony Maupin
RE: Security contact from Critical Path Inc Tony Maupin (Aug 18)
Trustix Security Advisor
TSLSA-2006-0044 - multi Trustix Security Advisor (Aug 04)
TSLSA-2006-0046 - multi Trustix Security Advisor (Aug 11)
TSLSA-2006-0048 - multi Trustix Security Advisor (Aug 25)
try_og
XSS Vulnerability in FTD v3.7.3 try_og (Aug 07)
tr_zindan
phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability tr_zindan (Aug 08)
NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit tr_zindan (Aug 01)
TSRT
TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability TSRT (Aug 09)
TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability TSRT (Aug 07)
TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability TSRT (Aug 09)
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability TSRT (Aug 07)
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability TSRT (Aug 09)
TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities TSRT (Aug 08)
TTG
TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities TTG (Aug 22)
tugra
MojoScripts' xss vulnerable tugra (Aug 08)
Udo Sprotte
Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Udo Sprotte (Aug 28)
Uwe Hermann
[DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue Uwe Hermann (Aug 03)
vampire_chiristof
Bigace 1.8.2 (GLOBALS) Remote File Inclusion vampire_chiristof (Aug 26)
Virtual War v1.5.0 SQL injection and XSS vampire_chiristof (Aug 14)
otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln vampire_chiristof (Aug 15)
OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS vampire_chiristof (Aug 18)
Koobi Pro CMS 5.6 SQL injection & XSS vampire_chiristof (Aug 15)
BlaBla 4U XSS Vulnerabilite vampire_chiristof (Aug 14)
Vicente Perez
Latinchat Denial Of Service Vicente Perez (Aug 09)
Victor Sudakov
unauthorized VNC access in AK-Systems Windows Terminals Victor Sudakov (Aug 22)
vijay
osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed vijay (Aug 14)
VMware Security Team
VMSA-2006-0004 Cross site scripting vulnerability and other fixes VMware Security Team (Aug 01)
Volker Tanger
Re: Yabb XSS - or NOT Volker Tanger (Aug 14)
vulnpost-remove
[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability vulnpost-remove (Aug 01)
[vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability vulnpost-remove (Aug 07)
William A. Rowe, Jr.
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr. (Aug 03)
Williams, James K
CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities Williams, James K (Aug 04)
wiziwig
Re: Another YabbSE Remote Code Execution Vulnerability wiziwig (Aug 28)
wsip
World Summit on Intrusion Prevention wsip (Aug 17)
x0r0n
pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability x0r0n (Aug 24)
PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities x0r0n (Aug 09)
Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion x0r0n (Aug 29)
Mambo jim Component Remote Include Vulnerability x0r0n (Aug 18)
docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability x0r0n (Aug 08)
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability x0r0n (Aug 10)
ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability x0r0n (Aug 03)
SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability x0r0n (Aug 02)
Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities x0r0n (Aug 14)
Mambo com_cropimage 1.0 Component Remote Include Vulnerability x0r0n (Aug 19)
Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability x0r0n (Aug 07)
xvml
Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code xvml (Aug 11)
Yves Goergen
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Yves Goergen (Aug 11)
zdi-disclosures
ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability zdi-disclosures (Aug 08)
ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability zdi-disclosures (Aug 08)
ZeberuS
WoltLab Burning Board 2.3.5(WBB) in XSS ZeberuS (Aug 21)