Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

564 messages starting Jul 01 06 and ending Jul 03 06
Date index | Thread index | Author index

3APA3A

Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available? 3APA3A (Jul 01)

3CO

Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO (Jul 27)
Re: Browser bugs hit IE, Firefox today (SANS) 3CO (Jul 12)

Aaron Newman

RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman (Jul 13)

Abhisek Datta

Linux sys_prctl LKM based hotfix Abhisek Datta (Jul 15)

admin

[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting admin (Jul 22)
[MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin (Jul 20)
[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities admin (Jul 22)
[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure admin (Jul 22)
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities admin (Jul 24)
Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin (Jul 22)
[MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure admin (Jul 03)
[MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability admin (Jul 20)
[MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability admin (Jul 20)

advisories

Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue advisories (Jul 31)
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue advisories (Jul 31)
Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue advisories (Jul 31)

AG Spider

MiniBB Forum <= 1.5a Remote File Include (news.php) AG Spider (Jul 22)
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) AG Spider (Jul 22)

ak

Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] ak (Jul 18)
Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] ak (Jul 18)
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] ak (Jul 18)
Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] ak (Jul 18)
Bypassing Oracle dbms_assert ak (Jul 27)

Alan

RE: cpanel login problem Alan (Jul 31)

Alexander Hristov

Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov (Jul 10)
Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl Alexander Hristov (Jul 18)
Samba Internal Data Structures DOS Vulnerability Exploit Alexander Hristov (Jul 21)

Alexander Kornbrust

RE: Bypassing Oracle dbms_assert Alexander Kornbrust (Jul 28)

Alex Park

Touch arbitrary file execute vulnerability Alex Park (Jul 05)

Alex Potter

Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter (Jul 01)

ali

cpanel login problem ali (Jul 28)

alireza hassani

[KAPDA::#46] - AjaxPortal Authentication Bypass alireza hassani (Jul 08)

alp_eren

phpPolls 1.0.3 Administration ByPass alp_eren (Jul 10)

Amelie

Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. Amelie (Jul 12)
Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. amelie (Jul 12)

Amit Klein (AKsecurity)

Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) (Jul 24)
Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) (Jul 26)
Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) (Jul 27)

Andres Riancho

[CYBSEC] TippingPoint detection bypass Andres Riancho (Jul 24)

armin390

Local file inclusion in Farsinews3.0BETA1 armin390 (Jul 10)
SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1 armin390 (Jul 21)

A-S-T2006

Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities A-S-T2006 (Jul 29)
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities A-S-T2006 (Jul 29)

Avert

SMB Information Disclosure Vulnerability Avert (Jul 12)
Apache mod_rewrite Buffer Overflow Vulnerability Avert (Jul 28)

Benjamin Tobias Franz

Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities Benjamin Tobias Franz (Jul 14)

binary . loc

Re: osDate 1.1.7 multiple vulnerabilities binary . loc (Jul 19)
osDate 1.1.7 multiple vulnerabilities binary . loc (Jul 18)

Bipin Gautam

Outpost Firewall Pro secrately fixing security flaws? Bipin Gautam (Jul 18)

black code

file include exploits in randshop v1.2 black code (Jul 04)
Sql injection in Diesel joke site script black code (Jul 01)

Bob Beck

Re: LAMP vs Microsoft Bob Beck (Jul 18)
Re: LAMP vs Microsoft Bob Beck (Jul 15)
Re: LAMP vs Microsoft Bob Beck (Jul 15)
Re: LAMP vs Microsoft Bob Beck (Jul 10)

BoNy-m

popup Vacation Rentals[calendar_year.php] SQL Injection BoNy-m (Jul 03)

botan

[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] botan (Jul 24)
[Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] botan (Jul 22)

Breeeeh

saphp "add.php" forumid Parameter SQL Injection Breeeeh (Jul 15)
Invision Power Board v1.3 Final SQL Injection Breeeeh (Jul 03)
VBZooM <=V1.11 " reply.php" SQL Injection Breeeeh (Jul 15)
SmS Script SQL Injection Breeeeh (Jul 01)
VBZooM <=V1.11 "sub-join.php" SQL Injection Breeeeh (Jul 15)
Internet Crna Gora SQL Injection Breeeeh (Jul 01)
VBZooM <=V1.11 " ignore-pm.php" SQL Injection Breeeeh (Jul 15)
VBZooM "sendmail.php" SQL Injection Breeeeh (Jul 15)
MyGallery "Room.php" SQL Injection Breeeeh (Jul 15)

Brett Moore

ASP.DLL Include File Buffer Overflow Brett Moore (Jul 18)

Bugs

RE: cpanel login problem Bugs (Jul 31)

bug () securitynews ir

phpMyAdmin : Cross-Site Scripting Vulnerability bug () securitynews ir (Jul 01)
ATutor : Cross-Site Scripting Vulnerabilities bug () securitynews ir (Jul 07)

bugtraq

Re: crashing firefox <= 1.5.0.4 bugtraq (Jul 18)
Re: phpbb 3.x sql injection (with global moderator rights) bugtraq (Jul 15)

c0rrupt

AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) c0rrupt (Jul 27)

CarcaBotx

vBulletin 3.5.4 (install_path) Exploit CarcaBotx (Jul 05)

Caveo Internet BV - Security

Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Caveo Internet BV - Security (Jul 14)

Cesar

MS06-034 lies? IIS 6 can still be owned? Cesar (Jul 26)

cfp

RUXCON 2006 Final Call For Papers cfp (Jul 18)

C. Hamby

Contact for nhl.com C. Hamby (Jul 03)

ChironeX . FleckeriX

SubberZ[Lite] - Remote File Include ChironeX . FleckeriX (Jul 15)

chris_hasibuan

SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion chris_hasibuan (Jul 21)
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion chris_hasibuan (Jul 17)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team (Jul 19)
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Jul 28)
Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities Cisco Systems Product Security Incident Response Team (Jul 12)
Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service Cisco Systems Product Security Incident Response Team (Jul 12)
Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Cisco Systems Product Security Incident Response Team (Jul 12)

clappymonkey

Multiple vulnerabilities in TK8 Safe v.3.0.5 clappymonkey (Jul 03)

co296

imgsvr dos exploit by n00b co296 (Jul 03)

contact

Re: AFCommerce Shopping Cart contact (Jul 22)

counterpoint

Re: galleria <= 1.0 Remote File Inclusion Vulnerability counterpoint (Jul 10)

crack

about bid 17404 crack (Jul 22)

CrAzY . CrAcKeR

Glossaire<<--v1.7 Remote File Include CrAzY . CrAcKeR (Jul 03)
Invision Power Board "v1.X & 2.X" SQL Injection CrAzY . CrAcKeR (Jul 05)

Crispin Cowan

Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 18)
Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)
Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 22)

Curt Purdy

RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy (Jul 18)

cxib

Re: new shell bypass safe mode cxib (Jul 26)

Cyneox

Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Cyneox (Jul 15)

d3nger

new shell bypass safe mode d3nger (Jul 22)

Dan Falconer

Re: PHP security (or the lack thereof) Dan Falconer (Jul 05)

darkz . gsa

TOPo v.2.2.178 Account Reset darkz . gsa (Jul 12)

Darren Bounds

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability Darren Bounds (Jul 10)

Darren Reed

Re: LAMP vs Microsoft Darren Reed (Jul 22)
LAMP vs Microsoft Darren Reed (Jul 10)
Re: PHP security (or the lack thereof) Darren Reed (Jul 10)
Re: LAMP vs Microsoft Darren Reed (Jul 18)
Re: LAMP vs Microsoft Darren Reed (Jul 15)
Re: LAMP vs Microsoft Darren Reed (Jul 15)

darylf

Re: PHP ip2long() function circumvention darylf (Jul 31)

dave_kwek

Re: Check Point R55W Directory Traversal dave_kwek (Jul 28)

David Litchfield

Re: Bypassing Oracle dbms_assert David Litchfield (Jul 28)
Re: Bypassing Oracle dbms_assert David Litchfield (Jul 28)

David Matousek

Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability David Matousek (Jul 15)
Norton Insufficient protection of Norton service registry keys David Matousek (Jul 15)
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability David Matousek (Jul 03)

David Thomson

RE: XSS phpBB 2.0.21 in administration David Thomson (Jul 22)

deese

Call For Papers - No cON Name 2006 Edition Spain deese (Jul 03)

Denis Jedig

Whitepaper: IT (in)security implementation in a real world example Denis Jedig (Jul 03)

Desai, Deepen

RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability Desai, Deepen (Jul 29)

dicomdk

Full Path Disclosure xGuestBook v1.02 dicomdk (Jul 26)

Dragos Ruiu

PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) Dragos Ruiu (Jul 17)

Dr . Jr7

a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability Dr . Jr7 (Jul 27)
mambatstaff Mambo Component <= Remote Include Vulnerability Dr . Jr7 (Jul 29)
artlinks Mambo Component <= Remote Include Vulnerability Dr . Jr7 (Jul 29)

Early Warning Team

Re: Gdiplus.dll division by 0 Early Warning Team (Jul 31)

earthquake

Re: [KAPDA::#46] - AjaxPortal Authentication Bypass earthquake (Jul 10)

Edward Tripovich

RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich (Jul 17)

eEye Advisories

EEYE: McAfee ePolicy Orchestrator Remote Compromise eEye Advisories (Jul 14)
[EEYEB-20060227] D-Link Router UPNP Stack Overflow eEye Advisories (Jul 17)

Eloy Paris

Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris (Jul 29)

endeneu

perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion endeneu (Jul 13)

Erez Metula

RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 15)
RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 10)

ewt

About the latest three Powerpoint vulnerabilities: exploitable? ewt (Jul 18)

farhadkey

[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability farhadkey (Jul 18)

finde_schwachstelle

[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file finde_schwachstelle (Jul 15)

flockoyd

Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) flockoyd (Jul 08)

Freeman, Michael

Opsware NAS 6.0 reveals MySQL 'root' password Freeman, Michael (Jul 24)

fukami

23rd Chaos Communication Congress 2006: Call for Participation fukami (Jul 18)

George Capehart

Re: LAMP vs Microsoft George Capehart (Jul 18)

Gerald (Jerry) Carter

Re: Samba Internal Data Structures DOS Vulnerability Exploit Gerald (Jerry) Carter (Jul 22)
[ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter (Jul 10)
Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter (Jul 12)

Gezim Hoxha

Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha (Jul 10)

gmdarkfig

SturGeoN Upload v1 Remote Command Execution Exploit gmdarkfig (Jul 01)
boastMachine <= 3.1 SQL Injection Exploit gmdarkfig (Jul 17)
5 php scripts remote database password disclosure gmdarkfig (Jul 03)
News <= 5.2 XSS, SQL Injection, Full Path Disclosure gmdarkfig (Jul 01)

h1kari () toorcon org

ToorCon 2006 Call for Papers h1kari () toorcon org (Jul 18)

hack2prison

EzUpload multi file vulnerabilities hack2prison (Jul 26)

Hans Wolters

Mercury Messenger Hans Wolters (Jul 17)

harbl

Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability harbl (Jul 22)

Hugo van der Kooij

Re: Check Point R55W Directory Traversal Hugo van der Kooij (Jul 31)
Re: LAMP vs Microsoft Hugo van der Kooij (Jul 18)
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Hugo van der Kooij (Jul 14)

ineal

galleria <= 1.0 Remote File Inclusion Vulnerability ineal (Jul 04)

info

Re: imageVue16.1 upload vulnerability info (Jul 19)
Re: ATutor 1.5.3 Cross Site Scripting info (Jul 12)
Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability info (Jul 10)
Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability info (Jul 24)

Irsdl

HostingController: An attacker can gain reseller privileges and after that can gain admin privileges Irsdl (Jul 07)

iss4m . h

PhpWebGallery Cross Site Scripting Vulnerability iss4m . h (Jul 04)

it_underground

call for papers - IT Underground, Italy 2006 it_underground (Jul 03)

James Davis

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure James Davis (Jul 04)

James M. Blackburn

Security point-of-contact for Ameritrade? James M. Blackburn (Jul 19)

Jaroslaw Sajko

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure Jaroslaw Sajko (Jul 04)

Jarrod Frates

Re: LAMP vs Microsoft Jarrod Frates (Jul 10)

Jerome Athias

Old vulnerable sotwares collection Jerome Athias (Jul 10)

Jessica Hope

DeluxeBB mutiple vulnerabilities Jessica Hope (Jul 18)
Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 22)
Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 18)
Re: XSS phpBB 2.0.21 in administration Jessica Hope (Jul 22)

jholguin

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure jholguin (Jul 15)

Joel Maslak

Re: LAMP vs Microsoft Joel Maslak (Jul 15)

johndoe1529

McAfee VirusScan Enterprise 8.0.0 Buffer Overflow johndoe1529 (Jul 07)

John Rigali

RE: Old vulnerable sotwares collection John Rigali (Jul 12)

jonasschaub

IE <= 6 DoS vulnerability jonasschaub (Jul 14)

Jon Hart

Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Jon Hart (Jul 15)
Cisco MARS < 4.2.1 remote compromise Jon Hart (Jul 20)

J. Oquendo

Windows XP/NT/SMB2003/2000 Denial of Service attack J. Oquendo (Jul 24)

jose . palanco

Zyxel Prestige 660H-61 Cross-Site Scripting jose . palanco (Jul 26)

José Parrella

Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella (Jul 15)

Joxean Koret

IBM AIX Security contact? Joxean Koret (Jul 07)
Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities Joxean Koret (Jul 13)

Juha-Matti Laurio

New CVE identifiers for separate PowerPoint 0-day issues assigned Juha-Matti Laurio (Jul 22)
New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio (Jul 19)
Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio (Jul 07)
New CVE number states Excel Style handling as a separate issue Juha-Matti Laurio (Jul 12)
Microsoft PowerPoint 0-day Vulnerability FAQ document written Juha-Matti Laurio (Jul 15)
Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio (Jul 17)
Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio (Jul 22)

Justin M. Forbes

rPSA-2006-0122-1 kernel Justin M. Forbes (Jul 07)
rPSA-2006-0132-1 tshark wireshark Justin M. Forbes (Jul 19)
rPSA-2006-0128-1 samba samba-swat Justin M. Forbes (Jul 12)
rPSA-2006-0130-1 kernel Justin M. Forbes (Jul 17)
rPSA-2006-0135-1 gimp Justin M. Forbes (Jul 24)
rPSA-2006-0122-2 kernel Justin M. Forbes (Jul 13)
rPSA-2006-0133-1 libpng Justin M. Forbes (Jul 19)
rPSA-2006-0139-1 httpd mod_ssl Justin M. Forbes (Jul 29)
rPSA-2006-0134-1 sendmail sendmail-cf Justin M. Forbes (Jul 21)
rPSA-2006-0137-1 firefox Justin M. Forbes (Jul 27)

k07iX

lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX (Jul 07)

kala_z

Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow kala_z (Jul 22)

Karel Gardas

Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas (Jul 10)
Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas (Jul 10)

KARKOR23

plume-cms v1.0.4 Multiple Remote File include KARKOR23 (Jul 03)
free QBoard v1.1 Multiple Remote File include KARKOR23 (Jul 03)

Kevin Waterson

Re: PHP security (or the lack thereof) Kevin Waterson (Jul 01)

kicktd

Unidomedia Chameleon LE/Pro Directory Traversal kicktd (Jul 21)

krischan

Re: Low security hole affecting IPCalc's CGI wrapper krischan (Jul 27)

l2odon

PHP-Nuke INP XSS l2odon (Jul 28)
wwwThreads XSS l2odon (Jul 26)
PHP-Auction SQL injection l2odon (Jul 26)

labs

S21Sec-032-en: Vulnerability in Fatwire Content Server labs (Jul 12)

labs-no-reply

iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability labs-no-reply (Jul 22)

Luigi Auriemma

Heap overflow in the GT2 loader of libmikmod 3.2.2 Luigi Auriemma (Jul 24)
Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) Luigi Auriemma (Jul 07)
Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) Luigi Auriemma (Jul 24)
Possible code execution in Kaillera 0.86 Luigi Auriemma (Jul 07)
Format string bug in Sparklet 0.9.4try3 Luigi Auriemma (Jul 07)
Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) Luigi Auriemma (Jul 24)
Multiple vulnerabilities in UFO2000 svn 1057 Luigi Auriemma (Jul 17)
Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 Luigi Auriemma (Jul 24)
Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 Luigi Auriemma (Jul 31)

Lukasz Trabinski

Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Lukasz Trabinski (Jul 15)

luny

Buddy Zone Version 1.0.1 - XSS luny (Jul 01)
TigerTom Scripts luny (Jul 05)
Orbitmatrix PHP Script v1.0 luny (Jul 13)
mAds v1.0 lunY (Jul 01)
Sport-slo.net Guestbook v1.0 luny (Jul 07)
Photocycle v1.0 - XSS luny (Jul 13)
Shopping Cart V0.9 luny (Jul 05)

m

RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow m (Jul 22)

mac68k

Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability mac68k (Jul 03)

mail

SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) mail (Jul 22)
Com Multibanners Remote File Inclusion (mosConfig_absolute_path) mail (Jul 22)

Mailinglists

Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) Mailinglists (Jul 15)

Marc Deslauriers

[FLSA-2006:175040] Updated php packages fix security issues Marc Deslauriers (Jul 28)

Marc Ruef

[scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting Marc Ruef (Jul 04)
[scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection Marc Ruef (Jul 04)

Mariano Nuñez Di Croce

CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce (Jul 11)

Mark Litchfield

WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield (Jul 07)
Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield (Jul 18)

Mark Rowe

Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe (Jul 14)

Martin Pitt

[USN-326-1] heartbeat vulnerability Martin Pitt (Jul 27)
[USN-324-1] freetype vulnerability Martin Pitt (Jul 27)
[USN-318-1] libtunepimp vulnerability Martin Pitt (Jul 13)
[USN-308-1] shadow vulnerability Martin Pitt (Jul 06)
[USN-315-1] libmms, xine-lib vulnerabilities Martin Pitt (Jul 12)
[USN-313-1] OpenOffice.org vulnerabilities Martin Pitt (Jul 12)
[USN-319-1] Linux kernel vulnerability Martin Pitt (Jul 18)
[USN-319-2] Linux kernel vulnerability Martin Pitt (Jul 19)
[USN-314-1] samba vulnerability Martin Pitt (Jul 12)
[USN-328-1] Apache vulnerability Martin Pitt (Jul 28)
[USN-312-1] gimp vulnerability Martin Pitt (Jul 10)
[USN-327-1] firefox vulnerabilities Martin Pitt (Jul 28)
[USN-322-1] Konqueror vulnerability Martin Pitt (Jul 24)
[USN-316-1] installer vulnerability Martin Pitt (Jul 12)
[USN-329-1] Thunderbird vulnerabilities Martin Pitt (Jul 29)
[USN-320-2] php4 regression Martin Pitt (Jul 26)
[USN-320-1] PHP vulnerabilities Martin Pitt (Jul 19)
[USN-325-1] ruby1.8 vulnerability Martin Pitt (Jul 27)
[USN-317-1] zope2.8 vulnerability Martin Pitt (Jul 13)
[USN-313-2] OpenOffice.org vulnerabilities Martin Pitt (Jul 19)
[USN-297-3] Thunderbird vulnerabilities Martin Pitt (Jul 26)
[USN-321-1] mysql-dfsg-4.1 vulnerability Martin Pitt (Jul 21)
[USN-309-1] libmms vulnerability Martin Pitt (Jul 06)
[USN-310-1] ppp vulnerability Martin Pitt (Jul 06)
[USN-296-2] Firefox vulnerabilities Martin Pitt (Jul 25)
[USN-323-1] mozilla vulnerabilities Martin Pitt (Jul 26)

Martin Schulze

[SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service Martin Schulze (Jul 21)
[SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution Martin Schulze (Jul 21)
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Jul 22)
[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service Martin Schulze (Jul 07)
[SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service Martin Schulze (Jul 28)
[SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service Martin Schulze (Jul 27)
[SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Jul 24)
[SECURITY] [DSA 1119-1] New hiki packages fix denial of service Martin Schulze (Jul 22)
[SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service Martin Schulze (Jul 24)
[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution Martin Schulze (Jul 28)
[SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution Martin Schulze (Jul 06)
[SECURITY] [DSA 1121-1] New postgrey packages fix denial of service Martin Schulze (Jul 24)
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation Martin Schulze (Jul 10)
[SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service Martin Schulze (Jul 10)

matdhule

Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities matdhule (Jul 18)
MiniBB Forum <= 1.5a Remote File Include Vulnerabilities matdhule (Jul 15)
[ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion matdhule (Jul 20)
[ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities matdhule (Jul 10)
[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities matdhule (Jul 13)
Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities matdhule (Jul 22)
Calendar Module <= 1.5.7 Remote File Include Vulnerabilities matdhule (Jul 17)
[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities matdhule (Jul 07)
New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities matdhule (Jul 18)
Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities matdhule (Jul 28)

Matthew Leeds

Map MS Security Bulletins to MS KB numbers Matthew Leeds (Jul 22)

Matthias Geerdsen

[ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows Matthias Geerdsen (Jul 29)

Matthias Kestenholz

Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz (Jul 15)

mattmecham

Re: Invision Power Board v1.3 Final SQL Injection mattmecham (Jul 10)
Re: Invision Power Board 2.1 <= 2.1.6 sql injection mattmecham (Jul 18)
Re: RE: Invision Vulnerabilities, including remote code execution mattmecham (Jul 10)
Re: Invision Power Board "v1.X & 2.X" SQL Injection mattmecham (Jul 10)

Maurice Makaay

Re: Phorum 5.1.14 XSS SQL injection Vulnerability Maurice Makaay (Jul 17)
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion") Maurice Makaay (Jul 14)

Meder Kydyraliev

Multiple vulnerabilities in OpenCMS Meder Kydyraliev (Jul 26)

medozero

Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)
Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 15)
Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)

Meet Myself on the Internet

Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet (Jul 15)

Meftun

Cross-Site Scripting and Local File Inclusion in Phorum Meftun (Jul 27)
Buffer Overflow Vulnerability in Winlpd Meftun (Jul 27)
Portail PHP v1.7 Remote File Include Meftun (Jul 28)

mfoxhacker

Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. mfoxhacker (Jul 24)

Michael Cordover

Re: Securing PHP or finding PHP alternatives Michael Cordover (Jul 22)

Michael Scheidell

RE: $100 plus several of my books if you can crack my Windows password hashes. Michael Scheidell (Jul 22)

Michael Shigorin

Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michael Shigorin (Jul 15)
Re: [ GLSA 200607-08 ] GIMP: Buffer overflow Michael Shigorin (Jul 24)
Re: Securing PHP or finding PHP alternatives Michael Shigorin (Jul 15)

Michal Zalewski

Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michal Zalewski (Jul 18)

Micheal Turner

Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner (Jul 24)
Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner (Jul 22)

mikathebest2003

Re: Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 (Jul 10)
Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 (Jul 06)

mike

Re: Msie 7.0 beta Crash mike (Jul 01)
Lan-Aces Office Logic Mike (Jul 28)

Mike Healan

Re: New PowerPoint Trojan installs itself as LSP Mike Healan (Jul 22)

MNV

Gracenote buffer overflow MNV (Jul 15)

Moritz Muehlenhoff

[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution Moritz Muehlenhoff (Jul 12)
[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service Moritz Muehlenhoff (Jul 18)
[SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code Moritz Muehlenhoff (Jul 26)
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities Moritz Muehlenhoff (Jul 28)
[SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data Moritz Muehlenhoff (Jul 24)
[SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure Moritz Muehlenhoff (Jul 18)
[SECURITY] [DSA 1110-1] New samba packages fix denial of service Moritz Muehlenhoff (Jul 17)
[SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff (Jul 26)
[SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages) Moritz Muehlenhoff (Jul 27)
[SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service Moritz Muehlenhoff (Jul 21)
[SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution Moritz Muehlenhoff (Jul 21)
[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff (Jul 17)
[SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution Moritz Muehlenhoff (Jul 24)
[SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation Moritz Muehlenhoff (Jul 17)

Moritz Naumann

Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues Moritz Naumann (Jul 06)

mozilla

ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) mozilla (Jul 10)

Mr . Niega

Gdiplus.dll division by 0 Mr . Niega (Jul 29)

mullware

Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior mullware (Jul 18)

. myke lyons

[Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) . myke lyons (Jul 04)

nanika

Windows Explorer URL File format overflow nanika (Jul 05)
Excel 2000/XP/2003 Style 0day POC nanika (Jul 03)

nate

Re: cpanel login problem nate (Jul 29)
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure nate (Jul 15)

naveed

Fuzzing Microsoft Office naveed (Jul 12)
MS Power Point Multiple Vulnerabilities - (memory corruption) POC naveed (Jul 15)
MS Power Point Multiple Vulnerabilities - (mso.dll) POC naveed (Jul 15)
MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC naveed (Jul 15)
MS Word Unchecked Boundary Condition Vulnerability naveed (Jul 10)
Re: Windows Explorer URL File format overflow naveed (Jul 10)

newbinaryfile

XSS vulnerability on AWBS newbinaryfile (Jul 29)

Nick Breese

Advisory: VMware Possible Incorrect Permissions On SSL Key Files Nick Breese (Jul 25)

NSFOCUS Security Team

NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability NSFOCUS Security Team (Jul 27)
NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability NSFOCUS Security Team (Jul 12)
NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability NSFOCUS Security Team (Jul 12)
NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability NSFOCUS Security Team (Jul 12)

omnipresent

MicroGuestBook Remote XSS Attack omnipresent (Jul 22)
Fantastic Guestbook v2.0.1 Advisory omnipresent (Jul 15)

OpenPKG

[OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela) OpenPKG (Jul 26)
[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype) OpenPKG (Jul 28)
[OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt) OpenPKG (Jul 15)
[OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby) OpenPKG (Jul 28)
[OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache) OpenPKG (Jul 28)

OS2A BTO

PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A BTO (Jul 07)

pagvacito

Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form pagvacito (Jul 18)

paisterist . nst

Graffiti Forums v1.0 SQL Injection Vulnerabilities paisterist . nst (Jul 10)
PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities paisterist . nst (Jul 07)

paul14075

Invision Power Board v2.1 <= 2.1.6 sql injection exploit paul14075 (Jul 18)
Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul14075 (Jul 18)

paul dansing

Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul dansing (Jul 18)

Paul Laudanski

CC announces new Rootkit help forum insync with Book Paul Laudanski (Jul 10)

Paul Starzetz

Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Paul Starzetz (Jul 10)
Re: rPSA-2006-0122-1 kernel Paul Starzetz (Jul 10)

Paul Szabo

Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo (Jul 05)

Pavel Kankovsky

Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky (Jul 31)

peter_philipp

Consumers of Broadband Providers (ISP) may be open to hijack attacks peter_philipp (Jul 18)

philipp . niedziela

MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability philipp . niedziela (Jul 31)
PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI philipp . niedziela (Jul 31)

putosoft softputo

Oracle 10g R2 and, probably, all previous versions putosoft softputo (Jul 27)

R0t-K33Y

Xss in MttKe-php v2.6 R0t-K33Y (Jul 27)
Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1 R0t-K33Y (Jul 28)

Rainer Duffner

Re: file include exploits in randshop v1.2 Rainer Duffner (Jul 04)

RedTeam Pentesting

Advisory: Remote command execution in planetGallery RedTeam Pentesting (Jul 20)

renatrix

XSS phpBB 2.0.21 in administration renatrix (Jul 15)

research

SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability research (Jul 11)
SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution research (Jul 13)
SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced research (Jul 24)

reywen

crashing firefox <= 1.5.0.4 reywen (Jul 15)

rgod

flatnuke <= 2.5.7 arbitrary php file upload rgod (Jul 13)
ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure rgod (Jul 31)
PHORUM 5 arbitrary local inclusion rgod (Jul 13)
PHP ip2long() function circumvention rgod (Jul 29)
Pivot <=1.30rc2 privilege escalation / remote commands execution rgod (Jul 07)
Etomite CMS <= 0.6.1 'rfiles.php' remote command execution rgod (Jul 26)
ToendaCMS <= 1.0.0 arbitrary file upload rgod (Jul 18)
phpbb 3.x sql injection (with global moderator rights) rgod (Jul 13)
MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection rgod (Jul 15)
PAPOO <=3RC3 sql injection / admin credentials disclosure rgod (Jul 08)
LoudBlog <=0.5 Sql injection rgod (Jul 21)

Robert Marquardt

RE: Re: vBulletin 3.5.4 (install_path) Exploit Robert Marquardt (Jul 15)

Roger A. Grimes

RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes (Jul 22)
RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes (Jul 22)
$100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes (Jul 18)

Roman Medina-Heigl Hernandez

Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Roman Medina-Heigl Hernandez (Jul 12)

root

PcAnywhere > 12 Local Privilege Escalation root (Jul 18)

roozbeh_afrasiabi

[KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php roozbeh_afrasiabi (Jul 29)

Roy Hills

Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills (Jul 26)

rst

Invision Power Board 2.1 <= 2.1.6 sql injection rst (Jul 15)

Russell Lowenthal

Oracle 10g R2 and, probably, all previous versions Russell Lowenthal (Jul 28)

Ryan Smith

Hustle -- Tumbleweed Email Firewall Remote Vulnerability Ryan Smith (Jul 28)

sales

Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales (Jul 22)

saudi . unix

ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities saudi . unix (Jul 18)
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability Saudi . Unix (Jul 10)
PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities saudi . unix (Jul 24)
com_moskool (admin.moskool.php) Remote File Include Vulnerabilities saudi . unix (Jul 31)
SQuery v.x (devi.php) (armygame.php) Remote File Inclusion saudi . unix (Jul 24)

Schmehl, Paul L

RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Schmehl, Paul L (Jul 01)

scott

Re: vBulletin 3.5.4 (install_path) Exploit scott (Jul 06)
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow scott (Jul 22)

Scott Gemma

Re: cpanel login problem Scott Gemma (Jul 31)

Sec-Tec Lists

Check Point R55W Directory Traversal Sec-Tec Lists (Jul 24)

Secunia Research

Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability Secunia Research (Jul 26)
Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities Secunia Research (Jul 17)
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities Secunia Research (Jul 17)
Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption Secunia Research (Jul 27)
Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow Secunia Research (Jul 26)
Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability Secunia Research (Jul 17)

security

[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities security (Jul 19)
[ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability security (Jul 29)
[ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability security (Jul 18)
[ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability security (Jul 12)
[ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability security (Jul 26)
[ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability. security (Jul 21)
[ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability. security (Jul 19)
[ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability security (Jul 07)
[ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability security (Jul 12)
[ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities. security (Jul 19)
[ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities security (Jul 05)
[ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability. security (Jul 20)
[ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability. security (Jul 19)
[ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability security (Jul 28)
[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities security (Jul 13)
[ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities security (Jul 08)
[ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability security (Jul 12)
[ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability security (Jul 12)
WebScarab <= 20060621-0003 cross site scripting security (Jul 18)
[ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities security (Jul 13)
[ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities security (Jul 29)

security-alert

[security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (Jul 20)
Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert (Jul 27)
[security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert (Jul 01)
[security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access security-alert (Jul 01)
[security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert (Jul 25)
[security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006 security-alert (Jul 21)
[security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS) security-alert (Jul 13)
[security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS) security-alert (Jul 18)

securityconnection

QTOFileManager 1.0 securityconnection (Jul 03)
MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection (Jul 24)
TBE 4.0 XSS securityconnection (Jul 03)
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting securityconnection (Jul 27)
NewsPHP 2006 PRO XSS SQL injection Vulnerability securityconnection (Jul 01)
sNews 1.3 XSS SQL securityconnection (Jul 05)
ATutor 1.5.3 Cross Site Scripting securityconnection (Jul 08)
Phorum 5.1.14 XSS SQL injection Vulnerability securityconnection (Jul 15)
Phpprobid <= 5.24 XSS SQL injection Vulnerability securityconnection (Jul 26)
BLOG:CMS 4.1.0 SQL injection File Include Vulnerability securityconnection (Jul 05)

security curmudgeon

Re: Fusion Polls (xtrphome) Remote File Inclusion security curmudgeon (Jul 28)
Re: Ashop Search Module SQL injection security curmudgeon (Jul 26)

securityfocus

Re: Photocycle v1.0 - XSS securityfocus (Jul 14)

Sheryl Coppenger

Re: Securing PHP or finding PHP alternatives Sheryl Coppenger (Jul 15)

SHiKaA-

SQuery <= 4.5(libpath) Remote File Inclusion Exploit SHiKaA- (Jul 12)

Silitix

DotClear : Multiples Full Path Disclosure Silitix (Jul 22)

simo64

Lazarus Guestbook Cross Site Scripting Vulnerabilities simo64 (Jul 12)
LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties simo64 (Jul 25)

SkyFlash

Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)

sledge

AFCommerce Shopping Cart sledge (Jul 19)

SnoBmsn

Microsoft Internet Explorer DOS Vulnerability SnoBmsn (Jul 22)

solutions_PHP

Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow solutions_PHP (Jul 31)

Sowhat

Microsoft Excel Array Index Error Remote Code Execution Sowhat (Jul 12)

spammeanddie

Crtical Shockwave Embeded XSS Execution spammeanddie (Jul 15)

ss_team

Cross Site Scripting Vulnerability in Zoho Virtual Office ss_team (Jul 18)

Stefan Cornelius

[ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities Stefan Cornelius (Jul 29)
[ GLSA 200607-11 ] TunePimp: Buffer overflow Stefan Cornelius (Jul 29)

Steven M. Christey

Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey (Jul 27)
Re: Do world's famous companies take care of their security? Steven M. Christey (Jul 31)
Re: LAMP vs Microsoft Steven M. Christey (Jul 12)
Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey (Jul 22)
Re: Xss in MttKe-php v2.6 Steven M. Christey (Jul 31)

StorMBoY

RW::Download stats.php Remote File Inc. StorMBoY (Jul 08)
Webvizyon Portal 2006 Version SQL Injection StorMBoY (Jul 10)
MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download StorMBoY (Jul 10)

str0ke

Re: Invision Power Board 2.1 <= 2.1.6 sql injection str0ke (Jul 18)
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke (Jul 18)

Sune Kloppenborg Jeppesen

[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jul 25)
[ GLSA 200607-01 ] mpg123: Heap overflow Sune Kloppenborg Jeppesen (Jul 03)
ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen (Jul 24)
[ GLSA 200607-02 ] FreeType: Multiple integer overflows Sune Kloppenborg Jeppesen (Jul 10)
[ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jul 10)
[ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen (Jul 24)
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability Sune Kloppenborg Jeppesen (Jul 25)
[ GLSA 200607-04 ] PostgreSQL: SQL injection Sune Kloppenborg Jeppesen (Jul 10)
UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jul 31)
[ GLSA 200607-03 ] libTIFF: Multiple buffer overflows Sune Kloppenborg Jeppesen (Jul 10)

support

Re: Buddy Zone Version 1.0.1 - XSS support (Jul 15)

tamriel

TP-Book <= 1.00 Cross Site Scripting Vulnerabilities tamriel (Jul 26)
Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities tamriel (Jul 26)
Professional PHP Tools Guestbook Multiple Vulnerabilities tamriel (Jul 18)
hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities tamriel (Jul 18)

The Dark Tangent

DEF CON 14: Speakers Selected and more. The Dark Tangent (Jul 01)

the_day

[ECHO_ADV_41$2006] BufferOverflow in Midirecord2 the_day (Jul 26)

the . jalal

Re: SubberZ[Lite] - Remote File Include the . jalal (Jul 22)

Thierry Carrez

[ GLSA 200607-06 ] libpng: Buffer overflow Thierry Carrez (Jul 19)
[ GLSA 200607-07 ] xine-lib: Buffer overflow Thierry Carrez (Jul 21)

Thor (Hammer of God)

Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 19)
Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 17)

Thor Larholm

Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm (Jul 04)

tigerblue

Oracle and Apache mod_rewrite Vulnerability tigerblue (Jul 31)

Tim Brown

Low security hole affecting IPCalc's CGI wrapper Tim Brown (Jul 22)

Tippingpoint Security Research Team

TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Tippingpoint Security Research Team (Jul 11)

Troy Bollinger

Re: IBM AIX Security contact? Troy Bollinger (Jul 07)

Trustix Security Advisor

TSLSA-2006-0042 - multi Trustix Security Advisor (Jul 21)
TSLSA-2006-0040 - kernel Trustix Security Advisor (Jul 07)

tr_zindan

PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability tr_zindan (Jul 28)

TSRT

TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities TSRT (Jul 26)
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability TSRT (Jul 26)

tuergeist

Re: Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 10)
Re: Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 10)
Mico crashes when contected with wrong IOR / DoS tuergeist (Jul 07)

usar_y_tirar

Re: cpanel login problem usar_y_tirar (Jul 31)

VMware Security Team

VMSA-2006-0003 VMware possible incorrect permissions on SSL key files VMware Security Team (Jul 19)

vulnerabilities

SQL injection Seir Anphin v666 Community Management System vulnerabilities (Jul 31)

vuln . invent

Plesk Control Panel <= 8.0.0 XSS vulnerability vuln . invent (Jul 17)

vulnpost-remove

[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities vulnpost-remove (Jul 25)
[vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability vulnpost-remove (Jul 25)
[vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability vulnpost-remove (Jul 26)
[vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow vulnpost-remove (Jul 25)

Web Ex

RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Web Ex (Jul 10)

William A. Rowe, Jr.

[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr. (Jul 28)

x0r0n

Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download x0r0n (Jul 18)
Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability x0r0n (Jul 13)
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability x0r0n (Jul 13)
Re: Portail PHP v1.7 Remote File Include x0r0n (Jul 31)
ListMessenger v0.9.3 Remote File Inclusion Vulnerability x0r0n (Jul 17)

Xavier

Rocks Clusters <=4.1 local root Xavier (Jul 15)

xzerox

WordPress 2.0.3 SQL Error and Full Path Disclosure xzerox (Jul 03)
Pearl Products Multiple Remote File Inclusion xzerox (Jul 03)
phpBB 2.0.21 Full Path Disclosure xzerox (Jul 01)
FLV Players Multiple Input Validation Vulnerabilities xzerox (Jul 12)

y3dips

OPERA Web Browser 9 Denial OF Service y3dips (Jul 01)

zck zck

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure zck zck (Jul 12)

zdi-disclosures

ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability zdi-disclosures (Jul 27)
ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability zdi-disclosures (Jul 11)
ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability zdi-disclosures (Jul 26)
ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability zdi-disclosures (Jul 26)
ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability zdi-disclosures (Jul 07)

zeberus_

Php-Fusion (Xss) With Avatar Upload zeberus_ (Jul 03)

Previous period

Next period