Bugtraq: by date

PreviousPrevious period
Next periodNext

524 messages starting Oct 02 06 and ending Oct 31 06
Date index | Thread index | Author index

Monday, 02 October

ZERT patch for setSlice() Gadi Evron
Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities Stefan Esser
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability x0r0n
[OpenPKG-SA-2006.022] OpenPKG Security Advisory (openssh) OpenPKG
0day in Firefox from ToorCon '06 Thor Larholm
zero-day flaws in Firefox: about 30 unpatched Firefox flaws ragan
Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability dh
EasyBannerFree (functions.php) Remote File Include Exploit las_kid
IBM Informix Dynamic Server V10.0 File Clobbering during Install Larry Cashdollar
Pebble 2.0.0 RC[1,2] XSS vulnerability Paolo Perego
Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability David Matousek
"POC 2006" by Korean hackers securityproof
[security bulletin] HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation security-alert
Dayfox Blog v2.0 Remote file include dj_remix_20
IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo
[USN-355-1] openssh vulnerabilities Martin Pitt
[USN-356-1] gdb vulnerability Martin Pitt
digishop v 4.0.0 Xss Vuln. meto5757
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Brian Eaton
[USN-354-1] Firefox vulnerabilities Martin Pitt
Security contact for Myspace/Fox? E Mintz
Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053] Eiji James Yoshida
Portable shell-exploit for buffer-overflow bugs Roman Medina-Heigl Hernandez
Re: WebCalendar-1.0.3 reading of any files webcalendar
Re: net2ftp: a web based FTP client :) <= Remote File Inclusion securfrog
[security bulletin] HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access security-alert
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh FreeBSD Security Advisories

Tuesday, 03 October

[SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution Noah Meyerhans
[ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities security
[ MDKSA-2006:177 ] - Updated MySQL packages rebuilt against updated openssl. security
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo
[ MDKSA-2006:178 ] - Updated ntp packages rebuilt against updated openssl. security
Re: WebspotBlogging => 3.0 Remote File Include Vulnerabilities Steven M. Christey
Security flaw in IBM Client Security Password Manager Luís Miguel Silva
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo
PacSec 2006 Papers announcement and EUSecWest Call For Papers Dragos Ruiu
iDefense Security Advisory 10.02.06: Novell GroupWise Messenger nmma.exe DoS Vulnerability iDefense Labs

Wednesday, 04 October

phpMyProfiler remote file include mozi2weed
[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability Williams, James K
Advisory 08/2006: PHP open_basedir Race Condition Vulnerability Stefan Esser
[ MDKSA-2006:179 ] - Updated openssh packages fix DoS vulnerabilities security
[SECURITY] [DSA 1188-1] New mailman packages fix several problems Martin Schulze
Directory Traversal Vulnerability in Goop Gallery 2.0.2 security
Yener Haber Script v2.0 SQL injection dj_remix_20
Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Gadi Evron
Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Alexander Sotirov
[USN-358-1] ffmpeg, xine-lib vulnerabilities Martin Pitt
[USN-353-2] OpenSSL vulnerability Martin Pitt
[USN-357-1] Mono vulnerability Martin Pitt
Invision Power Board Multiple Vulnerabilities Rapigator
[ GLSA 200610-01 ] Mozilla Thunderbird: Multiple vulnerabilities Matthias Geerdsen
[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code Moritz Muehlenhoff
[SECURITY] [DSA 1190-1] New maxdb-7.5.00 packages fix execution of arbitrary code Moritz Muehlenhoff
[ GLSA 200610-02 ] Adobe Flash Player: Arbitrary code execution Matthias Geerdsen

Thursday, 05 October

Vulnerability Type Distributions in CVE Steven M. Christey
WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit xp1o
Re: Concurrency-related vulnerabilities in browsers - expect problems Mike
[SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze

Friday, 06 October

iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability iDefense Labs
[ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability security
Vulnerable function in newest PowerPoint case (MS Advisory #925984) Juha-Matti Laurio
Hazir Site v2.0 Admin SQL Injection dj_remix_20
SUSE Security Summary Report SUSE-SR:2006:024 Thomas Biege
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities Martin Schulze
TSLSA-2006-0055 - multi Trustix Security Advisor
TorrentFlux User-Agent XSS Vulnerability sec
Re: Concurrency-related vulnerabilities in browsers - expect problems Nick Boyce
[USN-359-1] Python vulnerability Martin Pitt
Re: Concurrency-related vulnerabilities in browsers - expect problems Josh Bressers
phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability x0r0n
ackerTodo 4.2 SQL Injection Vulnerability Francesco Laurita
ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability zdi-disclosures
ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability zdi-disclosures
[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation Reversemode
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities Williams, James K
TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability TSRT
rPSA-2006-0183-1 nss_ldap rPath Update Announcements
rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements
TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities TSRT
rPSA-2006-0182-1 php php-mysql php-pgsql rPath Update Announcements
FreeWPS File Upload Command Execution security
Details of Lotus Notes Java Applet vulnerabilities Jouko Pynnonen
Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit Steven M. Christey
Emek Portal v2.1 SQL Injection dj_remix_20
phponline <= (LangFile) Remote File Inclusion Exploit xp1o
[ GLSA 200610-03 ] ncompress: Buffer Underflow Raphael Marichez
Re: net2ftp Remote File Inclusion - bogus report david

Saturday, 07 October

LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories
Vulnerability in Btitracker aeroxteam
LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability x0r0n
LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories
phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability x0r0n
Cahier de textes 2.0 Remote SQL injection Exploit sami
Sorry....My Message With Out Live Site.... Dr . Ninux
Re: Invision Power Board Multiple Vulnerabilities Rapigator
Observations on Mandatory Integrity Control (MIC) in Windows Vista Enno Rey
Re: Security contact for Myspace/Fox? Juha-Matti Laurio
RE: Informing Companies about security vulnerabilities... bugtraq
PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability paisterist . nst
RE: Informing Companies about security vulnerabilities... Arian J. Evans
Re: zero-day flaws in Firefox: about 30 unpatched Firefox flaws Mailinglists Address
JavaScript Spider (code that can traverse the web) pdp (architect)
RE: Informing Companies about security vulnerabilities... Wolf Halton

Monday, 09 October

The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit xp1o
Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Gadi Evron
[ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc
Advanced Poll v2.02 :) <= Remote File Inclusion alguidy
[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability erdc
PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability xorontr
Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow Stefan Esser
[ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability erdc
XSS IN paFileDB 3.1 zarloule04
Freenews v1.1 <= (chemin) Remote File Include Vulnerability xorontr
PHP open_basedir with symlink() function Race Condition PoC exploit paisterist . nst
SQL injection - 4images disfigure
Re: [Full-disclosure] SQL injection - moodle scsantos@unigranrio com br
SQL injection - moodle disfigure
HITBSecConf2006 CTF Source code and daemons Praburaajan
SUSE Security Announcement: php4,php5 (SUSE-SA:2006:059) Ludwig Nussel
Cisco Security Advisory: Limitations in Cisco Secure Desktop Cisco Systems Product Security Incident Response Team
[ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc
yet another OpenSSH timing leak? Marco Ivaldi
[SECURITY] [DSA 1194-1] New libwmf packages fix arbitrary code execution Moritz Muehlenhoff
Re: net2ftp: a web based FTP client :) <= Remote File Inclusion Steven M. Christey

Tuesday, 10 October

[USN-361-1] Mozilla vulnerabilities Martin Pitt
[USN-360-1] awstats vulnerabilities Martin Pitt
7 php scripts File Inclusion / Source disclosure Vuln gmdarkfig
[ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability erdc
MS Windows DRM software Memory Corruption Joxean Koret
phpWebSite 0.10.2 Remote File Include Vulnerabilities crackers_child
Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit str0ke
MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues Mayhemic Labs Security
eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities Tamriel
Re: yet another OpenSSH timing leak? Gianluca Varisco
[security bulletin] HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert
ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability zdi-disclosures
ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability zdi-disclosures
ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability zdi-disclosures
[USN-362-1] PHP vulnerabilities Martin Pitt
[Fedora] libtool-ltdl uses relative paths to resolve and load libraries Enrico Scholz
Re: yet another OpenSSH timing leak? Marco Ivaldi
[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service Noah Meyerhans
PHPLibrary <= 1.5.3 Remote File Inclusion k1tk4t
tagit2b -- Remote File Inclusion k1tk4t
claroline <= 180rc1 Remote File Inclusion k1tk4t
blueshoes <= 4.6_public Remote File Inclusion k1tk4t
pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+ Dragos Ruiu
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability iDefense Labs
[ MDKSA-2006:181 ] - Updated python packages fix vulnerability security

Wednesday, 11 October

Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit Steven M. Christey
rPSA-2006-0187-1 idle python rPath Update Announcements
Directory Traversal Vulnerability in Goop Gallery 2.0.2 security
ShmooCon 2006 CFP Announcement B Potter
Microsoft Office Malformed Record Memory Corruption Vulnerability Sowhat
MysqlDumper Version 1.21 b6 Xss Vulnerability crackers_child
Secunia Research: Microsoft Windows Object Packager Dialog Spoofing Secunia Research
[USN-363-1] libmusicbrainz vulnerability Kees Cook
Jinzora <= 2.1 Remote File Inclusion k1tk4t
AlberT-EasySite <= 1.0.a5 Remote File Inclusion k1tk4t
gcards (languagefile) <= Remote File Include D-virus
Noah's Classifieds Cross Site Scripting Vulnerability raphael . huck
New tool release today - "wyd" - password profiling Max Moser
Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities kevin
Re: gcards (languagefile) <= Remote File Include str0ke
CommunityPortals <= 1.0 Remote File Include Vulnerability nima . salehi
[ MDKSA-2006:182 ] - Updated kernel packages fix multiple vulnerabilities and bugs security

Thursday, 12 October

zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities raphael . huck
iDefense Security Advisory 10.11.06: AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability iDefense Labs
new version of phplist fix XSS vulnerability info
iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability iDefense Labs
MS06-060 Microsoft Word Memmove Code Execution Avert
SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability Research
MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues Mayhemic Labs Security
XeoPort <= 0.81 SQL Injection Vulnerability Tamriel
Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities Tamriel
[security bulletin] HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege security-alert
ExtCalThai_Component <= 0.9.1 Remote File Inclusion k1tk4t
Cisco Security Advisory: Default Password in Wireless Location Appliance Cisco Systems Product Security Incident Response Team
Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability nima . salehi
Admin User Viewed Posts Tracker Remote File Include Vulnerability nima . salehi
Iono all version fullpath disclosure hack2prison
Security Suite IP Logger Remote File Inclusion ReeM_HaCk
Download-Engine Remote File Include v1per-hacker

Friday, 13 October

Black Hat CFP, Registration, and Announcements for October Jeff Moss
Phpbb insert mod Remote file include By_KorsaN_Son
Google Earth (kml & kmz files) buffer overflow Alexander Hristov
Mcafee Network Agent (mcnasvc.exe) Remote DoS Alexander Hristov
Open Conference Systems <= 1.1.3 Remote File Inclusion k1tk4t
CMS contenido Remote File Inclusion CvIr . System
[security bulletin] HPSBST02160 SSRT061254 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-055 security-alert
[security bulletin] HPSBST02134 SSRT061187 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-052, MS06-053 and MS06-054 security-alert
RamaCMS (adodb.inc.php) Remote File Inclue Vulnerability Le . CoPrA
CMS contenido Path Disclosure CvIr . System
PacSec Hype Security Team: CGI.pm param injection Dragos Ruiu
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability Le . CoPrA
SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability nima . salehi
Download-Engine Remote File &#304;nclude By_KorsaN_Son
ISOI II - a DA Workshop (announcement and CFP) Gadi Evron
PHP Cards <= 1.3 Remote File Inclue Vulnerability Le . CoPrA
Utimaco Safeguard Easy vulnerability boomboom999
Bloq 0.5.4 Remote File &#304;nclude By_KorsaN_Son
phpBB Security <= 1.0.1 Remote File Include Vulnerability nima . salehi
PHPht Topsites Remote File &#304;nclude By_KorsaN_Son
news7 <= (news.php) Remote File Inclusion Exploit xp1o
Jax Newspage Remote File include dj_remix_20
TorrentFlux startpop.php torrent Script Insertion 566d9bfe
[SECURITY] [DSA 1166-2] New cheesetraceker packages fix buffer overflow Steve Kemp
pbpbb archive for search engines Remote File Include Vulnerability nima . salehi
Jax LinkLists Remote File include dj_remix_20
MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability Le . CoPrA
phpMyConferences <= 8.0.2 Remote File Inclusion k1tk4t
phpBB Add Name Remote File Include Vulnerability nima . salehi
SpamOborona PHPBB Plugin Remote File Include Vulnerability nima . salehi
maluinfo version 206.2.38l Remote File Include Vulnerability nima . salehi
AMAZONIA MOD Remote File Include Vulnerability nima . salehi
phpBB PlusXL 2.x <= biuld 272 Remote File Include Vulnerability nima . salehi
news defilante horizontale <= 4.1.1 Remote File Include Vulnerability nima . salehi
phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability nima . salehi
RPG Events 1.0.0 Remote File Include Vulnerability nima . salehi
PhpBB Prillian French Remote File Include Vulnerability nima . salehi
PHP Top webs (config.php) Remote File Inclue Vulnerability Le . CoPrA
Buzlas <= v2006-1 Full Remote File Include Vulnerability nima . salehi

Saturday, 14 October

iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability iDefense Labs
@lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit xp1o
EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability mahmood ali
Re: iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability Marco Ivaldi
Multiple XSS Vulnerability in Gcontact security
Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities dansoftaus
Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing edubp2002
Re: Jax LinkLists Remote File include xorontr
WDT:- osTicket File Include all V stormhacker
Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5 security
Jinzora 2.6 - Remote File Include Vulnerabilities erne
Spoofing security dialog in object packager - 2 seejay . 11
Re: yet another OpenSSH timing leak? Marco Ivaldi

Monday, 16 October

ISS BlackICE PC Protection Filelock protection bypass Vulnerability Matousec - Transparent security Research
Re: @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit ptitgal
Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS Vidar Løkken
Kmail <= 1.9.1 (table/frameset) DOS nnp
Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 mkanat
vbulletin Exploit Tool Box [dot]
bbsNew ( File Include Vulnerability Exploit ) h4ck3riran
SYMSA-2006-010: Directory Traversal in IronWebMail research
Back-end ( File Include Vulnerability Exploit ) h4ck3riran
maintain-3.0.0-RC2 - Remote File Include Vulnerabilities erne
Full Path Disclosure in PHP-Wyana xx_hack_xx_2004
:ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities 3APA3A
MOStlyCEV454 - Remote File Include Vulnerabilities erne
VoMM: Taking browser exploits to the next level avivra
WebYep-1.1.9 - Remote File Include Vulnerabilities erne
[USN-364-1] Xsession vulnerability Kees Cook
[ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities Raphael Marichez
osprey 1.0 (ListRecords.php) Remote File Include Vulnerability KaBaRa . HaCk . eGy
Full Path Disclosure in PHP-Wyana (2) xx_hack_xx_2004
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability iDefense Labs
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability iDefense Labs
patchlodel-0.7.3 - Remote File Include Vulnerabilities erne
Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux advisory
PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability mahmood ali
Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability Stefan Esser

Tuesday, 17 October

About.com contact C. Hamby
Re: vbulletin Exploit Tool Box scottREMOVE
[Xss] IN phplist v 2.10.2, the-free_kernel
[USN-365-1] libksba vulnerability Kees Cook
Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2 gene
PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting research
TorrentFlux action Script Insertion 3cab7cc7
TorrentFlux file Script Insertion 3cab7cc7
TorrentFlux user_id Script Insertion 3cab7cc7
[OpenPKG-SA-2006.023] OpenPKG Security Advisory (php) OpenPKG
[ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability erdc
Flaw in Firefox 2.0 RC2 Mike
[security bulletin] HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges security-alert
Re: Flaw in Firefox 2.0 RC2 Jose Nazario
[ GLSA 200610-05 ] CAPI4Hylafax fax receiver: Execution of arbitrary code Raphael Marichez
[ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery Raphael Marichez
phpAdsNew include bug! wacky
rPSA-2006-0194-1 kernel rPath Update Announcements
[ GLSA 200610-07 ] Python: Buffer Overflow Raphael Marichez
Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin advisory
iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability iDefense Labs
[ MDKSA-2006:183 ] - Updated libksba packages correct DoS vulnerability security

Wednesday, 18 October

Re: Flaw in Firefox 2.0 RC2 Eliah Kagan
Re: Flaw in Firefox 2.0 RC2 jm
[ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities security
[ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities security
Re: phpAdsNew include bug! Wim Godden
Comdev One Admin 4.1 Remote File Inclusion disfigure
Boonex Dolphin 5.2 Remote File Inclusion disfigure
Simplog 0.9.3.1 SQL Injection disfigure
Re: Flaw in Firefox 2.0 RC2 Shane Lahey
zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit MoHaNdKo
[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion erdc
Analysis of the Oracle October 2006 Critical Patch Update David Litchfield
TSLSA-2006-0057 - multi Trustix Security Advisor
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability mahmood ali
PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability mahmood ali
PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit CarcaBotx
Call for Papers - First International Workshop on Secure Software Engineering (SecSE 2007) Lillian Røstad
Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface noreply
Airmagnet management interfaces multiple vulnerabilities noreply
Re: Utimaco Safeguard Easy vulnerability Juha-Matti Laurio
{x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit corrado . liotta
Re: Flaw in Firefox 2.0 RC2 Paul Schmehl
Secunia Research: Joomla BSQ Sitestats Script Insertion and SQL Injection Secunia Research
Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions Secunia Research
Re: Flaw in Firefox 2.0 RC2 arny
Static fmat exploits with random va root
Security-Assessment.com Advisory: Asterisk remote heap overflow Adam Boileau
Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit str0ke
[USN-366-1] binutils vulnerability Kees Cook

Thursday, 19 October

rPSA-2006-0195-1 kdelibs rPath Update Announcements
[USN-367-1] Pike vulnerability Kees Cook
[security bulletin] HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065 security-alert
[SECURITY] [DSA 1196-1] New clamav packages fix arbitrary code execution Moritz Muehlenhoff
[OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk) OpenPKG
Re: Flaw in Firefox 2.0 RC2 Lubomir Kundrak
Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities Stefan Esser
[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues Uwe Hermann
[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue Uwe Hermann
[DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue Uwe Hermann
Re: phpAdsNew include bug! matteo
DigitalHive 2.0 RC2 (base_include.php)File Include mahmood ali
UltraCMS 0.9 sql injection fireboy2006
KICS CMS sql injection fireboy2006
SQL Injection simplog navairum
Multiple XSS Vulnerabilities in KnowledgeBank 1.01 security
Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability neothermic
PHP "exec", "system", "popen" problem Дмитрий Borgir
ERRATA: [ GLSA 200610-07 ] Python: Buffer Overflow Raphael Marichez
Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit theif
ATutor 1.5.3.2=> Remote File Include Vulnerability subzero . 0000
[Xss] IN SMF 1.1 RC2 the_free_kernel
Re: Flaw in Firefox 2.0 RC2 Mark A Basil
RE: Flaw in Firefox 2.0 RC2 Sean Warnock
[ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability security
TORQUE Spool Job Race condition (torque <= 2.0.0p8) Luís Miguel Silva
RE: Flaw in Firefox 2.0 RC2 Aras "Russ" Memisyazici
iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability iDefense Labs

Friday, 20 October

Re: PHP "exec", "system", "popen" (+small POC) Bernhard Mueller
Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability abel . andrade
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED) Williams, James K
[KAPDA::#60] Mambo V4.6.x vulnerabilities alireza hassani
HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code security-alert
Simple Machines Forum (SMF) XSS issue josecarlos . norte
PHP Classifieds 7.1 - Remote File Include Vulnerability Le . CoPrA
[ GLSA 200610-08 ] Cscope: Multiple buffer overflows Raphael Marichez
[security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code security-alert
PHP Poll Creator 1.04 (poll_vote.php)File Include mahmood ali
[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation Reversemode
Advisory for Oneorzero helpdesk Mike Klingler
PHPLibrary-1.5.3(Description.php) Remote File Include arab_anaconda
[OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal) OpenPKG
Re: Flaw in Firefox 2.0 RC2 Jure Pečar

Saturday, 21 October

Re: Simple Machines Forum (SMF) XSS issue mrapples
Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability xorontr
Hustle Labs & MNIN eDirectory Vulnerability Ryan Smith
Virtual Law Office (phpc_root_path) Remote File Include Vulnerability xorontr
Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability Steven M. Christey

Monday, 23 October

[USN-368-1] Qt vulnerability Martin Pitt
[ GLSA 200610-09 ] libmusicbrainz: Multiple buffer overflows Matthias Geerdsen
RMSOFT Cross Site Scripting FREAK_PR
trawler <= 1.8.1 Remote File Inclusion k1tk4t
IPEER Remote file inclusion navairum
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.21.06: Novell eDirectory NCP over IP length Heap Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability iDefense Labs
XSS in Zwahlen Online Shop MC Iglo
speedberg <= 1.2beta1 Remote File Inclusion k1tk4t
WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability crackers_child
PHP Generator of Object SQL Database (path) Remote File Include Vulnerability xorontr
AROUNDMe 0.6.9 remonte file inclusion noislet . nospam
Re: Simple Machines Forum (SMF) XSS issue RSnake
[SECURITY] [DSA 1197-1] New python2.4 packages fix arbitrary code execution Moritz Muehlenhoff
-==PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities==- paisterist . nst
[PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability Matteo Beccati
D-Link DSL-G624T several vulnerabilities jose . palanco
Flaw in Firefox 2.0 Final mike
Smarty-2.6.1 Remote File Include Vulnerabilities crackers_child
SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES ak
Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP ak
http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html ak
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports ak
hack.lu Bluetooth demo K F (lists)
Modify Data via Inline Views ak
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL ak
SQL Injection in package XDB.DBMS_XDBZ0 ak
INCA IM-204 Dsl several vulnerabilities crackers_child
SQL Injection in package SYS.DBMS_CDC_IMPDP ak
SQL Injection in Oracle package MDSYS.SDO_LRS ak
Re: [Full-disclosure] hack.lu Bluetooth demo Thierry Zoller
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT Debasis Mohanty
Application orders Linux in WebAPP v0.9.9.2.1 the_free_kernel
WikiNi Multiple Cross Site Scripting Vulnerabilities raphael . huck
[SECURITY] [DSA 1198-1] New python2.3 packages fix arbitrary code execution Moritz Muehlenhoff
Symantec Product Security: Symantec Device Driver Elevation of Privileg secure

Tuesday, 24 October

Re: Smarty-2.6.1 Remote File Include Vulnerabilities J. Carlos Nieto
[ GLSA 200610-10 ] ClamAV: Multiple Vulnerabilities Raphael Marichez
[ GLSA 200610-11 ] OpenSSL: Multiple vulnerabilities Raphael Marichez
Month of Kernel Bugs and fsfuzzer release (0.6) L . M . H .
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems Noah Meyerhans
ProgSys verion 0.151 XSS vulnerability security
[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities vulnpost-remove
Re: Application orders Linux in WebAPP v0.9.9.2.1 nicolascamino
who needs a server ... auto113922
CSLH2.9.9 Remote File Include Vulnerabilities crackers_child
adobe php sdk Remote File Include Vulnerabilities crackers_child
InteliEditor (sys_path) Remote File Include Vulnerability xorontr
[ GLSA 200610-12 ] Apache mod_tcl: Format string vulnerability Raphael Marichez
Re: adobe php sdk Remote File Include Vulnerabilities Mailinglists Address

Wednesday, 25 October

Cisco Security Advisory: Cisco Security Agent for Linux Port Scan Denial of Service Cisco Systems Product Security Incident Response Team
Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability Gadi Evron
[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities farhadkey
phpMyConferences_8.0.2 Remote File Inclusion Outlaw
[ MDKSA-2006:187 ] - Updated Qt packages fix vulnerability security
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability iDefense Labs
Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability erreale
Re: phpMyConferences_8.0.2 Remote File Inclusion Tamriel
iDefense Security Advisory 10.25.06: AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability iDefense Labs
iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability iDefense Labs
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox Lyrics3 v2.00 tags Heap Overflow Vulnerability iDefense Labs
Web-style Wireless IDS attacks noreply
[security bulletin] HPSBMA02133 SSRT061201 rev.2 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert

Thursday, 26 October

[OpenPKG-SA-2006.026] OpenPKG Security Advisory (screen) OpenPKG
rPSA-2006-0195-2 kdelibs qt-x11-free rPath Update Announcements
rPSA-2006-0198-1 screen rPath Update Announcements

Friday, 27 October

IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 LIUDIEYU dot COM
TSLSA-2006-0059 - postgresql Trustix Security Advisor
MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues Mayhemic Labs Security
MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability xorontr
Insecure storage of passwords in Axalto Protiva nnposter
Joomla extended_registration mod Remote File Include Vulnerabilities crackers_child
Directory Traversal in TorrentFlux 2.1 Christopher
phpFaber CMS Cross Site Scripting security
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability iDefense Labs
ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability zdi-disclosures
Re: Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability Christian Kalkhoff
[ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow Raphael Marichez
vulnerability in Symantec products security
Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 Reversemode
Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 HASEGAWA Yosuke
Ban v0.1 (bannieres.php) File Include mahmood ali
TextPattern <=1.19 Remote File Inclusion Vulnerability Bithedz
SMF fgets off-by-one issue and filter size evasion josecarlos . norte
IE7 status: 8 days after release, 3 unfixed issues Moritz Naumann
UNISOR CMS sql injection fireboy2006
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability paisterist . nst
ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability Bithedz
GestArt <= vbeta 1 Remote File Include Vulnerabilities ip . 123 . 456 . 78 . 90
RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Adam Laurie
PLS-Bannieres 1.21 (bannieres.php) File Include mahmood ali
phpLedAds 2.0(dir) File Include mahmood ali
[funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) Gadi Evron
phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include zooz_998
Thepeak File Upload v1.3 : Read file vulneability loveha
Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability playpacific . emulacaid
Microsoft .NET request filtering bypass vulnerability research

Saturday, 28 October

[ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability security
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include emme0032
[ MDKSA-2006:188 ] - Updated mono packages fix vulnerability security
[ MDKSA-2006:190 ] - Updated mutt packages fix multiple vulnerabilities security
[ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability security
Re: Ban v0.1 (bannieres.php) File Include Francesco Laurita
[ MDKSA-2006:191 ] - Updated screen packages fix vulnerability security

Monday, 30 October

[ GLSA 200610-14 ] PHP: Integer overflow Raphael Marichez
[SECURITY] [DSA 1200-1] New Qt packages fix integer overflow Noah Meyerhans
[OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress) OpenPKG
Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability Matt Richard
CentiPaid <= 1.4.2 [$class_pwd] Remote File Include firewall1954
Exporia => 0.3.0 Remote File Include Vulnerability Exploit h4ck3riran
bbsNew => 2.0.1 Remote File Include Vulnerability Exploit h4ck3riran
Back-end => 0.4.5 Remote File Include Vulnerability Exploit h4ck3riran
SQL in WebWizForum by almaster hacker almaster
Re: vulnerability in Symantec products jay.tomas
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include simo
freenews---> fileinclude MoHaNdKo
easy notes manager sql injection and authentication bypass poplix
[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue admin
Re: imageVue16.1 upload vulnerability mjau
Simple Website Software v0.99 (common.php) Remote File Include cw . cybersecurity
PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability ajannhwt
PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability ajannhwt
Nucleus Core v3.23 - Remote File Include firewall1954
Punbb <= 1.2.13 Multiple Vulnerabilities Nms
[ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability erdc
opendocman <= 1.2p3 Bypass admin/user Login k1tk4t
Metasploit Framework 2.7 Released H D Moore
[ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities Raphael Marichez
CORE FORCE R0.95 released! CORE FORCE Team
Multiple Remote File Include firewall1954
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include Francesco Laurita
unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products] Gadi Evron
[security bulletin] HPSBMA02138 SSRT061184 rev.2 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.3 - HP OpenView Storage Data Protector Remote Unauthorized Arbitrary Command Execution security-alert
[security bulletin] HPSBTU02168 SSRT061237 rev.1 - HP Tru64 UNIX Running gzip, gunzip, and gzcat, Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) security-alert
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include Tamriel
Re: freenews---> fileinclude Tamriel
Re: Nucleus Core v3.23 - Remote File Include Francesco Laurita
Re: Free Rainbow Tables.com Jerome Athias
ModSecurity 2.0, A Core Rule Set and Console now available Ofer Shezaf

Tuesday, 31 October

phpMyConferences <= 8.0.2 Remote File Inclusion mfp . c
ActiveX security leaks in the TV owned web game platform maxgipeh
Hawking Technology wireless router WR254-CA DNS issue Nikolai Grigoriev
[ MDKSA-2006:193 ] - Updated ImageMagick packages fix vulnerabilities security
[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities security
SQL Injection Vulnerability in bfExplorer 0.0.6 security
Sun java System Messenger Express XSS handrix
New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx
Re: freenews---> fileinclude pokley
Re: freenews---> fileinclude pokley
Authentication bypass in BytesFall Explorer RedTeam Pentesting
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Gouki
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Josh Bressers
Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx
[SECURITY] [DSA 1201-1] New ethereal packages fix denial of service Moritz Muehlenhoff
[SECURITY] [DSA 1202-1] New screen packages fix arbitrary code execution Moritz Muehlenhoff
PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability paisterist . nst
Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" LegendaryZion
Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD" LegendaryZion
Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD" LegendaryZion
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Daniel Veditz
PreviousPrevious period
Next periodNext