Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
453 messages
starting Oct 01 07 and
ending Oct 31 07
Date index |
Thread index |
Author index
Monday, 01 October
Affiliate Network Pro Multiple Input Validation and Local file inclusion hack2prison
RE: feedreader3 has XSS vulnerability avivra
ASP Product catalog SQL injection vulnerability joseph . giron13
[ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities Raphael Marichez
eGov Content Manager Cross Site Scripting Vulrnability DoZ
Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow snagg
ASP-CMS version 1 default password location. joseph . giron13
CheckPoint Secure Platform Multiple Buffer Overflows hvazquez
New Advisory: X-script GuestBook m2x
smbftpd 0.96 format string vulnerability Jerry Illikainen
Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9 Luigi Auriemma
Unexploitable buffer-overflow in America's Army 2.8.2 through PB Luigi Auriemma
Format string in the Doom 3 engine through PB Luigi Auriemma
Format string in F.E.A.R. 1.08 through PB Luigi Auriemma
Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion str0ke
ClubHack - CFP closing by 15th October 2007 `ClubHack `
Immunity Debugger v1.2 Release Nicolas Waisman
phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion h3llcode
[ MDKSA-2007:191 ] - Updated libsndfile packages fix vulnerability security
Tuesday, 02 October
[ MDKSA-2007:192 ] - Updated mplayer packages fix vulnerability security
[SECURITY] [DSA 1365-3] New id3lib3.8.3 packages fix denial of service dann frazier
Re: CheckPoint Secure Platform Multiple Buffer Overflows hvazquez
WifiZoo v1.2 release Hernan Ochoa
Original Photo Gallery Remote Command Execution ascii
Re: dvddb-0.6 media sql-inj. vuln. james
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution Noah Meyerhans
TPTI-07-16: CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities TSRT
TPTI-07-17: CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities TSRT
Wednesday, 03 October
iDefense Security Advisory 10.02.07: Multiple Vendor X Font Server Multiple Vulnerabilities iDefense Labs
rPSA-2007-0203-1 rmake rmake-proxy rmake-repos rPath Update Announcements
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure Steve Kemp
[SECURITY] [DSA 1381-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
FLEA-2007-0057-1 pidgin Foresight Linux Essential Announcement Service
[SECURITY] [DSA 1379-1] New quagga packages fix denial of service Steve Kemp
iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability iDefense Labs
RE: CheckPoint Secure Platform Multiple Buffer Overflows Tony Reusser
0day: mIRC pwns Windows jinc4fareijj
International Hacking & Security Conference "POC200" poc2007
RE: CheckPoint Secure Platform Multiple Buffer Overflows Hugo van der Kooij
DRBGuestbook Remote XSS Vulnerability gokhankaya
Re: Ruby Net::HTTPS library does not validate server certificate CN Thomas
Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer) sathyakrishnadas
rPSA-2007-0204-1 qt-x11-free rPath Update Announcements
rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements
Re: 0day: mIRC pwns Windows Gavin Hanover
rPSA-2007-0206-1 openssl openssl-scripts rPath Update Announcements
Re: 0day: mIRC pwns Windows Gregory Rubin
Content Builder 0.7.5 RFI Bug mehrad1989
FreeBSD Security Advisory FreeBSD-SA-07:08.openssl FreeBSD Security Advisories
Thursday, 04 October
FLEA-2007-0058-1 openssl openssl-scripts Foresight Linux Essential Announcement Service
[RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities RISE Security
Re[2]: 0day: mIRC pwns Windows 3APA3A
Cart32 Arbitrary File Download Vulnerability Paul Craig
[RISE-2007002] Borland InterBase Multiple Buffer Overflow Vulnerabilities RISE Security
Re: Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9[EXPLOIT] weak
[USN-523-1] ImageMagick vulnerabilities Kees Cook
FLEA-2007-0059-1 qt qt-tools Foresight Linux Essential Announcement Service
Re: 0day: mIRC pwns Windows Greg Rubin
Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability 3APA3A
Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow ejc
Re: 0day: mIRC pwns Windows Fred Elliot
Re: Re[2]: 0day: mIRC pwns Windows Gavin Hanover
Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability iDefense Labs
[Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN [ NO REPLY ]
DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow vulnerabilityresearch
[ GLSA 200710-01 ] RPCSEC_GSS library: Buffer overflow Pierre-Yves Rofes
Friday, 05 October
[USN-524-1] OpenOffice.org vulnerability Kees Cook
[USN-525-1] libsndfile vulnerability Kees Cook
[USN-526-1] debian-goodies vulnerability Kees Cook
URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Juergen Schmidt
[SECURITY] [DSA 1383-1] New gforge packages fix cross-site scripting Thijs Kinkhorst
[ MDKSA-2007:193 ] - Updated openssl packages fix vulnerabilities security
rPSA-2007-0209-1 elinks rPath Update Announcements
Multiple vulnerabilities in Dropteam 1.3.3 Luigi Auriemma
Reporting Vulnerable Public Web mail ivan . sanchez
Re: Re: file upload vulnerability in joomla media component vinodsharma . mimit
Format string in The Dawn of Time 1.69s beta4 Luigi Auriemma
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes
[SECURITY] [DSA 1384-1] New xen-utils packages fix several vulnerabilities Steve Kemp
Saturday, 06 October
[Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN [ NO REPLY ]
Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer) Amit Klein
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Juergen Schmidt
Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller
SSHatter 0.6 Tim Brown
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller
CMS Creamotion - Remote File inclusion security
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo.
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Thierry Zoller
idmos-phoenix cms Remote File inclusion security
Else If cms Multiple Remote vulnerabilities security
Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Kurt Dillard
Monday, 08 October
[ GLSA 200710-02 ] PHP: Multiple vulnerabilities Raphael Marichez
[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow Steve Kemp
[ GLSA 200710-04 ] libsndfile: Buffer overflow Raphael Marichez
[ GLSA 200710-07 ] Tk: Buffer overflow Raphael Marichez
[ GLSA 200710-06 ] OpenSSL: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200710-03 ] libvorbis: Multiple vulnerabilities Raphael Marichez
[ GLSA 200710-05 ] QGit: Insecure temporary file creation Pierre-Yves Rofes
new vuln in snewscms.net.ru in lang file info
TorrentTrader Classic Mutiple Remote vulnerabilities security
Tuesday, 09 October
rPSA-2007-0210-1 xen rPath Update Announcements
[security bulletin] HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBUX01137 SSRT5954 rev.11 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS) security-alert
BT Home Flub: Pwnin the BT Home Hub Adrian P
[security bulletin] HPSBUX02181 SSRT061289 rev.3 - HP-UX Running IPFilter, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBMA02274 SSRT071445 rev.1 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS) security-alert
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller
Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype 3APA3A
[security bulletin] HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) security-alert
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Andreas Lindenblatt
Black Hat Tokyo + DC and Europe CfPs now open. Jeff Moss
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo.
Viart Shopping Cart Directory Transversal Vuln [ NO REPLY ]
RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes
rPSA-2007-0212-1 util-linux rPath Update Announcements
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo.
DNewsWeb Softwares Cross Site Scripting Vulrnability DoZ
Vulnerabilities xoxland
Research: Cybercrime and the Electoral System Oliver Friedrichs
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Andreas Lindenblatt
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Morning Wood
RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Brett Moore
LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues Chris Travers
Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Glynn Clements
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Jim Slora
[USN-527-1] xen-3.0 vulnerability Kees Cook
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Valdis . Kletnieks
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo.
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion
NULL pointer crash in World in Conflict 1.000 Luigi Auriemma
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype gjgowey
iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow iDefense Labs
The Death of Defence in Depth ? - An invitation to Hack.lu Thierry Zoller
[ GLSA 200710-09 ] NX 2.1: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200710-08 ] KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow Pierre-Yves Rofes
Wednesday, 10 October
Regarding vulnerability in ViArt Shop support
3Com WIFI router remote administration vulnerability. Guy Mizrahi
Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Damir Rajnovic
wmtrssreader joomla component 1.0 Remote File Include Vulnerability cyber-crime
Remote Desktop Command Fixation Attacks pdp (architect)
Several vulnerabilities in CMS Made Simple 1.1.3.1 Omid
Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow Nick FitzGerald
0day: Hacking secured CITRIX from outside pdp (architect)
Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password Cisco Systems Product Security Incident Response Team
AST-2007-022: Buffer overflows in voicemail when using IMAP storage The Asterisk Development Team
[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution Noah Meyerhans
Vulnerabilities digest 3APA3A
iDefense Security Advisory 10.10.07: Kaspersky Web Scanner ActiveX Format String Vulnerability iDefense Labs
Re: Remote Desktop Command Fixation Attacks Steve Shockley
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake
[ELEYTT] 10PAZDZIERNIK2007 Michal Bucko
ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability zdi-disclosures
ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities zdi-disclosures
RE: Remote Desktop Command Fixation Attacks Thor (Hammer of God)
TPTI-07-18: EMC RepliStor Server Heap Overflow Vulnerability TSRT
ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability zdi-disclosures
Thursday, 11 October
IRM Advisory: Cisco IOS LPD Remote Stack Overflow Andy Davis
RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis
URI handling as the harbinger of interaction errors Steven M. Christey
RE: Remote Desktop Command Fixation Attacks M. Burnett
Fwd: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype merigoth
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gboyce
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks pdp (architect)
CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSD’s DHCP server Core Security Technologies Advisories
[ MDKSA-2007:194 ] - Updated libvorbis packages fix vulnerabilities security
October Microsoft Tuesday Todd Manning
RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Paul Melson
M$ will fix URI? Memisyazici, Aras
Re: RE: CheckPoint Secure Platform Multiple Buffer Overflows fwadmin
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Florian Weimer
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks gjgowey
Joomla! swMenuFree 4.6 Component Remote File Include Guns
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller
Black Hat Tokyo + DC and Europe CfPs now open. Jeff Moss
Re: Vulnerabilities sottwell
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake
Re: [Full-disclosure] The Death of Defence in Depth ? - An invitation to Hack.lu Felix 'FX' Lindner
Re: Vulnerabilities Victor Brilon
Re: URI handling as the harbinger of interaction errors Florian Weimer
RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis
Re: Remote Desktop Command Fixation Attacks pdp (architect)
[security bulletin] HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS) security-alert
CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability hfli
[USN-528-1] MySQL vulnerabilities Kees Cook
EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference eEye Advisories
Re: Remote Desktop Command Fixation Attacks pdp (architect)
iDefense Security Advisory 10.11.07: Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities iDefense Labs
Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Thierry Zoller
[security bulletin] HPSBMA02230 SSRT071436 rev.1 - HP Select Identity, Remote Unauthorized Access security-alert
[USN-529-1] Tk vulnerability Kees Cook
S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service S21sec Labs
[CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities Williams, James K
RE: Remote Desktop Command Fixation Attacks Jim Harrison
rPSA-2007-0214-1 initscripts rPath Update Announcements
Tikiwiki 1.9.8 exploit ITW Moritz Naumann
Friday, 12 October
Re: Joomla! swMenuFree 4.6 Component Remote File Include sean
Re: Tikiwiki 1.9.8 exploit ITW 3APA3A
OpenSSL Security Advisory Ben Laurie
SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS Bernhard Mueller
Re: Remote Desktop Command Fixation Attacks hvdkooij
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Roman Medina-Heigl Hernandez
RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Pete Simpson
RE: Remote Desktop Command Fixation Attacks Thor (Hammer of God)
[USN-530-1] hplip vulnerability Kees Cook
Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Mark Senior
Saturday, 13 October
[ GLSA 200710-10 ] SKK Tools: Insecure temporary file creation Raphael Marichez
[ GLSA 200710-11 ] X Font Server: Multiple Vulnerabilities Pierre-Yves Rofes
[ GLSA 200710-13 ] Ampache: Multiple vulnerabilities Pierre-Yves Rofes
[SECURITY] [DSA 1381-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
[ GLSA 200710-14 ] DenyHosts: Denial of Service Pierre-Yves Rofes
VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote saw_xyz
playing for fun with <=IE7 laurent . gaffie
[ GLSA 200710-12 ] T1Lib: Buffer overflow Pierre-Yves Rofes
Monday, 15 October
RE: playing for fun with <=IE7 Roger A. Grimes
Clients buffer-overflow in Live for Speed 0.5X10 Luigi Auriemma
[SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service Martin Schulze
[SECURITY] [DSA 1386-1] New wesnoth packages fix denial of service Martin Schulze
[ GLSA 200710-16 ] X.Org X server: Composite local privilege escalation Pierre-Yves Rofes
RE: [Full-disclosure] Remote Desktop Command Fixation Attacks Alex Everett
Re: Remote Desktop Command Fixation Attacks pdp (architect)
Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks pdp (architect)
RE: playing for fun with <=IE7 James C. Slora Jr.
eXtremail(ly easy) remote roots mu-b
[ GLSA 200710-15 ] KDM: Local privilege escalation Pierre-Yves Rofes
Re: RE: playing for fun with <=IE7 jason . gerfen
InnovaShop® (mgs.jps) Cross Siting Scripting jose luis góngora fernández
Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability jose luis góngora fernández
[SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution Florian Weimer
Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability jose luis góngora fernández
HTML Injection Vuln in nssboard kcghost
SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation research
Tuesday, 16 October
RE: playing for fun with <=IE7 avivra
CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability bugtraq
about phpMyAdmin setup.php XSS vulnerability Marc Delisle
IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX Andy Davis
FW: [Dailydave] Canada's Response to Black Hat - SecTor 2007 Taylor, Gord
WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities jose luis góngora fernández
[ MDKSA-2007:198 ] - Updated util-linux packages fix vulnerability security
Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability Secunia Research
SSH attacks - anyone else seen these? Tim
[security bulletin] HPSBMA02230 SSRT071436 rev.2 - HP Select Identity, Remote Unauthorized Access security-alert
[ MDKSA-2007:196 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
[security bulletin] HPSBST02280 SSRT071480 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-055 to MS07-060 security-alert
[ MDKSA-2007:197 ] - Updated tar packages prevent buffer overflow security
[security bulletin] HPSBTU02276 SSRT071472 rev.1 - HP Tru64 UNIX Running Apache Tomcat, Remote Unauthorized Access, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02277 SSRT071453 rev.1 - HP-UX Running OpenSSL, Local Denial of Service (DoS) security-alert
[ MDKSA-2007:195 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis
Re: SSH attacks - anyone else seen these? Gayathri Swaminathan
Re: SSH attacks - anyone else seen these? Mark R. Bowyer
Re: SSH attacks - anyone else seen these? Jose Nazario
Wednesday, 17 October
[ GLSA 200710-17 ] Balsa: Buffer overflow Raphael Marichez
AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql Asterisk Security Team
Oracle TNS Listener DoS and/or remote memory inspection NGSSoftware Insight Security Research
Multiple SQL Injection Flaws in Oracle CTX_DOC package NGSSoftware Insight Security Research
Oracle RDBMS TNS Data packet DoS NGSSoftware Insight Security Research
Oracle audit issue with XMLDB ftp service NGSSoftware Insight Security Research
Multiple CSRF in SimplePHPBlog deme
Re: RE: CheckPoint Secure Platform Multiple Buffer Overflows hvazquez
Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability Cisco Systems Product Security Incident Response Team
Re: Netgear FVG318 is vunerable to DOS attack NetGear
Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion
Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module Cisco Systems Product Security Incident Response Team
Re: SSH attacks - anyone else seen these? James Lay
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances Cisco Systems Product Security Incident Response Team
SQL Injection Flaw in Oracle Workspace Manager David Litchfield
Re: SSH attacks - anyone else seen these? pand0ra
[ MDKSA-2007:199 ] - Updated phpMyAdmin packages fix multiple vulnerabilities security
SYMSA-2007-011: Microsoft WM5 PocketPC Phone Ed SMS Handler Issue research
Thursday, 18 October
Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day) Reversemode
Nortel UNIStim IP Softphone Buffer-Overflow daniel . stirnimann
Nortel IP Phone Surveillance Mode daniel . stirnimann
Nortel IP Phone Flooding Denial of Service daniel . stirniman
Nortel IP Phone forced re-authentication daniel . stirnimann
Latest web hacking incidents Ofer Shezaf
Nortel Telephony Server Denial of Service daniel . stirnimann
[SECURITY] [DSA 1388-1] New dhcp packages fix arbitrary code execution Steve Kemp
[security bulletin] HPSBUX02273 SSRT071476 rev.2 - HP-UX Running Apache, Remote Unauthorized Denial of Service (DoS) security-alert
[security bulletin] HPSBMA02274 SSRT071445 rev.2 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS) security-alert
[CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day) Reversemode
CFP C H A S E - 2 0 0 7 Lahore Pakistan chase
Re: SSH attacks - anyone else seen these? Tim
Re: Multiple CSRF in SimplePHPBlog Hanno Böck
Re[2]: [Full-disclosure] The Death of Defence in Depth ? - An invitation to Hack.lu Thierry Zoller
rPSA-2007-0219-1 libpng rPath Update Announcements
[SECURITY] [DSA 1389-1] New zoph packages fix SQL injection Moritz Muehlenhoff
Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) Stefan Kanthak
Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07) Stefan Kanthak
Serious holes affecting SiteBar 3.3.8 Tim Brown
Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) Stefan Kanthak
[ GLSA 200710-18 ] util-linux: Local privilege escalation Raphael Marichez
[ GLSA 200710-19 ] The Sleuth Kit: Integer underflow Raphael Marichez
S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting S21sec Labs
[ MDKSA-2007:200 ] - Updated tk packages fix vulnerabilities security
Friday, 19 October
[ GLSA 200710-20 ] PDFKit, ImageKits: Buffer overflow Raphael Marichez
rPSA-2007-0220-1 ImageMagick rPath Update Announcements
[SECURITY] [DSA 1390-1] New t1lib packages fix arbitrary code execution Noah Meyerhans
A-Cart SQL Injection And Cross-Site Scripting [ NO REPLY ]
[CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability Williams, James K
[SECURITY] [DSA 1391-1] New icedove packages fix several vulnerabilities Moritz Muehlenhoff
Saturday, 20 October
[Aria-Security.Net] SearchSimon Lite Cross-Site Scripting Vuln. [ NO REPLY ]
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
Simple Machines Forum multiple sql injection flaws with exploit code. th3 . r00k . spammenot
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) farion42
ReloadCMS Vulnerable sekuru
Monday, 22 October
[ GLSA 200710-21 ] TikiWiki: Arbitrary command execution Raphael Marichez
[ GLSA 200710-22 ] TRAMP: Insecure temporary file creation Raphael Marichez
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) Stefan Kanthak
PacSec 2007 Agenda (Tokyo 11-29/30) Dragos Ruiu
[ELEYTT] Public Advisory 20-10-2007 Michal Bucko
[Aria-Security.Net] dmcms.0.7.0 SQL Injection [No Reply]
Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities gmdarkfig
[USN-532-1] nagios-plugins vulnerability Kees Cook
[USN-534-1] OpenSSL vulnerability Kees Cook
Cracking the iPhone (5 article series) H D Moore
[USN-533-1] util-linux vulnerability Kees Cook
Folder Access bypass hack2prison
Jeebles Directory Local File Inclusion hack2prison
[USN-531-1] dhcp vulnerability Kees Cook
simple dns rebinding protection with dnsmasq Collin R. Mulliner
[TOOL] w3af - Web Application Attack and Audit Framework Andres Riancho
Hackish XSS in shoutbox/blocco.php deme
Camino release 1.5.2 fixes several vulnerabilities Juha-Matti Laurio
[ GLSA 200710-23 ] Star: Directory traversal vulnerability Raphael Marichez
Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue advisories
[USN-501-2] Ghostscript vulnerability Kees Cook
Tuesday, 23 October
[ MDKSA-2007:201 ] - Updated hplip packages fix vulnerabilities security
[USN-535-1] Firefox vulnerabilities Kees Cook
CFP for HITBSecConf2008 - Dubai now open Praburaajan
[ GLSA 200710-24 ] OpenOffice.org: Heap-based buffer overflow Raphael Marichez
Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection Seth Fogie
[vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities vulnpost-remove
SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service research
[Vulz] Seeblick 1.0 Beta File Upload Vulz pete . houston . 17187
[Vulz] Japanese PHP Gallery Hosting File Upload Vulz pete . houston . 17187
[Vulz] eLouai's Download Script Remote File Download Vulnerability pete . houston . 17187
[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 pete . houston . 17187
[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar pete . houston . 17187
[ MDKSA-2007:202 ] - Updated Firefox packages fix multiple vulnerabilities security
Korean GHBoard Multiple Vulnerabilities by Xcross87 pete . houston . 17187
SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability research
[SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution Steve Kemp
[SECURITY] [DSA 1372-2] New ktorrent packages fix directory traversal Steve Kemp
3proxy 0.5.3j released (bugfix) 3APA3A
[USN-531-2] dhcp vulnerability Kees Cook
[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar pete.houston.17187
[USN-536-1] Thunderbird vulnerabilities Kees Cook
[USN-537-1] gnome-screensaver vulnerability Kees Cook
[SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass Thijs Kinkhorst
Wednesday, 24 October
Aria-Security.Net [Web based alpha tabbed address book SQL Injection] [ NO REPLY ]
HPSBMA02279 SSRT071298 rev.1 - HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data security-alert
Aleris Software Systems Web Publisher Calendar SQL injection Joseph . giron13
[GS07-02] RSA Keon Multiple Cross-Site Scripting Vulnerabilities Fatih Ozavci
[Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection [ NO REPLY ]
rPSA-2007-0222-1 cpio tar rPath Update Announcements
Bosdev Multiple vulnerabilities Joseph . giron13
Novell OpenSUSE SWAMP multiple XSS morin . josh
OSI CODES - PHP Live! Remote File Inclusion [ NO REPLY ]
iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability iDefense Labs
[ GLSA 200710-25 ] MLDonkey: Privilege escalation Raphael Marichez
Thursday, 25 October
[ GLSA 200710-26 ] HPLIP: Privilege escalation Raphael Marichez
[ GLSA 200710-27 ] ImageMagick: Multiple vulnerabilities Raphael Marichez
[SECURITY] [DSA 1389-2] New zoph packages fix SQL injection Thijs Kinkhorst
Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation kingoftheworld92
HPSBMA02133 SSRT061201 rev.6 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert
[SECURITY] [DSA 1395-1] New xen-utils packages fix file truncation Steve Kemp
rPSA-2007-0221-1 php php-mysql php-pgsql rPath Update Announcements
Re: A-Cart SQL Injection And Cross-Site Scripting laurent . gaffie
Re: Re: RE: playing for fun with <=IE7 laurent . gaffie
First ever ModSecurity public training at OWASP/WASC conf in SJ Ofer Shezaf
[PoC] DNS Recursion bandwidth amplification Shadow
i-Gallery 3.4 bug crack password! hackerbinhphuoc
iDefense Security Advisory 10.25.07: Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability iDefense Labs
usd250 helpdesk XSS vulnerabily. Joseph . giron13
Directory traversal flaw in shttp digineo Advisories
IRM Discover More Vulnerabilities in Cisco IOS Andy Davis
TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion L4teral
Multi Host Forum Pro phpbb & ipb Multiple Sql Injection kingoftheworld92
[ GLSA 200710-29 ] Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code Raphael Marichez
[Trick] VigileCMS All Versions DataMining Remote Hash Disclosure kingoftheworld92
[ GLSA 200710-28 ] Qt: Buffer overflow Raphael Marichez
[USN-538-1] libpng vulnerabilities Kees Cook
Friday, 26 October
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption Piotr Bania
Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability Guns
FLEA-2007-0060-1 initscripts Foresight Linux Essential Announcement Service
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption Piotr Bania
Re: Novell OpenSUSE SWAMP multiple XSS test
rPSA-2007-0225-1 firefox rPath Update Announcements
Saturday, 27 October
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff
Monday, 29 October
Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability DoZ
teatro 1.6 ( basePath ) Remote File Include Vulnerability alkomandoz-hacker
[waraxe-2007-SA#059] - XSS in WordPress 2.3 come2waraxe
Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability Stefan Esser
How to subvert Oracle Database Vault Joxean Koret
Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion Secunia Research
Webroot Desktop Firewall <=5.5.10.20 DNS recursion komarov
FLEA-2007-0061-1 sun-jre sun-jdk Foresight Linux Essential Announcement Service
FLEA-2007-0062-1 firefox Foresight Linux Essential Announcement Service
Omnistar Live Software Cross-Site Scripting Vulrnability DoZ
AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit Guns
Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM Team SHATTER
SAXON version 5.4 Multiple Path Disclosure Vulnerabilities securityresearch
SAXON version 5.4 XSS Attack Vulnerability securityresearch
Final Call for Papers for Security Track at ApacheCon Europe 2008 Lars Eilebrecht
Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO Team SHATTER
Security Briefings angelo
[SECURITY] [DSA 1388-3] New dhcp packages fix arbitrary code execution Noah Meyerhans
rPSA-2007-0225-2 firefox thunderbird rPath Update Announcements
Comments re ISC's announcement on bind9 security Network Protocol Security
Heap overflow in RealPlayer ID3 tag parser NGSSoftware Insight Security Research
Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) Stefan Kanthak
SAXON version 5.4 SQL Injection Vulnerability securityresearch
Untrusted Java applet can connect to localhost NGSSoftware Insight Security Research
Memory overwrites in JVM via malformed TrueType font NGSSoftware Insight Security Research
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) Stefan Kanthak
Holes in the firewall of Mac OS X Leopard Juergen Schmidt
Re: Holes in the firewall of Mac OS X Leopard Brandon S. Allbery KF8NH
Tuesday, 30 October
Re: Holes in the firewall of Mac OS X Leopard Juergen Schmidt
RFIDIOt release - version 0.1q Adam Laurie
Airkiosk/formlib application is XSS vuln skienlab
Siebel Security Basics Jonathan Katz
Secunia Research: IPSwitch IMail Server IMail Client Buffer Overflow Secunia Research
Django 0.96 (stable) Admin Panel CSRF J. Carlos Nieto
DeepSec 2007 Registration: hurry up, seats are filling fast Stefano Zanero
iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability iDefense Labs
iDefense Security Advisory 10.30.07: IBM AIX 5.2 crontab BSS Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.30.07: IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability iDefense Labs
iDefense Security Advisory 10.30.07: IBM AIX lqueryvg Stack Buffer Overflow Vulnerability iDefense Labs
Firefox / IE6 crash on javascript nested loops thabob
iDefense Security Advisory 10.30.07: IBM AIX lquerypv Stack Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.30.07: IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.30.07: IBM AIX bellmail Stack Buffer Overflow Vulnerability iDefense Labs
Re: Firefox / IE6 crash on javascript nested loops Jan Heisterkamp
[ GLSA 200710-31 ] Opera: Multiple vulnerabilities Raphael Marichez
ILIAS <= 3.8.3 Cross Site Scripting L4teral
[ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code Pierre-Yves Rofes
In Memoriam: Jun-ichiro Hagino Dragos Ruiu
Wednesday, 31 October
Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability Secunia Research
Secunia Research: McAfee E-Business Server Auth Packet Handling Buffer Overflow Secunia Research
SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability Bernhard Mueller
Re: [gentoo-announce] [ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code Steffan Baron
Re: Comments re ISC's announcement on bind9 security Shane Kerr
iDefense Security Advisory 10.31.07: Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability iDefense Labs
iDefense Security Advisory 10.31.07: Symantec Altiris Deployment Solution TFTP/MTFTP Service Directory Traversal Vulnerability iDefense Labs
[security bulletin] HPSBMA02236 SSRT061260 rev.2 - HP OpenView Performance Manager (OVPM) Running Shared Trace Service on HP-UX, Solaris, and Windows, Remote Arbitrary Code Execution security-alert
[security bulletin] HPSBMA02237 SSRT061260 rev.2 - HP OpenView Performance Agent (OVPA) Running Shared Trace Service, Remote Arbitrary Code Execution security-alert
[security bulletin] HPSBMA02238 SSRT061260 rev.2 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution security-alert
(tool announcement) bunny the fuzzer Michal Zalewski
rPSA-2007-0227-1 cups rPath Update Announcements