Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
492 messages
starting Apr 02 07 and
ending Apr 30 07
Date index |
Thread index |
Author index
Monday, 02 April
Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC vaughan . montgomery
2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability BorN To K!LL BorN To K!LL
MS announces out-of-band patch for ANI 0day Gadi Evron
[ GLSA 200703-27 ] Squid: Denial of Service Raphael Marichez
[SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution Noah Meyerhans
[security bulletin] HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Access security-alert
[ GLSA 200703-28 ] CUPS: Denial of Service Raphael Marichez
Re: Drake CMS v0.3.2 < = RFi Vulnerabilities legolas558
DirectAdmin persistant XSS [takeover an Administrator`s account] Kanedaaa Bohater
Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research
Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) Pavel Kankovsky
0day Oracle 10g exploit - dbms_aq.enqueue - become DBA Andrea "bunker" Purificato
Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch) jamikazu
Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability mufti . rizal
iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities iDefense Labs
More information on ZERT patch for ANI 0day Gadi Evron
WOVB #01: Bypassing Vista Firewall, Flying over obstructive line TWOVB Team
Re: AIX 4.3 lsmcode local root command execution Shiva Persaud
APOP vulnerability Gaëtan LEURENT
iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability iDefense Labs
Re: Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability jasus
Re: Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability str0ke
[CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007 rd
[ GLSA 200704-01 ] Asterisk: Two SIP Denial of Service vulnerabilities Sune Kloppenborg Jeppesen
iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities iDefense Labs
Tuesday, 03 April
[SECURITY] [DSA 1275-1] New zope2.7 packages fix cross-site scripting flaw Noah Meyerhans
TWOVB][ The Week Of Vista Bugs: the truth is out there TWOVB Team
Re: Exploiting Microsoft dynamic Dns updates Denis Jedig
Re: APOP vulnerability 3APA3A
[MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue SecurityAudit
MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit gmdarkfig
Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA Andrea "bunker" Purificato
Remote File Include In Script stat12 RaeD
Re: APOP vulnerability Gaëtan LEURENT
Re[2]: APOP vulnerability 3APA3A
Re: [Full-disclosure] More information on ZERT patch for ANI 0day Matthew Murphy
Re: More information on ZERT patch for ANI 0day Stefan Kelm
MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] Tom Yu
MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] Tom Yu
FLEA-2007-0006-2: ImageMagick Foresight Linux Essential Announcement Service
iDefense Security Advisory 04.03.07: Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability iDefense Labs
Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA Gadi Evron
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] Tom Yu
Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA Andrea Purificato - bunker
Re: More information on ZERT patch for ANI 0day Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: On-going Internet Emergency and Domain Names Bob Fiero
iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability iDefense Labs
FLEA-2007-0007-1: nas Foresight Linux Essential Announcement Service
ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow zdi-disclosures
FLEA-2007-0006-1: ImageMagick Foresight Linux Essential Announcement Service
[SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities Moritz Muehlenhoff
[ GLSA 200704-02 ] MIT Kerberos 5: Arbitrary remote code execution Sune Kloppenborg Jeppesen
Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation Jim Hoagland
Wednesday, 04 April
[ GLSA 200704-05 ] zziplib: Buffer Overflow Raphael Marichez
[ MDKSA-2007:075 ] - Updated qt4 packages to address utf8 decoder bug security
iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability iDefense Labs
[ GLSA 200704-03 ] OpenAFS: Privilege escalation Raphael Marichez
Three New Papers on Oracle Forensics David Litchfield
rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements
CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure CYBSEC Advisories
iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability iDefense Labs
CYBSEC Security Pre-Advisory: SAP RFC_START_PROGRAM RFC Function Multiple Vulnerabilities CYBSEC Advisories
CYBSEC Security Pre-Advisory: SAP RFC_START_GUI RFC Function Buffer Overflow CYBSEC Advisories
lite-cms-0.2.1 Remote File Include Vulnerabilities the_3dit0r
CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow CYBSEC Advisories
[USN-449-1] krb5 vulnerabilities Kees Cook
CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service CYBSEC Advisories
CYBSEC Release: SAP Security - Paper & Tool release Mariano Nuñez Di Croce
rPSA-2007-0064-1 ImageMagick rPath Update Announcements
[MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues Securityaudit
[ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug security
Remot File Include In phpexplorator_2_0 RaeD
[USN-448-1] X.org vulnerabilities Kees Cook
iXon_CMS 0.30 Remote File Include Vulnerabilities the_3dit0r
rPSA-2007-0067-1 nas rPath Update Announcements
K-CMS v1.0 Remote File Include Vulnerabilities the_3dit0r
rPSA-2007-0066-1 kdelibs qt-x11-free rPath Update Announcements
Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy the_3dit0r
phpechocms v.2 Cross-Site Scripting Vulnerabilitiy the_3dit0r
iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability iDefense Labs
phpechocms2 Remote File Include Vulnerabilities the_3dit0r
rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements
MyBlog: PHP and MySQL Blog/CMS software Cross-Site Scripting Vulnerabilitiy the_3dit0r
MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy the_3dit0r
[ MDKSA-2007:076 ] - Updated kdelibs packages to address UTF8 issue in KJS security
Mozilla Firefox Insecure Element Stealth Injection Vulnerability Michal Majchrowicz
Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) Marco Ivaldi
rPSA-2007-0062-1 firefox rPath Update Announcements
High Risk Vulnerability in OpenOffice NGSSoftware Insight Security Research
Several Windows image viewers vulnerabilities Ivan Fratric
Re: More information on ZERT patch for ANI 0day Jason Frisvold
Re: More information on ZERT patch for ANI 0day Jason Frisvold
Re: More information on ZERT patch for ANI 0day Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[SECURITY] [DSA 1277-1] New XMMS packages fix arbitrary code execution Noah Meyerhans
Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection r00t-balance
[ MDKSA-2007:077 ] - Updated krb5 packages fix vulnerabilities security
Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug pdp (architect)
VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates VMware Security team
[ MDKSA-2007:078 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Thursday, 05 April
[ MDKSA-2007:079 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security
Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug Daniel Veditz
LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589 Chris Travers
[ MDKSA-2007:080 ] - Updated tightvnc packages fix integer overflow vulnerabilities security
[ MDKSA-2007:081 ] - Updated freetype2 packages fix vulnerability security
iDefense Security Advisory 04.04.07: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability iDefense Labs
iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability iDefense Labs
Microsoft .NET request filtering bypass vulnerability (BID 20753) research
iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability iDefense Labs
FLEA-2007-0008-1: krb5 Foresight Linux Essential Announcement Service
FLEA-2007-0009-1: xorg-x11 freetype Foresight Linux Essential Announcement Service
Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service UniquE
FLEA-2007-0010-1: evolution Foresight Linux Essential Announcement Service
[security bulletin] HPSBUX02204 SSRT071341 rev.1 - HP-UX Running CIFS Server (Samba), Remote Denial of Service (DoS) security-alert
Friday, 06 April
Re: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug Thor Larholm
Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation Jim Hoagland
ACLS ineffective in SQL-Ledger and LedgerSMB Chris Travers
ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity zdi-disclosures
phpContact Multiple Remote File Inclusion Vulnerabilities rko . thelegendkiller
[MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue Securityaudit
ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability zdi-disclosures
[MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue Securityaudit
[MajorSecurity Advisory #41]onelook courts online - Session fixation Issue Securityaudit
livor 2.5 Cross-Site Scripting Vulnerability rko . thelegendkiller
AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) Piotr Bania
AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption Piotr Bania
AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption Piotr Bania
[SECURITY] [DSA 1278-1] New man-db packages fix arbitrary code execution Noah Meyerhans
LayerOne 2007 - Speaker Line up Announced Layer One
Saturday, 07 April
[ GLSA 200704-06 ] Evince: Stack overflow in included gv code Raphael Marichez
[ GLSA 200704-07 ] libwpd: Multiple vulnerabilities Raphael Marichez
PHP <= 5.2.1 wbmp file handling integer overflow Ivan Fratric
[MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues Securityaudit
Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation GomoR
CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit ajannhwt
witshare 0.9 Remote File Include Vulnerabilitiy the_3dit0r
Monday, 09 April
UBB.threads (<= 6.1.1) SQL Injection Vulnerability john
Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit k4rtal
Take Control In Script Jeebles Directory RaeD
Gsylvain35 Portail Web Remote File Include Vulnerabilities the_3dit0r
phpMyAdmin 2.6.1 Local Cross Site Scripting the_3dit0r
Remot File Include In Script Lore v1 RaeD
DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability john
Request It : Song Request System 1.0b - remote file inclusion mail
QuizShock 1.6.1 - Cross-Site Scripting Vulnerability john
Mybb Hot Editor Plugin Local File Inclusion liz0
Hot Editor v4.0 Local File Inclusion liz0
Re: Mybb Hot Editor Plugin Local File Inclusion Kevin Finisterre (lists)
xodagallery Remote Code Execution Vulnerability the_3dit0r
rPSA-2007-0070-1 openoffice.org rPath Update Announcements
Re: Re: Mybb Hot Editor Plugin Local File Inclusion liz0
iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability iDefense Labs
Tuesday, 10 April
[USN-450-1] ipsec-tools vulnerability Kees Cook
phpGalleryScript 1.0 - File Inclusion Vulnerabilities z12xxa
DEF CON One Five CfP in effect! The Dark Tangent
EEYE: Windows VDM Zero Page Race Condition Privilege Escalation eEye Advisories
EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation eEye Advisories
PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities seko
Secunia Research: Microsoft Agent URL Parsing Memory Corruption Vulnerability Secunia Research
iDefense Security Advisory 04.10.07: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability iDefense Labs
[ MDKSA-2007:077-1 ] - Updated krb5 packages fix vulnerabilities security
Re: vbulletin admincp sql injection rjmjr69
[ MDKSA-2007:081-1 ] - Updated freetype2 packages fix vulnerability security
Wednesday, 11 April
[USN-451-1] Linux kernel vulnerabilities Kees Cook
webMethods Glue Management Console Directory Traversal Patrick Webster
[ MDKSA-2007:080-1 ] - Updated tightvnc packages fix integer overflow vulnerabilities security
nEw Bug :D asdasd asdsadas
pL-PHP beta 0.9 - Multiple Vulnerabilities omnipresent
New bug :) asdasd asdsadas
[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue admin
CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability john
Cosign SSO Authentication Bypass Jon Oberheide
Re: On-going Internet Emergency and Domain Names Alexander Klimov
Re: Latinchat Denial Of Service d4rksoft
PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory) gmdarkfig
PunBB <= 1.2.14 Remote Code Execution (Exploit) gmdarkfig
Steganos Encrypted Safe NOT so safe frankrizzo604
[ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security
[ MDKSA-2007:083 ] - Updated apache-mod_perl packages fix DoS vulnerability security
[ MDKSA-2007:075-1 ] - Updated qt4 packages to address utf8 decoder bug security
iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities iDefense Labs
[ MDKSA-2007:082 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security
Thursday, 12 April
E107 - (v0.7.8) Access Escalation Vulnerbility - PoC jd2k2000
HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) security-alert
CVE-2007-1871: Cross site scripting in chcounter 3.1.3 Hanno Böck
INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows infocus
CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3 Hanno Böck
Critical phpwiki c99shell exploit rurban
[security bulletin] HPSBST02206 SSRT071354 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-014 security-alert
[security bulletin] HPSBUX01137 SSRT5954 rev.9 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS) security-alert
[ GLSA 200704-08 ] DokuWiki: Cross-site scripting vulnerability Matthias Geerdsen
[security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution security-alert
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System Cisco Systems Product Security Incident Response Team
Re: Critical phpwiki c99shell exploit Gadi Evron
Re: Critical phpwiki c99shell exploit Jamie Riden
Cross site scripting in mephisto 0.7.3 Hanno Böck
[security bulletin] HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege security-alert
TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy the_3dit0r
phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites the_3dit0r
Chatness <= 2.5.3 - Arbitrary Code Execution jd2k2000
Re: Cross site scripting in mephisto 0.7.3 encytemedia
RE: Critical phpwiki c99shell exploit Ryan Neufeld
FAC GuestBook v2.0 remote database disclosure vulnerability the_3dit0r
Aircrack-ng (airodump-ng) remote buffer overflow vulnerability jonny
iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability iDefense Labs
[USN-452-1] KDE library vulnerability Kees Cook
Friday, 13 April
[Argeniss] Hacking Databases for owning your data (paper) Cesar
[OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed Matteo Beccati
[OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed Matteo Beccati
[MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue admin
[waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke come2waraxe
TSRT-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability TSRT
Vbulletin 3.6.5 Sql Injection ! [misc.php] seko
Saturday, 14 April
bloofoxCMS 0.2.2 Cross Site Scripting the_3dit0r
Re: Vbulletin 3.6.5 Sql Injection ! [misc.php] scott-REMOVE
VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit meftun
Re: Steganos Encrypted Safe NOT so safe Andreas Beck
Back-End CMS Database Tables v0.4.7 Cross Site Scripting the_3dit0r
MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities the_3dit0r
Maian Search v1.1 k4rtal
FloweRS v2.0 Cross Site Scripting the_3dit0r
Maian Gallery v1.0 k4rtal
B2evolution 1.6 RFi k4rtal
MySpeach v1.9 k4rtal
Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities the_3dit0r
Flip-search-add-on 2.0 k4rtal
Maian Weblog v3.1 k4rtal
bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy the_3dit0r
phpMyChat-0.14.5 k4rtal
Monday, 16 April
Re: VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit str0ke
Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability irvian_yoe
Re: sitex multiple vulnerabilities Lostmon
Re: Maian Gallery v1.0 support
Re: Maian Search v1.1 support
Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities ?? ???? ??????
[ GLSA 200704-09 ] xine-lib: Heap-based buffer overflow Raphael Marichez
Re: [exploits] RPC vuln in DNS Server (fwd) Gadi Evron
LS simple guestbook - arbitrary code execution jd2k2000
Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. crazy_king
[MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue admin
ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research
ActionPoll Script (actionpoll.php) Remote File Include // starhack.org seko
MyBlog <= 0.9.8 Remote Command Execution Exploit BlackHawk
Re: phpMyChat-0.14.5 stuart_smith
Microsoft DNS Server Remote Code execution: Analysis and exploit mballano
Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki
Re: Critical phpwiki c99shell exploit Taneli Leppä
[ GLSA 200704-10 ] Inkscape: Two format string vulnerabilities Matthias Geerdsen
Persistent CSRF and The Hotlink Hell pdp (architect)
iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability iDefense Labs
Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit seko
[ GLSA 200704-11 ] Vixie Cron: Denial of Service Matthias Geerdsen
rPSA-2007-0071-1 kernel rPath Update Announcements
Akamai Technologies Security Advisory 2007-0001 Akamai Security Team
[ MDKSA-2007:086 ] - Updated cups packages fix DoS vulnerability security
[ MDKSA-2007:084 ] - Updated ipsec-tools packages fix DoS vulnerability security
[ MDKSA-2007:085 ] - Updated freeradius packages fix DoS vulnerability security
[ GLSA 200704-12 ] OpenOffice.org: Multiple vulnerabilities Raphael Marichez
Tuesday, 17 April
iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability iDefense Labs
Netsprint Toolbar 1.1 arbitrary remote code vulnerability Michal Bucko
PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities programmer
Remot File Include In Script phphd_downloads RaeD
Remot File Include download_engine_V1.4.3 RaeD
Wabbit PHP Gallery v0.9 Cross Site Scripting the_3dit0r
my little weblog Cross Site Scripting the_3dit0r
my little forum 1.7 Remote File Include Vulnerabilitiy the_3dit0r
Re: [Full-disclosure] [WEB SECURITY] Persistent CSRF and The Hotlink Hell Blue Boar
RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes
Re: [WEB SECURITY] Persistent CSRF and The Hotlink Hell Ryan Barnett
Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability Michal Zalewski
webMethods Security Advisory: Glue console directory traversal vu lnerability Jeremy Epstein
RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes
Re: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy info
Internet Explorer Crash J. Oquendo
[security bulletin] HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS) security-alert
Multiple Ask IE Toolbar denial of service vulnerabilities Michal Bucko
Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing 3APA3A
Gizzar <= (basePath) Remote File Include Vulnerability BorN To K!LL BorN To K!LL
BlueArc Firmware 4.2.944b FTP bounce Tim Rupp
SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass research
Re: Internet Explorer Crash The Anarcat
Re: [Full-disclosure] Cross Domain XMLHttpRequest ascii
ShoutPro 1.5.2 - arbitrary code execution jd2k2000
Re: Internet Explorer Crash Thor (Hammer of God)
WASC-Articles: 'The Importance of Application Classification in Secure Application Development' contact
Re: [Full-disclosure] A Botted Fortune 500 a Day Steven Adair
n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability security
Re: [Full-disclosure] A Botted Fortune 500 a Day Jamie Riden
Re: [Full-disclosure] A Botted Fortune 500 a Day Steven Adair
Re: [Full-disclosure] A Botted Fortune 500 a Day Jamie Riden
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim
Re: [Full-disclosure] A Botted Fortune 500 a Day Simon Smith
Mambo/Joomla Component New Article Component RFI meftun
Cross Domain XMLHttpRequest Michal Majchrowicz
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki
Wednesday, 18 April
[ GLSA 200704-14 ] FreeRADIUS: Denial of Service Raphael Marichez
Re: Internet Explorer Crash Mike Ely
NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections programmer
Advisory: Bypass Oracle Logon Trigger ak
iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow iDefense Labs
Advisory: SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL ak
Advisory: XSS Vulnerability in Oracle Secure Enterprise Search [SES01] ak
Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks Praburaajan
Advisory: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] ak
iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability iDefense Labs
[ GLSA 200704-13 ] File: Denial of Service Raphael Marichez
Analysis of the Oracle April 2007 Critical Patch Update David Litchfield
rPSA-2007-0072-1 lighttpd rPath Update Announcements
rPSA-2007-0073-1 php php-mysql php-pgsql rPath Update Announcements
[ GLSA 200704-15 ] MadWifi: Multiple vulnerabilities Raphael Marichez
rPSA-2007-0074-1 dovecot rPath Update Announcements
MediaBeez Sql query Execution .. Wear isn't ?? :) security
Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL Team SHATTER
Re: Internet Explorer Crash Tom Gregory
FullyModdedphpBB2 Remote File Inclusion security
Re: [Full-disclosure] A Botted Fortune 500 a Day Nick FitzGerald
Extreme PHPBB2 Remote File Inclusion security
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki
EclipseBB Remote File Inclusion security
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Bojan Zdrnja
Re: Linksys WAG200G - Information disclosure no-mail
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim
[security bulletin] HPSBST02206 SSRT071354 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-017 security-alert
Re: Internet Explorer Crash elflord91
Re: Internet Explorer Crash Thor (Hammer of God)
RE: Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes
Re: [funsec] Re: [Full-disclosure] A Botted Fortune 500 a Day Fergie
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Matthew Dixon Cowles
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities john
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability zdi-disclosures
ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability zdi-disclosures
ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability zdi-disclosures
ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability zdi-disclosures
Re: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities Paul Laudanski
Re: Internet Explorer Crash Rob Bartlett
ZDI-07-019: BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability zdi-disclosures
ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability zdi-disclosures
Advisory: SQL Injection in package SYS.DBMS_AQADM_SYS ak
RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes
Thursday, 19 April
RE: Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Oliver Friedrichs
[USN-453-1] X.org vulnerability Kees Cook
Re: Internet Explorer Crash Kevin Finisterre (lists)
[ MDKSA-2007:087 ] - Updated php packages fix multiple vulnerabilities security
[ MDKSA-2007:088 ] - Updated php packages fix multiple vulnerabilities security
[ MDKSA-2007:089 ] - Updated php packages fix multiple vulnerabilities security
CfP Hack.lu 2007 info
Re: ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability rashbi
IPB (Invision Power Board) Full Path Disclusure security
[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20 come2waraxe
Winamp <= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY) UniquE
RaidenFTPd IXceedCompression multiple denial of service vulnerabilities Michal Bucko
Re: Internet Explorer Crash simone colombo
Re: Internet Explorer Crash Dave Walker
Yet another SQL injection framework Guillermo Marro
[security bulletin] HPSBMA02133 SSRT061201 rev.4 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert
[ MDKSA-2007:090 ] - Updated php packages fix multiple vulnerabilities security
[ MDKSA-2007:091 ] - Updated sqlite packages fix vulnerability security
[security bulletin] HPSBST02208 SSRT071365 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-018 to MS07-022 security-alert
Re: Internet Explorer Crash C. Bergström
Friday, 20 April
NeatUpload vulnerability and fix dean
ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability zdi-disclosures
Re: Yet another SQL injection framework (file corruption) Guillermo Marro
Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org seko
Re: Yet another SQL injection framework Nick Boyce
TSLSA-2007-0013 - multi Trustix Security Advisor
iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability iDefense Labs
FLEA-2007-0011-1: lighttpd Foresight Linux Essential Announcement Service
UseBB Version 1.0.4 Path Disclosure Vulnerability securityresearch
Saturday, 21 April
Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org seko
turbolence core 0.0.1 alpha Remote File Inclusion omnipresent
Re: Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org str0ke
WS_FTP Home 2007 NetscapeFTPHandler denial of service Michal Bucko
Monday, 23 April
Allfaclassfieds (level2.php dir) remote file inclusion asdasd asdsadas
Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service sapheal
[ GLSA 200704-17 ] 3proxy: Buffer overflow Raphael Marichez
[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation Reversemode
claroline <= Multiple Remote File Include Vulnerablitiy Mohandko
lms 1.5.3 Remote File Inclusion InyeXion
EsForum <= 3.0 SQL Injection Vulnerability ilkerkandemir
PHPMyBibli <= Multiple Remote File Include Mohandko
[ GLSA 200704-16 ] Aircrack-ng: Remote execution of arbitrary code Raphael Marichez
File117 Remote File Inclusion InyeXion
Ripe Website Manager (<= 0.8.4) - SQL Injection Vulnerability and Cross-Site Scripting Exploit john
[SECURITY] [DSA 1279-1] New webcalendar packages fix cross-site scripting Moritz Muehlenhoff
c-arbre <= Multiple Remote File Include Vulnerablitiy Mohandko
[ GLSA 200704-18 ] Courier-IMAP: Remote execution of arbitrary code Raphael Marichez
Remote file inclusion in Joomla 1.5.0 Beta Omid
FLEA-2007-0013-1: xine-lib Foresight Linux Essential Announcement Service
bibtex mase Remote File Inclusion InyeXion
FLEA-2007-0012-1: madwifi Foresight Linux Essential Announcement Service
WASC-Articles: 'The business case for security frameworks' announcements
Big Blue Guestbook HTML Injection Vulnerabilities seko
3proxy 0.5.3i bugfix release Vladimir Dubrovin
TJSChat Version 0.95 Cross Site Scripting the_3dit0r
[ MDKSA-2007:092 ] - Updated freeradius packages fix vulnerability security
[ GLSA 200704-19 ] Blender: User-assisted remote execution of arbitrary code Raphael Marichez
[security bulletin] HPSBUX02183 SSRT061243 rev.1 - HP-UX sendmail, Remote Denial of Service (DoS) security-alert
[ MDKSA-2007:093 ] - Updated zziplib packages fix vulnerability security
RE: Yet another SQL injection framework Greg Merideth
[ GLSA 200704-20 ] NAS: Multiple vulnerabilities Raphael Marichez
acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy Mohandko
DmCMS Shell Uploading security
phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit john
Post Revolution Remote File Inclusion InyeXion
Tuesday, 24 April
rPSA-2007-0081-1 postgresql postgresql-server rPath Update Announcements
[ GLSA 200704-21 ] ClamAV: Multiple vulnerabilities Matthias Geerdsen
YA Book 0.98 Persistent XSS omnipresent
gallery >> 1.5.6 Remote File Inclusion s433d_only_linux
Re: claroline <= Multiple Remote File Include Vulnerablitiy BlackHawk
ImageProcessing ... Local (Denial of Service Exploit) Dr . Ninux
Re: gallery >> 1.5.6 Remote File Inclusion the . tiger100
Security Advisory: CA CleverPath SQL Injection Irene Abezgauz
Re: gallery >> 1.5.6 Remote File Inclusion Chris Kelly
[security bulletin] HPSBST02200 SSRT071330 rev.1 - HP StorageWorks Command View Advanced Edition for XP, Local Unauthorized Access security-alert
Progress Webspeed exploit for all releases suresync
[MajorSecurity Advisory #46]Plogger - Session fixation Issue admin
[SECURITY] [DSA 1280-1] New aircrack-ng packages fix arbitrary code execution Moritz Muehlenhoff
3Com's TippingPoint Denial of Service mike20061005
Re: ImageProcessing ... Local (Denial of Service Exploit) Tim Newsham
dcp-portal v611 >> RFi s433d_only_linux
ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities zdi-disclosures
Re: 3Com's TippingPoint Denial of Service Simple Nomad
Wednesday, 25 April
Cisco Security Advisory: Default Passwords in NetFlow Collection Engine Cisco Systems Product Security Incident Response Team
MyNewsGroups >> RFI in include.php alijsb
HYIP Manager Pro Script >> Remote file Include alijsb
WordPress v2.1.3 >> remote file include~ s433d_only_linux
HTMLeditbox & 2.2 >> RFI alijsb
netbingo v 2000 >> RFI alijsb
DynaTracker &v151>> RFI alijsb
phpMYTGP v v1.4b >> RFI alijsb
[SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff
sunshop v4 >> RFI info
Shop-Script v 2.0 >> RFI alijsb
adrevenue script (CyKuH.com)>> RFI alijsb
B2 Weblog and News Publishing Tool v0.6.1 >> RFI alijsb
Searchactivity >> RFI alijsb
Built2Go_PHP_Link_Portal_v1.79 >> RFI alijsb
comus 2.0 Final >> RFI alijsb
Re: 3Com's TippingPoint Denial of Service Steven M. Christey
blogsystem 1.4 >> local & remote = -rfi & lfi & -xss info
ASA-2007-010: Two stack buffer overflows in SIP channel's T.38 SDP parsing code Kevin P. Fleming
nucleus 3.22 >> RFI alijsb
ASA-2007-011: Multiple problems in SIP channel parser handling response codes Kevin P. Fleming
download engine V1.4.1 >> RFI (local) alijsb
Re: 3Com's TippingPoint Denial of Service Secure
CFP: 3rd European Conference on Computer Network Defense (EC2ND) Stefano Zanero
Remote File Inclusion s433d_only_linux
VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include s433d_only_linux
IE 7 and Firefox Browsers Digest Authentication Request Splitting Stefano Di Paola
ASA-2007-012: Remote Crash Vulnerability in Manager Interface Kevin P. Fleming
:doruk100net >> RFI alijsb
Thursday, 26 April
[CAID 35277]: CA CleverPath Portal SQL Injection Vulnerability Williams, James K
[USN-453-2] rdesktop regression Martin Pitt
[ MDKSA-2007:094 ] - Updated postgresql packages fix vulnerability security
[CAID 35198, 35276]: CA BrightStor ARCserve Backup Media Server Vulnerabilities Williams, James K
modbuild >> 4.1 Remote File Inclusion s433d_only_linux
Re: WordPress v2.1.3 >> remote file include~ otto
SineCMS nexus
Re: Chicken of the VNC 2.0 remote DoS support
Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability dj_remix_20
Re: Steganos Encrypted Safe NOT so safe support
[SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities Moritz Muehlenhoff
iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability iDefense Labs
Friday, 27 April
TSLSA-2007-0015 - postgresql Trustix Security Advisor
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 FreeBSD Security Advisories
[USN-455-1] PHP vulnerabilities Martin Pitt
[USN-454-1] PostgreSQL vulnerability Martin Pitt
iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability iDefense Labs
Security Concerns in Web 2.0 dharmeshmm
AFFLIB(TM): Time-of-Check-Time-of-Use File Race VSR Advisories
AFFLIB(TM): Multiple Buffer Overflows VSR Advisories
AFFLIB(TM): Multiple Format String Injections VSR Advisories
AFFLIB(TM): Multiple Shell Metacharacter Injections VSR Advisories
[ GLSA 200704-23 ] capi4k-utils: Buffer overflow Raphael Marichez
[ GLSA 200704-22 ] BEAST: Denial of Service Raphael Marichez
Saturday, 28 April
Sphider Version 1.2.x (include_dir) file include 1one1
Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability ilkerkandemir
Monday, 30 April
Re: please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB" Tim
Flaw in about.r OS and Progress version disclosure suresync
please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB" Simson Garfinkel
[SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff
GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability crazy_king
[security bulletin] HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges security-alert
3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow exploits. v9
Re: GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability Jamie Riden
iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability iDefense Labs
Re: Sphider Version 1.2.x (include_dir) file include ijoo . keren
FLEA-2007-0014-1: vim Foresight Linux Essential Announcement Service
FLEA-2007-0015-1: gimp Foresight Linux Essential Announcement Service
E-Annu (home.php) Remote SQL Injection Vulnerability ilkerkandemir