Bugtraq: by thread

Previous period

Next period

603 messages starting Apr 01 06 and ending Apr 30 06
Date index | Thread index | Author index

Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Steven M. Christey (Apr 01)
- Re: [Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)
- Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)
- <Possible follow-ups>
- Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature cxib (Apr 03)
linksubmit <= All version Html Tag Injector in index.php ali (Apr 01)
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 01)
- <Possible follow-ups>
- RE: recursive DNS servers DDoS as a growing DDoS problem gboyce (Apr 01)
  - RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 04)
    - RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 09)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Erwan David (Apr 09)
  - Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 03)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Ross Wheeler (Apr 09)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 09)
  - Re: recursive DNS servers DDoS as a growing DDoS problem Simon Boulet (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Paul Stepowski (Apr 01)
- RE: recursive DNS servers DDoS as a growing DDoS problem Måns Nilsson (Apr 04)
- RE: recursive DNS servers DDoS as a growing DDoS problem Thomas Guyot-Sionnest (Apr 04)
  - RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 09)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 09)
- Re: recursive DNS servers DDoS as a growing DDoS problem Marco Ivaldi (Apr 04)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 10)
SQuery <= 4.5 Remote File Inclusion Exploit uid0 (Apr 01)
FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan (Apr 01)
- <Possible follow-ups>
- Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey (Apr 09)
Re: Re: Re: phpBB 2.06 search.php SQL injection theguywhocouldwipeyourphpBB (Apr 01)
DoS-ing sysklogd? Milen Rangelov (Apr 01)
- Re: DoS-ing sysklogd? Bernhard Fischer (Apr 04)
- Re: DoS-ing sysklogd? Christophe Garault (Apr 04)
- <Possible follow-ups>
- RE: DoS-ing sysklogd? Justin Shore (Apr 03)
PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit uid0 (Apr 01)
GeSWall 2.2 – Free Intrusion Prevention System for Windows GentleSecurity Team (Apr 01)
SiteMan <= All version SQL injection in admin_login.asp ali (Apr 01)
Phpwebgallery <= 1.4.1 SQL injection Vulnerability t4h4 (Apr 03)
Secunia Research: AN HTTPD Script Source Disclosure Vulnerability Secunia Research (Apr 03)
Re: On product vulnerability history and vulnerability complexity Crispin Cowan (Apr 03)
- Re: On product vulnerability history and vulnerability complexity Gadi Evron (Apr 03)
  - Re: On product vulnerability history and vulnerability complexity Steven M. Christey (Apr 03)
  - Re: On product vulnerability history and vulnerability complexity Javor Ninov (Apr 04)
    - Re: On product vulnerability history and vulnerability complexity Steven M. Christey (Apr 04)
- Re: On product vulnerability history and vulnerability complexity ArkanoiD (Apr 03)
- Re: On product vulnerability history and vulnerability complexity Forrest J. Cavalier III (Apr 03)
  - Re: On product vulnerability history and vulnerability complexity Gadi Evron (Apr 04)
[USN-266-1] dia vulnerabilities Martin Pitt (Apr 03)
[SECURITY] [DSA 1000-2] New Apache2::Request packages fix denial of service Martin Schulze (Apr 03)
Another Internet Explorer Address Bar Spoofing Vulnerability hainamluke (Apr 03)
- <Possible follow-ups>
- Re: Another Internet Explorer Address Bar Spoofing Vulnerability franz (Apr 04)
  - Re: Another Internet Explorer Address Bar Spoofing Vulnerability sh0rtie (Apr 09)
- Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability pc . tech2 (Apr 09)
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC) paolo . difebbo (Apr 03)
Flaw in commonly used bash random seed method coderpunk (Apr 03)
- Re: Flaw in commonly used bash random seed method Matthijs (Apr 03)
  - Re: Flaw in commonly used bash random seed method Dave English (Apr 04)
    - Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
    - Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
  - Re: Flaw in commonly used bash random seed method Dave Korn (Apr 05)
    - Re: Flaw in commonly used bash random seed method Steve VanDevender (Apr 10)
VWar <= 1.5.0 R12 Remote File Inclusion Exploit uid0 (Apr 03)
Multiple Vulnerabilities in LucidCMS crasher (Apr 03)
- <Possible follow-ups>
- Re: Multiple Vulnerabilities in LucidCMS zachofalltrades (Apr 19)
MyBB 1.10 New CrossSiteScripting o . y . 6 (Apr 03)
SQL Injection in Softbiz Image Gallery xx_hack_xx_2004 (Apr 03)
Re: WebVulnCrawl searching excluded directories for hackable web servers Dennis Brown (Apr 03)
Re: Cantv/Movilnet's Web SMS vulnerability. raven (Apr 03)
Re: On classifying attacks john mullee (Apr 03)
[ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability security (Apr 03)
[ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities security (Apr 03)
ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution rgod (Apr 03)
SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability CS_Advisories Mailbox (Apr 03)
Bypassing ISA Server 2004 with IPv6 Romain . Le . Guen (Apr 03)
- Re: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 04)
  - Re: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 09)
    - Re[2]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 10)
    - Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 14)
    - Re[3]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 15)
    - Re[3]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 19)
    - Re: Re[3]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 20)
    - Re: Re[3]: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 20)
    - Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 19)
    - Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 19)
    - Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
  - Re: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 09)
- <Possible follow-ups>
- Re: Re: Bypassing ISA Server 2004 with IPv6 Romain . Le-Guen (Apr 09)
  - Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
- Re: Bypassing ISA Server 2004 with IPv6 noreply (Apr 11)
RUXCON 2006 Call for Papers cfp (Apr 04)
SMART Technologies SynchronEyes Remote Denial of Services dennis (Apr 04)
Format string in Doomsday 1.8.6 Luigi Auriemma (Apr 04)
- Re: Format string in Doomsday 1.8.6 Alexey Dobriyan (Apr 10)
[USN-267-1] mailman vulnerability Martin Pitt (Apr 04)
[ GLSA 200604-01 ] MediaWiki: Cross-site scripting vulnerability Stefan Cornelius (Apr 04)
Barracuda LHA archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux (Apr 04)
Barracuda ZOO archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux (Apr 04)
[security bulletin] HPSBPI2109 SSRT061141 rev.1 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information security-alert (Apr 04)
[ GLSA 200604-02 ] Horde Application Framework: Remote code execution Stefan Cornelius (Apr 04)
[ GLSA 200604-03 ] FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module Matthias Geerdsen (Apr 04)
Buffer-overflow in Ultr@VNC 1.0.1 viewer and server Luigi Auriemma (Apr 04)
- <Possible follow-ups>
- Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server jalvare7 (Apr 10)
  - Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server Luigi Auriemma (Apr 09)
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi (Apr 04)
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Apr 05)
  - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Apr 04)
- Message not available
  - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi (Apr 09)
ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz o . y . 6 (Apr 04)
NOD32 local privilege escalation vulnerability visitbipin (Apr 04)
Another way to spoof Internet Explorer Address Bar hainamluke (Apr 04)
- RE: Another way to spoof Internet Explorer Address Bar Memisyazici, Aras (Apr 09)
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sen mailinglist mailinglist (Apr 04)
Re: Limbo CMS code execution gergero (Apr 04)
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data John Bond (Apr 04)
Black Hat Call for Papers and Registration now open Jeff Moss (Apr 04)
[Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security Jean-Sébastien Guay-Leroux (Apr 04)
[SECURITY] [DSA 1022-1] New storebackup packages fix several vulnerabilities Moritz Muehlenhoff (Apr 04)
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato (Apr 04)
- <Possible follow-ups>
- [ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato (Apr 04)
[SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability Richard Horsman (Apr 04)
Linux Kernel Local DoS vulnerability. fingerout (Apr 09)
[FLSA-2006:152873] Updated xine package fixes security issues Marc Deslauriers (Apr 09)
[SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Apr 09)
Cisco Security Advisory: Cisco 11500 Content Services Switch HTTP Request Vulnerability Cisco Systems Product Security Incident Response Team (Apr 09)
[FLSA-2006:152896] Updated mod_python package fixes a security issue Marc Deslauriers (Apr 09)
[ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty security (Apr 09)
Autonomous LAN party File iNclusion codexploder (Apr 09)
[FLSA-2006:156139] Updated tcpdump packages fix security issues Marc Deslauriers (Apr 09)
Xss In SaphpLesson3.0 w3 . _ (Apr 09)
[FLSA-2006:156290] Updated cyrus-imapd packages fix security issues Marc Deslauriers (Apr 09)
[FLSA-2006:170411] Updated imap packages fix security issue Marc Deslauriers (Apr 09)
[FLSA-2006:183571-1] Updated tar package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:183571-2] Updated tar package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:180159] Updated unzip package fixes security issue Marc Deslauriers (Apr 09)
[eVuln] Null news SQL Injection Vulnerability alex (Apr 09)
[FLSA-2006:184074] Updated pine package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:184098] Updated libc-client packages fixes security issue Marc Deslauriers (Apr 09)
[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue Marc Deslauriers (Apr 09)
[eVuln] phpNewsManager Multiple SQL Injections alex (Apr 09)
- <Possible follow-ups>
- [eVuln] phpNewsManager Multiple SQL Injections alex (Apr 10)
SQL Injection in Chipmunk Guestbook dr . jr7 (Apr 09)
Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload simo64 (Apr 09)
[Kaffeine Security Advisory] Heap based buffer overflow in http_peek() Dirk Mueller (Apr 09)
Welcome to XCon2006 in China! xcon (Apr 09)
[SECURITY] [DSA 1031-1] New cacti packages fix several vulnerabilities Martin Schulze (Apr 09)
[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation Martin Schulze (Apr 09)
google xss almfnod (Apr 09)
- RE: google xss Andy Meyers (Apr 10)
  - Re: google xss Jim Ley (Apr 11)
  - Re: google xss pagvac (Apr 11)
    - Re: google xss Vladimir Levijev (Apr 13)
[security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 09)
[ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities security (Apr 09)
[KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack addmimistrator (Apr 09)
[eVuln] VSNS Lemon Multiple Vulnerabilities alex (Apr 09)
PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions) rgod (Apr 09)
[ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability security (Apr 09)
Matt Wright Guestbook Xss Script İnjection liz0 (Apr 09)
[eVuln] vCounter - sourceworkshop SQL Injection Vulnerability alex (Apr 09)
[USN-268-1] Kaffeine vulnerability Martin Pitt (Apr 09)
LayerOne 2006 - Finalized Speaker Line-Up Announced Layer One (Apr 09)
PHPMyChat <= 0.14.5 remote commands execution rgod (Apr 09)
Re: SQL injection in Invision Power Board v2.1.5 optix_prorat100 (Apr 09)
[SECURITY] [DSA 1028-1] New libimager-perl packages fix denial of service Martin Schulze (Apr 09)
[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure eufrato (Apr 09)
[ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities security (Apr 09)
[ GLSA 200604-05 ] Doomsday: Format string vulnerability Stefan Cornelius (Apr 09)
MAXDEV CMS Multiple vulnerabilities king_purba (Apr 09)
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 09)
[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability alex (Apr 09)
[ GLSA 200604-04 ] Kaffeine: Buffer overflow Sune Kloppenborg Jeppesen (Apr 09)
Shadowed Portal Cross Site Scripting liz0 (Apr 09)
[SECURITY] [DSA 1027-1] New mailman packages fix denial of service Martin Schulze (Apr 09)
XSS Bug in Cherokee Webserver rubengarrote (Apr 10)
[SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities Martin Schulze (Apr 10)
Google Reader "preview" and "lens" script improper feed validation Debasis Mohanty (Apr 10)
Virtual War File İnclusion liz0 (Apr 10)
Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities Cisco Systems Product Security Incident Response Team (Apr 10)
[SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities Martin Schulze (Apr 10)
Multiple vulnerability in jupiter CMS king_purba (Apr 10)
[SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution Moritz Muehlenhoff (Apr 10)
[ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 10)
[SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution Martin Schulze (Apr 10)
Re: Bios Information Leakage darmawan_salihun (Apr 10)
[security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS) security-alert (Apr 10)
[security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access security-alert (Apr 10)
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution Martin Schulze (Apr 10)
IE6 Crash tel (Apr 10)
- Re: IE6 Crash H D Moore (Apr 10)
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) Damian Put (Apr 10)
XMB Forum 1.9.5-Final XSS r0xes . ratm (Apr 10)
Oracle read-only user can insert/update/delete data via specially crafted views ak (Apr 10)
TUGZip Archive Extraction Directory traversal h e (Apr 10)
Vulnerabilities in SPIP crasher (Apr 10)
PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection rgod (Apr 10)
phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 cxib (Apr 10)
function *() php/apache Crash PHP 4.4.2 and 5.1.2 cxib (Apr 10)
- Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski (Apr 11)
- <Possible follow-ups>
- Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Steven M. Christey (Apr 12)
  - Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2] 86400s (Apr 12)
  - Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski (Apr 13)
- Re: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 sp3x (Apr 14)
tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2 cxib (Apr 10)
copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 cxib (Apr 10)
MyBB 1.10 'newthread.php' < CrossSiteScripting > o . y . 6 (Apr 10)
Myspace.com - Intricate Script Injection silentproducts (Apr 10)
Vegadns blind sql injection and cross site scripting king_purba (Apr 10)
PHPList <= 2.10.2 remote commands execution rgod (Apr 10)
- <Possible follow-ups>
- Re: PHPList <= 2.10.2 remote commands execution secfoc (Apr 11)
- Re: Re: PHPList <= 2.10.2 remote commands execution rg . viza (Apr 11)
Jbook Cross Site Scripting root__ (Apr 10)
phpMyForum Cross Site Scripting & CRLF injection root__ (Apr 10)
- <Possible follow-ups>
- Re: phpMyForum Cross Site Scripting & CRLF injection chris (Apr 30)
PHPWebGallery Multiple Cross Site Scripting Vulnerabilities root__ (Apr 10)
[USN-269-1] xscreensaver vulnerability Martin Pitt (Apr 11)
Confixx 3.1.2 <= Cross Site Scripting Vuln sn4k3 . 23 (Apr 11)
INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit selfar2002 (Apr 11)
[ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability security (Apr 11)
Multiple vulnerabilities in Blur6ex crasher (Apr 11)
- <Possible follow-ups>
- Re: Multiple vulnerabilities in Blur6ex Steven M. Christey (Apr 13)
phpListPro <= 2.0 - Remote File Include Vulnerability admin (Apr 11)
Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities Sowhat (Apr 11)
[eVuln] [V]Book Multiple Vulnerabilities alex (Apr 11)
ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability zdi-disclosures (Apr 11)
Manila <= 9.5 - XSS Vulnerabilities d4igoro (Apr 11)
Confixx 3.1.2 <= SQL Injection sn4k3 . 23 (Apr 11)
- <Possible follow-ups>
- Re: Confixx 3.1.2 <= SQL Injection iovdin (Apr 13)
Tritanium Bulletin Board 1.2.3 - XSS d4igoro (Apr 11)
IBM ptt (Apr 11)
- <Possible follow-ups>
- RE: IBM Michael Scheidell (Apr 13)
- Re: IBM stend (Apr 13)
- Re: RE: IBM Juha-Matti Laurio (Apr 14)
[eVuln] VNews Multiple Vulnerabilities alex (Apr 11)
[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access SRC Telindus (Apr 11)
AzDGVote File inclusion selfar2002 (Apr 11)
[ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability security (Apr 11)
[ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability security (Apr 11)
IMF 2006 - Submission Deadline Extension Oliver Goebel (Apr 11)
IT Underground, London 2006 - call for papers it_underground (Apr 11)
SAXoPRESS - directory traversal securiteam (Apr 11)
2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (Comp) (Apr 11)
Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability Sowhat (Apr 11)
Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC phaas (Apr 11)
[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation Moritz Muehlenhoff (Apr 12)
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities alex (Apr 12)
Simplog <=0.9.2 multiple vulnerabilities rgod (Apr 12)
- Re: Simplog <=0.9.2 multiple vulnerabilities Jeremy Ashcraft (Apr 14)
[SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 12)
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting Esteban Martinez Fayo (Apr 12)
[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 13)
[USN-270-1] xpdf vulnerabilities Martin Pitt (Apr 13)
Clansys Multiple Xss Vulnerabilities Soothackers (Apr 13)
Re: phpWebsite <= SQL Injection (friend.php) & (article.php) shaun (Apr 13)
PatroNet CMS Xss Vuln Soothackers (Apr 13)
Windows Help Heap Overflow c0ntexb (Apr 13)
SimpleBBS v1.1(posts.php) remote command execution stormhacker (Apr 13)
[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1 bugtraq (Apr 13)
[eVuln] qliteNews SQL Injection Vulnerability alex (Apr 13)
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2 bugtraq (Apr 13)
Remote File Inclusion in VBulletin ImpEx dr . jr7 (Apr 13)
[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 bugtraq (Apr 13)
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit selfar2002 (Apr 13)
- Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit Kevin Wilcox (Apr 14)
RevoBoard [email] tag XSS r0xes . ratm (Apr 13)
Recon 2006: speaker lineup announcement Recon (Apr 13)
MyBB 1.10 New XSS ' member.php ' o . y . 6 (Apr 13)
QuickBlogger v1.4 Cross-Site Scripting botan (Apr 13)
- <Possible follow-ups>
- Re: QuickBlogger v1.4 Cross-Site Scripting Steven M. Christey (Apr 15)
phpMyAdmin 2.7.0-pl1 kr4ch (Apr 13)
- Re: phpMyAdmin 2.7.0-pl1 Kevin Waterson (Apr 14)
Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors. anonss (Apr 13)
MyBB 1.10 New CrossSiteScripting ' member.php ' o . y . 6 (Apr 13)
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit selfar2002 (Apr 13)
Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities Secunia Research (Apr 13)
SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Bernhard Mueller (Apr 13)
- Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Thierry Zoller (Apr 14)
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow zdi-disclosures (Apr 13)
TalentSoft Web+Shop Path Disclosure revnic (Apr 13)
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 bugtraq (Apr 13)
[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities alex (Apr 14)
Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability izimask (Apr 14)
PowerClan 1.14 - SQL Injection d4igoro (Apr 14)
[eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities alex (Apr 14)
Vulnerabilities in lifetype crasher (Apr 14)
Vulnerabilities in Papoo crasher (Apr 14)
Vulnerabilities in MODx crasher (Apr 14)
- Re: Vulnerabilities in MOD Victor Brilon (Apr 15)
Farsinews Cross-Site Scripting & Path disclosure vulnerability aminrayden (Apr 14)
osCommerce "extras/" information/source code disclosure rgod (Apr 14)
- <Possible follow-ups>
- RE: osCommerce "extras/" information/source code disclosure Michael Scheidell (Apr 15)
Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS n0m3rcy (Apr 14)
phpBB Admin command execution noch22 (Apr 14)
- <Possible follow-ups>
- Re: phpBB Admin command execution dave . de (Apr 19)
Serendipity Blog vuln moep (Apr 14)
[SECURITY] [DSA 1034-1] New horde2 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 14)
phpBB template file code execution noch22 (Apr 14)
Avast Linux Home Edition (vulnerability on a temporary folder creation) Julien L. (Apr 14)
[ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb Thierry Carrez (Apr 14)
Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure franz (Apr 14)
- Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure Eliah Kagan (Apr 15)
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability tranceformer (Apr 14)
[Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Dave Korn (Apr 14)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Brandon S. Allbery KF8NH (Apr 14)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Stan Bubrouski (Apr 14)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Jamie Riden (Apr 19)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup A . L . M . Buxey (Apr 14)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup dumdidumdideldey (Apr 14)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Joachim Schipper (Apr 14)
  - RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Mario Contestabile (Apr 20)
    - RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Nick FitzGerald (Apr 20)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Duncan Simpson (Apr 25)
PAJAX Remote Code Injection and File Inclusion Vulnerability RedTeam Pentesting (Apr 14)
Xss In ar-blog v 5.2 W3 . _ (Apr 14)
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Derek Soeder (Apr 14)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 17)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Ansgar -59cobalt- Wiechers (Apr 18)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Paul Wouters (Apr 19)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 19)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 25)
- <Possible follow-ups>
- Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup john (Apr 19)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)
    - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup no . spam (Apr 19)
- Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup somebody (Apr 19)
  - Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup robsekeris (Apr 19)
- RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Sean Scott (Apr 25)
planetSearch+ - XSS Vulnerabilities d4igoro (Apr 14)
Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion robert (Apr 14)
Re: SAXoPRESS - directory traversal aka Saxotech Online securiteam (Apr 14)
Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ? iovdin (Apr 14)
a Yahoo Vulnerability r57shell (Apr 14)
Dokeos 1.6.4 SQL Injection Vulnerability Alvaro Olavarria (Apr 14)
manila.userland cross site scriptable Aaron Kaplan (Apr 15)
ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability zdi-disclosures (Apr 15)
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting addmimistrator (Apr 15)
[KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack addmimistrator (Apr 15)
- Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack Dariusz Kolasinski (Apr 17)
[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities alex (Apr 15)
[SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation Moritz Muehlenhoff (Apr 15)
PHP Album <= 0.3.2.3 remote commnads execution rgod (Apr 15)
Tiny Web Gallery <= 1.4 XSS qex (Apr 15)
PhpGuestbook <= 1.0 XSS qex (Apr 15)
FlexBB <= 0.5.7 BETA XSS qex (Apr 15)
Boardsolution <= 1.12 XSS qex (Apr 15)
phpFaber TopSites Script Cross-Site Scripting botan (Apr 15)
Snipe Gallery <= 3.1.4 Multiple XSS qex (Apr 15)
- <Possible follow-ups>
- Re: Snipe Gallery <= 3.1.4 Multiple XSS nobody (Apr 17)
DbbS<=2.0-alpha Multiple Vulnerabilities yamcho (Apr 17)
Xss In bMachine 2٫7 W3 . _ (Apr 17)
FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass] kr4ch (Apr 17)
Calendarix "yearcal.php" XSS Attacking botan (Apr 17)
MyEvent Remote File Execution And XSS Attacking botan (Apr 17)
BetaBoard Cross Site Scripting vulnerability easy . mask (Apr 17)
PhpWebFTP 3.2 Login Script arko . dhar (Apr 17)
[SECURITY] [DSA 1036-1] New bsdgames packages fix local privilege escalation Moritz Muehlenhoff (Apr 17)
- PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - rgod (Apr 17)
- Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - JiM / aEGIS (Apr 18)
ShoutBOOK <= 1.1 XSS qex (Apr 17)
Neuron Blog <= 1.1 XSS qex (Apr 17)
[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities alex (Apr 17)
Tiny PHP forum - vulns hessam (Apr 17)
AnimeGenesis <= XSS qex (Apr 17)
ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability zdi-disclosures (Apr 17)
[ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability Thierry Carrez (Apr 17)
FlexBB 0.5.5 Bypass Exploit o . y . 6 (Apr 17)
Neon Responder (Dos,Exploit) Stefan Lochbihler (Apr 17)
[Argeniss] Alert - Yahoo! Webmail XSS Cesar (Apr 17)
- Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood (Apr 18)
- Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood (Apr 18)
gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner (Apr 17)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge (Apr 19)
- <Possible follow-ups>
- RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01 (Apr 18)
[eVuln] Wire Plastik wpBlog SQL Injection Vulnerability alex (Apr 17)
[SA-03] Example of Grsecurity protection avoid. adam (Apr 17)
Linpha 1.1.0 - XSS Vulnerabilities d4igoro (Apr 18)
Remote Xine Format String Vulnerability c0ntexb (Apr 18)
Another flaw in Firefox 1.5.0.2: to open files from remote miky (Apr 18)
axoverzicht.cgi <= XSS qex (Apr 18)
blur6ex Local File Inclusion and SQL injection . h e (Apr 18)
[ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities security (Apr 18)
phpLister v. 0.4.1 XSS Attacking botan (Apr 18)
[KAPDA::#41] - Mambo/Joomla rss component vulnerability alireza hassani (Apr 18)
- <Possible follow-ups>
- Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability rey . gigataras (Apr 19)
Multiple critical and high risk issues in Oracle's database server NGSSoftware Insight Security Research (Apr 18)
[Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation Secure (Apr 18)
CuteNews 1.4.1 <= Cross Site Scripting sn4k3 . 23 (Apr 19)
- <Possible follow-ups>
- Re: CuteNews 1.4.1 <= Cross Site Scripting Steven M. Christey (Apr 20)
SQL Injection in package SYS.DBMS_LOGMNR_SESSION ak (Apr 19)
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu FreeBSD Security Advisories (Apr 19)
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability admin (Apr 19)
Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo (Apr 19)
XSS Vulnerability in Guest-book script powered by Community Architect susam . pal (Apr 19)
Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities Cisco Systems Product Security Incident Response Team (Apr 19)
Re: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 office (Apr 19)
[security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 19)
Multiple vulnerabilities in Linux based Cisco products assurance.com.au (Apr 19)
- Re: Multiple vulnerabilities in Linux based Cisco products Ilker Temir (Apr 19)
RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities info (Apr 19)
ThWboard <= 3 Beta 2.84 SQL Injection Qex (Apr 19)
Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance Cisco Systems Product Security Incident Response Team (Apr 19)
redirection vuln crawlers breed & security through obscurity Ivan Sergio Borgonovo (Apr 19)
- Re: redirection vuln crawlers breed & security through obscurity Thomas Hochstein (Apr 23)
- <Possible follow-ups>
- RE: redirection vuln crawlers breed & security through obscurity Evans, Arian (Apr 19)
Shbablek Mail Vulnerablitiy - Cross-Site Scripting n0m3rcy (Apr 19)
WWWThread RC 3 MultBugs o . y . 6 (Apr 19)
ContentBoxx Login.php Cross-Site Scripting botan (Apr 19)
Fortinet28 box does not resist has small synflood! testx444 (Apr 19)
Tlen.PL e-mail XSS vulnerability. koper (Apr 19)
Confixx SQL Injection exploit (confixx_exploit.pl) defa (Apr 19)
EasyGallery Cross-Site Scripting botan (Apr 19)
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities alex (Apr 19)
Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup somerandomaddress99 (Apr 19)
SQL Injection in incredibleindia.org susam_pal (Apr 19)
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities alex (Apr 19)
PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn rgod (Apr 19)
[USN-271-1] Firefox vulnerabilities Martin Pitt (Apr 19)
Strengthen OpenSSH security? Brett Glass (Apr 19)
- Re: Strengthen OpenSSH security? Mike Hoskins (Apr 20)
- Re: Strengthen OpenSSH security? Carson Gaspar (Apr 20)
  - Re: Strengthen OpenSSH security? Theo de Raadt (Apr 21)
- Re: Strengthen OpenSSH security? Kd (Apr 20)
- Re: Strengthen OpenSSH security? MaddHatter (Apr 20)
- Re: Strengthen OpenSSH security? Damien Miller (Apr 20)
- Re: Strengthen OpenSSH security? c0redump (Apr 20)
- <Possible follow-ups>
- Re: Strengthen OpenSSH security? Bob Goodman (Apr 23)
ASPSitem <= 1.83 Remote SQL Injection Vulnerability Mustafa Can Bjorn IPEKCI (Apr 19)
[eVuln] MWGuest XSS Vulnerability alex (Apr 20)
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn rgod (Apr 20)
ThWboard 3 Beta 2.84 Cross Site Scripting CrAzY . CrAcKeR (Apr 20)
axoverzicht.cgi<==Remote File Inclusion CrAzY . CrAcKeR (Apr 20)
[security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access security-alert (Apr 20)
[security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS) security-alert (Apr 20)
Ad-Aware Revisited Roy . Batty (Apr 20)
New site about security conferences : www.security-briefings.com newslist () security-briefings com (Apr 20)
Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability kim (Apr 20)
RE: (addendum) redirection vuln crawlers breed & security through obscurity Evans, Arian (Apr 20)
[Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure Cesar (Apr 20)
4images <= 1.7 XSS qex (Apr 20)
Websense Filter Bypass qex (Apr 20)
Mini-NUKE v2.3<<--- SQL Injection CrAzY . CrAcKeR (Apr 20)
- <Possible follow-ups>
- Re: Mini-NUKE v2.3<<--- SQL Injection nukedx (Apr 21)
[ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service Sune Kloppenborg Jeppesen (Apr 21)
[ GLSA 200604-10 ] zgv, xzgv: Heap overflow Sune Kloppenborg Jeppesen (Apr 21)
[SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI François Harvey (Apr 21)
BK Forum <<--V.4.0 SQL Injection CrAzY . CrAcKeR (Apr 21)
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities alex (Apr 21)
r57shell.php <= 1.3 XSS qex (Apr 21)
bloggage Remote SQL Injection omnipresent (Apr 21)
[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution Martin Schulze (Apr 21)
RE: [BULK] - Websense Filter Bypass Hubbard, Dan (Apr 21)
- <Possible follow-ups>
- RE: [BULK] - Websense Filter Bypass John E. Fleming (Apr 24)
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites simo64 (Apr 21)
Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error advisory (Apr 21)
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key advisory (Apr 21)
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability advisory (Apr 21)
Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows advisory (Apr 21)
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities secure (Apr 21)
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution Martin Schulze (Apr 22)
VWar <= ver 1.21 Remote Code Execution Exploit ali (Apr 22)
dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 22)
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
[ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution Thierry Carrez (Apr 22)
FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection o . y . 6 (Apr 23)
Yahoo! Mail XSS Vulnerability Cheng Peng Su (Apr 23)
MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 23)
[USN-272-1] cyrus-sasl2 vulnerability Martin Pitt (Apr 24)
NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability NSFOCUS Security Team (Apr 24)
NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability NSFOCUS Security Team (Apr 24)
[SECURITY] [DSA 1040-1] New gdm packages fix local root exploit Martin Schulze (Apr 24)
[SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities Martin Schulze (Apr 24)
Scry Gallery XSS Vulnerability arko . dhar (Apr 24)
[ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import Sune Kloppenborg Jeppesen (Apr 24)
[ GLSA 200604-13 ] fbida: Insecure temporary file creation Sune Kloppenborg Jeppesen (Apr 24)
[ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez (Apr 24)
[eVuln] RateIt SQL Injection Vulnerability alex (Apr 24)
FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility n0m3rcy (Apr 24)
XSS Bug in OpenGear Server Website Aditya (Apr 24)
BK Forum <= 4.0 Remote SQL Injection n0m3rcy (Apr 24)
[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability admin (Apr 24)
[USN-273-1] Ruby vulnerability Martin Pitt (Apr 24)
RIblog Remote SQL Injection Exploit omnipresent (Apr 24)
Re: evoBlog Remote Name tag Script injection daniel (Apr 24)
Buffer-overflow and crash in Fenice OMS 1.10 Luigi Auriemma (Apr 24)
Denial of service bugs in OpenTTD 0.4.7 Luigi Auriemma (Apr 24)
Multiple PHP4/PHP5 vulnerabilities infocus (Apr 24)
Format string bug in Skulltag 0.96f Luigi Auriemma (Apr 24)
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 24)
- <Possible follow-ups>
- Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. nukedx (Apr 25)
Apple Mac OS X Safari 2.0.3 Vulnerability (Apr 24)
- Re: Apple Mac OS X Safari 2.0.3 Vulnerability Colin Keigher (Apr 24)
  - Re: Apple Mac OS X Safari 2.0.3 Vulnerability Tom Ferris (Apr 25)
    - Re: Apple Mac OS X Safari 2.0.3 Vulnerability Billy Bues (Apr 25)
- <Possible follow-ups>
- Re: Apple Mac OS X Safari 2.0.3 Vulnerability jens (Apr 26)
  - Re: Apple Mac OS X Safari 2.0.3 Vulnerability Aaron Phillips (Apr 26)
    - Re: Apple Mac OS X Safari 2.0.3 Vulnerability Ian MacPhedran (Apr 30)
Firefox Remote Code Execution and DoS 1.5.0.2 chris (Apr 24)
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability admin (Apr 24)
VWar Path Disclosure arko . dhar (Apr 24)
- <Possible follow-ups>
- Re: VWar Path Disclosure spic (Apr 30)
vbulletin<--3.0.x SQL Injection CrAzY . CrAcKeR (Apr 24)
- <Possible follow-ups>
- Re: vbulletin<--3.0.x SQL Injection scott (Apr 24)
Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 24)
ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ntwak0 (Apr 24)
- Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS fabio (Apr 25)
- Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS Andreas Beck (Apr 25)
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow Kaveh Razavi (Apr 24)
[ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities. security (Apr 25)
[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability security (Apr 25)
photokorn 1.53 , 1.542 << Sql Dr-Jr7 (Apr 25)
NextAge Shopping Cart Software XSS AminRayden (Apr 25)
[ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities security (Apr 25)
PhpWebFtp Cross Site Scripting Vulnerability arko . dhar (Apr 25)
[SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution Martin Schulze (Apr 25)
NASL 'Split' function Buffer overflow Vulnerability OS2A BTO (Apr 25)
- Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison (Apr 25)
  - Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison (Apr 25)
Invision Vulnerabilities, including remote code execution spam (Apr 25)
- <Possible follow-ups>
- Re: Invision Vulnerabilities, including remote code execution Steven M. Christey (Apr 26)
  - RE: Invision Vulnerabilities, including remote code execution Mike Weller (Apr 30)
- Re: Invision Vulnerabilities, including remote code execution mattmecham (Apr 27)
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service Martin Schulze (Apr 25)
Fenice - Open Media Streaming Server remote BOF exploit Kaveh Razavi (Apr 25)
PowerPoint Phishing Trojan Lance James (Apr 25)
Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance Moonen, Ralph (Apr 25)
Multiple browsers Windows mailto protocol Office 2003 file attachment exploit inge . henriksen (Apr 25)
Instant Photo Gallery <= Multiple XSS qex (Apr 25)
- Re: Instant Photo Gallery <= Multiple XSS security curmudgeon (Apr 27)
- <Possible follow-ups>
- Instant Photo Gallery <= Multiple XSS qex (Apr 25)
- Re: Instant Photo Gallery <= Multiple XSS Steven M. Christey (Apr 27)
DCForumLite V 3.0<--XSS/SQL Injection Breeeeh (Apr 25)
Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 26)
- <Possible follow-ups>
- Re: Recent Oracle exploit is _actually_ an 0day with no patch Steven M. Christey (Apr 28)
  - Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 28)
    - Re: Recent Oracle exploit is _actually_ an 0day with no patch Cesar (Apr 28)
- RE: Recent Oracle exploit is _actually_ an 0day with no patch Kornbrust, Alexander (Apr 28)
  - Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 30)
[ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability security (Apr 26)
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team (Apr 26)
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Apr 26)
- <Possible follow-ups>
- [SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Apr 26)
MySmartBB<---v 1.1.x SQL Injection/XSS BoNy-m (Apr 26)
DevBB <= 1.0.0 XSS qex (Apr 26)
Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow Secunia Research (Apr 26)
[ GLSA 200604-15 ] xine-ui: Format string vulnerabilities Sune Kloppenborg Jeppesen (Apr 26)
[SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution Martin Schulze (Apr 26)
[ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Apr 26)
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities alex (Apr 26)
SQL Injection On DUportal outlaw (Apr 26)
ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability zdi-disclosures (Apr 26)
XXS Attack On FarsiNews outlaw (Apr 26)
Open Bulletin Board < Multiple Vulnerability qex (Apr 26)
Local XXS Attack On CuteNews outlaw (Apr 26)
Re: XV multiple buffer overflows (update) kvea (Apr 26)
[EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow eEye Advisories (Apr 26)
MyBB 1.1.1 Local SQL Injections o . y . 6 (Apr 27)
[no subject] Yannick von Arx (Apr 27)
[USN-274-1] MySQL vulnerability Martin Pitt (Apr 27)
Land Down Under 802 and below version Path Disclosure Vulnerability Advisory (Apr 27)
[security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 27)
[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access security-alert (Apr 27)
[ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors Sune Kloppenborg Jeppesen (Apr 27)
[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006 security-alert (Apr 27)
SQL injection exploit IPB <= 2.1.4 satanchild123 (Apr 27)
[USN-275-1] Mozilla vulnerabilities Martin Pitt (Apr 27)
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution Martin Schulze (Apr 27)
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Apr 27)
BL4's SMTP server BufferOverflow Vulnerable the_day (Apr 27)
Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability Secunia Research (Apr 28)
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability the_day (Apr 28)
WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability Sowhat (Apr 28)
Cireos Portal Cross Site Scripting outlaw (Apr 28)
[Argeniss] Alert - Yahoo! Mail XSS vulnerability Cesar (Apr 28)
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP) botan (Apr 28)
[ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez (Apr 28)
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability botan (Apr 28)
Neomail.pl Local Cross Site Scripting outlaw (Apr 28)
[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability botan (Apr 28)
Invision Power Board 2.1.5 POC Javier Olascoaga (Apr 30)
W-Agora 4.20 XSS r0xes . ratm (Apr 30)
TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability mfoxhacker (Apr 30)
TextFileBB 1.0.16 Multiple XSS r0xes . ratm (Apr 30)
poll.pl<--remote commands execution exploit CrAzY . CrAcKeR (Apr 30)
XSS Attack On DirectAdmin Hosting Managment outlaw (Apr 30)

Previous period

Next period