Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
519 messages
starting Jan 30 06 and
ending Jan 11 06
Date index |
Thread index |
Author index
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) (Jan 30)
MyBB 1.2 Local File Incusion (Jan 30)
8ux1fpd02
Dumb IE6/XP denial of service found on the web 8ux1fpd02 (Jan 04)
[a]
[KAPDA::#21] - HomeFtp v1.1 Denial of Service [a] (Jan 14)
Adam Conrad
[USN-241-1] Apache vulnerabilities Adam Conrad (Jan 12)
Adam Shostack
Re: WMF round-up, updates and de-mystification Adam Shostack (Jan 04)
addmimistrator
MyBB 1.0.2 SQL injection addmimistrator (Jan 15)
MyBB 1.0.2 Sniffing table perfix bug in search.php addmimistrator (Jan 18)
MyBB 1.0.2 SQL injection in usercp.php addmimistrator (Jan 14)
MyBB 1.0.2 XSS attack in search.php redirection addmimistrator (Jan 26)
BlogPHP config.php SQL injection login bypass addmimistrator (Jan 20)
BlogPHP config.php SQL injection login bypassed addmimistrator (Jan 21)
BlogPHP config.php SQL injection login bypass addmimistrator (Jan 20)
admin
Critical security advisory #006 tftpd32 Format string admin (Jan 19)
SamiFTPd buffer overflow admin (Jan 26)
Advisories
[EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow Advisories (Jan 11)
[EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability Advisories (Jan 14)
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Advisories (Jan 11)
Updated Advisories - Incorrect CVE Information Advisories (Jan 11)
[EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow Advisories (Jan 11)
IRM 015: File system path disclosure on TYPO3 Web Content Manager Advisories (Jan 19)
[NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops Advisories (Jan 14)
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow Advisories (Jan 11)
Aidan Van Dyk
HylaFAX Security advisory - fixed in HylaFAX 4.2.4 Aidan Van Dyk (Jan 05)
ak
Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA ak (Jan 18)
Oracle Reports - Read parts of files via desname (fixed after 874 days) ak (Jan 18)
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT ak (Jan 19)
Oracle Reports - Read parts of files via customize(fixed after 875 days) ak (Jan 18)
Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) ak (Jan 18)
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT ak (Jan 19)
Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext ak (Jan 18)
alex
[eVuln] AndoNET Blog SQL Injection Vulnerability alex (Jan 26)
[eVuln] NavBoard BBcode XSS Vulnerability alex (Jan 07)
[eVuln] Venom Board SQL Injection Vulnerability alex (Jan 09)
[eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure alex (Jan 20)
[eVuln] VEGO Links Builder Authentication Bypass alex (Jan 03)
[eVuln] MyPhPim Arbitrary File Upload alex (Jan 11)
[eVuln] CheesyBlog XSS Vulnerability alex (Jan 25)
[eVuln] Wordcircle Authentication Bypass alex (Jan 12)
[eVuln] Benders Calendar SQL Injection alex (Jan 16)
[eVuln] oaBoard PHP Code Execution alex (Jan 03)
[eVuln] ACal Authentication Bypass & PHP Code Insertion alex (Jan 12)
[eVuln] B-net Software Multiple XSS Vulnerabilities alex (Jan 03)
[eVuln] phpBook PHP Code Execution alex (Jan 03)
[eVuln] TheWebForum Script Insertion and Authentication Bypass alex (Jan 06)
[eVuln] Pixelpost Photoblog XSS Vulnerability alex (Jan 29)
[eVuln] ScozBook "adminname" Authentication Bypass alex (Jan 03)
[eVuln] Text Rider Sensitive Information Disclosure alex (Jan 26)
[eVuln] CaLogic Calendars Multiple XSS Vulnerabilities alex (Jan 17)
[eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability alex (Jan 16)
[eVuln] Foxrum BBCode XSS Vulnerabilty alex (Jan 09)
[eVuln] Flog Information Disclosure Vulnerability alex (Jan 18)
[eVuln] inTouch Authentication Bypass alex (Jan 03)
[eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities alex (Jan 20)
[eVuln] e-moBLOG SQL Injection Vulnerability alex (Jan 24)
[eVuln] TinyPHPForum Multiple Vulnerabilities alex (Jan 05)
[eVuln] Chipmunk Guestbook XSS Vulnerability alex (Jan 03)
[eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities alex (Jan 12)
[eVuln] WebspotBlogging Authentication Bypass Vulnerability alex (Jan 19)
[eVuln] TankLogger SQL Injection Vulnerability alex (Jan 12)
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability alex (Jan 25)
[eVuln] microBlog SQL Injection Vulnerability alex (Jan 17)
[eVuln] "my little homepage" products [link] BBCode XSS Vulnerability alex (Jan 26)
[eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities alex (Jan 20)
[eVuln] BlogPHP Authentication Bypass alex (Jan 17)
[eVuln] PHPenpals SQL Injection Vulnerabilit alex (Jan 03)
[eVuln] VEGO Web Forum SQL Injection Vulnerability alex (Jan 03)
[eVuln] Proyecto Domus 'email' XSS Vulnerability alex (Jan 06)
[eVuln] ADNForum Multiple Vulnerabilities alex (Jan 05)
[eVuln] aoblogger Multiple Vulnerabilities alex (Jan 18)
[eVuln] Lizard Cart CMS SQL Injection Vulnerability alex (Jan 04)
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure alex (Jan 24)
[eVuln] miniBloggie Authentication Bypass alex (Jan 26)
[eVuln] Chimera Web Portal System Multiple Vulnerabilities alex (Jan 03)
[eVuln] Bit 5 Blog JavaScript Insertion Vulnerability alex (Jan 16)
[eVuln] Light Weight Calendar PHP Code Execution alex (Jan 15)
[eVuln] microBlog BBCode XSS Vulnerability alex (Jan 17)
[eVuln] PHPjournaler SQL Injection Vulnerability alex (Jan 03)
[eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities alex (Jan 14)
[eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) alex (Jan 09)
[eVuln] geoBlog SQL Injection Vulnerability alex (Jan 17)
Alex Eckelberry
RE: WMF vulnerability was a deliberate backdoor? Alex Eckelberry (Jan 16)
alireza hassani
[KAPDA::#19] - Html Injection in vBulletin 3.5.2 alireza hassani (Jan 03)
Alla Bezroutchko
Session data pollution vulnerabilities in web applications Alla Bezroutchko (Jan 12)
Alpha_Programmer
Winrar 3.30 Local Buffer Overflow Alpha_Programmer (Jan 03)
Amit Klein (AKsecurity)
Re: Reverse Proxy Cross Site Scripting Amit Klein (AKsecurity) (Jan 17)
Technical Note by Amit Klein: "XST Strikes Back" Amit Klein (AKsecurity) (Jan 25)
Andreas Marx
WMF exploit Andreas Marx (Jan 04)
angelo
[ Rosiello Security ] Eterm-LibAST Advisory angelo (Jan 26)
Rosiello Security - Eterm-LibAST Advisory angelo (Jan 25)
anthony . aykut
Re: WTF?? anthony . aykut (Jan 05)
MD:Pro - Malware Distribution Project anthony . aykut (Jan 05)
Anthony R. Nemmer
Re: MS released a patch today - MS06-001 Anthony R. Nemmer (Jan 06)
Arman Nayyeri
Research: Malware Action Detection and Protection Arman Nayyeri (Jan 09)
[at]
Nuked-klaN Cross-Site Scripting Vulnerability [at] (Jan 30)
Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at] (Jan 19)
Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at] (Jan 18)
XMB Forum HTML Code Injection [at] (Jan 18)
Land Down Under Signature HTML Code Injection [at] (Jan 19)
Etomite CMS "Backdoored" [at] (Jan 30)
MyBB Signature HTML Code Injection [at] (Jan 18)
sPaiz-Nuke Cross-Site Scripting Vulnerability [at] (Jan 30)
at
Newsphp Multiple SQL Injection Vulnerabilities at (Jan 26)
Verified evasion in Snort at (Jan 30)
Bernd Wurst
MySQL 5.0 information leak? Bernd Wurst (Jan 20)
blog . worm
New worm crawling trough blogs?! blog . worm (Jan 30)
botan
Ege Internet Web Desing Remote Command Exucetion botan (Jan 28)
Brett Glass
Re: Did MS pull an Ilfak? (MS patch bindiff results) Brett Glass (Jan 09)
brian428
Re: IndonesiaHack Advisory HTML injection in PHP Fusebox brian428 (Jan 26)
Brooks, Shane
WMF vulnerability was a deliberate backdoor? Brooks, Shane (Jan 15)
bugzilla
[RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server bugzilla (Jan 11)
Burton Strauss
RE: MySQL 5.0 information leak? Burton Strauss (Jan 21)
RE: MySQL 5.0 information leak? Burton Strauss (Jan 26)
Cesar
[Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} Cesar (Jan 27)
Chris Wysopal
Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal (Jan 30)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team (Jan 11)
Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Cisco Systems Product Security Incident Response Team (Jan 18)
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team (Jan 26)
Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks Cisco Systems Product Security Incident Response Team (Jan 12)
Cisco Security Advisory: Cisco Call Manager Privilege Escalation Cisco Systems Product Security Incident Response Team (Jan 19)
Cisco Security Advisory: Cisco Call Manager Denial of Service Cisco Systems Product Security Incident Response Team (Jan 18)
c_lispfedora
zbattle.net c_lispfedora (Jan 30)
code . shell
hello code . shell (Jan 27)
contact
Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact (Jan 17)
Core FORCE team
ANN: New release of CORE FORCE free endpoint security package Core FORCE team (Jan 24)
Crowdat Kurobudetsu
Buffer Overflow /Font on mIRC Crowdat Kurobudetsu (Jan 26)
cvh
Homeftp r1.0.7 Denial of Service cvh (Jan 16)
The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns) cvh (Jan 28)
Cerberus FTP Server 2.32 Denial of Service cvh (Jan 17)
Da Beave
iWar 0.07 PSTN auditing tool released... Da Beave (Jan 16)
Damaged Industries
Re: New from the MS Advisory Damaged Industries (Jan 05)
Dancho Danchev
Malware - future trends Dancho Danchev (Jan 10)
Dave Korn
Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit Dave Korn (Jan 17)
Re: WMF browser-ish exploit vectors Dave Korn (Jan 05)
Re: Download Accelerator Plus can be tricked to download malicious file Dave Korn (Jan 06)
David Litchfield
Workaround for unpatched Oracle PLSQL Gateway flaw David Litchfield (Jan 25)
Denis Jedig
Re: Interview: Ilfak Guilfanov Denis Jedig (Jan 09)
Re: WMF vulnerability was a deliberate backdoor? Denis Jedig (Jan 16)
Re: Did MS pull an Ilfak? (MS patch bindiff results) Denis Jedig (Jan 11)
D. Hazelton
Re: industry standards - current status [was: what we REALLY learned from WMF] D. Hazelton (Jan 12)
Dino A. Dai Zovi
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi (Jan 18)
Dirk Mueller
[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow Dirk Mueller (Jan 20)
Discussion Lists
RE: WMF Exploit Discussion Lists (Jan 04)
dragonjar
XSS in WBNews < = v1.1.0 dragonjar (Jan 17)
Dragos Ruiu
EUSecWest papers and CanSecWest CFP Dragos Ruiu (Jan 12)
Dude VanWinkle
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Dude VanWinkle (Jan 26)
Duncan Simpson
Re: MySQL 5.0 information leak? Duncan Simpson (Jan 30)
Duran, Jason IT0
MS released a patch today - MS06-001 Duran, Jason IT0 (Jan 05)
Eloy A. Paris
Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability Eloy A. Paris (Jan 04)
endrazine
Windows mem leakage endrazine (Jan 26)
eufrato
[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 eufrato (Jan 05)
Evgeny Legerov
Multiple vulnerabilities in CommuniGate Pro Server Evgeny Legerov (Jan 28)
Proof of concept for CommuniGate Pro Server vulnerability Evgeny Legerov (Jan 31)
Florian Weimer
Re: [USN-237-1] nbd vulnerability Florian Weimer (Jan 07)
Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Florian Weimer (Jan 20)
Forrest J. Cavalier III
MD5s of Unofficial patches and other mistakes Forrest J. Cavalier III (Jan 06)
Fortinet Research
Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability Fortinet Research (Jan 19)
framirez
Arescom NetDSL-1000 DoS atack source framirez (Jan 30)
Francois Labreque
Re: Dumb IE6/XP denial of service found on the web Francois Labreque (Jan 05)
Frank Berzau
RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau (Jan 03)
frank boldewin
Re: MSN Messenger Password Decrypter for WinXP/2003 frank boldewin (Jan 18)
Frank Knobbe
Re: WMF Exploit Frank Knobbe (Jan 03)
Re: [Full-disclosure] Session data pollution vulnerabilities in web applications Frank Knobbe (Jan 12)
frankruder
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities frankruder (Jan 09)
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities frankruder (Jan 09)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:06.kmem FreeBSD Security Advisories (Jan 25)
FreeBSD Security Advisory FreeBSD-SA-06:02.ee FreeBSD Security Advisories (Jan 11)
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] FreeBSD Security Advisories (Jan 11)
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex FreeBSD Security Advisories (Jan 11)
FreeBSD Security Advisory FreeBSD-SA-06:05.80211 FreeBSD Security Advisories (Jan 19)
FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-06:07.pf FreeBSD Security Advisories (Jan 25)
FreeBSD Security Advisory FreeBSD-SA-06:03.cpio FreeBSD Security Advisories (Jan 11)
Fyodor
Nmap 4.00 Released Fyodor (Jan 31)
Gadi Evron
Re: Microsoft knew about the WMF flaw for years Gadi Evron (Jan 17)
Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released Gadi Evron (Jan 24)
Re: WMF round-up, updates and de-mystification Gadi Evron (Jan 03)
what we REALLY learned from WMF Gadi Evron (Jan 05)
Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Gadi Evron (Jan 26)
Re: WMF vulnerability was a deliberate backdoor? Gadi Evron (Jan 18)
Did MS pull an Ilfak? (MS patch bindiff results) Gadi Evron (Jan 06)
Cisco, haven't we learned anything? (technician reset) Gadi Evron (Jan 12)
BlackWorm naming confusing [CME entry now available] Gadi Evron (Jan 29)
BlackWorm: 2 million infected? ISP notifications. Gadi Evron (Jan 26)
Re: CME-24 (BlackWorm) Users' FAQ Gadi Evron (Jan 30)
WMF round-up, updates and de-mystification Gadi Evron (Jan 03)
BlackWorm: statistics and numbers Gadi Evron (Jan 30)
industry standards - current status [was: what we REALLY learned from WMF] Gadi Evron (Jan 09)
CME-24 (BlackWorm) Users' FAQ Gadi Evron (Jan 30)
BlackWorm technical information Gadi Evron (Jan 29)
Gandalf The White
Mapping and Remote manipulation of databases Gandalf The White (Jan 05)
grasshopa
Re: RE: WMF Exploit grasshopa (Jan 03)
Greg Wroblewski
RE: Did MS pull an Ilfak? (MS patch bindiff results) Greg Wroblewski (Jan 11)
h4cky0u . org
HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities h4cky0u . org (Jan 26)
HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability h4cky0u . org (Jan 25)
H D Moore
WMF: New Metasploit Framework Module H D Moore (Jan 05)
Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust H D Moore (Jan 16)
h e
FarsiNews 2.1 PHP Remote File Inclusion h e (Jan 31)
hessam
[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl > hessam (Jan 30)
Hugo Fortier
Recon2006 - Call for papers Hugo Fortier (Jan 07)
iNETstore Support
Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting iNETstore Support (Jan 26)
info
Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability info (Jan 17)
Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability info (Jan 09)
Re: Html_Injection in vBulletin 3.5.2 info (Jan 10)
InfoSecBOFH
Re: [Full-disclosure] WMF round-up, updates and de-mystification InfoSecBOFH (Jan 03)
inge . henriksen
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements inge . henriksen (Jan 17)
ISecAuditors Security Advisories
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server ISecAuditors Security Advisories (Jan 15)
[ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat ISecAuditors Security Advisories (Jan 26)
Ivan Arce
Another WMF exploit workaround Ivan Arce (Jan 04)
James C Slora Jr
RE: WMF browser-ish exploit vectors James C Slora Jr (Jan 05)
James_gmail-ij
Re: MSN Messenger Password Decrypter for WinXP/2003 James_gmail-ij (Jan 17)
jcary2543
Tumbleweed EMF 6.x Processing Issues jcary2543 (Jan 21)
jd2k2000
New PEAR / Apache2Triad Exploit jd2k2000 (Jan 10)
Joe Polk
Re: Did MS pull an Ilfak? (MS patch bindiff results) Joe Polk (Jan 10)
Johan De Meersman
Re: MySQL 5.0 information leak? Johan De Meersman (Jan 26)
Jose Nazario
Re: BlackWorm naming confusing [CME entry now available] Jose Nazario (Jan 30)
Joshua
Re: WMF Exploit Joshua (Jan 05)
Josh Zlatin
EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability Josh Zlatin (Jan 16)
Juha-Matti Laurio
Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio (Jan 31)
Justin Myers
Re: WMF Exploit Justin Myers (Jan 03)
k4p0k4p0
NicoFTP Stack Overflow k4p0k4p0 (Jan 03)
karmaguedon
Claroline 1.7.2, sso identification vulnerability karmaguedon (Jan 20)
KF (lists)
DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' KF (lists) (Jan 20)
DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' KF (lists) (Jan 16)
khc
DDSN CMS Admin Panel SQL Injection Vulnerability khc (Jan 15)
kim
Re: EasyCMS vulnerable to XSS injection. kim (Jan 31)
Kim Christensen
Re: Dumb IE6/XP denial of service found on the web Kim Christensen (Jan 06)
king_purba
IndonesiaHack Advisory HTML injection in PHP Fusebox king_purba (Jan 17)
FullPath disclosure in Xaraya 1.0.1 king_purba (Jan 14)
Krpata, Tyler
RE: WMF round-up, updates and de-mystification Krpata, Tyler (Jan 04)
kuku
Re: MSN Messenger Password Decrypter for WinXP/2003 kuku (Jan 15)
labs-no-reply () idefense com
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability labs-no-reply () idefense com (Jan 05)
iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow labs-no-reply () idefense com (Jan 13)
iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability labs-no-reply () idefense com (Jan 26)
iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability labs-no-reply () idefense com (Jan 05)
iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability labs-no-reply () idefense com (Jan 20)
iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability labs-no-reply () idefense com (Jan 10)
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability labs-no-reply () idefense com (Jan 20)
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability labs-no-reply () idefense com (Jan 20)
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability labs-no-reply () idefense com (Jan 05)
iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability labs-no-reply () idefense com (Jan 09)
Lance James
Re: [security] What A Click! [Internet Explorer] Lance James (Jan 27)
Re: MySQL 5.0 information leak? Lance James (Jan 26)
Larry Seltzer
RE: [Full-disclosure] WMF round-up, updates and de-mystification Larry Seltzer (Jan 03)
RE: [funsec] WMF round-up, updates and de-mystification Larry Seltzer (Jan 03)
New from the MS Advisory Larry Seltzer (Jan 03)
Len Sassaman
CodeCon program announced, early registration deadline nearing Len Sassaman (Jan 23)
liz0
Drupal all versiyon xss cehennem.org liz0 (Jan 03)
White Album Sql İnjection biyosecurity.be liz0 (Jan 17)
phpXplorer file inclusion biyosecurity.be liz0 (Jan 20)
luca . carettoni
Multiple Vulnerabilities in Hummingbird Collaboration luca . carettoni (Jan 10)
Ludwig Nussel
SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) Ludwig Nussel (Jan 11)
SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003) Ludwig Nussel (Jan 20)
SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004) Ludwig Nussel (Jan 26)
ma+bt
fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321) ma+bt (Jan 24)
Mandriva Security Team
MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities Mandriva Security Team (Jan 20)
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:014 - Updated wine packages fix WMF vulnerability Mandriva Security Team (Jan 17)
MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities Mandriva Security Team (Jan 13)
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability Mandriva Security Team (Jan 04)
MDKSA-2006:016 - Updated clamav packages fix vulnerability Mandriva Security Team (Jan 17)
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:010 - Updated cups packages fix several vulnerabilities Mandriva Security Team (Jan 11)
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team (Jan 06)
MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities Mandriva Security Team (Jan 06)
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability Mandriva Security Team (Jan 19)
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team (Jan 07)
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team (Jan 06)
MDKSA-2006:013 - Updated kolab packages fix vulnerability Mandriva Security Team (Jan 15)
MDKSA-2006:019 - Updated kdelibs packages fix vulnerability Mandriva Security Team (Jan 21)
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team (Jan 06)
MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities Mandriva Security Team (Jan 17)
MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities Mandriva Security Team (Jan 14)
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team (Jan 09)
MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities Mandriva Security Team (Jan 09)
Marc Deslauriers
[FLSA-2006:152907] Updated htdig packages fix security issues Marc Deslauriers (Jan 10)
[FLSA-2006:167803] Updated mysql packages fix security issues Marc Deslauriers (Jan 11)
[FLSA-2006:152845] Updated perl packages fix security issues Marc Deslauriers (Jan 29)
[FLSA-2006:168375] Updated mozilla packages fix security issues Marc Deslauriers (Jan 10)
[FLSA-2006:152803] Updated lesstif packages fix security issues Marc Deslauriers (Jan 14)
[FLSA-2006:136323] Updated gettext package fixes security issues Marc Deslauriers (Jan 10)
[FLSA-2006:152922] Updated ethereal packages fix security issues Marc Deslauriers (Jan 10)
Marcus Meissner
SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002) Marcus Meissner (Jan 13)
SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) Marcus Meissner (Jan 26)
Mario Contestabile
RE: Dumb IE6/XP denial of service found on the web Mario Contestabile (Jan 05)
Martin Pitt
[USN-245-1] KDE library vulnerability Martin Pitt (Jan 23)
[USN-236-2] xpdf vulnerabilities in kword, kpdf Martin Pitt (Jan 10)
[USN-239-1] libapache2-mod-auth-pgsql vulnerability Martin Pitt (Jan 10)
[USN-242-1] mailman vulnerabilities Martin Pitt (Jan 16)
[USN-233-1] fetchmail vulnerability Martin Pitt (Jan 03)
[USN-237-1] nbd vulnerability Martin Pitt (Jan 06)
[USN-238-1] Blender vulnerability Martin Pitt (Jan 06)
[USN-238-2] Blender vulnerability Martin Pitt (Jan 06)
[USN-240-1] bogofilter vulnerability Martin Pitt (Jan 12)
[USN-234-1] cpio vulnerability Martin Pitt (Jan 03)
[USN-235-1] sudo vulnerability Martin Pitt (Jan 05)
[USN-236-1] xpdf vulnerabilities Martin Pitt (Jan 05)
[USN-244-1] Linux kernel vulnerabilities Martin Pitt (Jan 18)
[USN-243-1] tuxpaint vulnerability Martin Pitt (Jan 17)
[USN-235-2] sudo vulnerability Martin Pitt (Jan 11)
[USN-246-1] imagemagick vulnerabilities Martin Pitt (Jan 24)
Martin Schulze
[SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution Martin Schulze (Jan 30)
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution Martin Schulze (Jan 13)
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution Martin Schulze (Jan 09)
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution Martin Schulze (Jan 12)
[SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution Martin Schulze (Jan 25)
[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service Martin Schulze (Jan 13)
[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities Martin Schulze (Jan 17)
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution Martin Schulze (Jan 09)
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting Martin Schulze (Jan 26)
[SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation Martin Schulze (Jan 16)
[SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze (Jan 31)
[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities Martin Schulze (Jan 27)
[SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze (Jan 31)
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution Martin Schulze (Jan 12)
[SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification Martin Schulze (Jan 12)
[SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution Martin Schulze (Jan 26)
[SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution Martin Schulze (Jan 31)
[SECURITY] [DSA 949-1] New crawl packages fix potential group games execution Martin Schulze (Jan 20)
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution Martin Schulze (Jan 26)
[SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting Martin Schulze (Jan 30)
[SECURITY] [DSA 946-1] New sudo packages fix privilege escalation Martin Schulze (Jan 20)
[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation Martin Schulze (Jan 17)
[SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution Martin Schulze (Jan 17)
[SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution Martin Schulze (Jan 16)
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution Martin Schulze (Jan 14)
[SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting Martin Schulze (Jan 29)
[SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities Martin Schulze (Jan 26)
[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution Martin Schulze (Jan 26)
Matthew Murphy
Interview: Ilfak Guilfanov Matthew Murphy (Jan 05)
Meder Kydyraliev
Google's Blogger.com classic HTTP response splitting vulnerability Meder Kydyraliev (Jan 19)
mercenary
Windows PHP 4.x "0-day" buffer overflow mercenary (Jan 05)
Michael Jennings
LibAST 0.7 Release Fixes Security Vulnerability Michael Jennings (Jan 28)
Michael Shigorin
Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager Michael Shigorin (Jan 19)
Michael Stone
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow Michael Stone (Jan 20)
[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution Michael Stone (Jan 10)
[SECURITY] [DSA 955-1] New mailman packages fix denial of service Michael Stone (Jan 25)
[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution Michael Stone (Jan 10)
[SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability Michael Stone (Jan 10)
[SECURITY] [DSA 947-2] New clamav packages fix heap overflow Michael Stone (Jan 25)
[SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities Michael Stone (Jan 10)
[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow Michael Stone (Jan 20)
[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability Michael Stone (Jan 09)
[SECURITY] [DSA 929-1] New petris packages fix buffer overflow Michael Stone (Jan 09)
Michael.Wade
WEP-Client-Communication-Dumbdown (WCCD) Vulnerability Michael.Wade (Jan 17)
Michal Zalewski
Cross Site Cooking Michal Zalewski (Jan 30)
RE: Cross Site Cooking Michal Zalewski (Jan 30)
Mike Davis
gnome evolution mail client inline text file DoS issue Mike Davis (Jan 30)
Mike Ely
Re: WMF vulnerability was a deliberate backdoor? Mike Ely (Jan 16)
mikx
What A Click! [Internet Explorer] mikx (Jan 26)
M.Neset KABAKLI
Interspire TrackPoint NX XSS Vulnerability M.Neset KABAKLI (Jan 12)
H-Sphere Security Vulnerability M.Neset KABAKLI (Jan 12)
FogBugz Cross Site Scripting Vulnerability M.Neset KABAKLI (Jan 12)
Helm XSS Vulnerability M.Neset KABAKLI (Jan 13)
UebiMiau Webmail System Security Vulnerability M.Neset KABAKLI (Jan 30)
n
MyBB Signature HTML Code Injection n (Jan 21)
Nancy Kramer
Re: [Full-disclosure] WMF round-up, updates and de-mystification Nancy Kramer (Jan 03)
NaPa
RE: Download Accelerator Plus can be tricked to download malicious file NaPa (Jan 05)
NetBSD Security Officer
NetBSD Security Advisory 2006-002: settimeofday() time wrap NetBSD Security Officer (Jan 09)
NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure NetBSD Security Officer (Jan 09)
NGSSoftware Insight Security Research
Oracle Critical Patch Update - January 2006 NGSSoftware Insight Security Research (Jan 18)
Microsoft Outlook Critical Vulnerability NGSSoftware Insight Security Research (Jan 11)
High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server NGSSoftware Insight Security Research (Jan 24)
Microsoft Exchange Critical Vulnerability NGSSoftware Insight Security Research (Jan 11)
nick58
BitComet URI Proof of Concept nick58 (Jan 26)
Nick FitzGerald
Re: WMF browser-ish exploit vectors Nick FitzGerald (Jan 04)
Re: WTF?? Nick FitzGerald (Jan 05)
night_warrior771
Xoops Pool Module IMG Tag Cross Site Scripting night_warrior771 (Jan 09)
DCP Portal Cross-Site Scripting Vulnerability night_warrior771 (Jan 15)
AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability night_warrior771 (Jan 15)
Php-Nuke Pool and News Module IMG Tag Cross Site night_warrior771 (Jan 09)
CyberShop User Login Sql Injection night_warrior771 (Jan 05)
PowerPortal Cross-Site Scripting Vulnerability night_warrior771 (Jan 17)
PunBB BBCode URL Tag Script Injection Vulnerability night_warrior771 (Jan 17)
none
ezDatabase 2.0 and below none (Jan 14)
noreply
APPLE-SA-2006-01-05 AirPort firmware update noreply (Jan 06)
nukedx
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx (Jan 12)
Advisory: XSS attack on Superonline.com email service. nukedx (Jan 11)
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) nukedx (Jan 11)
Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit nukedx (Jan 12)
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx (Jan 12)
null
Re: Re: MSN Messenger Password Decrypter for WinXP/2003 null (Jan 19)
oliver karow
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities oliver karow (Jan 16)
orambaldini
Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401) orambaldini (Jan 30)
organiser () syscan org
Call For Paper - SyScan'06 Singapore organiser () syscan org (Jan 25)
Oriol Torrent
Directory traversal in phpXplorer Oriol Torrent (Jan 16)
o . y . 6
Re: MyBB 1.0.2 SQL injection in usercp.php o . y . 6 (Jan 16)
patrickthomassen
Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit patrickthomassen (Jan 16)
Paul
RE: WMF Exploit Paul (Jan 03)
paul14075
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 16)
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 18)
Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075 (Jan 15)
Paul Laudanski
Hacking With The Google Search Engine Paul Laudanski (Jan 14)
Re: WMF Exploit Paul Laudanski (Jan 04)
PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 14)
Pierre Vandevenne
Re[2]: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne (Jan 04)
Re: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne (Jan 03)
Pim van Riezen
Re: Arescom NetDSL-1000 DoS atack source Pim van Riezen (Jan 30)
PostgreSQL Security
PostgreSQL security releases 8.0.6 and 8.1.2 PostgreSQL Security (Jan 11)
pr1nce_empire
Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox pr1nce_empire (Jan 30)
Praburaajan
HITBSecConf2005 Videos Released Praburaajan (Jan 19)
preben
Daffodil CRM - vulnerable to SQL-injection. preben (Jan 30)
EasyCMS vulnerable to XSS injection. preben (Jan 30)
Cerberus Helpdesk vulnerable to XSS preben (Jan 31)
BrowserCRM vulnerable for XSS preben (Jan 31)
XSS flaw in MG2 Image Gallery (v.0.5.1) preben (Jan 30)
priest
Visual Studio Remote Code Execution priest (Jan 15)
Process
Winamp 5.12 - 0day exploit - code execution through playlist Process (Jan 30)
Rafael San Miguel Carrasco
Recruitment Software allows MySQL credentials disclosure Rafael San Miguel Carrasco (Jan 03)
Xmame 0.102 local vulnerability proof-of-concept Rafael San Miguel Carrasco (Jan 31)
Randal L. Schwartz
Re: Interview: Ilfak Guilfanov Randal L. Schwartz (Jan 07)
rebornrebel
Re: Dumb IE6/XP denial of service found on the web rebornrebel (Jan 11)
RedTeam Pentesting
Time modification flaw in BSD securelevels on NetBSD and Linux RedTeam Pentesting (Jan 10)
BSD Securelevels: Circumventing protection of files flagged immutable RedTeam Pentesting (Jan 10)
Rembrandt
Re: MD:Pro - Malware Distribution Project Rembrandt (Jan 07)
revnic
MyCO multiple vulnerabilities revnic (Jan 31)
Richard Forno
Survey on Vuln Disclosure: Request for Participation Richard Forno (Jan 07)
Richard M. Smith
Microsoft knew about the WMF flaw for years Richard M. Smith (Jan 16)
WSJ: The new "metasploit" computer virus Richard M. Smith (Jan 03)
Rickard Andersson
Re: PunBB BBCode URL Tag Script Injection Vulnerability Rickard Andersson (Jan 18)
rod hedor
SCO Openserver 5.0.x exploit rod hedor (Jan 03)
Change passwd 3.1 (SquirrelMail plugin ) rod hedor (Jan 19)
roozbeh_afrasiabi
Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi (Jan 27)
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi (Jan 28)
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting roozbeh_afrasiabi (Jan 26)
roundcube
Re: Fullpath disclosure in roundcube webmail roundcube (Jan 17)
RSnake
Re: Drupal all versiyon xss cehennem.org RSnake (Jan 03)
Ryan Smith
Shareaza P2P Remote Vulnerability Ryan Smith (Jan 27)
s3ude
-2- [XSS] in ar-blog v 5.2 s3ude (Jan 19)
SanjayR
WMF SETABORTPROC exploit SanjayR (Jan 03)
secresearch
Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access secresearch (Jan 13)
Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability secresearch (Jan 13)
Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability secresearch (Jan 13)
Secunia Research
Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability Secunia Research (Jan 17)
secure
Contact information for Symantec Vulnerability Management secure (Jan 05)
security
Updated mozilla-thunderbird packages fix vulnerability security (Jan 26)
Updated ipsec-tools packages fix vulnerability security (Jan 25)
[ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities security (Jan 30)
[ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability security (Jan 27)
[ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities security (Jan 27)
[ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities security (Jan 30)
Re: Drupal all versiyon xss cehennem.org security (Jan 03)
[ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities security (Jan 27)
[ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability security (Jan 26)
security-alert
[security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert (Jan 10)
[security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege security-alert (Jan 26)
[security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access security-alert (Jan 06)
[security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) security-alert (Jan 19)
[security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006 security-alert (Jan 26)
security curmudgeon
Etomite followup information security curmudgeon (Jan 30)
serj
xorg server 6.8.2 and below on 64bit arch serj (Jan 09)
serxwebun
Orjinweb E-commerce serxwebun (Jan 09)
Shalom Carmel
Reverse Proxy Cross Site Scripting Shalom Carmel (Jan 16)
shulman
Oracle DBMS Access Control Bypass in Login shulman (Jan 18)
simo
AOL Multiple Cross Site Scripting Vulnerability simo (Jan 09)
ICQ Cross Site Scripting Vulnerability simo (Jan 18)
AIM Multiple Cross Site Scripting Vulnerability simo (Jan 09)
Sintigan
Serial Line Sniffer 0.4.4 Buffer Overflow Sintigan (Jan 11)
spher3
[HSC] Multiple transversal bug in vis spher3 (Jan 26)
Stan Bubrouski
Re: Directory traversal in phpXplorer Stan Bubrouski (Jan 19)
Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Stan Bubrouski (Jan 21)
Re: Directory traversal in phpXplorer Stan Bubrouski (Jan 18)
Stefan Cornelius
[ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities Stefan Cornelius (Jan 14)
[ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability Stefan Cornelius (Jan 26)
[ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow Stefan Cornelius (Jan 11)
[ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability Stefan Cornelius (Jan 26)
Stefan Esser
Advisory 02/2006: PHP ext/mysqli Format String Vulnerability Stefan Esser (Jan 12)
Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability Stefan Esser (Jan 12)
Stephen Frost
Re: MySQL 5.0 information leak? Stephen Frost (Jan 23)
Steve Friedl
Re: WMF vulnerability was a deliberate backdoor? Steve Friedl (Jan 16)
Steven M. Christey
Re: Html_Injection in vBulletin 3.5.2 Steven M. Christey (Jan 10)
Re: Microsoft knew about the WMF flaw for years Steven M. Christey (Jan 20)
Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 05)
sudhakar+bugtraq
Windows Access Control Demystified sudhakar+bugtraq (Jan 31)
Sune Kloppenborg Jeppesen
ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen (Jan 17)
[ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen (Jan 13)
[ GLSA 200601-15 ] Paros: Default administrator password Sune Kloppenborg Jeppesen (Jan 30)
[ GLSA 200601-14 ] LibAST: Privilege escalation Sune Kloppenborg Jeppesen (Jan 30)
[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking Sune Kloppenborg Jeppesen (Jan 07)
[ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code Sune Kloppenborg Jeppesen (Jan 06)
[ GLSA 200601-08 ] Blender: Heap-based buffer overflow Sune Kloppenborg Jeppesen (Jan 13)
[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Sune Kloppenborg Jeppesen (Jan 30)
[ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability Sune Kloppenborg Jeppesen (Jan 24)
[ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code Sune Kloppenborg Jeppesen (Jan 13)
[ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jan 06)
[ GLSA 200601-16 ] MyDNS: Denial of Service Sune Kloppenborg Jeppesen (Jan 30)
support
Re: Tumbleweed EMF 6.x Processing Issues support (Jan 26)
the_bekir
Html_Injection in vBulletin 3.5.2 the_bekir (Jan 09)
Thierry Carrez
[ GLSA 200512-18 ] XnView: Privilege escalation Thierry Carrez (Jan 03)
[ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation Thierry Carrez (Jan 17)
[ GLSA 200601-01 ] pinentry: Local privilege escalation Thierry Carrez (Jan 03)
Thierry Zoller
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess() Thierry Zoller (Jan 18)
WehnTrust - When you have to trust Wehntrust Thierry Zoller (Jan 16)
Thomas Biege
DIMVA 2006 Call for Papers Thomas Biege (Jan 15)
Thomas Henlich
SysCP WebFTP local file inclusion vulnerability Thomas Henlich (Jan 05)
Thor (Hammer of God)
Re: what we REALLY learned from WMF Thor (Hammer of God) (Jan 06)
Trustix Security Advisor
TSL-2006-0001 - postgresql Trustix Security Advisor (Jan 15)
TSLSA-2006-0002 - multi Trustix Security Advisor (Jan 15)
TSLSA-2006-0004 - multi Trustix Security Advisor (Jan 30)
uinC Team
Multiple PHP Toolkit for PayPal Vulnerabilities uinC Team (Jan 12)
Uninformed
Uninformed Journal Release Announcement: Volume 3 Uninformed (Jan 05)
visitbipin
Re: Download Accelerator Plus can be tricked to download malicious file visitbipin (Jan 05)
Download Accelerator Plus can be tricked to download malicious file visitbipin (Jan 04)
waltdnes
What is sbininitd port 65534 ??? waltdnes (Jan 05)
Williams, James K
CAID 33756 - DM Deployment Common Component Vulnerabilities Williams, James K (Jan 19)
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability Williams, James K (Jan 29)
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] Williams, James K (Jan 27)
XFOCUS Security Team
[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities XFOCUS Security Team (Jan 01)
xwings
mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation xwings (Jan 13)
yossarian
Re: [security] What A Click! [Internet Explorer] yossarian (Jan 30)
Re: [security] What A Click! [Internet Explorer] yossarian (Jan 27)
Yvan Boily
Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password Yvan Boily (Jan 30)
zdi-disclosures
ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability zdi-disclosures (Jan 12)
zinho
[HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1 zinho (Jan 17)
zwell
CounterPath eyeBeam Handing SIP header Vulnerabilities zwell (Jan 16)
eStara Softphone SIP stack Buffer Overflow Vulnerability zwell (Jan 11)