Bugtraq: by date

598 messages starting Mar 01 06 and ending Mar 31 06
Date index | Thread index | Author index

Wednesday, 01 March

FreeBSD Security Advisory FreeBSD-SA-06:09.openssh FreeBSD Security Advisories
Limbo CMS code execution Alexander Hristov
Re: ArGoSoft FTP server remote heap overflow Steven M. Christey
FreeBSD Security Advisory FreeBSD-SA-06:10.nfs FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED] FreeBSD Security Advisories
Updated Noah Classifieds Component for Joomla!/Mambo noahsec1
[eVuln] Leif M. Wright's Blog Multiple Vulnerabilities alex
Re: Fedex Kinkos Smart Card Authentication Bypass Lance James
Re: WordPress 2.0.1 Multiple Vulnerabilities Javor Ninov
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz
Secunia Research: Lighttpd Script Source Disclosure Vulnerability Secunia Research
Re: Knowledgebases Remote Command Exucetion security curmudgeon
SAP Web Application Server http request url parsing vulnerability arnold . grossmann
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Steve Shockley
Evolution Emailer DoS Alan Cox
Re: ArGoSoft FTP server remote heap overflow Jerome Athias
Evil side of Firefox extensions azurIt
Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability abuse
Re: Evil side of Firefox extensions Henri Cook
4images <=1.7.1 remote code execution rgod
Re: recursive DNS servers DDoS as a growing DDoS problem v9
Re: Evil side of Firefox extensions Ben
Re: Evil side of Firefox extensions Mike Owen
Re: Evil side of Firefox extensions azurIt
Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability Secunia Research
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Nick Boyce
Re: Evil side of Firefox extensions Dave Korn
NCP VPN/PKI Client - various Bugs Ramon 'ports' Kukla
Fwd: APPLE-SA-2006-03-01 Security Update 2006-001 Dave McKinney
Re: (PHP) mb_send_mail security bypass Yasuo Ohgaki
SMBlog Remote Command Exucetion botan
Re: [Full-disclosure] Quarantine your infected users spreading malware Dana Hudes
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] L. Adrian Griffis
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] L. Adrian Griffis
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros
FW: WordPress 2.0.1 Multiple Vulnerabilities Michael.Wade
RE: Evil side of Firefox extensions salexander
Re: WordPress 2.0.1 Multiple Vulnerabilities Daniele Muscetta
Re: WordPress 2.0.1 Multiple Vulnerabilities ad () heapoverflow com
Re: Evil side of Firefox extensions Michael Ekstrand
Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability nukedx

Thursday, 02 March

[USN-259-1] irssi vulnerability Martin Pitt
[FLSA-2006:178989] Updated perl-DBI package fixes security issue Marc Deslauriers
Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability roozbeh_afrasiabi
[OSX]: /usr/bin/passwd local root exploit. v9
Re: recursive DNS servers DDoS as a growing DDoS problem v9
[KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS addmimistrator
[SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities Martin Schulze
JOOMLA CMS 1.0.7 DoS & path disclosing ghc
[SECURITY] [DSA 984-1] New xpdf packages fix several problems Martin Schulze
Re: FW: WordPress 2.0.1 Multiple Vulnerabilities Chris Hajer
PluggedOut Nexus SQL injection h e
Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability Jimmy Latouche
Re: Fedex Kinkos Smart Card Authentication Bypass Lance James
ProtoVer Sample IMAP testsuite release Evgeny Legerov
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability alex
[SECURITY] [DSA 981-1] new bmv packages fix arbitrary code execution Martin Schulze
Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities. nukedx
[ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability security
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron
iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability labs-no-reply () idefense com
vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack addmimistrator
MyBB 1.0.4 New SQL Injection o . y . 6
sql in Dawaween V 1.03 shereba_2007
RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Jay Stapleton

Friday, 03 March

iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification labs-no-reply () idefense com
iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability labs-no-reply () idefense com
MyBB 1.04 Perl Exploit o . y . 6
Gallery 2 Multiple Vulnerabilities GulfTech Security Research
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities tzitaroth
[eVuln] Skate Board Multimple Vulnerabilities alex
XST-Strikes-Back vulnerability in Netcache Nite Sprite
AZTEK forums 4.0 multiple vulnerabilities (PoC) billy
Re: Guestbox XSS/an admin bypass micuel
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities David Rasch
Kaspersky Memory/CPU Usage Leak by design Michael . Lang

Saturday, 04 March

[ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code Thierry Carrez
phpArcadeScript XSS Injections retard
Various router DoS ryanmeyer14
AVG 7 granting Everyone Full Control to updated files... even its drivers redxii1234
[ GLSA 200603-01 ] WordPress: SQL injection vulnerability Thierry Carrez
[eVuln] Easy Forum XSS Vulnerability alex
PHP-Stats <= 0.1.9.1 remote commands execution rgod
phpBB <= 2.0.19 Multiple DoS vulnerabilities paisterist . nst
Pixel Post Multiple Vulnerabilities paisterist . nst
[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability roozbeh_afrasiabi
linksys router + irc DoS Cade Cairns
Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability. nukedx
Wbb 2.3. xss r57shell
Visual Studio 6.0 Buffer Overflow Vulnerability kozan
Re: Kaspersky Memory/CPU Usage Leak by design Teodor Cimpoesu
Simplog <= 1.0.2 Vulnerabilities retard
DSplit - Tiny AV signatures Detector ad () heapoverflow com
Critical Risk Vulnerability in L-Soft Listserv NGSSoftware Insight Security Research
[ GLSA 200603-03 ] MPlayer: Multiple integer overflows Thierry Carrez

Monday, 06 March

[SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution Martin Schulze
[OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar) OpenPKG
Re: Various router DoS znx
Re: Wbb 2.3. xss Adrian
vulnerability in the IE Java applet initialization engine porkythepig
Game-Panel <= 2.1.6 XSS retard
[eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability alex
evoBlog Remote Name tag Script injection sikik
Re: linksys router + irc DoS bugtraq
[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php roozbeh_afrasiabi
Announcement: WASC Threat Classification in German contact
FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability sikik
SyScan'06 Call For Papers organiser () syscan org
htpasswd bufferoverflow and command execution in thttpd-2.25b. Larry Cashdollar
Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit kozan
[ GLSA 200603-04 ] IMAP Proxy: Format string vulnerabilities Thierry Carrez
Multiple vulnerabilities in Liero Xtreme 0.62b Luigi Auriemma
[ GLSA 200603-05 ] zoo: Stack-based buffer overflow Thierry Carrez
Multiple vulnerabilities in Sauerbraten engine 2006_02_28 Luigi Auriemma
Out of memory crash in Freeciv 2.0.7 Luigi Auriemma
Re: linksys router + irc DoS Cade Cairns
Multiple vulnerabilities in Cube engine 2005_08_29 Luigi Auriemma
SQL injection & XSS IN vbzoom v1.11 ???? ????
SQL injection in Invision Power Board v2.1.5 ???? ????

Tuesday, 07 March

[USN-260-1] flex vulnerability Martin Pitt
histhost v1.0.0 xss and possible rmdir retard
RE: linksys router + irc DoS Daniel Ramirez Valdez
link bank code execution and xss retard
phpBannerExchange 2.0 Directory Traversal Vulnerability h4cky0u . org
PHP-based CMS mass-exploitation Daniel Bonekeeper
[SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution Moritz Muehlenhoff
Re: SQL injection in Invision Power Board v2.1.5 mattmecham
IM Lock 2006 - Insecure Registry Permission Vulnerability unsecure
Re: Various router DoS bugtraq
Cpanel Path Disclosure Vulnerability Silversmith
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz
Purple Paper: Exegesis Of Virtual Hosts Hacking unknown . pentester
Loudblog 0.41 SQL Injection, Local file read/include tzitaroth
Multiple vulnerabilities in Alien Arena 2006 GE 5.00 Luigi Auriemma
[eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities alex
IE iFrame + Sun JVM + JS bug. Exploitable? drguile
Cisco PIX embryonic state machine 1b data DoS Konstantin V. Gavrilenko
Cisco PIX embryonic state machine TTL(n-1) DoS Konstantin V. Gavrilenko
Dropbear SSH server Denial of Service Pablo Fernandez

Wednesday, 08 March

RE: Cisco PIX embryonic state machine 1b data DoS Randy Ivener (rivener)
[FLSA-2006:168264-1] Updated XFree86 packages fix security issues Marc Deslauriers
[FLSA-2006:168264-2] Updated X.org packages fix security issue Marc Deslauriers
[FLSA-2006:168516] Updated pcre packages fix a security issue Marc Deslauriers
[FLSA-2006:176751] Updated gpdf package fixes security issues Marc Deslauriers
[ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities security
CanSecWest/core06 Vancouver April 3-7 Dragos Ruiu
[security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS) security-alert
[eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities alex
Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting no_reply
Re: AVG 7 granting Everyone Full Control to updated files... even its drivers Matti Haack
textfileBB <= 1.0 Multiple XSS retard
capi4hylafax insecure manipulation with tmp files Javor Ninov
Re: PHP-based CMS mass-exploitation Paul Laudanski
[KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities 3nitro
[SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities Moritz Muehlenhoff
a worm for mediaWiki?? "vitamona"
H&R Block contact - SOLVED Fixer
Re: a worm for mediaWiki?? jredmond
18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 Reed Arvin
[ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities security

Thursday, 09 March

Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 3APA3A
nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys nCipher Support
nCipher Advisory #13: CBC-MAC IV misleading programming interface nCipher Support
nCipher Advisory #14: Presence of flaws in firmware security nCipher Support
[SECURITY] [DSA 989-1] New zoph packages fix SQL injection Moritz Muehlenhoff
Remote access to NeuSecure/Netcool backend database via web interface credentials leakage D . Snezhkov
Easy File Sharing Web Server Multiple Vulnerablilities revnic
HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit h4cky0u . org
INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow infocus
M-Phorum Cross Site Scripting codexploder
ADP Forum 2.0,* script İnjection liz0
DCP Portal: Multiple XSS Vulnerabilities enji
MyBloggie: Multiple XSS Vulnerabilities enji
txtForum: Multiple XSS Vulnerabilities enji
txtForum: Script Injection Vulnerability enji
Re: a worm for mediaWiki?? Michael Rice
RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit securma
Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting no_reply
Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 reedarvin
RE: [Full-disclosure] PHP-based CMS mass-exploitation hchemin
Aluria/WhenU Troubled Past and Whitewashing History Paul Laudanski
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a
UnrealIRCd3.2.3 Server-Link Denial of Service admin
DVguestbook 1.0 And 1.2.2 Cross Site Scripting liz0
PHP Upload Center Download users password hashes And phpshell Upload liz0
PHP Advanced Transfer Manager Download users password hashes liz0
n8cms 1.1 & 1.2 version Sql İnjection And XSS liz0
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan

Friday, 10 March

[KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow Dirk Mueller
[USN-261-1] PHP vulnerabilities Martin Pitt
announcement: reporting and mitigating malicious websites and phishing Gadi Evron
[ MDKSA-2006:035-1 ] - Updated php packages fix vulnerability security
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Geo.
Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm Zone Labs Product Security
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior
[SECURITY] [DSA 990-1] New bluez-hcidump packages fix denial of service Martin Schulze
[SECURITY] [DSA 919-2] New curl packages fix potential security problem Martin Schulze
[SECURITY] [DSA 991-1] New zoo packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution Moritz Muehlenhoff
[eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities alex
GnuPG does not detect injection of unsigned data Werner Koch
Re: Dropbear SSH server Denial of Service il80r
Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. nukedx
[KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability alireza hassani
Re: Thomson SpeedTouch 500 modems vulnerable to XSS dford
RE: Purple Paper: Exegesis Of Virtual Hosts Hacking Craig Wright
Re: recursive DNS servers DDoS as a growing DDoS problem Ventsislav Genchev
[ GLSA 200603-06 ] GNU tar: Buffer overflow Thierry Carrez
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit Don Voita
Re: Dropbear SSH server Denial of Service Matt Johnston
[SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check Martin Schulze
[ GLSA 200603-08 ] GnuPG: Incorrect signature verification Thierry Carrez
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce
CoreNews 2.0.1 Remote Command Exucetion botan
[ GLSA 200603-07 ] flex: Potential insecure code generation Thierry Carrez

Saturday, 11 March

Re: Dropbear SSH server Denial of Service Damien Miller
XSS in vCard xx_hack_xx_2004
SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit rod hedor
Coppermine exploit used by a Chase Phish? Paul Laudanski
Jupiter CMS <= 1.1.5 multiple XSS attack vectors. zerogue
Copy protection scheme SafeDisc allows privilege escalation yourname
AntiVir PersonalEdition Classic: Local Privilige Escalation Ramon 'ports' Kukla

Monday, 13 March

[ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection Stefan Cornelius
[ GLSA 200603-10 ] Cube: Multiple vulnerabilities Stefan Cornelius
[USN-262-1] Ubuntu 5.10 installer password disclosure Martin Pitt
[USN-263-1] Linux kernel vulnerabilities Martin Pitt
[USN-264-1] gnupg vulnerability Martin Pitt
directory traversal Fixed in DirectContact 0.3c lionel
Multiple vulnerabilities in ENet library (Jul 2005) Luigi Auriemma
[SECURITY] [DSA 994-1] New freeciv packages fix denial of service Martin Schulze
[SECURITY] [DSA 995-1] New metamail packages fix arbitrary code execution Martin Schulze
[eVuln] Vegas Forum SQL Injection Vulnerability alex
Kerio MailServer bugfun Evgeny Legerov
[SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness Martin Schulze
[SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check Martin Schulze
Secunia Research: unalz Filename Handling Directory Traversal Vulnerability Secunia Research
Secunia Research: Dwarf HTTP Server Source Disclosure and Cross-Site Scripting Secunia Research
WMNews Cross Site Scripting exalibur33
Buffer Overflow and Installation Script Error in Firebird 1.5.3 Joxean Koret
[INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability dong-hun you
Re: Coppermine exploit used by a Chase Phish? Nexus
ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability zdi-disclosures
[SECURITY] [DSA 997-1] New bomberclone packages fix arbitrary code execution Martin Schulze
[ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability security

Tuesday, 14 March

[DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue Uwe Hermann
[DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue Uwe Hermann
[DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue Uwe Hermann
[SECURITY] [DSA 999-1] New lurker packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities Martin Schulze
[DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue Uwe Hermann
DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow' KF (lists)
[SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service Martin Schulze
[SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution Moritz Muehlenhoff
Linux zero IP ID vulnerability? Marco Ivaldi
[eVuln] CyBoards PHP Lite SQL Injection Vulnerability alex
ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability zdi-disclosures
High Risk Vulnerability in Microsoft Excel NGSSoftware Insight Security Research
Re: histhost v1.0.0 xss and possible rmdir Steven M. Christey
Fortinet Security Advisory: FSA-2006-09 Fortinet Research
Fortinet Security Advisory: FSA-2006-08 Fortinet Research
SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata CS_Advisories Mailbox

Wednesday, 15 March

[xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability XFOCUS Security Team
Re: histhost v1.0.0 xss and possible rmdir Chris Kuethe
[HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution vuln
WLSI - Windows Local Shellcode Injection - Paper Cesar
CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net CodeScan Labs
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities Martin Schulze
CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior CodeScan Labs
[eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities alex
Secunia Research: Adobe Document/Graphics Server File URI Resource Access Secunia Research
FW: call for speakers and thoughts on VoIP Security - there's a long way to go! Ken Kousky
Sasser variant that effects 2k3 SP1 completely updated? Andrew Weaver
[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details addmimistrator
[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login addmimistrator
[KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection addmimistrator
Re: Purple Paper: Exegesis Of Virtual Hosts Hacking Anders Henke
GnuPG weak as one guy with a spare laptop. Forrest J. Cavalier III
Invision Power Board v2.1.4 - session hijacking Hans Wolters
Re: Linux zero IP ID vulnerability? Marco Ivaldi
WebVulnCrawl searching excluded directories for hackable web servers Michael Scheidell
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit anonymous
Latest MS patches kill wireless networking? James Garrison
Re: Latest MS patches kill wireless networking? James Garrison
Re: Sasser variant that effects 2k3 SP1 completely updated? Robert J. Stull
Vulnerability in e-gold shurik . f
Vulnerability fixed in E-gold 3APA3A

Thursday, 16 March

[ GLSA 200603-11 ] Freeciv: Denial of Service Stefan Cornelius
[ GLSA 200603-12 ] zoo: Buffer overflow Stefan Cornelius
[SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file Martin Schulze
[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution Moritz Muehlenhoff
Re: Invision Power Board v2.1.4 - session hijacking Peter Conrad
Re: Invision Power Board v2.1.4 - session hijacking matt
Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability Thierry Zoller
Milkeyway Multiple Vulnerabilities ascii
Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability eyas
Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability ad () heapoverflow com
Re: Linux zero IP ID vulnerability? Andrea Purificato - bunker
Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters
Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Daniel Bonekeeper

Friday, 17 March

[SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff
[FLSA-2006:178606] Updated kdelibs packages fix security issues Marc Deslauriers
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Hariharan
[FLSA-2006:157459-3] Updated kernel packages fix security issues Marc Deslauriers
RE: Remote overflow in MSIE script action handlers (mshtml.dll) David Schenz
Re: GnuPG weak as one guy with a spare laptop. obnoxious
[FLSA-2006:157459-4] Updated kernel packages fix security issues Marc Deslauriers
[ GLSA 200603-14 ] Heimdal: rshd privilege escalation Stefan Cornelius
[FLSA-2006:175404] Updated xpdf package fixes security issues Marc Deslauriers
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Tomasz Onyszko
[ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass Stefan Cornelius
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson
[ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector Stefan Cornelius
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Robert Story
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem Keith Morgan
Re: GnuPG weak as one guy with a spare laptop. Forrest J. Cavalier III
XCon2006 Call For Paper XFOCUS Security Team
XSS IN Invision Power Board ???? ????
Symantec Security Advisory SYM06-004 secure
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski
[ GLSA 200603-16 ] Metamail: Buffer overflow Stefan Cornelius
[FLSA-2006:157459-1] Updated kernel packages fix security issues Marc Deslauriers
Re: Remote overflow in MSIE script action handlers (mshtml.dll) c0redump
Generically Determining the Prescence of Virtual Machines valsmith
Fedora Legacy Server Outage Marc Deslauriers
Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll) Nazca
[SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution Moritz Muehlenhoff
Re: recursive DNS servers DDoS as a growing DDoS problem Robert Story
[SECURITY] [DSA 1008-1] New kpdf packages fix arbitrary code execution Martin Schulze
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Master Phoxpherus
[SECURITY] [DSA 1007-1] New drupal packages fix several vulnerabilities Martin Schulze
[FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues Marc Deslauriers
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Jamie Riden
Re: Linux zero IP ID vulnerability? Marco Ivaldi
Oxynews Sql İnjection r00t3rr0r
[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities alex
[FLSA-2006:174479] Updated libungif packages fix security issues Marc Deslauriers
[FLSA-2006:157459-2] Updated kernel packages fix security issues Marc Deslauriers
MyBB 1.10 Full Path Disclosure o . y . 6
Microsoft Commerce Server 2002: Logon as known user with a false password Dimitri

Saturday, 18 March

Contrexx CMS Xss Vuln Soothackers
Xss in Wbb 2.3.4 r57shell
Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities nukedx
Re: Latest MS patches kill wireless networking? Matt Ostiguy
Re: WebVulnCrawl searching excluded directories for hackable web servers Peter Conrad
Re: Latest MS patches kill wireless networking? Phil Frederick

Monday, 20 March

ExtCalendar v1.0 Multiple Xss Vuln Soothackers
[SECURITY] [DSA 960-3] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze
[SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution Martin Schulze
[security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access security-alert
[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities Martin Schulze
[security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access security-alert
[security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert
phpWebsite <= SQL Injection (friend.php) & (article.php) dabdoub_mosikar
Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities raphael . huck
Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll) Phil Frederick
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Steve Shockley
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Bram Matthys (Syzop)
Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 justint
Re: CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior Jan Schneider
Re: Remote overflow in MSIE script action handlers (mshtml.dll) c0redump
IMF 2006 - 2nd Call for Papers Oliver Goebel
Re: Generically Determining the Prescence of Virtual Machines Jeff Epler
Re: Latest MS patches kill wireless networking? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Daniel Stone
Re: recursive DNS servers DDoS as a growing DDoS problem Michael Sierchio
RE: Generically Determining the Prescence of Virtual Machines Burton Strauss
Re: Re: Invision Power Board v2.1.4 - session hijacking matt
Re: Invision Power Board v2.1.4 - session hijacking exon
Re: Invision Power Board v2.1.4 - session hijacking exon
Symantec Security Advisory, SYM06-005 secure
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 H D Moore
RE: Generically Determining the Prescence of Virtual Machines Thomas Guyot-Sionnest
Re: Invision Power Board v2.1.4 - session hijacking Bill Nash
DNS Amplification Attacks Gadi Evron
[ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln security
Perverting Unix Processes Pluf
Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters
[ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability security
CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script CORE Security Technologies Advisories

Tuesday, 21 March

[ GLSA 200603-18 ] Pngcrush: Buffer overflow Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit Martin Schulze
[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution Martin Schulze
[ GLSA 200603-17 ] PeerCast: Buffer overflow Sune Kloppenborg Jeppesen
XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) alfy
Cisco Aironet 1300 DoS condition Alex
Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks. Hugo Fortier
[ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs Matthias Geerdsen
[ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution Sune Kloppenborg Jeppesen
Free Articles Directory Remote Command Exucetion botan
ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities nukedx
Mini-Nuke<=1.8.2 SQL injection (6) dabdoub_mosikar

Wednesday, 22 March

FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:12.opie FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec FreeBSD Security Advisories
[eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability alex
DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' KF (lists)
WinHKI 1.6x Archive Extraction Directory traversal h e
cutenews 1.4.1 Arbitrary File Access h e
[SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file Martin Schulze
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Alan Coopersmith
PHP Live! XSS status_image.php kspecial
Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail Jose Nazario
IE crash Stelian Ene
SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017) Thomas Biege
[OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail) OpenPKG

Thursday, 23 March

[ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities Sune Kloppenborg Jeppesen
sendmail vuln advisories (CVE-2006-0058) Marc Bejarano
[SECURITY] [DSA 1014-1] New firebird2 packages fix denial of service Martin Schulze
[ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability security
[USN-265-1] cairo/Evolution library vulnerability Martin Pitt
Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow Stefan Esser
[ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities security
[SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution Martin Schulze
Re: sendmail vuln advisories (CVE-2006-0058) Michal Zalewski
[ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals Sune Kloppenborg Jeppesen
[KAPDA::#37] - CoMoblog XSS farhadkey
PasswordSafe 3.0 weak random number generator allows key recovery attack info
Vulnerability Alert Services - Independent List Andy Cuff
[SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities Moritz Muehlenhoff
Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution advisories
iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability labs-no-reply
iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability labs-no-reply
[ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Sune Kloppenborg Jeppesen
Secunia Research: Microsoft Internet Explorer "createTextRange()" Code Execution Secunia Research
Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability Secunia Research
SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron
Re: Linux zero IP ID vulnerability? Marco Ivaldi
ArabPortal 2.0 Stable [ Full Patch Disclosure ] o . y . 6
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Kyle Sallee
Re: PasswordSafe 3.0 weak random number generator allows key recovery attack Dave Korn
Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu
Popup Blocker Bypass Script James C. Slora, Jr.
Sudo tricks John Richard Moser
[HV-PAPER] Security Product Evaluation Tips vuln
Re: Linux zero IP ID vulnerability? GomoR
Re: PHP-Stats <= 0.1.9.1 remote commands execution freesitealessandro
Digital Armaments April-2006 Hacking Challenge: Oracle Database info
Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses Suport Account
Vulnerabilitiy found in comodo hacker guardian free scan. sk8boardkid
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Tim
Re: recursive DNS servers DDoS as a growing DDoS problem Chris Thompson
w3wp remote DoS Debasis Mohanty

Friday, 24 March

[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability security
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Claus Assmann
[FLSA-2006:186277] Updated sendmail packages fix security issues Jesse Keating
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman
[SECURITY] [DSA 1019-1] New kpdf packages fix several vulnerabilities Martin Schulze
[eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities alex
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities Moritz Muehlenhoff
On product vulnerability history and vulnerability complexity Steven M. Christey
Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks
[eVuln] DSPoll Multiple SQL Injection Vulnerabilities alex
[eVuln] DSNewsletter SQL Injection Vulnerability alex
[security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS) security-alert
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation neeko
Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability Secunia Research
HeffnerCMS Remote Command Exucetion And Cross Scripting Attack botan
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Martin Schulze
VihorDesing Script Remote Command Exucetion And Cross Scripting Attack botan
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Chris Gianelloni
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt
Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron
Re: Vulnerability Alert Services - Independent List Juha-Matti Laurio
Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Tavis Ormandy
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt

Saturday, 25 March

Re: Sudo tricks Dave Korn
RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) D.F.Russell
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Systrace 1.6: Phoenix Release Niels Provos
[eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability alex
[eVuln] DSDownload Multiple SQL Injection Vulnerabilities alex
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Todd Burroughs
Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll) dgtlscrm
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik
Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities) bifta04
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman
Re: recursive DNS servers DDoS as a growing DDoS problem MaddHatter
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron
UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection dabdoub_mosikar

Monday, 27 March

SQL Injection in SaphpLesson2.0 xx_hack_xx_2004
HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution Security Alert
AkoComment SQL injection vulnerability Stefan Keller
SQL injection in VGM Forbin. mfoxhacker
nuked-klan<=1.7.5 SQL Injection dabdoub_mosikar
[ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability Matthias Geerdsen
[PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities Matteo Beccati
CanfTool v1.1 Cross Site Scripting Attack botan
HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities h4cky0u . org
HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS h4cky0u . org
[eVuln] DSLogin Authentication Bypass Vulnerability alex
[eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities alex
[ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl Stefan Cornelius
Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection dabdoub_mosikar
Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability Renaud Lifchitz
Re: PasswordSafe 3.0 weak random number generator allows key recovery attack ronys
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov
Microsoft Windows XP SP2 Firewall issue edubp2002
[DDSi-SA] XSS in Raindance Communications Web Conferencing Pro D . Snezhkov
XSS & SQL Injection in Music Box v2.3 xx_hack_xx_2004
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Pim van Riezen
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Kurt Seifried
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Florian Weimer
Re: Sudo tricks Kyle Wheeler
Re: recursive DNS servers DDoS as a growing DDoS problem Geo.
TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability zdi-disclosures
ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow zdi-disclosures
[SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff
ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow zdi-disclosures
SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons secure
PHPLiveHelper 1.8 remote command execution (include) Xploit (perl) stormhacker

Tuesday, 28 March

EEYE: Temporary workaround for IE createTextRange vulnerability Marc Maiffret
VWar <= 1.5.0 R11 Remote Code Execution Exploit uid0
Re: On classifying attacks Gadi Evron
[eVuln] Maian Events SQL Injection Vulnerability alex
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Geo.
XSS in AL-Caricatier xx_hack_xx_2004
[eVuln] Maian Support Authentication Bypass alex
[SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution Moritz Muehlenhoff
Genius VideoCAM NB Local Privilege Escalation beford
Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability Secunia Research
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik
Re: SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons secure
Re: Microsoft Windows XP SP2 Firewall issue Thor (Hammer of God)
Announcement: The Web Hacking Incidents Database contact
ArabPortal 2.0 Stable CrossSiteScripting o . y . 6
Re: Sudo tricks Thomas M. Payerle
Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Matthew R. Dempsky
Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) Determina Secure
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron
Cantv/Movilnet's Web SMS vulnerability. Bugtraq @ SNSecurity
Re: PHP-Stats <= 0.1.9.1 remote commands execution nomail
Re: Sudo tricks Steven M. Christey
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser
Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel
Re: Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution edubp2002

Wednesday, 29 March

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data Tõnu Samuel
XSS in PHPKIT Version 1.6.03 badnet_xoopiter
Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff
[HV-INFO] Enova hardware encryption: false sense of security vuln
[xfocus-SD-060329]MPlayer: Multiple integer overflows XFOCUS Security Team
[eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability alex
[eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection alex
Re: Sudo tricks Krzysztof Halasa
Re: Re: phpBB 2.06 search.php SQL injection fritz-li
PhxContacts <= 0.93.1 beta Multiple SQL injection & xss dabdoub-mosikar
Resource to Report and Stop Phishing Scams Paul Laudanski
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene
Re: Cantv/Movilnet's Web SMS vulnerability. raven
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel
Full path disclosure in Webcalendar 1.1.0-CVS crasher
[ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd Stefan Cornelius

Thursday, 30 March

[ MDKSA-2006:061 ] - Updated mailman packages fix DoS from badly formed mime multipart messages. security
X-Changer <=v0.2 Demo SQL injection dabdoub-mosikar
Buffer overflows in Dia XFig import lars
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability Juha-Matti Laurio
Re: On classifying attacks David M Chess
Smurfable Linux Kernel Tomasz Chomiuk
[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files Gerald (Jerry) Carter
strip_tags() but not only vulnerability Tõnu Samuel
[security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02102 SSRT051078 rev.2 - HP-UX usermod(1M) Local Unauthorized Access. security-alert
Re: recursive DNS servers DDoS as a growing DDoS problem mike davis
Re: recursive DNS servers DDoS as a growing DDoS problem gboyce
Re: recursive DNS servers DDoS as a growing DDoS problem Stephen Samuel
Re: recursive DNS servers DDoS as a growing DDoS problem Geo.
MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability simo64

Friday, 31 March

Oxygen<=1.x.x SQL injection dabdoub-mosikar
MonAlbum 0.8.7 SQL Injection undefined1
Black Hat Call for Papers and Registration now open Jeff Moss
[security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert
RE: WebVulnCrawl searching excluded directories for hackable web servers Michael Scheidell
OSSTMM Security Analyst Training Live Stream on the Web Pete Herzog
Re: Sudo tricks Javor Ninov
Re: On classifying attacks Gadi Evron
EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. Mustafa Can Bjorn IPEKCI
RE: recursive DNS servers DDoS as a growing DDoS problem Geo.
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jeff Rosowski
RE: Sudo tricks Burton Strauss
Re: Re: Cantv/Movilnet's Web SMS vulnerability. rrecabarren
DbbS<=2.0-alpha SQL injection dabdoub-mosikar
Buffer-overflow and in-game crash in Zdaemon 1.08.01 Luigi Auriemma
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking botan

Previous period

Next period