Bugtraq: by thread
519 messages
starting Jan 01 06 and
ending Jan 31 06
Date index |
Thread index |
Author index
- [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities XFOCUS Security Team (Jan 01)
- [ GLSA 200601-01 ] pinentry: Local privilege escalation Thierry Carrez (Jan 03)
- [USN-234-1] cpio vulnerability Martin Pitt (Jan 03)
- Re: WMF Exploit Justin Myers (Jan 03)
- <Possible follow-ups>
- Re: RE: WMF Exploit grasshopa (Jan 03)
- Re: WMF Exploit Joshua (Jan 05)
- Re: WMF Exploit Frank Knobbe (Jan 03)
- RE: WMF Exploit Paul (Jan 03)
- WMF exploit Andreas Marx (Jan 04)
- Re: WMF Exploit Paul Laudanski (Jan 04)
- RE: WMF Exploit Discussion Lists (Jan 04)
- [USN-233-1] fetchmail vulnerability Martin Pitt (Jan 03)
- [KAPDA::#19] - Html Injection in vBulletin 3.5.2 alireza hassani (Jan 03)
- [eVuln] PHPjournaler SQL Injection Vulnerability alex (Jan 03)
- [eVuln] Chipmunk Guestbook XSS Vulnerability alex (Jan 03)
- [ GLSA 200512-18 ] XnView: Privilege escalation Thierry Carrez (Jan 03)
- [eVuln] Chimera Web Portal System Multiple Vulnerabilities alex (Jan 03)
- NicoFTP Stack Overflow k4p0k4p0 (Jan 03)
- Drupal all versiyon xss cehennem.org liz0 (Jan 03)
- Re: Drupal all versiyon xss cehennem.org RSnake (Jan 03)
- <Possible follow-ups>
- Re: Drupal all versiyon xss cehennem.org security (Jan 03)
- [eVuln] inTouch Authentication Bypass alex (Jan 03)
- [eVuln] B-net Software Multiple XSS Vulnerabilities alex (Jan 03)
- [eVuln] VEGO Web Forum SQL Injection Vulnerability alex (Jan 03)
- [eVuln] ScozBook "adminname" Authentication Bypass alex (Jan 03)
- SCO Openserver 5.0.x exploit rod hedor (Jan 03)
- [eVuln] oaBoard PHP Code Execution alex (Jan 03)
- RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau (Jan 03)
- Winrar 3.30 Local Buffer Overflow Alpha_Programmer (Jan 03)
- WMF round-up, updates and de-mystification Gadi Evron (Jan 03)
- Re: [Full-disclosure] WMF round-up, updates and de-mystification Nancy Kramer (Jan 03)
- Re: [Full-disclosure] WMF round-up, updates and de-mystification InfoSecBOFH (Jan 03)
- RE: [Full-disclosure] WMF round-up, updates and de-mystification Larry Seltzer (Jan 03)
- Re: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne (Jan 03)
- Re: WMF round-up, updates and de-mystification Gadi Evron (Jan 03)
- RE: [funsec] WMF round-up, updates and de-mystification Larry Seltzer (Jan 03)
- Re[2]: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne (Jan 04)
- Re: WMF round-up, updates and de-mystification Adam Shostack (Jan 04)
- <Possible follow-ups>
- RE: WMF round-up, updates and de-mystification Krpata, Tyler (Jan 04)
- WMF SETABORTPROC exploit SanjayR (Jan 03)
- [eVuln] VEGO Links Builder Authentication Bypass alex (Jan 03)
- New from the MS Advisory Larry Seltzer (Jan 03)
- Re: New from the MS Advisory Damaged Industries (Jan 05)
- Recruitment Software allows MySQL credentials disclosure Rafael San Miguel Carrasco (Jan 03)
- WSJ: The new "metasploit" computer virus Richard M. Smith (Jan 03)
- [eVuln] phpBook PHP Code Execution alex (Jan 03)
- [eVuln] PHPenpals SQL Injection Vulnerabilit alex (Jan 03)
- Another WMF exploit workaround Ivan Arce (Jan 04)
- Download Accelerator Plus can be tricked to download malicious file visitbipin (Jan 04)
- RE: Download Accelerator Plus can be tricked to download malicious file NaPa (Jan 05)
- <Possible follow-ups>
- Re: Download Accelerator Plus can be tricked to download malicious file visitbipin (Jan 05)
- Re: Download Accelerator Plus can be tricked to download malicious file Dave Korn (Jan 06)
- [eVuln] Lizard Cart CMS SQL Injection Vulnerability alex (Jan 04)
- Dumb IE6/XP denial of service found on the web 8ux1fpd02 (Jan 04)
- Re: Dumb IE6/XP denial of service found on the web Francois Labreque (Jan 05)
- RE: Dumb IE6/XP denial of service found on the web Mario Contestabile (Jan 05)
- Re: Dumb IE6/XP denial of service found on the web Kim Christensen (Jan 06)
- <Possible follow-ups>
- Re: Dumb IE6/XP denial of service found on the web rebornrebel (Jan 11)
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability Eloy A. Paris (Jan 04)
- MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability Mandriva Security Team (Jan 04)
- Re: WMF browser-ish exploit vectors Nick FitzGerald (Jan 04)
- <Possible follow-ups>
- Re: WMF browser-ish exploit vectors Dave Korn (Jan 05)
- RE: WMF browser-ish exploit vectors James C Slora Jr (Jan 05)
- Re: WTF?? Nick FitzGerald (Jan 05)
- <Possible follow-ups>
- Re: WTF?? anthony . aykut (Jan 05)
- Mapping and Remote manipulation of databases Gandalf The White (Jan 05)
- WMF: New Metasploit Framework Module H D Moore (Jan 05)
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability labs-no-reply () idefense com (Jan 05)
- Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 05)
- what we REALLY learned from WMF Gadi Evron (Jan 05)
- Re: what we REALLY learned from WMF Thor (Hammer of God) (Jan 06)
- industry standards - current status [was: what we REALLY learned from WMF] Gadi Evron (Jan 09)
- Re: industry standards - current status [was: what we REALLY learned from WMF] D. Hazelton (Jan 12)
- industry standards - current status [was: what we REALLY learned from WMF] Gadi Evron (Jan 09)
- Re: what we REALLY learned from WMF Thor (Hammer of God) (Jan 06)
- MD:Pro - Malware Distribution Project anthony . aykut (Jan 05)
- Re: MD:Pro - Malware Distribution Project Rembrandt (Jan 07)
- [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 eufrato (Jan 05)
- [eVuln] TinyPHPForum Multiple Vulnerabilities alex (Jan 05)
- CyberShop User Login Sql Injection night_warrior771 (Jan 05)
- What is sbininitd port 65534 ??? waltdnes (Jan 05)
- iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability labs-no-reply () idefense com (Jan 05)
- HylaFAX Security advisory - fixed in HylaFAX 4.2.4 Aidan Van Dyk (Jan 05)
- Contact information for Symantec Vulnerability Management secure (Jan 05)
- SysCP WebFTP local file inclusion vulnerability Thomas Henlich (Jan 05)
- Uninformed Journal Release Announcement: Volume 3 Uninformed (Jan 05)
- [USN-236-1] xpdf vulnerabilities Martin Pitt (Jan 05)
- MS released a patch today - MS06-001 Duran, Jason IT0 (Jan 05)
- Re: MS released a patch today - MS06-001 Anthony R. Nemmer (Jan 06)
- [USN-235-1] sudo vulnerability Martin Pitt (Jan 05)
- Windows PHP 4.x "0-day" buffer overflow mercenary (Jan 05)
- Interview: Ilfak Guilfanov Matthew Murphy (Jan 05)
- MD5s of Unofficial patches and other mistakes Forrest J. Cavalier III (Jan 06)
- Re: Interview: Ilfak Guilfanov Randal L. Schwartz (Jan 07)
- Re: Interview: Ilfak Guilfanov Denis Jedig (Jan 09)
- [eVuln] ADNForum Multiple Vulnerabilities alex (Jan 05)
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability labs-no-reply () idefense com (Jan 05)
- APPLE-SA-2006-01-05 AirPort firmware update noreply (Jan 06)
- [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access security-alert (Jan 06)
- [eVuln] TheWebForum Script Insertion and Authentication Bypass alex (Jan 06)
- Did MS pull an Ilfak? (MS patch bindiff results) Gadi Evron (Jan 06)
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Brett Glass (Jan 09)
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Joe Polk (Jan 10)
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Denis Jedig (Jan 11)
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Joe Polk (Jan 10)
- <Possible follow-ups>
- RE: Did MS pull an Ilfak? (MS patch bindiff results) Greg Wroblewski (Jan 11)
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Brett Glass (Jan 09)
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team (Jan 06)
- <Possible follow-ups>
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team (Jan 06)
- <Possible follow-ups>
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities Mandriva Security Team (Jan 06)
- [USN-238-1] Blender vulnerability Martin Pitt (Jan 06)
- [USN-238-2] Blender vulnerability Martin Pitt (Jan 06)
- [USN-237-1] nbd vulnerability Martin Pitt (Jan 06)
- Re: [USN-237-1] nbd vulnerability Florian Weimer (Jan 07)
- [eVuln] Proyecto Domus 'email' XSS Vulnerability alex (Jan 06)
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team (Jan 06)
- <Possible follow-ups>
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code Sune Kloppenborg Jeppesen (Jan 06)
- [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jan 06)
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team (Jan 07)
- <Possible follow-ups>
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- Recon2006 - Call for papers Hugo Fortier (Jan 07)
- [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking Sune Kloppenborg Jeppesen (Jan 07)
- [eVuln] NavBoard BBcode XSS Vulnerability alex (Jan 07)
- Survey on Vuln Disclosure: Request for Participation Richard Forno (Jan 07)
- xorg server 6.8.2 and below on 64bit arch serj (Jan 09)
- Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities frankruder (Jan 09)
- [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities frankruder (Jan 09)
- [SECURITY] [DSA 929-1] New petris packages fix buffer overflow Michael Stone (Jan 09)
- [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability Michael Stone (Jan 09)
- NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure NetBSD Security Officer (Jan 09)
- NetBSD Security Advisory 2006-002: settimeofday() time wrap NetBSD Security Officer (Jan 09)
- [eVuln] Foxrum BBCode XSS Vulnerabilty alex (Jan 09)
- [SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution Martin Schulze (Jan 09)
- [eVuln] Venom Board SQL Injection Vulnerability alex (Jan 09)
- Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability info (Jan 09)
- [SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution Martin Schulze (Jan 09)
- iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability labs-no-reply () idefense com (Jan 09)
- AOL Multiple Cross Site Scripting Vulnerability simo (Jan 09)
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- <Possible follow-ups>
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- Html_Injection in vBulletin 3.5.2 the_bekir (Jan 09)
- <Possible follow-ups>
- Re: Html_Injection in vBulletin 3.5.2 Steven M. Christey (Jan 10)
- Re: Html_Injection in vBulletin 3.5.2 info (Jan 10)
- AIM Multiple Cross Site Scripting Vulnerability simo (Jan 09)
- Orjinweb E-commerce serxwebun (Jan 09)
- Php-Nuke Pool and News Module IMG Tag Cross Site night_warrior771 (Jan 09)
- Xoops Pool Module IMG Tag Cross Site Scripting night_warrior771 (Jan 09)
- [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) alex (Jan 09)
- MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities Mandriva Security Team (Jan 09)
- Research: Malware Action Detection and Protection Arman Nayyeri (Jan 09)
- [SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution Michael Stone (Jan 10)
- [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities Michael Stone (Jan 10)
- [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability Michael Stone (Jan 10)
- [SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution Michael Stone (Jan 10)
- Multiple Vulnerabilities in Hummingbird Collaboration luca . carettoni (Jan 10)
- iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability labs-no-reply () idefense com (Jan 10)
- [USN-239-1] libapache2-mod-auth-pgsql vulnerability Martin Pitt (Jan 10)
- [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert (Jan 10)
- [USN-236-2] xpdf vulnerabilities in kword, kpdf Martin Pitt (Jan 10)
- [FLSA-2006:136323] Updated gettext package fixes security issues Marc Deslauriers (Jan 10)
- BSD Securelevels: Circumventing protection of files flagged immutable RedTeam Pentesting (Jan 10)
- [FLSA-2006:152907] Updated htdig packages fix security issues Marc Deslauriers (Jan 10)
- Malware - future trends Dancho Danchev (Jan 10)
- Time modification flaw in BSD securelevels on NetBSD and Linux RedTeam Pentesting (Jan 10)
- [FLSA-2006:152922] Updated ethereal packages fix security issues Marc Deslauriers (Jan 10)
- [FLSA-2006:168375] Updated mozilla packages fix security issues Marc Deslauriers (Jan 10)
- New PEAR / Apache2Triad Exploit jd2k2000 (Jan 10)
- Microsoft Exchange Critical Vulnerability NGSSoftware Insight Security Research (Jan 11)
- Microsoft Outlook Critical Vulnerability NGSSoftware Insight Security Research (Jan 11)
- Updated Advisories - Incorrect CVE Information Advisories (Jan 11)
- Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team (Jan 11)
- [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow Advisories (Jan 11)
- [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow Advisories (Jan 11)
- [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Advisories (Jan 11)
- [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server bugzilla (Jan 11)
- [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow Stefan Cornelius (Jan 11)
- Advisory: XSS attack on Superonline.com email service. nukedx (Jan 11)
- Serial Line Sniffer 0.4.4 Buffer Overflow Sintigan (Jan 11)
- FreeBSD Security Advisory FreeBSD-SA-06:03.cpio FreeBSD Security Advisories (Jan 11)
- FreeBSD Security Advisory FreeBSD-SA-06:02.ee FreeBSD Security Advisories (Jan 11)
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex FreeBSD Security Advisories (Jan 11)
- PostgreSQL security releases 8.0.6 and 8.1.2 PostgreSQL Security (Jan 11)
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] FreeBSD Security Advisories (Jan 11)
- SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) Ludwig Nussel (Jan 11)
- eStara Softphone SIP stack Buffer Overflow Vulnerability zwell (Jan 11)
- [FLSA-2006:167803] Updated mysql packages fix security issues Marc Deslauriers (Jan 11)
- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) nukedx (Jan 11)
- [eVuln] MyPhPim Arbitrary File Upload alex (Jan 11)
- [USN-235-2] sudo vulnerability Martin Pitt (Jan 11)
- [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow Advisories (Jan 11)
- MDKSA-2006:010 - Updated cups packages fix several vulnerabilities Mandriva Security Team (Jan 11)
- H-Sphere Security Vulnerability M.Neset KABAKLI (Jan 12)
- Advisory 02/2006: PHP ext/mysqli Format String Vulnerability Stefan Esser (Jan 12)
- Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability Stefan Esser (Jan 12)
- Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks Cisco Systems Product Security Incident Response Team (Jan 12)
- [SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution Martin Schulze (Jan 12)
- EUSecWest papers and CanSecWest CFP Dragos Ruiu (Jan 12)
- [USN-241-1] Apache vulnerabilities Adam Conrad (Jan 12)
- Session data pollution vulnerabilities in web applications Alla Bezroutchko (Jan 12)
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications Frank Knobbe (Jan 12)
- [SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification Martin Schulze (Jan 12)
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx (Jan 12)
- <Possible follow-ups>
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx (Jan 12)
- FogBugz Cross Site Scripting Vulnerability M.Neset KABAKLI (Jan 12)
- [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution Martin Schulze (Jan 12)
- Cisco, haven't we learned anything? (technician reset) Gadi Evron (Jan 12)
- Multiple PHP Toolkit for PayPal Vulnerabilities uinC Team (Jan 12)
- Interspire TrackPoint NX XSS Vulnerability M.Neset KABAKLI (Jan 12)
- ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability zdi-disclosures (Jan 12)
- [eVuln] TankLogger SQL Injection Vulnerability alex (Jan 12)
- [eVuln] ACal Authentication Bypass & PHP Code Insertion alex (Jan 12)
- [eVuln] Wordcircle Authentication Bypass alex (Jan 12)
- [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities alex (Jan 12)
- [USN-240-1] bogofilter vulnerability Martin Pitt (Jan 12)
- Helm XSS Vulnerability M.Neset KABAKLI (Jan 13)
- Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability secresearch (Jan 13)
- [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service Martin Schulze (Jan 13)
- [SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution Martin Schulze (Jan 13)
- [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen (Jan 13)
- SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002) Marcus Meissner (Jan 13)
- MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities Mandriva Security Team (Jan 13)
- [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code Sune Kloppenborg Jeppesen (Jan 13)
- [ GLSA 200601-08 ] Blender: Heap-based buffer overflow Sune Kloppenborg Jeppesen (Jan 13)
- Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access secresearch (Jan 13)
- iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow labs-no-reply () idefense com (Jan 13)
- Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability secresearch (Jan 13)
- mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation xwings (Jan 13)
- [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities Stefan Cornelius (Jan 14)
- [FLSA-2006:152803] Updated lesstif packages fix security issues Marc Deslauriers (Jan 14)
- MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities Mandriva Security Team (Jan 14)
- FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw FreeBSD Security Advisories (Jan 14)
- PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 14)
- [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities alex (Jan 14)
- ezDatabase 2.0 and below none (Jan 14)
- FullPath disclosure in Xaraya 1.0.1 king_purba (Jan 14)
- [KAPDA::#21] - HomeFtp v1.1 Denial of Service [a] (Jan 14)
- MyBB 1.0.2 SQL injection in usercp.php addmimistrator (Jan 14)
- <Possible follow-ups>
- Re: MyBB 1.0.2 SQL injection in usercp.php o . y . 6 (Jan 16)
- Hacking With The Google Search Engine Paul Laudanski (Jan 14)
- [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops Advisories (Jan 14)
- [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution Martin Schulze (Jan 14)
- [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability Advisories (Jan 14)
- WMF vulnerability was a deliberate backdoor? Brooks, Shane (Jan 15)
- Re: WMF vulnerability was a deliberate backdoor? Denis Jedig (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Steve Friedl (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Mike Ely (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: WMF vulnerability was a deliberate backdoor? Alex Eckelberry (Jan 16)
- MyBB 1.0.2 SQL injection addmimistrator (Jan 15)
- DCP Portal Cross-Site Scripting Vulnerability night_warrior771 (Jan 15)
- AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability night_warrior771 (Jan 15)
- [eVuln] Light Weight Calendar PHP Code Execution alex (Jan 15)
- Re: MSN Messenger Password Decrypter for WinXP/2003 kuku (Jan 15)
- Re: MSN Messenger Password Decrypter for WinXP/2003 James_gmail-ij (Jan 17)
- <Possible follow-ups>
- Re: MSN Messenger Password Decrypter for WinXP/2003 frank boldewin (Jan 18)
- Re: Re: MSN Messenger Password Decrypter for WinXP/2003 null (Jan 19)
- Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 15)
- <Possible follow-ups>
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 16)
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 18)
- DIMVA 2006 Call for Papers Thomas Biege (Jan 15)
- TSLSA-2006-0002 - multi Trustix Security Advisor (Jan 15)
- TSL-2006-0001 - postgresql Trustix Security Advisor (Jan 15)
- DDSN CMS Admin Panel SQL Injection Vulnerability khc (Jan 15)
- [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server ISecAuditors Security Advisories (Jan 15)
- Visual Studio Remote Code Execution priest (Jan 15)
- MDKSA-2006:013 - Updated kolab packages fix vulnerability Mandriva Security Team (Jan 15)
- DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' KF (lists) (Jan 16)
- [SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution Martin Schulze (Jan 16)
- Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities oliver karow (Jan 16)
- [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation Martin Schulze (Jan 16)
- Directory traversal in phpXplorer Oriol Torrent (Jan 16)
- Re: Directory traversal in phpXplorer Stan Bubrouski (Jan 18)
- Re: Directory traversal in phpXplorer Stan Bubrouski (Jan 19)
- Re: Directory traversal in phpXplorer Stan Bubrouski (Jan 18)
- [eVuln] Bit 5 Blog JavaScript Insertion Vulnerability alex (Jan 16)
- CounterPath eyeBeam Handing SIP header Vulnerabilities zwell (Jan 16)
- WehnTrust - When you have to trust Wehntrust Thierry Zoller (Jan 16)
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust H D Moore (Jan 16)
- Homeftp r1.0.7 Denial of Service cvh (Jan 16)
- [USN-242-1] mailman vulnerabilities Martin Pitt (Jan 16)
- iWar 0.07 PSTN auditing tool released... Da Beave (Jan 16)
- Reverse Proxy Cross Site Scripting Shalom Carmel (Jan 16)
- Re: Reverse Proxy Cross Site Scripting Amit Klein (AKsecurity) (Jan 17)
- [eVuln] Benders Calendar SQL Injection alex (Jan 16)
- [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability alex (Jan 16)
- Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit patrickthomassen (Jan 16)
- Microsoft knew about the WMF flaw for years Richard M. Smith (Jan 16)
- Re: Microsoft knew about the WMF flaw for years Gadi Evron (Jan 17)
- <Possible follow-ups>
- Re: Microsoft knew about the WMF flaw for years Steven M. Christey (Jan 20)
- EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability Josh Zlatin (Jan 16)
- Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability info (Jan 17)
- PunBB BBCode URL Tag Script Injection Vulnerability night_warrior771 (Jan 17)
- Re: PunBB BBCode URL Tag Script Injection Vulnerability Rickard Andersson (Jan 18)
- Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact (Jan 17)
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released Gadi Evron (Jan 24)
- [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution Martin Schulze (Jan 17)
- [USN-243-1] tuxpaint vulnerability Martin Pitt (Jan 17)
- [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1 zinho (Jan 17)
- White Album Sql İnjection biyosecurity.be liz0 (Jan 17)
- Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements inge . henriksen (Jan 17)
- MDKSA-2006:014 - Updated wine packages fix WMF vulnerability Mandriva Security Team (Jan 17)
- MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities Mandriva Security Team (Jan 17)
- MDKSA-2006:016 - Updated clamav packages fix vulnerability Mandriva Security Team (Jan 17)
- IndonesiaHack Advisory HTML injection in PHP Fusebox king_purba (Jan 17)
- <Possible follow-ups>
- Re: IndonesiaHack Advisory HTML injection in PHP Fusebox brian428 (Jan 26)
- Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox pr1nce_empire (Jan 30)
- ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen (Jan 17)
- XSS in WBNews < = v1.1.0 dragonjar (Jan 17)
- [eVuln] BlogPHP Authentication Bypass alex (Jan 17)
- [eVuln] microBlog SQL Injection Vulnerability alex (Jan 17)
- [eVuln] microBlog BBCode XSS Vulnerability alex (Jan 17)
- Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability Secunia Research (Jan 17)
- PowerPortal Cross-Site Scripting Vulnerability night_warrior771 (Jan 17)
- [SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities Martin Schulze (Jan 17)
- [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation Martin Schulze (Jan 17)
- Cerberus FTP Server 2.32 Denial of Service cvh (Jan 17)
- Re: Fullpath disclosure in roundcube webmail roundcube (Jan 17)
- [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities alex (Jan 17)
- [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation Thierry Carrez (Jan 17)
- WEP-Client-Communication-Dumbdown (WCCD) Vulnerability Michael.Wade (Jan 17)
- [eVuln] geoBlog SQL Injection Vulnerability alex (Jan 17)
- Attacking Automatic Wireless Network Selection Dino A. Dai Zovi (Jan 18)
- Oracle DBMS Access Control Bypass in Login shulman (Jan 18)
- Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext ak (Jan 18)
- Oracle Reports - Read parts of files via desname (fixed after 874 days) ak (Jan 18)
- Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) ak (Jan 18)
- Oracle Critical Patch Update - January 2006 NGSSoftware Insight Security Research (Jan 18)
- Oracle Reports - Read parts of files via customize(fixed after 875 days) ak (Jan 18)
- Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA ak (Jan 18)
- [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess() Thierry Zoller (Jan 18)
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at] (Jan 18)
- <Possible follow-ups>
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at] (Jan 19)
- [eVuln] Flog Information Disclosure Vulnerability alex (Jan 18)
- [eVuln] aoblogger Multiple Vulnerabilities alex (Jan 18)
- Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Cisco Systems Product Security Incident Response Team (Jan 18)
- Cisco Security Advisory: Cisco Call Manager Denial of Service Cisco Systems Product Security Incident Response Team (Jan 18)
- MyBB 1.0.2 Sniffing table perfix bug in search.php addmimistrator (Jan 18)
- XMB Forum HTML Code Injection [at] (Jan 18)
- ICQ Cross Site Scripting Vulnerability simo (Jan 18)
- [USN-244-1] Linux kernel vulnerabilities Martin Pitt (Jan 18)
- MyBB Signature HTML Code Injection [at] (Jan 18)
- <Possible follow-ups>
- MyBB Signature HTML Code Injection n (Jan 21)
- HITBSecConf2005 Videos Released Praburaajan (Jan 19)
- IRM 015: File system path disclosure on TYPO3 Web Content Manager Advisories (Jan 19)
- Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager Michael Shigorin (Jan 19)
- Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability Fortinet Research (Jan 19)
- Land Down Under Signature HTML Code Injection [at] (Jan 19)
- [eVuln] WebspotBlogging Authentication Bypass Vulnerability alex (Jan 19)
- Cisco Security Advisory: Cisco Call Manager Privilege Escalation Cisco Systems Product Security Incident Response Team (Jan 19)
- CAID 33756 - DM Deployment Common Component Vulnerabilities Williams, James K (Jan 19)
- -2- [XSS] in ar-blog v 5.2 s3ude (Jan 19)
- Google's Blogger.com classic HTTP response splitting vulnerability Meder Kydyraliev (Jan 19)
- [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) security-alert (Jan 19)
- Critical security advisory #006 tftpd32 Format string admin (Jan 19)
- MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability Mandriva Security Team (Jan 19)
- FreeBSD Security Advisory FreeBSD-SA-06:05.80211 FreeBSD Security Advisories (Jan 19)
- Change passwd 3.1 (SquirrelMail plugin ) rod hedor (Jan 19)
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT ak (Jan 19)
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT ak (Jan 19)
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability labs-no-reply () idefense com (Jan 20)
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability labs-no-reply () idefense com (Jan 20)
- iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability labs-no-reply () idefense com (Jan 20)
- phpXplorer file inclusion biyosecurity.be liz0 (Jan 20)
- [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow Dirk Mueller (Jan 20)
- MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities Mandriva Security Team (Jan 20)
- [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution Martin Schulze (Jan 20)
- DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' KF (lists) (Jan 20)
- Claroline 1.7.2, sso identification vulnerability karmaguedon (Jan 20)
- BlogPHP config.php SQL injection login bypass addmimistrator (Jan 20)
- <Possible follow-ups>
- BlogPHP config.php SQL injection login bypass addmimistrator (Jan 20)
- [SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow Michael Stone (Jan 20)
- SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003) Ludwig Nussel (Jan 20)
- MySQL 5.0 information leak? Bernd Wurst (Jan 20)
- RE: MySQL 5.0 information leak? Burton Strauss (Jan 21)
- Re: MySQL 5.0 information leak? Johan De Meersman (Jan 26)
- Re: MySQL 5.0 information leak? Stephen Frost (Jan 23)
- <Possible follow-ups>
- Re: MySQL 5.0 information leak? Lance James (Jan 26)
- RE: MySQL 5.0 information leak? Burton Strauss (Jan 26)
- Re: MySQL 5.0 information leak? Duncan Simpson (Jan 30)
- RE: MySQL 5.0 information leak? Burton Strauss (Jan 21)
- [SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow Michael Stone (Jan 20)
- [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation Martin Schulze (Jan 20)
- [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure alex (Jan 20)
- [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities alex (Jan 20)
- [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities alex (Jan 20)
- MDKSA-2006:019 - Updated kdelibs packages fix vulnerability Mandriva Security Team (Jan 21)
- Tumbleweed EMF 6.x Processing Issues jcary2543 (Jan 21)
- <Possible follow-ups>
- Re: Tumbleweed EMF 6.x Processing Issues support (Jan 26)
- BlogPHP config.php SQL injection login bypassed addmimistrator (Jan 21)
- CodeCon program announced, early registration deadline nearing Len Sassaman (Jan 23)
- [USN-245-1] KDE library vulnerability Martin Pitt (Jan 23)
- [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability Sune Kloppenborg Jeppesen (Jan 24)
- High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server NGSSoftware Insight Security Research (Jan 24)
- fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321) ma+bt (Jan 24)
- [eVuln] e-moBLOG SQL Injection Vulnerability alex (Jan 24)
- [eVuln] Note-A-Day Weblog Sensitive Information Disclosure alex (Jan 24)
- ANN: New release of CORE FORCE free endpoint security package Core FORCE team (Jan 24)
- [USN-246-1] imagemagick vulnerabilities Martin Pitt (Jan 24)
- [SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution Martin Schulze (Jan 25)
- Call For Paper - SyScan'06 Singapore organiser () syscan org (Jan 25)
- [SECURITY] [DSA 955-1] New mailman packages fix denial of service Michael Stone (Jan 25)
- [eVuln] CheesyBlog XSS Vulnerability alex (Jan 25)
- Workaround for unpatched Oracle PLSQL Gateway flaw David Litchfield (Jan 25)
- Technical Note by Amit Klein: "XST Strikes Back" Amit Klein (AKsecurity) (Jan 25)
- HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability h4cky0u . org (Jan 25)
- [SECURITY] [DSA 947-2] New clamav packages fix heap overflow Michael Stone (Jan 25)
- FreeBSD Security Advisory FreeBSD-SA-06:07.pf FreeBSD Security Advisories (Jan 25)
- [eVuln] ExpressionEngine 'Referer' XSS Vulnerability alex (Jan 25)
- Updated ipsec-tools packages fix vulnerability security (Jan 25)
- Rosiello Security - Eterm-LibAST Advisory angelo (Jan 25)
- FreeBSD Security Advisory FreeBSD-SA-06:06.kmem FreeBSD Security Advisories (Jan 25)
- [security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege security-alert (Jan 26)
- [eVuln] miniBloggie Authentication Bypass alex (Jan 26)
- [SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting Martin Schulze (Jan 26)
- [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting roozbeh_afrasiabi (Jan 26)
- Newsphp Multiple SQL Injection Vulnerabilities at (Jan 26)
- [eVuln] Text Rider Sensitive Information Disclosure alex (Jan 26)
- What A Click! [Internet Explorer] mikx (Jan 26)
- Re: [security] What A Click! [Internet Explorer] yossarian (Jan 27)
- Re: [security] What A Click! [Internet Explorer] Lance James (Jan 27)
- Re: [security] What A Click! [Internet Explorer] yossarian (Jan 30)
- Re: [security] What A Click! [Internet Explorer] Lance James (Jan 27)
- Re: [security] What A Click! [Internet Explorer] yossarian (Jan 27)
- MyBB 1.0.2 XSS attack in search.php redirection addmimistrator (Jan 26)
- Updated mozilla-thunderbird packages fix vulnerability security (Jan 26)
- Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting iNETstore Support (Jan 26)
- [SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities Martin Schulze (Jan 26)
- [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability Stefan Cornelius (Jan 26)
- [security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006 security-alert (Jan 26)
- SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004) Ludwig Nussel (Jan 26)
- HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities h4cky0u . org (Jan 26)
- SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) Marcus Meissner (Jan 26)
- BlackWorm: 2 million infected? ISP notifications. Gadi Evron (Jan 26)
- SamiFTPd buffer overflow admin (Jan 26)
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team (Jan 26)
- [HSC] Multiple transversal bug in vis spher3 (Jan 26)
- [eVuln] AndoNET Blog SQL Injection Vulnerability alex (Jan 26)
- [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat ISecAuditors Security Advisories (Jan 26)
- Windows mem leakage endrazine (Jan 26)
- [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability alex (Jan 26)
- [SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution Martin Schulze (Jan 26)
- [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability Stefan Cornelius (Jan 26)
- Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Gadi Evron (Jan 26)
- Buffer Overflow /Font on mIRC Crowdat Kurobudetsu (Jan 26)
- [SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution Martin Schulze (Jan 26)
- [ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability security (Jan 26)
- [ Rosiello Security ] Eterm-LibAST Advisory angelo (Jan 26)
- iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability labs-no-reply () idefense com (Jan 26)
- BitComet URI Proof of Concept nick58 (Jan 26)
- [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution Martin Schulze (Jan 26)
- [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} Cesar (Jan 27)
- [ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability security (Jan 27)
- hello code . shell (Jan 27)
- [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities security (Jan 27)
- [SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities Martin Schulze (Jan 27)
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] Williams, James K (Jan 27)
- Shareaza P2P Remote Vulnerability Ryan Smith (Jan 27)
- [ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities security (Jan 27)
- Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi (Jan 27)
- The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns) cvh (Jan 28)
- [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi (Jan 28)
- Ege Internet Web Desing Remote Command Exucetion botan (Jan 28)
- Multiple vulnerabilities in CommuniGate Pro Server Evgeny Legerov (Jan 28)
- LibAST 0.7 Release Fixes Security Vulnerability Michael Jennings (Jan 28)
- BlackWorm naming confusing [CME entry now available] Gadi Evron (Jan 29)
- Re: BlackWorm naming confusing [CME entry now available] Jose Nazario (Jan 30)
- [eVuln] Pixelpost Photoblog XSS Vulnerability alex (Jan 29)
- [FLSA-2006:152845] Updated perl packages fix security issues Marc Deslauriers (Jan 29)
- BlackWorm technical information Gadi Evron (Jan 29)
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability Williams, James K (Jan 29)
- [SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting Martin Schulze (Jan 29)
- zbattle.net c_lispfedora (Jan 30)
- Cross Site Cooking Michal Zalewski (Jan 30)
- <Possible follow-ups>
- RE: Cross Site Cooking Michal Zalewski (Jan 30)
- [ GLSA 200601-14 ] LibAST: Privilege escalation Sune Kloppenborg Jeppesen (Jan 30)
- UebiMiau Webmail System Security Vulnerability M.Neset KABAKLI (Jan 30)
- [ GLSA 200601-15 ] Paros: Default administrator password Sune Kloppenborg Jeppesen (Jan 30)
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password Yvan Boily (Jan 30)
- TSLSA-2006-0004 - multi Trustix Security Advisor (Jan 30)
- EasyCMS vulnerable to XSS injection. preben (Jan 30)
- <Possible follow-ups>
- Re: EasyCMS vulnerable to XSS injection. kim (Jan 31)
- [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting Martin Schulze (Jan 30)
- MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) (Jan 30)
- [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl > hessam (Jan 30)
- Arescom NetDSL-1000 DoS atack source framirez (Jan 30)
- Re: Arescom NetDSL-1000 DoS atack source Pim van Riezen (Jan 30)
- Winamp 5.12 - 0day exploit - code execution through playlist Process (Jan 30)
- Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal (Jan 30)
- <Possible follow-ups>
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio (Jan 31)
- sPaiz-Nuke Cross-Site Scripting Vulnerability [at] (Jan 30)
- Nuked-klaN Cross-Site Scripting Vulnerability [at] (Jan 30)
- Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401) orambaldini (Jan 30)
- gnome evolution mail client inline text file DoS issue Mike Davis (Jan 30)
- BlackWorm: statistics and numbers Gadi Evron (Jan 30)
- XSS flaw in MG2 Image Gallery (v.0.5.1) preben (Jan 30)
- MyBB 1.2 Local File Incusion (Jan 30)
- CME-24 (BlackWorm) Users' FAQ Gadi Evron (Jan 30)
- <Possible follow-ups>
- Re: CME-24 (BlackWorm) Users' FAQ Gadi Evron (Jan 30)
- [SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution Martin Schulze (Jan 30)
- Etomite CMS "Backdoored" [at] (Jan 30)
- [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities security (Jan 30)
- Verified evasion in Snort at (Jan 30)
- New worm crawling trough blogs?! blog . worm (Jan 30)
- [ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities security (Jan 30)
- [ GLSA 200601-16 ] MyDNS: Denial of Service Sune Kloppenborg Jeppesen (Jan 30)
- [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Sune Kloppenborg Jeppesen (Jan 30)
- Etomite followup information security curmudgeon (Jan 30)
- Daffodil CRM - vulnerable to SQL-injection. preben (Jan 30)
- BrowserCRM vulnerable for XSS preben (Jan 31)
- Cerberus Helpdesk vulnerable to XSS preben (Jan 31)
- Proof of concept for CommuniGate Pro Server vulnerability Evgeny Legerov (Jan 31)
- MyCO multiple vulnerabilities revnic (Jan 31)
- [SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution Martin Schulze (Jan 31)
- FarsiNews 2.1 PHP Remote File Inclusion h e (Jan 31)
- [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze (Jan 31)
- Nmap 4.00 Released Fyodor (Jan 31)
- Xmame 0.102 local vulnerability proof-of-concept Rafael San Miguel Carrasco (Jan 31)
- [SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze (Jan 31)
- Windows Access Control Demystified sudhakar+bugtraq (Jan 31)