Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

569 messages starting Aug 30 06 and ending Aug 21 06
Date index | Thread index | Author index

addmimistrator

[KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack addmimistrator (Aug 30)
vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit addmimistrator (Aug 05)
[KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack addmimistrator (Aug 30)

admin

[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue admin (Aug 03)

AG Spider

WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider (Aug 01)
Virtual War v1.5.0 Remote File Include (vwar_root) AG Spider (Aug 07)
WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider (Aug 01)

alex

[eVuln] MyBB 'Avatar URL' XSS Vulnerability alex (Aug 02)

ali

JS ASP Faq Manager v1.10 sql injection ali (Aug 29)

alireza hassani

[KAPDA::#55] - Joomla poll component vulnerability alireza hassani (Aug 18)

Allie Daneman

Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Allie Daneman (Aug 14)

amir . scorpino

ModuleBased CMS alfa 1 Multiple Remote File Inclusion amir . scorpino (Aug 31)

Amit Klein (AKsecurity)

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash Amit Klein (AKsecurity) (Aug 14)
Sending multipart/form-data requests from Flash (with arbitrary headers) Amit Klein (AKsecurity) (Aug 10)
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" Amit Klein (AKsecurity) (Aug 16)

Andreas Gal

Cisco NAC Appliance Agent Installation Bypass Vulnerability Andreas Gal (Aug 26)

Andreas Marx

Re: when will AV vendors fix this??? Andreas Marx (Aug 18)

Andre Braun

AW: Symantec Gateway Security DNS exploit Andre Braun (Aug 23)

Andy Meyers

RE: linksys WRT54g authentication bypass Andy Meyers (Aug 07)

anon

Re: [eVuln] B-net Software Multiple XSS Vulnerabilities anon (Aug 25)

ATR-Bugtraq

Assessment of Vista Kernel Mode Security ATR-Bugtraq (Aug 09)

auuw73

Directory Traversal vulnerability in IPCheck Monitor Server auuw73 (Aug 10)

Avert

Linux Kernel SCTP Privilege Elevation Vulnerability Avert (Aug 22)
Symantec Enterprise Security Manager Denial-of-Service Vulnerability Avert (Aug 22)

axel

Re: Symantec Gateway Security DNS exploit axel (Aug 25)

beford

TSEP <= 0.942 Remote File Include beford (Aug 03)

Benjamin Tobias Franz

Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Benjamin Tobias Franz (Aug 12)

bilkopat

Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability bilkopat (Aug 18)

Bipin Gautam

Re: [Full-disclosure] RE: when will AV vendors fix this??? Bipin Gautam (Aug 18)
Re: when will AV vendors fix this??? Bipin Gautam (Aug 11)
when will AV vendors fix this??? Bipin Gautam (Aug 07)

blood2_20032003

Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss blood2_20032003 (Aug 12)

Blwood

Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed Blwood (Aug 30)

botan

[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution botan (Aug 01)
[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability botan (Aug 19)
[Kurdish Security # 18 ] FAQ Script Remote Command Execution botan (Aug 01)
[Kurdish Security # 19 ] FileManager Remote Command Execution botan (Aug 01)
[Kurdish Security # 20 ] Quickie Remote Command Execution botan (Aug 01)
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution botan (Aug 01)
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution botan (Aug 01)

bozkurtserdar

DUpoll 3.1 security alert bozkurtserdar (Aug 29)

brom0815

VWar <= 1.50 R14 (n) Remote SQL Injection brom0815 (Aug 11)

camino

Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability camino (Aug 18)
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability camino (Aug 10)
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability camino (Aug 18)

carcabotx

JetBox cms (search_function.php) Remote File Include carcabotx (Aug 28)
interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability carcabotx (Aug 28)

Carsten Eilers

Re: PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability Carsten Eilers (Aug 24)
Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability Carsten Eilers (Aug 22)
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: contentpublisher Mambo Component Remote File Include Vulnerabilities Carsten Eilers (Aug 24)
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability Carsten Eilers (Aug 22)
Re: mambo-phphop Product Scroller Module R.F.I Carsten Eilers (Aug 22)
Re: mtg_myhomepage Component For Mambo R.F.I Carsten Eilers (Aug 22)
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 17)
Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 22)
Re: CuteNews 1.3.* Remote File Include Vulnerability Carsten Eilers (Aug 30)
Re: Modification For OpenSEF Remote file Inclusion Carsten Eilers (Aug 24)
Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include Carsten Eilers (Aug 24)
Re: Jupiter CMS 1.1.5 index.php Remote File Include Carsten Eilers (Aug 30)
Re: Mambo Component - EstateAgent Remote File Inclusion Carsten Eilers (Aug 24)
Re: Joomla RF&#304; ( ERNE ) Carsten Eilers (Aug 24)
Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) Carsten Eilers (Aug 24)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers (Aug 15)
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
Re: JetBox cms (search_function.php) Remote File Include Carsten Eilers (Aug 30)
Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities Carsten Eilers (Aug 14)
Re: anjel Mambo Component Remote File Include Carsten Eilers (Aug 22)

c . boulton

XennoBB <= "avatar gallery" Directory Transversal c . boulton (Aug 10)
XennoBB <= 2.1.0 "birthday" SQL injection c . boulton (Aug 07)
XennoBB <= 2.2.1 "icon_topic" SQL Injection c . boulton (Aug 19)

C. Hamby

Re: BlackBoard Multiple Vulnerabilities (XSS) C. Hamby (Aug 23)

Cheng Peng Su

Bypassing script filters with variable-width encodings Cheng Peng Su (Aug 11)

ChironeX . FleckeriX

LBlog <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX (Aug 21)
SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX (Aug 21)

chris

SQL-Ledger serious security vulnerability and workaround chris (Aug 30)

chris_hasibuan

SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion chris_hasibuan (Aug 03)
SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion chris_hasibuan (Aug 07)

Chris Wysopal

Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure Chris Wysopal (Aug 02)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Unintentional Password Modification in Cisco Firewall Products Cisco Systems Product Security Incident Response Team (Aug 23)
Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities Cisco Systems Product Security Incident Response Team (Aug 23)

Collin R. Mulliner

PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service Collin R. Mulliner (Aug 10)

Core Security Technologies advisories

CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service Core Security Technologies advisories (Aug 15)

crackers_child

Lizge V.20 Web Portal File Include Vulnerability crackers_child (Aug 15)
Reporter Mambo Component Remote File &#304;nclude crackers_child (Aug 16)
anjel Mambo Component Remote File Include crackers_child (Aug 18)
Mambo com_lm component (archive.php) Remote File Include Vulnerabilities crackers_child (Aug 16)
contentpublisher Mambo Component Remote File Include Vulnerabilities crackers_child (Aug 18)
Joomla Rssxt <= 1.0 Remote File Include Vulnerability crackers_child (Aug 18)
Joomla x-shop <= 1.7 Remote File Include Vulnerability crackers_child (Aug 18)

cyanid-E

0-day XP SP2 wmf exploit cyanid-E (Aug 07)
0-day XP SP2 wmf exploit (some details) cyanid-E (Aug 07)

D3nGeR

Jetbox CMS search_function.php Remote File D3nGeR (Aug 26)
PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) D3nGeR (Aug 22)
Jupiter CMS 1.1.5 index.php Remote File Include D3nGeR (Aug 26)
PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability D3nGeR (Aug 22)

Damian Put

[Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Damian Put (Aug 14)

Daniel Kobras

Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Daniel Kobras (Aug 16)

danil9470

Re: Opsware NAS 6.0 reveals MySQL 'root' password danil9470 (Aug 24)

darkz . gsa

DeluxeBB Multiple Vulnerabilities darkz . gsa (Aug 07)

Dave Wichers

Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers (Aug 18)
RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers (Aug 14)

David Litchfield

Informix - Discovery, Attack and Defense David Litchfield (Aug 14)

David Matousek

ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability David Matousek (Aug 01)
Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability David Matousek (Aug 18)

dc

Simpliciti Locked Browser Jail Breakout Vulnerability dc (Aug 22)

Denis Jedig

Re: when will AV vendors fix this??? Denis Jedig (Aug 07)

Dennis Lubert

Re: Gdiplus.dll division by 0 Dennis Lubert (Aug 01)

Design Properly

Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Design Properly (Aug 31)

dicomdk

UPDATE vBulletin Version 3.5.4 exploit dicomdk (Aug 18)

dinoboff

Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. dinoboff (Aug 07)

dkabs

Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug dkabs (Aug 22)

dm

Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure dm (Aug 10)

Dmitry Yu. Bolkhovityanov

RE: [Full-disclosure] RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 14)

do

Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) do (Aug 31)

dr . t3rr0r1st

discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 17)
Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 18)

eEye Advisories

[EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow eEye Advisories (Aug 07)
[EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability eEye Advisories (Aug 17)

Eloy Paris

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Eloy Paris (Aug 28)

erdc

[ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion erdc (Aug 07)
[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion erdc (Aug 31)
[ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability erdc (Aug 14)
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client erdc (Aug 04)

erne

Joomla RF&#304; ( ERNE ) erne (Aug 18)

EvilPacket

Simpliciti Locked Browser Jail Breakout Vulnerability EvilPacket (Aug 02)

exe_crack

XXS in learncenter.asp exe_crack (Aug 31)

exploitex

Tinyportal Shoutbox exploitex (Aug 05)

farhadkey

[KAPDA::#56] - FREEKOT SQL Injection Vulnerability farhadkey (Aug 30)

Francisco Amato

[ISR] - Novell Groupwise Webaccess (Cross-Site Scripting) Francisco Amato (Aug 09)
[ISR] - IBM eGatherer ActiveX Code Execution PoC Francisco Amato (Aug 31)

Frank Reißner

AW: JetBox cms (search_function.php) Remote File Include Frank Reißner (Aug 29)
AW: AW: JetBox cms (search_function.php) Remote File Include Frank Reißner (Aug 31)
AW: Virtual War v1.5.0 Remote File Include (vwar_root) Frank Reißner (Aug 08)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-06:18.ppp FreeBSD Security Advisories (Aug 24)
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED] FreeBSD Security Advisories (Aug 25)

Geoff Vass

Google Picasa Listening on Port 80? Geoff Vass (Aug 14)

Gerardo Richarte

Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Gerardo Richarte (Aug 15)

giacomo collini

Re: Gdiplus.dll division by 0 giacomo collini (Aug 01)

Gianstefano Monni

Javascript software authentication brute force attack Gianstefano Monni (Aug 03)
Symantec Gateway Security DNS exploit Gianstefano Monni (Aug 23)

Ginsu Rabbit

Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
RE: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
linksys WRT54g authentication bypass Ginsu Rabbit (Aug 07)

gmdarkfig

Membrepass v1.5 Php code execution, Xss, Sql Injection gmdarkfig (Aug 31)
ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS gmdarkfig (Aug 30)

gooorguss

Re: RE: linksys WRT54g authentication bypass gooorguss (Aug 14)

gssincla

Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] gssincla (Aug 01)
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] gssincla (Aug 01)

guant a

Re: linksys WRT54g authentication bypass guant a (Aug 11)

Guillermo Marro

Security contact from Critical Path Inc Guillermo Marro (Aug 14)

h1kari () toorcon org

ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added h1kari () toorcon org (Aug 18)

h4ck3riran

Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ) h4ck3riran (Aug 29)
Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) h4ck3riran (Aug 29)
ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include h4ck3riran (Aug 21)

heintz

php local buffer underflow could lead to arbitary code execution heintz (Aug 07)

HeLiOsZ RooT

CivicSpace Version 0.8.5 HTML injection HeLiOsZ RooT (Aug 09)
Dragonfly CMS 9.0.6.1 and prior XSS HeLiOsZ RooT (Aug 10)

Henrik Stoerner

Hobbit monitor security bugfix release - 4.1.2p2 Henrik Stoerner (Aug 02)

Henry Jensen

Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Henry Jensen (Aug 21)

henry . sieff

Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory henry . sieff (Aug 11)

Henry Sieff

Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Henry Sieff (Aug 11)

Hessamx

Ezportal/Ztml v1.0 Multiple vulnerabilities Hessamx (Aug 30)
IwebNegar v1.1 Multiple vulnerabilities Hessamx (Aug 30)

hoangyenxinhdep

LinksCaffe no checker at admin hoangyenxinhdep (Aug 29)

infocus

MDaemon POP3 server remote buffer overflow (preauth) infocus (Aug 22)

istgha

Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability istgha (Aug 14)

Jacobo Avariento

POC & exploit for Apache mod_rewrite off-by-one Jacobo Avariento (Aug 21)

Jakob Balle

Secunia Research: AOL Insecure Default Directory Permissions Jakob Balle (Aug 18)

james

Re: vbulletin 3.5.4 IE exploit xss james (Aug 07)

Jan de Groot

Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Jan de Groot (Aug 22)

Joe Feise

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Joe Feise (Aug 30)

Joe Orton

Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows Joe Orton (Aug 16)

jon

feedsplitter considered harmful jon (Aug 30)

Juha-Matti Laurio

New malware names and updates to PowerPoint FAQ document Juha-Matti Laurio (Aug 23)
New PowerPoint 0-day and Trojan - FAQ document ready Juha-Matti Laurio (Aug 21)
Re: Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio (Aug 08)
Major updates in PowerPoint FAQ document - not a 0-day issue Juha-Matti Laurio (Aug 22)
Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio (Aug 07)
New NT4/Windows botnet reported Juha-Matti Laurio (Aug 31)

Justin M. Forbes

rPSA-2006-0142-1 libtiff Justin M. Forbes (Aug 02)
rPSA-2006-0158-1 tshark wireshark Justin M. Forbes (Aug 25)
rPSA-2006-0147-1 mysql mysql-bench mysql-server Justin M. Forbes (Aug 08)
rPSA-2006-0143-1 gnupg Justin M. Forbes (Aug 02)
rPSA-2006-0159-1 ImageMagick Justin M. Forbes (Aug 29)
rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation Justin M. Forbes (Aug 09)
rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs Justin M. Forbes (Aug 25)
rPSA-2006-0152-1 squirrelmail Justin M. Forbes (Aug 11)

Kameron Gasso

RE: Google Picasa Listening on Port 80? Kameron Gasso (Aug 18)

Kenneth F. Belva

InfoSec Paper: Creating Business Through Virtual Trust Kenneth F. Belva (Aug 30)

K F (lists)

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' K F (lists) (Aug 01)

king-hacker

faille include in "VeriTECH" isreal king-hacker (Aug 22)

king_purba

IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY king_purba (Aug 07)

Krulewitch, Sean V

Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities Krulewitch, Sean V (Aug 25)

Kuon_at_Armorize_dot_com

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability Kuon_at_Armorize_dot_com (Aug 25)

Lance Seelbach

RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Lance Seelbach (Aug 14)

Ludwig Nussel

SUSE Security Announcement: clamav (SUSE-SA:2006:046) Ludwig Nussel (Aug 09)

Luigi Auriemma

Multiple buffer-overflows in AlsaPlayer 0.99.76 Luigi Auriemma (Aug 09)
Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006) Luigi Auriemma (Aug 07)
Multiple buffer-overflows in libmusicbrainz 2.1.2 Luigi Auriemma (Aug 14)
Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 Luigi Auriemma (Aug 09)

luny

OZJournal v1.5 - XSS luny (Aug 02)

Mailinglists Address

Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion Mailinglists Address (Aug 07)

Manh Tho

ARES 2007: Call for workshop proposals, deadline Sept 10, 2006 Manh Tho (Aug 07)

mannion

Re: Concurrency-related vulnerabilities in browsers - expect problems mannion (Aug 18)

Marc Maiffret

EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable Marc Maiffret (Aug 22)
RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Marc Maiffret (Aug 18)
EEYE: research.eeye.com Marc Maiffret (Aug 02)
EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability Marc Maiffret (Aug 24)

Marc Ruef

[scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing Marc Ruef (Aug 16)
[scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting Marc Ruef (Aug 16)

Mariano Nuñez Di Croce

CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service Mariano Nuñez Di Croce (Aug 10)
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow Mariano Nuñez Di Croce (Aug 10)
CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce (Aug 29)

Marius Huse Jacobsen

Re: when will AV vendors fix this??? Marius Huse Jacobsen (Aug 10)

Martin Johns

(somewhat) breaking the same-origin policy by undermining dns-pinning Martin Johns (Aug 14)

Martin Pitt

[USN-332-1] gnupg vulnerability Martin Pitt (Aug 03)
[USN-334-1] krb5 vulnerabilities Martin Pitt (Aug 16)
[USN-330-1] tiff vulnerabilities Martin Pitt (Aug 02)
[USN-335-1] heartbeat vulnerability Martin Pitt (Aug 16)
[USN-331-1] Linux kernel vulnerabilities Martin Pitt (Aug 03)
[USN-337-1] imagemagick vulnerability Martin Pitt (Aug 17)
[USN-336-1] binutils vulnerability Martin Pitt (Aug 17)
[USN-327-2] firefox regression Martin Pitt (Aug 01)
[USN-333-1] libwmf vulnerability Martin Pitt (Aug 09)

Martin Schulze

[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Aug 02)
[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution Martin Schulze (Aug 10)
[SECURITY] [DSA 1152-1] New trac packages fix information disclosure Martin Schulze (Aug 18)
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities Martin Schulze (Aug 02)
[SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution Martin Schulze (Aug 04)
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Aug 29)
[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting Martin Schulze (Aug 01)
[SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution Martin Schulze (Aug 02)
[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service Martin Schulze (Aug 03)
[SECURITY] [DSA 1159-1] New Mozilla Thunderbird packages fix several problems Martin Schulze (Aug 28)
[SECURITY] [DSA 1164-1] New sendmail packages fix denial of service Martin Schulze (Aug 31)
[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service Martin Schulze (Aug 04)
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation Martin Schulze (Aug 09)
[SECURITY] [DSA 1155-2] New sendmail packages fix denial of service Martin Schulze (Aug 24)
[SECURITY] [DSA 1143-1] New dhcp packages fix denial of service Martin Schulze (Aug 04)
[SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution Martin Schulze (Aug 18)
[SECURITY] [DSA 1155-1] New sendmail packages fix denial of service Martin Schulze (Aug 24)
[SECURITY] [DSA 1163-1] New gtetrinet packages fix arbitrary code execution Martin Schulze (Aug 30)
[SECURITY] [DSA 1136-1] New gpdf packages fix denial of service Martin Schulze (Aug 02)
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Martin Schulze (Aug 12)
[SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Aug 29)
[SECURITY] [DSA 1162-1] New libmusicbrainz packages fix arbitrary code execution Martin Schulze (Aug 30)
[SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service Martin Schulze (Aug 15)

Martin Vuagnoux

AUTODAFE: an Act of Software Torture [FUZZER] Martin Vuagnoux (Aug 07)

matdhule

Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities matdhule (Aug 14)
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities matdhule (Aug 26)
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion matdhule (Aug 04)

Matthew Hall

Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01] Matthew Hall (Aug 04)
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] Matthew Hall (Aug 03)

Matthias Geerdsen

[ GLSA 200608-13 ] ClamAV: Heap buffer overflow Matthias Geerdsen (Aug 08)
[ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite Matthias Geerdsen (Aug 01)

Matt Riddell (IT)

Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Matt Riddell (IT) (Aug 25)

MC Iglo

Tons of SQL-injections and XSS in Eichhorn Portal and vendor page MC Iglo (Aug 22)
XSS in HLstats 1.34 MC Iglo (Aug 30)

mfoxhacker

Virtual War v1.5.0 <= Sql Injection vuln. mfoxhacker (Aug 10)
Vwar v1.5.0 <= Sql Injection and XSS vuln. mfoxhacker (Aug 03)
Compersus ASP shopping cart <= DataBase Downloading vuln. mfoxhacker (Aug 10)

michael

Security Vulnerability in Ruby on Rails 1.1.x michael (Aug 11)

Michael Engert

Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Michael Engert (Aug 14)

Michael Hale Ligh

Compression Plus and Tumblweed EMF Stack Overflow Michael Hale Ligh (Aug 31)

Michael Jennings

Suggested Fix for CVE-2006-4299 Michael Jennings (Aug 26)

Michael Wojcik

RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michael Wojcik (Aug 17)

Michal Zalewski

Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 18)
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 15)
Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 12)
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski (Aug 18)

Miguel Valentin

RE: linksys WRT54g authentication bypass Miguel Valentin (Aug 11)

mikeiscool

Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner mikeiscool (Aug 18)

Mike Prosser

SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege Mike Prosser (Aug 16)

mjw

Possible Myspace Worm mjw (Aug 28)

Moritz Muehlenhoff

[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code Moritz Muehlenhoff (Aug 01)
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities Moritz Muehlenhoff (Aug 28)
[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service Moritz Muehlenhoff (Aug 07)
[SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting Moritz Muehlenhoff (Aug 09)
[SECURITY] [DSA 1158-1] New streamripper packages fix arbitrary code execution Moritz Muehlenhoff (Aug 28)
[SECURITY] [DSA 1138-1] New cfs packages fix denial of service Moritz Muehlenhoff (Aug 02)
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities Moritz Muehlenhoff (Aug 08)
[SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities Moritz Muehlenhoff (Aug 09)
[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation Moritz Muehlenhoff (Aug 03)
[SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure Moritz Muehlenhoff (Aug 21)
[SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure Moritz Muehlenhoff (Aug 28)

MosT3mR

local file include in PHP-Nuke (autohtml.php) MosT3mR (Aug 15)

mr

Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability mr (Aug 14)

Mr . Niega

ShockwaveFlash 9 (Stack overflow) Mr . Niega (Aug 16)

Mustafa Can Bjorn IPEKCI

Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities Mustafa Can Bjorn IPEKCI (Aug 24)
Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability Mustafa Can Bjorn IPEKCI (Aug 24)

nareshhacker

Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows nareshhacker (Aug 17)

naveed

Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) naveed (Aug 18)

NGSSoftware Insight Security Research

Unauthorized Database Creation Privilege on Informix NGSSoftware Insight Security Research (Aug 14)
Arbitrary Library Loading in Informix NGSSoftware Insight Security Research (Aug 14)
Multiple Arbitrary Command Execution Vulnerabilities NGSSoftware Insight Security Research (Aug 14)
Informix Long Username Buffer Overflow Vulnerability NGSSoftware Insight Security Research (Aug 14)
Multiple Arbitrary File Access (Write/Read) Vulnerabilities NGSSoftware Insight Security Research (Aug 14)
Multiple Password Exposures Flaws NGSSoftware Insight Security Research (Aug 14)
Error logging buffer overflow in Informix NGSSoftware Insight Security Research (Aug 14)
SQLIDEBUG envariable overflow on Informix NGSSoftware Insight Security Research (Aug 14)
Multiple Buffer Overflow Vulnerabilities in Informix NGSSoftware Insight Security Research (Aug 14)

Nicholas Knight

Re: linksys WRT54g authentication bypass Nicholas Knight (Aug 11)

night_warrior-

DieselPay &#304;ndex.php Cross-Site Scripting Vulnerability night_warrior- (Aug 21)
Smart Traffic Remote File Include Vulnerability night_warrior- (Aug 21)
Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability night_warrior- (Aug 21)
Diesel Job Site forgot.php Cross-Site Scripting night_warrior- (Aug 21)
AlstraSoft Video Share Enterprise Remote File Include Vulnerability night_warrior- (Aug 26)

Nikolay Kubarelov

Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov (Aug 11)

NNP

Opera 9 Remote Denial of Service NNP (Aug 14)

noname

Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability noname (Aug 14)
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability noname (Aug 14)

nop

[XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability nop (Aug 21)
[XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability nop (Aug 21)
[XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability nop (Aug 28)
[XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability nop (Aug 17)
[XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability nop (Aug 15)
[XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability nop (Aug 17)

NSFOCUS Security Team

NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability NSFOCUS Security Team (Aug 25)

nukedx

Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability nukedx (Aug 12)

Omid

Sql injection in Mambo & Joomla Omid (Aug 26)
Sql injection in Xoops Omid (Aug 26)

omnipresent

Simple one-file GuestBook 1.0 omnipresent (Aug 10)

Outlaw

Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw (Aug 21)
Mambo Component - EstateAgent Remote File Inclusion Outlaw (Aug 21)
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw (Aug 21)
CMSimple Cross Site Scripting Outlaw (Aug 03)
Ako Comments (mod) Remote File Inclusion Outlaw (Aug 19)
Yabb XSS Outlaw (Aug 10)
mambo-phphop Product Scroller Module R.F.I Outlaw (Aug 18)
mtg_myhomepage Component For Mambo R.F.I Outlaw (Aug 18)
wheatblog &#1615;Session.php Remote File Inclusion Outlaw (Aug 11)
Mambo CatalogShop Remote File Inclusion Outlaw (Aug 19)
fusionnews 3,7 Remote File Inclusion Outlaw (Aug 15)
Modification For OpenSEF Remote file Inclusion Outlaw (Aug 19)

Paul Schmehl

Re: when will AV vendors fix this??? Paul Schmehl (Aug 11)
Re: [Full-disclosure] RE: when will AV vendors fix this??? Paul Schmehl (Aug 18)
Re: [Full-disclosure] Re: when will AV vendors fix this??? Paul Schmehl (Aug 18)

pdp (architect)

XSSing the Lan 3 (web trojans.. not a new idea) pdp (architect) (Aug 11)
Attacking the local LAN via XSS pdp (architect) (Aug 07)
JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 14)
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect) (Aug 07)
JavaScript Lazy Authorization Forcer and Visited Link Scaner pdp (architect) (Aug 18)
JavaScript port scanning pdp (architect) (Aug 01)

pedantic1

MS Terminal Server application session breakout pedantic1 (Aug 16)

pete

unwrapping PL/SQL pete (Aug 08)

Philip M. Gollucci

Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Philip M. Gollucci (Aug 03)

philipp . niedziela

Sonium Enterprise Adressbook Version 0.2 (folder) RFI philipp . niedziela (Aug 18)
ME Download System 1.3 Remote File Inclusion philipp . niedziela (Aug 03)
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI philipp . niedziela (Aug 11)
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion philipp . niedziela (Aug 04)
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion philipp . niedziela (Aug 07)
Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability philipp . niedziela (Aug 09)
TSEP 0.9.4.2 <= Remote File Inclusion philipp . niedziela (Aug 01)

piiiiiii pppiiiiiiii

BlogHoster v2.2 Post Comment Html Injection piiiiiii pppiiiiiiii (Aug 09)
blur6ex 0.3 Comment title HTML inyection vuln. piiiiiii pppiiiiiiii (Aug 07)
Archangel Weblog 0.90.02 and prior Multiple HTML injections piiiiiii pppiiiiiiii (Aug 08)
simplog 0.9.3 and prior XSS piiiiiii pppiiiiiiii (Aug 07)

pingywon

Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] pingywon (Aug 02)

Pr070n

Re: Re: BlackBoard Multiple Vulnerabilities (XSS) Pr070n (Aug 31)
BlackBoard Multiple Vulnerabilities (XSS) Pr070n (Aug 22)

pr0t0n

Re: BlackBoard Multiple Vulnerabilities (XSS) pr0t0n (Aug 23)

preth00nker

Multiple xxs cPanel 10 preth00nker (Aug 18)
DoS 2wire Gateway preth00nker (Aug 21)

Pretorius, Wynand (ZA - Johannesburg)

RE: Symantec Gateway Security DNS exploit Pretorius, Wynand (ZA - Johannesburg) (Aug 23)

public

Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability public (Aug 14)

pucik

[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow pucik (Aug 09)

qode

Nokia Browser Crash qode (Aug 11)

Raphael Marichez

[ GLSA 200608-27 ] Motor: Execution of arbitrary code Raphael Marichez (Aug 29)
[ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@) Raphael Marichez (Aug 10)
[ GLSA 200608-19 ] WordPress: Privilege escalation Raphael Marichez (Aug 11)
UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities Raphael Marichez (Aug 11)
[ GLSA 200608-28 ] PHP: Arbitary code execution Raphael Marichez (Aug 29)
[ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities Raphael Marichez (Aug 29)
[ GLSA 200608-21 ] Heimdal: Multiple local privilege escalation vulnerabilities Raphael Marichez (Aug 23)
[ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities Raphael Marichez (Aug 14)
[ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations Raphael Marichez (Aug 28)
[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows Raphael Marichez (Aug 26)
[ GLSA 200608-22 ] fbida: Arbitrary command execution Raphael Marichez (Aug 23)

ratboy727

XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php) ratboy727 (Aug 10)

Redworm

MyBB Html Injection ( XSS ) Redworm (Aug 26)

research

SYMSA-2006-009 research (Aug 29)

Reversemode

Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Reversemode (Aug 12)

rgod

Simple Machines Forum <=1.1RC2 unset() vulnerabilities rgod (Aug 22)
e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution rgod (Aug 29)
XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution rgod (Aug 14)
MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure rgod (Aug 05)
SendCard <= 3.4.0 unauthorized administrative access / remote commands execution rgod (Aug 03)
CubeCart <= 3.0.11 SQL injection & cross site scripting rgod (Aug 17)

Richard Lindberg

Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA Richard Lindberg (Aug 17)

Rodrigo Barbosa

Re: linksys WRT54g authentication bypass Rodrigo Barbosa (Aug 11)

Rodrigo Rubira Branco (BSDaemon)

Hackers to Hackers Conference III - Call for Papers Rodrigo Rubira Branco (BSDaemon) (Aug 30)

Roger A. Grimes

RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] Roger A. Grimes (Aug 02)

root

Netgear FVG318 is vunerable to DOS attack root (Aug 10)
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue. root (Aug 16)

Roy Hills

Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills (Aug 02)

rPath Update Announcements

rPSA-2006-0162-1 kernel rPath Update Announcements (Aug 31)
rPSA-2006-0161-1 libmusicbrainz rPath Update Announcements (Aug 31)

s10242006

osCommerce < 2.2 Milestone 2 060817 POC Exploit s10242006 (Aug 30)

saudi . unix

powergap <= (s0x.php) Remote File Inclusion saudi . unix (Aug 17)

ScatterChat Advisories

ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability ScatterChat Advisories (Aug 12)

Schanulleke

Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke (Aug 07)

scott

Re: UPDATE vBulletin Version 3.5.4 exploit scott (Aug 18)

Sean Warnock

Security Contact Sean Warnock (Aug 10)

Secunia Research

Secunia Research: Jetbox Multiple Vulnerabilities Secunia Research (Aug 02)
Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions Secunia Research (Aug 03)

secure

Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege secure (Aug 17)
SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure secure (Aug 01)
(Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow Secure (Aug 12)

security

[ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 17)
[ MDKSA-2006:157 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities security (Aug 31)
[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities security (Aug 25)
[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability security (Aug 29)
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities security (Aug 01)
[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities security (Aug 01)
[ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability security (Aug 09)
[ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability security (Aug 14)
[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities security (Aug 01)
[ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities security (Aug 26)
[ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 22)
[ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities security (Aug 16)
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug security (Aug 31)
[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability security (Aug 09)
[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities security (Aug 25)
[ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities security (Aug 29)
[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities security (Aug 29)
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability security (Aug 09)
[ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities security (Aug 24)
[ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities security (Aug 22)
[ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities security (Aug 31)
[ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities security (Aug 24)
[ MDKSA-2006:144 ] - Updated php packages fix vulnerability security (Aug 21)
[ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability security (Aug 14)
[ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Aug 22)

security-alert

[security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert (Aug 02)
HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution security-alert (Aug 14)
[security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert (Aug 02)
[security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (Aug 02)
[security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (Aug 11)
[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation security-alert (Aug 03)
[security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert (Aug 11)
[security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) security-alert (Aug 15)
[security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS) security-alert (Aug 02)
[security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) security-alert (Aug 16)
[security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS) security-alert (Aug 17)

securityfocus

Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability securityfocus (Aug 21)

segatom

Re: flatnuke <= 2.5.7 arbitrary php file upload segatom (Aug 07)

sehato

InfanView 3.98 (with plugins) - Access violation at processing images CUR files sehato (Aug 14)
InfanView 3.98 (with plugins) - Access violation at processing images ANI files sehato (Aug 10)

seppi

Local privilege Escalation in SmartLine DeviceLock 5.73 seppi (Aug 14)

sh3ll

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability sh3ll (Aug 10)
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability sh3ll (Aug 11)
myEvent <= 1.4 Multiple Remote File Include Vulnerabilities sh3ll (Aug 12)
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability sh3ll (Aug 10)
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability sh3ll (Aug 11)
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability sh3ll (Aug 07)
Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability sh3ll (Aug 12)

SHiKaA-

Pheap CMS<= (lpref) Remote File Inclusion Exploit SHiKaA- (Aug 31)

simo64

SAPID CMS remote File Inclusion vulnerabilities simo64 (Aug 07)
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection simo64 (Aug 10)

Sowhat

Microsoft PowerPoint Malformed Record Memory Corruption Sowhat (Aug 08)

SPI Labs

Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] SPI Labs (Aug 07)

ss_team

Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability ss_team (Aug 14)

stefan

vbulletin 3.5.4 IE exploit xss stefan (Aug 03)
XSS in Vbulletin 3.6.0 in IE 0nly Stefan (Aug 04)

Stefan Cornelius

[ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities Stefan Cornelius (Aug 03)

Stefan Esser

Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities Stefan Esser (Aug 24)
PHP: Zend_Hash_Del_Key_Or_Index Vulnerability Stefan Esser (Aug 07)

Stefan Friedli

Content Management Framework "G3" - XSS Vulnerability in Search Function Stefan Friedli (Aug 02)

Steve Kemp

[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow Steve Kemp (Aug 01)
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow Steve Kemp (Aug 01)

Steven M. Christey

Re: JetBox cms (search_function.php) Remote File Include Steven M. Christey (Aug 31)
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Steven M. Christey (Aug 17)
Re: AW: JetBox cms (search_function.php) Remote File Include Steven M. Christey (Aug 30)
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Steven M. Christey (Aug 14)

Steve VanDevender

Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Steve VanDevender (Aug 07)

stormhacker

CuteNews 1.3.* Remote File Include Vulnerability stormhacker (Aug 25)

Sune Kloppenborg Jeppesen

[ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-05 ] LibVNCServer: Authentication bypass Sune Kloppenborg Jeppesen (Aug 04)
[ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability Sune Kloppenborg Jeppesen (Aug 04)
[ GLSA 200608-11 ] Webmin, Usermin: File Disclosure Sune Kloppenborg Jeppesen (Aug 07)
[ GLSA 200608-18 ] Net::Server: Format string vulnerability Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-23 ] Heartbeat: Denial of Service Sune Kloppenborg Jeppesen (Aug 24)
[ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Aug 05)
[ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code Sune Kloppenborg Jeppesen (Aug 07)
ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 08)
[ GLSA 200608-14 ] DUMB: Heap buffer overflow Sune Kloppenborg Jeppesen (Aug 08)
[ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows Sune Kloppenborg Jeppesen (Aug 10)
[ GLSA 200608-10 ] pike: SQL injection vulnerability Sune Kloppenborg Jeppesen (Aug 07)
[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen (Aug 05)

support

Re: Directory Traversal vulnerability in IPCheck Monitor Server support (Aug 24)

susam . pal

CGI Script Source Code Disclosure Vulnerability in Apache for Windows susam . pal (Aug 10)

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 14)

Tamriel

GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities Tamriel (Aug 04)
GaesteChaos <= 0.2 Multiple Vulnerabilities Tamriel (Aug 04)
CounterChaos <= 0.48c SQL Injection Vulnerability Tamriel (Aug 04)

tbratusa

Kaspersky Anti-Hacker personal firewall unstealthy stealth mode tbratusa (Aug 14)

TeamXMM Consulting, Inc.

RE: linksys WRT54g authentication bypass TeamXMM Consulting, Inc. (Aug 14)

The Cute Group

Bugtraq ID: 18402 The Cute Group (Aug 23)

Thierry Carrez

[ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities Thierry Carrez (Aug 03)
[ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez (Aug 03)

Thierry Zoller

Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)
Re: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller (Aug 07)

Thijs Kinkhorst

SquirrelMail 1.4.8 released - fixes variable overwriting attack Thijs Kinkhorst (Aug 11)

Thomas Biege

SUSE Security Announcement: libtiff (SUSE-SA:2006:044) Thomas Biege (Aug 01)
SUSE Security Announcement: freetype2 (SUSE-SA:2006:045) Thomas Biege (Aug 01)

Thomas D.

RE: [Full-disclosure] RE: when will AV vendors fix this??? Thomas D. (Aug 11)
RE: when will AV vendors fix this??? Thomas D. (Aug 11)

Thor (Hammer of God)

Re: MS Terminal Server application session breakout Thor (Hammer of God) (Aug 16)

tinywebgallery

Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability tinywebgallery (Aug 16)

tomas

(exploit) firefox 1.5.0.6 linux DoS tomas (Aug 22)

Tom Yu

MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu (Aug 08)
UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu (Aug 17)

Tony Maupin

RE: Security contact from Critical Path Inc Tony Maupin (Aug 18)

Trustix Security Advisor

TSLSA-2006-0044 - multi Trustix Security Advisor (Aug 04)
TSLSA-2006-0046 - multi Trustix Security Advisor (Aug 11)
TSLSA-2006-0048 - multi Trustix Security Advisor (Aug 25)

try_og

XSS Vulnerability in FTD v3.7.3 try_og (Aug 07)

tr_zindan

phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability tr_zindan (Aug 08)
NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit tr_zindan (Aug 01)

TSRT

TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability TSRT (Aug 09)
TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability TSRT (Aug 07)
TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability TSRT (Aug 09)
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability TSRT (Aug 07)
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability TSRT (Aug 09)
TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities TSRT (Aug 08)

TTG

TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities TTG (Aug 22)

tugra

MojoScripts' xss vulnerable tugra (Aug 08)

Udo Sprotte

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Udo Sprotte (Aug 28)

Uwe Hermann

[DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue Uwe Hermann (Aug 03)

vampire_chiristof

Bigace 1.8.2 (GLOBALS) Remote File Inclusion vampire_chiristof (Aug 26)
Virtual War v1.5.0 SQL injection and XSS vampire_chiristof (Aug 14)
otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln vampire_chiristof (Aug 15)
OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS vampire_chiristof (Aug 18)
Koobi Pro CMS 5.6 SQL injection & XSS vampire_chiristof (Aug 15)
BlaBla 4U XSS Vulnerabilite vampire_chiristof (Aug 14)

Vicente Perez

Latinchat Denial Of Service Vicente Perez (Aug 09)

Victor Sudakov

unauthorized VNC access in AK-Systems Windows Terminals Victor Sudakov (Aug 22)

vijay

osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed vijay (Aug 14)

VMware Security Team

VMSA-2006-0004 Cross site scripting vulnerability and other fixes VMware Security Team (Aug 01)

Volker Tanger

Re: Yabb XSS - or NOT Volker Tanger (Aug 14)

vulnpost-remove

[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability vulnpost-remove (Aug 01)
[vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability vulnpost-remove (Aug 07)

William A. Rowe, Jr.

Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr. (Aug 03)

Williams, James K

CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities Williams, James K (Aug 04)

wiziwig

Re: Another YabbSE Remote Code Execution Vulnerability wiziwig (Aug 28)

wsip

World Summit on Intrusion Prevention wsip (Aug 17)

x0r0n

pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability x0r0n (Aug 24)
PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities x0r0n (Aug 09)
Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion x0r0n (Aug 29)
Mambo jim Component Remote Include Vulnerability x0r0n (Aug 18)
docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability x0r0n (Aug 08)
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability x0r0n (Aug 10)
ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability x0r0n (Aug 03)
SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability x0r0n (Aug 02)
Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities x0r0n (Aug 14)
Mambo com_cropimage 1.0 Component Remote Include Vulnerability x0r0n (Aug 19)
Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability x0r0n (Aug 07)

xvml

Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code xvml (Aug 11)

Yves Goergen

Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Yves Goergen (Aug 11)

zdi-disclosures

ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability zdi-disclosures (Aug 08)
ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability zdi-disclosures (Aug 08)

ZeberuS

WoltLab Burning Board 2.3.5(WBB) in XSS ZeberuS (Aug 21)

Previous period

Next period