Bugtraq: by date

564 messages starting Jul 01 06 and ending Jul 31 06
Date index | Thread index | Author index

Saturday, 01 July

NewsPHP 2006 PRO XSS SQL injection Vulnerability securityconnection
News <= 5.2 XSS, SQL Injection, Full Path Disclosure gmdarkfig
Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available? 3APA3A
phpBB 2.0.21 Full Path Disclosure xzerox
Re: PHP security (or the lack thereof) Kevin Waterson
RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Schmehl, Paul L
Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter
Re: Msie 7.0 beta Crash mike
[security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access security-alert
[security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert
Buddy Zone Version 1.0.1 - XSS luny
mAds v1.0 lunY
phpMyAdmin : Cross-Site Scripting Vulnerability bug () securitynews ir
DEF CON 14: Speakers Selected and more. The Dark Tangent
OPERA Web Browser 9 Denial OF Service y3dips
Internet Crna Gora SQL Injection Breeeeh
SmS Script SQL Injection Breeeeh
Sql injection in Diesel joke site script black code
SturGeoN Upload v1 Remote Command Execution Exploit gmdarkfig

Monday, 03 July

Whitepaper: IT (in)security implementation in a real world example Denis Jedig
Php-Fusion (Xss) With Avatar Upload zeberus_
Glossaire<<--v1.7 Remote File Include CrAzY . CrAcKeR
call for papers - IT Underground, Italy 2006 it_underground
[MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure admin
WordPress 2.0.3 SQL Error and Full Path Disclosure xzerox
plume-cms v1.0.4 Multiple Remote File include KARKOR23
Pearl Products Multiple Remote File Inclusion xzerox
free QBoard v1.1 Multiple Remote File include KARKOR23
Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability mac68k
Multiple vulnerabilities in TK8 Safe v.3.0.5 clappymonkey
popup Vacation Rentals[calendar_year.php] SQL Injection BoNy-m
QTOFileManager 1.0 securityconnection
Invision Power Board v1.3 Final SQL Injection Breeeeh
Contact for nhl.com C. Hamby
Excel 2000/XP/2003 Style 0day POC nanika
5 php scripts remote database password disclosure gmdarkfig
Call For Papers - No cON Name 2006 Edition Spain deese
[ GLSA 200607-01 ] mpg123: Heap overflow Sune Kloppenborg Jeppesen
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability David Matousek
imgsvr dos exploit by n00b co296
TBE 4.0 XSS securityconnection

Tuesday, 04 July

Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm
[scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection Marc Ruef
galleria <= 1.0 Remote File Inclusion Vulnerability ineal
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure James Davis
[scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting Marc Ruef
file include exploits in randshop v1.2 black code
PhpWebGallery Cross Site Scripting Vulnerability iss4m . h
Re: file include exploits in randshop v1.2 Rainer Duffner
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure Jaroslaw Sajko
[Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) . myke lyons

Wednesday, 05 July

Invision Power Board "v1.X & 2.X" SQL Injection CrAzY . CrAcKeR
Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo
Shopping Cart V0.9 luny
Windows Explorer URL File format overflow nanika
Touch arbitrary file execute vulnerability Alex Park
sNews 1.3 XSS SQL securityconnection
BLOG:CMS 4.1.0 SQL injection File Include Vulnerability securityconnection
Re: PHP security (or the lack thereof) Dan Falconer
[ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities security
vBulletin 3.5.4 (install_path) Exploit CarcaBotx
TigerTom Scripts luny

Thursday, 06 July

[SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution Martin Schulze
Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues Moritz Naumann
Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003
[USN-308-1] shadow vulnerability Martin Pitt
[USN-309-1] libmms vulnerability Martin Pitt
[USN-310-1] ppp vulnerability Martin Pitt
Re: vBulletin 3.5.4 (install_path) Exploit scott

Friday, 07 July

Re: IBM AIX Security contact? Troy Bollinger
Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio
Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) Luigi Auriemma
McAfee VirusScan Enterprise 8.0.0 Buffer Overflow johndoe1529
Mico crashes when contected with wrong IOR / DoS tuergeist
TSLSA-2006-0040 - kernel Trustix Security Advisor
WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield
PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A BTO
[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities matdhule
ATutor : Cross-Site Scripting Vulnerabilities bug () securitynews ir
Possible code execution in Kaillera 0.86 Luigi Auriemma
rPSA-2006-0122-1 kernel Justin M. Forbes
PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities paisterist . nst
Format string bug in Sparklet 0.9.4try3 Luigi Auriemma
[ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability security
HostingController: An attacker can gain reseller privileges and after that can gain admin privileges Irsdl
Sport-slo.net Guestbook v1.0 luny
IBM AIX Security contact? Joxean Koret
Pivot <=1.30rc2 privilege escalation / remote commands execution rgod
[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service Martin Schulze
lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX
ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability zdi-disclosures

Saturday, 08 July

[ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities security
PAPOO <=3RC3 sql injection / admin credentials disclosure rgod
Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) flockoyd
[KAPDA::#46] - AjaxPortal Authentication Bypass alireza hassani
ATutor 1.5.3 Cross Site Scripting securityconnection
RW::Download stats.php Remote File Inc. StorMBoY

Monday, 10 July

[ GLSA 200607-03 ] libTIFF: Multiple buffer overflows Sune Kloppenborg Jeppesen
Webvizyon Portal 2006 Version SQL Injection StorMBoY
Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha
Re: Invision Power Board "v1.X & 2.X" SQL Injection mattmecham
Graffiti Forums v1.0 SQL Injection Vulnerabilities paisterist . nst
[ GLSA 200607-04 ] PostgreSQL: SQL injection Sune Kloppenborg Jeppesen
MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download StorMBoY
LAMP vs Microsoft Darren Reed
Re: RE: Invision Vulnerabilities, including remote code execution mattmecham
Re: [KAPDA::#46] - AjaxPortal Authentication Bypass earthquake
ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) mozilla
Re: rPSA-2006-0122-1 kernel Paul Starzetz
[ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities matdhule
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation Martin Schulze
Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Paul Starzetz
phpPolls 1.0.3 Administration ByPass alp_eren
Re: galleria <= 1.0 Remote File Inclusion Vulnerability counterpoint
Re: Invision Power Board v1.3 Final SQL Injection mattmecham
[USN-312-1] gimp vulnerability Martin Pitt
RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula
CC announces new Rootkit help forum insync with Book Paul Laudanski
MS Word Unchecked Boundary Condition Vulnerability naveed
Re: Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003
RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Web Ex
Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability info
Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov
Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas
Re: PHP security (or the lack thereof) Darren Reed
Re: Mico crashes when contected with wrong IOR / DoS tuergeist
Re: Mico crashes when contected with wrong IOR / DoS tuergeist
Re: Windows Explorer URL File format overflow naveed
Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas
Local file inclusion in Farsinews3.0BETA1 armin390
Old vulnerable sotwares collection Jerome Athias
[ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter
[SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service Martin Schulze
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability Saudi . Unix
Re: LAMP vs Microsoft Jarrod Frates
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability Darren Bounds
Re: LAMP vs Microsoft Bob Beck
Re: Securing PHP or finding PHP alternatives Crispin Cowan
[ GLSA 200607-02 ] FreeType: Multiple integer overflows Sune Kloppenborg Jeppesen
[ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Sune Kloppenborg Jeppesen

Tuesday, 11 July

SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability research
CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce
TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Tippingpoint Security Research Team
ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability zdi-disclosures

Wednesday, 12 July

Re: LAMP vs Microsoft Steven M. Christey
[USN-313-1] OpenOffice.org vulnerabilities Martin Pitt
[USN-316-1] installer vulnerability Martin Pitt
[USN-315-1] libmms, xine-lib vulnerabilities Martin Pitt
Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Cisco Systems Product Security Incident Response Team
[ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability security
Re: ATutor 1.5.3 Cross Site Scripting info
SQuery <= 4.5(libpath) Remote File Inclusion Exploit SHiKaA-
[USN-314-1] samba vulnerability Martin Pitt
Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter
Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service Cisco Systems Product Security Incident Response Team
rPSA-2006-0128-1 samba samba-swat Justin M. Forbes
Fuzzing Microsoft Office naveed
SMB Information Disclosure Vulnerability Avert
[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution Moritz Muehlenhoff
Microsoft Excel Array Index Error Remote Code Execution Sowhat
Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Roman Medina-Heigl Hernandez
[ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability security
NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability NSFOCUS Security Team
TOPo v.2.2.178 Account Reset darkz . gsa
S21Sec-032-en: Vulnerability in Fatwire Content Server labs
Re: Browser bugs hit IE, Firefox today (SANS) 3CO
RE: Old vulnerable sotwares collection John Rigali
Lazarus Guestbook Cross Site Scripting Vulnerabilities simo64
[ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability security
NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability NSFOCUS Security Team
New CVE number states Excel Style handling as a separate issue Juha-Matti Laurio
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure zck zck
Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. Amelie
NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability NSFOCUS Security Team
FLV Players Multiple Input Validation Vulnerabilities xzerox
[ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability security
Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. amelie

Thursday, 13 July

[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities matdhule
RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman
SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution research
[USN-317-1] zope2.8 vulnerability Martin Pitt
Photocycle v1.0 - XSS luny
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability x0r0n
Orbitmatrix PHP Script v1.0 luny
Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability x0r0n
[USN-318-1] libtunepimp vulnerability Martin Pitt
[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities security
flatnuke <= 2.5.7 arbitrary php file upload rgod
PHORUM 5 arbitrary local inclusion rgod
phpbb 3.x sql injection (with global moderator rights) rgod
Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities Joxean Koret
[ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities security
perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion endeneu
[security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS) security-alert
rPSA-2006-0122-2 kernel Justin M. Forbes

Friday, 14 July

Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe
IE <= 6 DoS vulnerability jonasschaub
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion") Maurice Makaay
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities Benjamin Tobias Franz
Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Caveo Internet BV - Security
EEYE: McAfee ePolicy Orchestrator Remote Compromise eEye Advisories
Re: Photocycle v1.0 - XSS securityfocus
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Hugo van der Kooij

Saturday, 15 July

Bybass HTTP ( extension files ) in ISA 2004 medozero
MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC naveed
MS Power Point Multiple Vulnerabilities - (mso.dll) POC naveed
MS Power Point Multiple Vulnerabilities - (memory corruption) POC naveed
Norton Insufficient protection of Norton service registry keys David Matousek
Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability David Matousek
Re: Securing PHP or finding PHP alternatives Michael Shigorin
Re: Securing PHP or finding PHP alternatives SkyFlash
Linux sys_prctl LKM based hotfix Abhisek Datta
crashing firefox <= 1.5.0.4 reywen
saphp "add.php" forumid Parameter SQL Injection Breeeeh
RE: Re: vBulletin 3.5.4 (install_path) Exploit Robert Marquardt
XSS phpBB 2.0.21 in administration renatrix
MyGallery "Room.php" SQL Injection Breeeeh
Rocks Clusters <=4.1 local root Xavier
[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file finde_schwachstelle
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure jholguin
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella
Phorum 5.1.14 XSS SQL injection Vulnerability securityconnection
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure nate
MiniBB Forum <= 1.5a Remote File Include Vulnerabilities matdhule
Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) Mailinglists
Re: LAMP vs Microsoft Darren Reed
SubberZ[Lite] - Remote File Include ChironeX . FleckeriX
RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula
VBZooM <=V1.11 " reply.php" SQL Injection Breeeeh
VBZooM <=V1.11 " ignore-pm.php" SQL Injection Breeeeh
Microsoft PowerPoint 0-day Vulnerability FAQ document written Juha-Matti Laurio
Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Cyneox
Re: Securing PHP or finding PHP alternatives Sheryl Coppenger
Re: phpbb 3.x sql injection (with global moderator rights) bugtraq
Crtical Shockwave Embeded XSS Execution spammeanddie
VBZooM <=V1.11 "sub-join.php" SQL Injection Breeeeh
Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz
Re: LAMP vs Microsoft Bob Beck
[OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt) OpenPKG
Fantastic Guestbook v2.0.1 Advisory omnipresent
VBZooM "sendmail.php" SQL Injection Breeeeh
Re: LAMP vs Microsoft Darren Reed
Re: LAMP vs Microsoft Bob Beck
Re: Buddy Zone Version 1.0.1 - XSS support
Re: LAMP vs Microsoft Joel Maslak
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michael Shigorin
Invision Power Board 2.1 <= 2.1.6 sql injection rst
Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Lukasz Trabinski
Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Jon Hart
Gracenote buffer overflow MNV
MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection rgod

Monday, 17 July

Mercury Messenger Hans Wolters
Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God)
Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion chris_hasibuan
Calendar Module <= 1.5.7 Remote File Include Vulnerabilities matdhule
Plesk Control Panel <= 8.0.0 XSS vulnerability vuln . invent
Re: Phorum 5.1.14 XSS SQL injection Vulnerability Maurice Makaay
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities Secunia Research
[SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation Moritz Muehlenhoff
RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich
rPSA-2006-0130-1 kernel Justin M. Forbes
[EEYEB-20060227] D-Link Router UPNP Stack Overflow eEye Advisories
Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities Secunia Research
[SECURITY] [DSA 1110-1] New samba packages fix denial of service Moritz Muehlenhoff
Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability Secunia Research
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) Dragos Ruiu
boastMachine <= 3.1 SQL Injection Exploit gmdarkfig
ListMessenger v0.9.3 Remote File Inclusion Vulnerability x0r0n
Multiple vulnerabilities in UFO2000 svn 1057 Luigi Auriemma
[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff

Tuesday, 18 July

About the latest three Powerpoint vulnerabilities: exploitable? ewt
[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service Moritz Muehlenhoff
Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul dansing
ToorCon 2006 Call for Papers h1kari () toorcon org
RUXCON 2006 Final Call For Papers cfp
Re: Securing PHP or finding PHP alternatives Crispin Cowan
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michal Zalewski
[USN-319-1] Linux kernel vulnerability Martin Pitt
Re: LAMP vs Microsoft George Capehart
Re: LAMP vs Microsoft Darren Reed
New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities matdhule
Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form pagvacito
Re: Invision Power Board 2.1 <= 2.1.6 sql injection str0ke
23rd Chaos Communication Congress 2006: Call for Participation fukami
Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities matdhule
Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield
Cross Site Scripting Vulnerability in Zoho Virtual Office ss_team
[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability farhadkey
Professional PHP Tools Guestbook Multiple Vulnerabilities tamriel
[ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability security
ToendaCMS <= 1.0.0 arbitrary file upload rgod
Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download x0r0n
Outpost Firewall Pro secrately fixing security flaws? Bipin Gautam
Re: Invision Power Board 2.1 <= 2.1.6 sql injection mattmecham
DeluxeBB mutiple vulnerabilities Jessica Hope
$100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes
Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] ak
Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] ak
WebScarab <= 20060621-0003 cross site scripting security
RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy
[SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure Moritz Muehlenhoff
Re: Bybass HTTP ( extension files ) in ISA 2004 medozero
Re: Bybass HTTP ( extension files ) in ISA 2004 medozero
PcAnywhere > 12 Local Privilege Escalation root
Consumers of Broadband Providers (ISP) may be open to hijack attacks peter_philipp
ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities saudi . unix
Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] ak
Invision Power Board v2.1 <= 2.1.6 sql injection exploit paul14075
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] ak
[security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS) security-alert
hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities tamriel
ASP.DLL Include File Buffer Overflow Brett Moore
Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul14075
Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior mullware
Re: LAMP vs Microsoft Bob Beck
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke
Re: XSS phpBB 2.0.21 in administration Jessica Hope
Re: LAMP vs Microsoft Hugo van der Kooij
osDate 1.1.7 multiple vulnerabilities binary . loc
Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl Alexander Hristov
Re: crashing firefox <= 1.5.0.4 bugtraq

Wednesday, 19 July

New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio
[USN-320-1] PHP vulnerabilities Martin Pitt
[ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability. security
[ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability. security
[ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities. security
[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities security
Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God)
rPSA-2006-0132-1 tshark wireshark Justin M. Forbes
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team
VMSA-2006-0003 VMware possible incorrect permissions on SSL key files VMware Security Team
[ GLSA 200607-06 ] libpng: Buffer overflow Thierry Carrez
[USN-319-2] Linux kernel vulnerability Martin Pitt
[USN-313-2] OpenOffice.org vulnerabilities Martin Pitt
Re: imageVue16.1 upload vulnerability info
AFCommerce Shopping Cart sledge
Security point-of-contact for Ameritrade? James M. Blackburn
Re: osDate 1.1.7 multiple vulnerabilities binary . loc
rPSA-2006-0133-1 libpng Justin M. Forbes

Thursday, 20 July

Cisco MARS < 4.2.1 remote compromise Jon Hart
[ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion matdhule
Advisory: Remote command execution in planetGallery RedTeam Pentesting
[MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability admin
[MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability admin
[MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin
[ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability. security
[security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert

Friday, 21 July

rPSA-2006-0134-1 sendmail sendmail-cf Justin M. Forbes
[USN-321-1] mysql-dfsg-4.1 vulnerability Martin Pitt
[SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service Moritz Muehlenhoff
[security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006 security-alert
SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1 armin390
[ GLSA 200607-07 ] xine-lib: Buffer overflow Thierry Carrez
[SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service Martin Schulze
LoudBlog <=0.5 Sql injection rgod
Unidomedia Chameleon LE/Pro Directory Traversal kicktd
TSLSA-2006-0042 - multi Trustix Security Advisor
Samba Internal Data Structures DOS Vulnerability Exploit Alexander Hristov
[ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability. security
[SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution Martin Schulze
SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion chris_hasibuan
[SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution Moritz Muehlenhoff

Saturday, 22 July

Re: Samba Internal Data Structures DOS Vulnerability Exploit Gerald (Jerry) Carter
Re: Securing PHP or finding PHP alternatives Crispin Cowan
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) AG Spider
iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability labs-no-reply
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow kala_z
[Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] botan
RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes
Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey
Re: LAMP vs Microsoft Darren Reed
Re: Securing PHP or finding PHP alternatives Michael Cordover
Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner
RE: XSS phpBB 2.0.21 in administration David Thomson
Microsoft Internet Explorer DOS Vulnerability SnoBmsn
MicroGuestBook Remote XSS Attack omnipresent
[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities admin
RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow m
[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting admin
Low security hole affecting IPCalc's CGI wrapper Tim Brown
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities Martin Schulze
about bid 17404 crack
[SECURITY] [DSA 1119-1] New hiki packages fix denial of service Martin Schulze
Re: XSS phpBB 2.0.21 in administration Jessica Hope
Re: SubberZ[Lite] - Remote File Include the . jalal
RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes
New CVE identifiers for separate PowerPoint 0-day issues assigned Juha-Matti Laurio
RE: $100 plus several of my books if you can crack my Windows password hashes. Michael Scheidell
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow scott
new shell bypass safe mode d3nger
SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) mail
Re: XSS phpBB 2.0.21 in administration Jessica Hope
Re: AFCommerce Shopping Cart contact
Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities matdhule
Re: New PowerPoint Trojan installs itself as LSP Mike Healan
MiniBB Forum <= 1.5a Remote File Include (news.php) AG Spider
Com Multibanners Remote File Inclusion (mosConfig_absolute_path) mail
[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure admin
Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability harbl
Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin
Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales
Map MS Security Bulletins to MS KB numbers Matthew Leeds
DotClear : Multiples Full Path Disclosure Silitix

Monday, 24 July

[SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] botan
Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. mfoxhacker
[ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen
[CYBSEC] TippingPoint detection bypass Andres Riancho
Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 Luigi Auriemma
[SECURITY] [DSA 1121-1] New postgrey packages fix denial of service Martin Schulze
PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities saudi . unix
Re: [ GLSA 200607-08 ] GIMP: Buffer overflow Michael Shigorin
Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner
[USN-322-1] Konqueror vulnerability Martin Pitt
Check Point R55W Directory Traversal Sec-Tec Lists
MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection
[SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data Moritz Muehlenhoff
Windows XP/NT/SMB2003/2000 Denial of Service attack J. Oquendo
ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen
Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities admin
SQuery v.x (devi.php) (armygame.php) Remote File Inclusion saudi . unix
Heap overflow in the GT2 loader of libmikmod 3.2.2 Luigi Auriemma
[SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution Moritz Muehlenhoff
Opsware NAS 6.0 reveals MySQL 'root' password Freeman, Michael
rPSA-2006-0135-1 gimp Justin M. Forbes
Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability info
SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced research
Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) Luigi Auriemma
[SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service Martin Schulze
Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) Luigi Auriemma

Tuesday, 25 July

[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[USN-296-2] Firefox vulnerabilities Martin Pitt
Advisory: VMware Possible Incorrect Permissions On SSL Key Files Nick Breese
[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities vulnpost-remove
[vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability vulnpost-remove
[vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow vulnpost-remove
LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties simo64
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability Sune Kloppenborg Jeppesen
[security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert

Wednesday, 26 July

Re: Ashop Search Module SQL injection security curmudgeon
[ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability security
Full Path Disclosure xGuestBook v1.02 dicomdk
MS06-034 lies? IIS 6 can still be owned? Cesar
Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability Secunia Research
[USN-297-3] Thunderbird vulnerabilities Martin Pitt
[USN-320-2] php4 regression Martin Pitt
EzUpload multi file vulnerabilities hack2prison
Multiple vulnerabilities in OpenCMS Meder Kydyraliev
[SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff
Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
wwwThreads XSS l2odon
Zyxel Prestige 660H-61 Cross-Site Scripting jose . palanco
Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities tamriel
PHP-Auction SQL injection l2odon
ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability zdi-disclosures
TP-Book <= 1.00 Cross Site Scripting Vulnerabilities tamriel
ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability zdi-disclosures
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability TSRT
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities TSRT
[SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code Moritz Muehlenhoff
Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills
Etomite CMS <= 0.6.1 'rfiles.php' remote command execution rgod
[USN-323-1] mozilla vulnerabilities Martin Pitt
[ECHO_ADV_41$2006] BufferOverflow in Midirecord2 the_day
[vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability vulnpost-remove
[OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela) OpenPKG
Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow Secunia Research
Phpprobid <= 5.24 XSS SQL injection Vulnerability securityconnection
Re: new shell bypass safe mode cxib

Thursday, 27 July

Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability NSFOCUS Security Team
a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability Dr . Jr7
Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting securityconnection
Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert
[SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service Martin Schulze
Cross-Site Scripting and Local File Inclusion in Phorum Meftun
Buffer Overflow Vulnerability in Winlpd Meftun
Re: Low security hole affecting IPCalc's CGI wrapper krischan
[USN-324-1] freetype vulnerability Martin Pitt
[USN-325-1] ruby1.8 vulnerability Martin Pitt
[USN-326-1] heartbeat vulnerability Martin Pitt
[SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages) Moritz Muehlenhoff
Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption Secunia Research
Bypassing Oracle dbms_assert ak
ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability zdi-disclosures
rPSA-2006-0137-1 firefox Justin M. Forbes
Xss in MttKe-php v2.6 R0t-K33Y
AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) c0rrupt
Oracle 10g R2 and, probably, all previous versions putosoft softputo
Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey

Friday, 28 July

[USN-327-1] firefox vulnerabilities Martin Pitt
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
[USN-328-1] Apache vulnerability Martin Pitt
[FLSA-2006:175040] Updated php packages fix security issues Marc Deslauriers
Re: Bypassing Oracle dbms_assert David Litchfield
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities Moritz Muehlenhoff
[OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache) OpenPKG
[SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service Martin Schulze
Portail PHP v1.7 Remote File Include Meftun
[OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby) OpenPKG
[ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability security
[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype) OpenPKG
Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1 R0t-K33Y
RE: Bypassing Oracle dbms_assert Alexander Kornbrust
Re: Bypassing Oracle dbms_assert David Litchfield
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr.
Oracle 10g R2 and, probably, all previous versions Russell Lowenthal
Apache mod_rewrite Buffer Overflow Vulnerability Avert
[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution Martin Schulze
PHP-Nuke INP XSS l2odon
Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities matdhule
Re: Fusion Polls (xtrphome) Remote File Inclusion security curmudgeon
Lan-Aces Office Logic Mike
Re: Check Point R55W Directory Traversal dave_kwek
cpanel login problem ali
Hustle -- Tumbleweed Email Firewall Remote Vulnerability Ryan Smith
PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability tr_zindan

Saturday, 29 July

rPSA-2006-0139-1 httpd mod_ssl Justin M. Forbes
[USN-329-1] Thunderbird vulnerabilities Martin Pitt
PHP ip2long() function circumvention rgod
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities A-S-T2006
XSS vulnerability on AWBS newbinaryfile
RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability Desai, Deepen
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities A-S-T2006
[KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php roozbeh_afrasiabi
[ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability security
mambatstaff Mambo Component <= Remote Include Vulnerability Dr . Jr7
[ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities Stefan Cornelius
artlinks Mambo Component <= Remote Include Vulnerability Dr . Jr7
[ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities security
Re: cpanel login problem nate
Gdiplus.dll division by 0 Mr . Niega
[ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows Matthias Geerdsen
[ GLSA 200607-11 ] TunePimp: Buffer overflow Stefan Cornelius

Monday, 31 July

UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: cpanel login problem Scott Gemma
RE: cpanel login problem Bugs
Re: Portail PHP v1.7 Remote File Include x0r0n
Re: PHP ip2long() function circumvention darylf
com_moskool (admin.moskool.php) Remote File Include Vulnerabilities saudi . unix
Re: cpanel login problem usar_y_tirar
ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure rgod
PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI philipp . niedziela
SQL injection Seir Anphin v666 Community Management System vulnerabilities
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky
Re: Gdiplus.dll division by 0 Early Warning Team
Re: Check Point R55W Directory Traversal Hugo van der Kooij
Oracle and Apache mod_rewrite Vulnerability tigerblue
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue advisories
Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue advisories
Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue advisories
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow solutions_PHP
Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 Luigi Auriemma
Re: Xss in MttKe-php v2.6 Steven M. Christey
RE: cpanel login problem Alan
MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability philipp . niedziela
Re: Do world's famous companies take care of their security? Steven M. Christey

Previous period

Next period