Bugtraq: by thread
564 messages
starting Jul 01 06 and
ending Jul 31 06
Date index |
Thread index |
Author index
- NewsPHP 2006 PRO XSS SQL injection Vulnerability securityconnection (Jul 01)
- News <= 5.2 XSS, SQL Injection, Full Path Disclosure gmdarkfig (Jul 01)
- Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available? 3APA3A (Jul 01)
- phpBB 2.0.21 Full Path Disclosure xzerox (Jul 01)
- Re: PHP security (or the lack thereof) Kevin Waterson (Jul 01)
- <Possible follow-ups>
- Re: PHP security (or the lack thereof) Dan Falconer (Jul 05)
- Re: PHP security (or the lack thereof) Darren Reed (Jul 10)
- RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Schmehl, Paul L (Jul 01)
- Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter (Jul 01)
- Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm (Jul 04)
- Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo (Jul 05)
- Re: Browser bugs hit IE, Firefox today (SANS) 3CO (Jul 12)
- Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm (Jul 04)
- Re: Msie 7.0 beta Crash mike (Jul 01)
- [security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access security-alert (Jul 01)
- [security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert (Jul 01)
- Buddy Zone Version 1.0.1 - XSS luny (Jul 01)
- <Possible follow-ups>
- Re: Buddy Zone Version 1.0.1 - XSS support (Jul 15)
- mAds v1.0 lunY (Jul 01)
- phpMyAdmin : Cross-Site Scripting Vulnerability bug () securitynews ir (Jul 01)
- DEF CON 14: Speakers Selected and more. The Dark Tangent (Jul 01)
- OPERA Web Browser 9 Denial OF Service y3dips (Jul 01)
- Internet Crna Gora SQL Injection Breeeeh (Jul 01)
- SmS Script SQL Injection Breeeeh (Jul 01)
- Sql injection in Diesel joke site script black code (Jul 01)
- SturGeoN Upload v1 Remote Command Execution Exploit gmdarkfig (Jul 01)
- Whitepaper: IT (in)security implementation in a real world example Denis Jedig (Jul 03)
- Php-Fusion (Xss) With Avatar Upload zeberus_ (Jul 03)
- Glossaire<<--v1.7 Remote File Include CrAzY . CrAcKeR (Jul 03)
- call for papers - IT Underground, Italy 2006 it_underground (Jul 03)
- [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure admin (Jul 03)
- WordPress 2.0.3 SQL Error and Full Path Disclosure xzerox (Jul 03)
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure James Davis (Jul 04)
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure Jaroslaw Sajko (Jul 04)
- <Possible follow-ups>
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure zck zck (Jul 12)
- RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman (Jul 13)
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure nate (Jul 15)
- RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman (Jul 13)
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure jholguin (Jul 15)
- plume-cms v1.0.4 Multiple Remote File include KARKOR23 (Jul 03)
- Pearl Products Multiple Remote File Inclusion xzerox (Jul 03)
- free QBoard v1.1 Multiple Remote File include KARKOR23 (Jul 03)
- Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability mac68k (Jul 03)
- Multiple vulnerabilities in TK8 Safe v.3.0.5 clappymonkey (Jul 03)
- popup Vacation Rentals[calendar_year.php] SQL Injection BoNy-m (Jul 03)
- QTOFileManager 1.0 securityconnection (Jul 03)
- Invision Power Board v1.3 Final SQL Injection Breeeeh (Jul 03)
- <Possible follow-ups>
- Re: Invision Power Board v1.3 Final SQL Injection mattmecham (Jul 10)
- Contact for nhl.com C. Hamby (Jul 03)
- Excel 2000/XP/2003 Style 0day POC nanika (Jul 03)
- 5 php scripts remote database password disclosure gmdarkfig (Jul 03)
- Call For Papers - No cON Name 2006 Edition Spain deese (Jul 03)
- [ GLSA 200607-01 ] mpg123: Heap overflow Sune Kloppenborg Jeppesen (Jul 03)
- ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability David Matousek (Jul 03)
- imgsvr dos exploit by n00b co296 (Jul 03)
- TBE 4.0 XSS securityconnection (Jul 03)
- [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection Marc Ruef (Jul 04)
- galleria <= 1.0 Remote File Inclusion Vulnerability ineal (Jul 04)
- <Possible follow-ups>
- Re: galleria <= 1.0 Remote File Inclusion Vulnerability counterpoint (Jul 10)
- [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting Marc Ruef (Jul 04)
- file include exploits in randshop v1.2 black code (Jul 04)
- Re: file include exploits in randshop v1.2 Rainer Duffner (Jul 04)
- PhpWebGallery Cross Site Scripting Vulnerability iss4m . h (Jul 04)
- [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) . myke lyons (Jul 04)
- <Possible follow-ups>
- Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) flockoyd (Jul 08)
- Invision Power Board "v1.X & 2.X" SQL Injection CrAzY . CrAcKeR (Jul 05)
- <Possible follow-ups>
- Re: Invision Power Board "v1.X & 2.X" SQL Injection mattmecham (Jul 10)
- Shopping Cart V0.9 luny (Jul 05)
- Windows Explorer URL File format overflow nanika (Jul 05)
- Re: Windows Explorer URL File format overflow naveed (Jul 10)
- Touch arbitrary file execute vulnerability Alex Park (Jul 05)
- sNews 1.3 XSS SQL securityconnection (Jul 05)
- BLOG:CMS 4.1.0 SQL injection File Include Vulnerability securityconnection (Jul 05)
- [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities security (Jul 05)
- Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Paul Starzetz (Jul 10)
- vBulletin 3.5.4 (install_path) Exploit CarcaBotx (Jul 05)
- <Possible follow-ups>
- Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 (Jul 06)
- Re: vBulletin 3.5.4 (install_path) Exploit scott (Jul 06)
- Re: Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 (Jul 10)
- RE: Re: vBulletin 3.5.4 (install_path) Exploit Robert Marquardt (Jul 15)
- TigerTom Scripts luny (Jul 05)
- [SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution Martin Schulze (Jul 06)
- Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues Moritz Naumann (Jul 06)
- [USN-308-1] shadow vulnerability Martin Pitt (Jul 06)
- [USN-309-1] libmms vulnerability Martin Pitt (Jul 06)
- [USN-310-1] ppp vulnerability Martin Pitt (Jul 06)
- Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio (Jul 07)
- Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) Luigi Auriemma (Jul 07)
- McAfee VirusScan Enterprise 8.0.0 Buffer Overflow johndoe1529 (Jul 07)
- Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 07)
- <Possible follow-ups>
- Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas (Jul 10)
- Re: Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 10)
- Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas (Jul 10)
- Gracenote buffer overflow MNV (Jul 15)
- Re: Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 10)
- Re: Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 10)
- TSLSA-2006-0040 - kernel Trustix Security Advisor (Jul 07)
- WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield (Jul 07)
- Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe (Jul 14)
- Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield (Jul 18)
- <Possible follow-ups>
- RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Web Ex (Jul 10)
- Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe (Jul 14)
- PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A BTO (Jul 07)
- [ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities matdhule (Jul 07)
- ATutor : Cross-Site Scripting Vulnerabilities bug () securitynews ir (Jul 07)
- Possible code execution in Kaillera 0.86 Luigi Auriemma (Jul 07)
- rPSA-2006-0122-1 kernel Justin M. Forbes (Jul 07)
- Re: rPSA-2006-0122-1 kernel Paul Starzetz (Jul 10)
- PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities paisterist . nst (Jul 07)
- Format string bug in Sparklet 0.9.4try3 Luigi Auriemma (Jul 07)
- [ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability security (Jul 07)
- HostingController: An attacker can gain reseller privileges and after that can gain admin privileges Irsdl (Jul 07)
- Sport-slo.net Guestbook v1.0 luny (Jul 07)
- IBM AIX Security contact? Joxean Koret (Jul 07)
- Re: IBM AIX Security contact? Troy Bollinger (Jul 07)
- Pivot <=1.30rc2 privilege escalation / remote commands execution rgod (Jul 07)
- [SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service Martin Schulze (Jul 07)
- lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX (Jul 07)
- ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability zdi-disclosures (Jul 07)
- [ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities security (Jul 08)
- PAPOO <=3RC3 sql injection / admin credentials disclosure rgod (Jul 08)
- [KAPDA::#46] - AjaxPortal Authentication Bypass alireza hassani (Jul 08)
- <Possible follow-ups>
- Re: [KAPDA::#46] - AjaxPortal Authentication Bypass earthquake (Jul 10)
- ATutor 1.5.3 Cross Site Scripting securityconnection (Jul 08)
- <Possible follow-ups>
- Re: ATutor 1.5.3 Cross Site Scripting info (Jul 12)
- Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey (Jul 22)
- RW::Download stats.php Remote File Inc. StorMBoY (Jul 08)
- [ GLSA 200607-03 ] libTIFF: Multiple buffer overflows Sune Kloppenborg Jeppesen (Jul 10)
- Webvizyon Portal 2006 Version SQL Injection StorMBoY (Jul 10)
- Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha (Jul 10)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)
- Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 18)
- Re: Securing PHP or finding PHP alternatives Sheryl Coppenger (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 22)
- Re: Securing PHP or finding PHP alternatives Michael Cordover (Jul 22)
- Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)
- Re: Securing PHP or finding PHP alternatives Michael Shigorin (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)
- Graffiti Forums v1.0 SQL Injection Vulnerabilities paisterist . nst (Jul 10)
- [ GLSA 200607-04 ] PostgreSQL: SQL injection Sune Kloppenborg Jeppesen (Jul 10)
- MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download StorMBoY (Jul 10)
- LAMP vs Microsoft Darren Reed (Jul 10)
- Re: LAMP vs Microsoft Jarrod Frates (Jul 10)
- Re: LAMP vs Microsoft Bob Beck (Jul 10)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 15)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 18)
- Re: LAMP vs Microsoft Darren Reed (Jul 22)
- Re: LAMP vs Microsoft George Capehart (Jul 18)
- Re: LAMP vs Microsoft Darren Reed (Jul 18)
- Re: LAMP vs Microsoft Hugo van der Kooij (Jul 18)
- Re: LAMP vs Microsoft Joel Maslak (Jul 15)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- <Possible follow-ups>
- Re: LAMP vs Microsoft Steven M. Christey (Jul 12)
- Re: RE: Invision Vulnerabilities, including remote code execution mattmecham (Jul 10)
- ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) mozilla (Jul 10)
- Message not available
- <Possible follow-ups>
- RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 15)
- <Possible follow-ups>
- Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales (Jul 22)
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella (Jul 15)
- <Possible follow-ups>
- RE: Old vulnerable sotwares collection John Rigali (Jul 12)
- Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter (Jul 12)
- Message not available
- <Possible follow-ups>
- Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. amelie (Jul 12)
- <Possible follow-ups>
- Re: Photocycle v1.0 - XSS securityfocus (Jul 14)
- <Possible follow-ups>
- Re: phpbb 3.x sql injection (with global moderator rights) bugtraq (Jul 15)
- Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Caveo Internet BV - Security (Jul 14)
- Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Hugo van der Kooij (Jul 14)
- Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michael Shigorin (Jul 15)
- Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Lukasz Trabinski (Jul 15)
- Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michal Zalewski (Jul 18)
- Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 17)
- <Possible follow-ups>
- RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich (Jul 17)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)
- Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 19)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)
- <Possible follow-ups>
- Re: crashing firefox <= 1.5.0.4 bugtraq (Jul 18)
- Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 18)
- RE: XSS phpBB 2.0.21 in administration David Thomson (Jul 22)
- Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 22)
- Message not available
- Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 22)
- RE: XSS phpBB 2.0.21 in administration David Thomson (Jul 22)
- Re: Phorum 5.1.14 XSS SQL injection Vulnerability Maurice Makaay (Jul 17)
- <Possible follow-ups>
- Re: SubberZ[Lite] - Remote File Include the . jalal (Jul 22)
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul dansing (Jul 18)
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection str0ke (Jul 18)
- <Possible follow-ups>
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection mattmecham (Jul 18)
- Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul14075 (Jul 18)
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow scott (Jul 22)
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow solutions_PHP (Jul 31)
- <Possible follow-ups>
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow kala_z (Jul 22)
- <Possible follow-ups>
- RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes (Jul 22)
- RE: $100 plus several of my books if you can crack my Windows password hashes. Michael Scheidell (Jul 22)
- RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes (Jul 22)
- <Possible follow-ups>
- Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities matdhule (Jul 22)
- <Possible follow-ups>
- Re: osDate 1.1.7 multiple vulnerabilities binary . loc (Jul 19)
- Re: New PowerPoint Trojan installs itself as LSP Mike Healan (Jul 22)
- <Possible follow-ups>
- Re: AFCommerce Shopping Cart contact (Jul 22)
- <Possible follow-ups>
- Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin (Jul 22)
- Re: Samba Internal Data Structures DOS Vulnerability Exploit Gerald (Jerry) Carter (Jul 22)
- <Possible follow-ups>
- Re: Low security hole affecting IPCalc's CGI wrapper krischan (Jul 27)
- <Possible follow-ups>
- Re: new shell bypass safe mode cxib (Jul 26)
- Re: [ GLSA 200607-08 ] GIMP: Buffer overflow Michael Shigorin (Jul 24)
- Re: Check Point R55W Directory Traversal Hugo van der Kooij (Jul 31)
- <Possible follow-ups>
- Re: Check Point R55W Directory Traversal dave_kwek (Jul 28)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) (Jul 26)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO (Jul 27)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) (Jul 27)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO (Jul 27)
- <Possible follow-ups>
- Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert (Jul 27)
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris (Jul 29)
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky (Jul 31)
- Re: Bypassing Oracle dbms_assert David Litchfield (Jul 28)
- RE: Bypassing Oracle dbms_assert Alexander Kornbrust (Jul 28)
- Re: Bypassing Oracle dbms_assert David Litchfield (Jul 28)
- RE: Bypassing Oracle dbms_assert Alexander Kornbrust (Jul 28)
- <Possible follow-ups>
- Re: Xss in MttKe-php v2.6 Steven M. Christey (Jul 31)
- <Possible follow-ups>
- Oracle 10g R2 and, probably, all previous versions Russell Lowenthal (Jul 28)
- <Possible follow-ups>
- Re: Portail PHP v1.7 Remote File Include x0r0n (Jul 31)
- Re: cpanel login problem nate (Jul 29)
- Re: cpanel login problem Scott Gemma (Jul 31)
- RE: cpanel login problem Alan (Jul 31)
- RE: cpanel login problem Bugs (Jul 31)
- Re: cpanel login problem Scott Gemma (Jul 31)
- <Possible follow-ups>
- Re: cpanel login problem usar_y_tirar (Jul 31)
- <Possible follow-ups>
- Re: PHP ip2long() function circumvention darylf (Jul 31)
- <Possible follow-ups>
- Re: Gdiplus.dll division by 0 Early Warning Team (Jul 31)