Bugtraq: by author
364 messages
starting Dec 10 07 and
ending Dec 31 07
Date index |
Thread index |
Author index
Abel Cheung
WordPress Charset SQL injection vulnerability (re-resend) Abel Cheung (Dec 10)
Re: Wordpress - Broken Access Control Abel Cheung (Dec 19)
admin
Snitz2000 SQL Injection: A user can gain admin level admin (Dec 04)
PHP <= 5.2.5 Safe Mode Bypass admin (Dec 24)
Jupiter Cms Multiple Vulnerabilities admin (Dec 24)
Bitweaver source code disclosure, arbitrary file upload admin (Dec 31)
Hosting Controller - Multiple Security Bugs (Extremely Critical) admin (Dec 13)
Adrian Chadd
SQUID-2007:2, Dec 4, 2007 Adrian Chadd (Dec 06)
advisory
R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities advisory (Dec 07)
ahcrew
iSupport v1.8 Local file include vulnerability ahcrew (Dec 20)
AKS aka (0kn0ck)
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps AKS aka (0kn0ck) (Dec 03)
alan
Re: Sql Injection in wordpress 2.3.1 alan (Dec 05)
Alireza Hassani
Re: Re: PHP <= 5.2.5 Safe Mode Bypass Alireza Hassani (Dec 26)
Amit Klein
RE: TCP Port randomization paper Amit Klein (Dec 11)
Re: RE: TCP Port randomization paper Amit Klein (Dec 18)
announcements
WASC Announcement: The Script Mapping Project Results and Call for Participation announcements (Dec 10)
antonio
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio (Dec 20)
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio (Dec 20)
arsalan1991
Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991 (Dec 18)
PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991 (Dec 14)
atc08
(Re-post) ATC-08 CFP atc08 (Dec 04)
avivra
Google Toolbar Dialog Spoofing Vulnerability avivra (Dec 18)
azizov
Firefox 2.0.0.11 INPUT Denial Of Service azizov (Dec 05)
Balazs Scheidler
Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler (Dec 17)
ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler (Dec 17)
balrog
Bid 24744 ? balrog (Dec 26)
bar
Re: Re: Moodle SQL Injection bar (Dec 22)
bebe
SQL injection - GestDownV1.00Beta bebe (Dec 10)
beenudel1986
Multiple xss in mambo 4.6.2 beenudel1986 (Dec 18)
Blind Sql-Injection in Joomla 1.5 RC3 beenudel1986 (Dec 05)
RFI and Multiple XSS in PhpMyChat beenudel1986 (Dec 04)
My Blog Rfi beenudel1986 (Dec 22)
Sql Injection in wordpress 2.3.1 beenudel1986 (Dec 05)
Bernhard Mueller
SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability Bernhard Mueller (Dec 04)
blackredyellow
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow (Dec 27)
Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow (Dec 18)
bob
Re: Powerschool 404 Admin Exposure bob (Dec 04)
brainheadbrainhead
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability brainheadbrainhead (Dec 10)
brancohat
PHP -> set_time_limit brancohat (Dec 27)
bugtraq
[XSS] OpenNewsletter v2.5 Multipe XSS Attacks bugtraq (Dec 06)
carlo . feller
Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. carlo . feller (Dec 18)
Charles Hardin
Re: Cpanel Vulnerability? Charles Hardin (Dec 12)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Dec 05)
Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module Cisco Systems Product Security Incident Response Team (Dec 19)
`ClubHack `
ClubHack2007: Presentation are online now `ClubHack ` (Dec 15)
cocoruder
[UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability cocoruder (Dec 06)
come2waraxe
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 come2waraxe (Dec 24)
CORE Security Technologies Advisories
CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability CORE Security Technologies Advisories (Dec 04)
Craig Wright
RE: Cryptome: NSA has real-time access to Hushmail servers Craig Wright (Dec 31)
dann frazier
[SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Dec 11)
[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Dec 20)
[SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Dec 12)
david130490
Re: Re: TotalPlayer 3.0 .m3u crash david130490 (Dec 27)
TotalPlayer 3.0 .m3u crash david130490 (Dec 25)
Re: Re: Re: TotalPlayer 3.0 .m3u crash david130490 (Dec 27)
Digital Security Research Group
Multiple vulnerabilities in RUNCMS 1.6 by DSecRG Digital Security Research Group (Dec 25)
Digital Security Research Group [DSecRG]
2z-project 0.9.6.1 Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] (Dec 28)
DoZ
[HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities DoZ (Dec 22)
LiveCart Multiple Cross-Site Scripting Vulnerabilities DoZ (Dec 31)
IPortalX Forums Cross-Site Scripting Vulnerability DoZ (Dec 27)
McAfee SecurityCenter Privacy Service HTML Execution Vulnerability DoZ (Dec 03)
Bitweaver XSS & SQL Injection Vulnerability DoZ (Dec 10)
erdc
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability erdc (Dec 05)
erne
Confixx Professional RFİ erne (Dec 26)
evanchik
America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution evanchik (Dec 21)
fagian
Re: Microsoft Office Publisher fagian (Dec 26)
Fernando Gont
TCP Port randomization paper Fernando Gont (Dec 07)
Re: TCP Port randomization paper Fernando Gont (Dec 12)
Florian Weimer
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities Florian Weimer (Dec 28)
foo
Re: Moodle SQL Injection foo (Dec 22)
Francisco Pecorella
Cpanel Vulnerability? Francisco Pecorella (Dec 12)
fukami
Re: Design flaw in AS3 socket handling allows port probing fukami (Dec 20)
Gadi Evron
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd) Gadi Evron (Dec 04)
gb
Re: Re: Cryptome: NSA has real-time access to Hushmail servers gb (Dec 31)
gdfuego
Re: Re: Cpanel Vulnerability? gdfuego (Dec 12)
Gerald (Jerry) Carter
[SECURITY] Buffer overrun in send_mailslot() Gerald (Jerry) Carter (Dec 10)
gforce
Windows media player 6.4 MP4 Stack Overflow 0-day gforce (Dec 08)
Nullsoft Winamp MP4 tags Stack Overflow gforce (Dec 08)
jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow gforce (Dec 17)
Media Player Classic 6.4.9 MP4 Stack Overflow 0-day gforce (Dec 08)
gmdarkfig
PHP Security Framework: Vuln and Security Bypass gmdarkfig (Dec 17)
guiness.stout
Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability guiness.stout (Dec 03)
gynvael
Opera 9.50 beta and prior remote DoS (freeze) gynvael (Dec 05)
hadihadi_zedehal_2006
neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 (Dec 17)
Hanno Böck
Re: Multiple xss in mambo 4.6.2 Hanno Böck (Dec 27)
CVE-2007-6205 Hanno Böck (Dec 10)
Henrich C. Poehls
Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls (Dec 14)
Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls (Dec 19)
Hernan Ochoa
release uhooker v1.3 Hernan Ochoa (Dec 17)
hjan
CFP CISIS '08 hjan (Dec 21)
Hubbard, Dan
RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass Hubbard, Dan (Dec 13)
iDefense Labs
iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability iDefense Labs (Dec 18)
iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability iDefense Labs (Dec 18)
iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability iDefense Labs (Dec 12)
iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability iDefense Labs (Dec 12)
imei Addmimistrator
SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS imei Addmimistrator (Dec 11)
imipak
Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability imipak (Dec 03)
IRM Research
PGMfuzz - a tool for testing Pragmatic General Multicast protocol implementations IRM Research (Dec 11)
TIBCO Rendezvous Exploitation Video IRM Research (Dec 04)
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS ISecAuditors Security Advisories (Dec 07)
[ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack ISecAuditors Security Advisories (Dec 24)
ISR-noreply
[ISR] - Novell Groupwise client remote stack overflow silently patched. ISR-noreply (Dec 14)
jaakkoNOSPAM
Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability jaakkoNOSPAM (Dec 07)
Jamie Strandboge
[USN-551-1] OpenLDAP vulnerabilities Jamie Strandboge (Dec 04)
[USN-554-1] teTeX and TeX Live vulnerabilities Jamie Strandboge (Dec 06)
[USN-559-1] MySQL vulnerabilities Jamie Strandboge (Dec 21)
[USN-557-1] GD library vulnerability Jamie Strandboge (Dec 19)
Jay Hennigan
Re: Cryptome: NSA has real-time access to Hushmail servers Jay Hennigan (Dec 31)
Jim Harrison
RE: Cryptome: NSA has real-time access to Hushmail servers Jim Harrison (Dec 21)
jmoss
Black Hat Briefings Call for Papers and Happy Happy Joy Joy jmoss (Dec 20)
Black Hat Briefings Call for Papers jmoss (Dec 11)
Jon Angliss
SECURITY: 1.4.12 Package Compromise Jon Angliss (Dec 13)
ANNOUNCE: SquirrelMail 1.4.13 Released Jon Angliss (Dec 14)
J. Oquendo
Re: Cryptome: NSA has real-time access to Hushmail servers J. Oquendo (Dec 31)
jplopezy
Microsoft Office Publisher jplopezy (Dec 22)
QK SMTP Server 3 - Denial of service jplopezy (Dec 13)
Rosoft Media Player 4.1.7 crash jplopezy (Dec 18)
Word 2003 denial of service jplopezy (Dec 21)
Juan Galiana
FAQMasterFlexPlus multiple vulnerabilities Juan Galiana (Dec 28)
OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities Juan Galiana (Dec 28)
Juha-Matti Laurio
Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Dec 21)
RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Dec 31)
The recent number of unpatched QuickTime flaws is: two Juha-Matti Laurio (Dec 05)
Re: Dell / Dell Financial Services - Contact Juha-Matti Laurio (Dec 10)
RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Dec 26)
Justin@InfoTek
Dell / Dell Financial Services - Contact Justin@InfoTek (Dec 10)
Kees Cook
[USN-552-1] Perl vulnerability Kees Cook (Dec 05)
[USN-553-1] Mono vulnerability Kees Cook (Dec 05)
[USN-549-2] PHP regression Kees Cook (Dec 04)
[USN-550-2] Cairo regression Kees Cook (Dec 10)
[USN-555-1] e2fsprogs vulnerability Kees Cook (Dec 08)
[USN-556-1] Samba vulnerability Kees Cook (Dec 18)
[USN-546-2] Firefox regression Kees Cook (Dec 04)
[USN-550-1] Cairo vulnerability Kees Cook (Dec 03)
[USN-550-3] Cairo regression Kees Cook (Dec 13)
Kevin Reiter
RE: Cryptome: NSA has real-time access to Hushmail servers Kevin Reiter (Dec 31)
kingoftheworld92
Flat PHP Board <= 1.2 Multiple Vulnerabilities kingoftheworld92 (Dec 10)
SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. kingoftheworld92 (Dec 05)
Kurt Buff
Re: Cryptome: NSA has real-time access to Hushmail servers Kurt Buff (Dec 27)
Liquidmatrix Security Digest
Advisory: Websense XSS Vulnerability Liquidmatrix Security Digest (Dec 10)
Advisory: Cross Site Scripting in CiscoWorks Liquidmatrix Security Digest (Dec 05)
Lolek of TK53
TK53 Advisory #2: Multiple vulnerabilities in ClamAV Lolek of TK53 (Dec 29)
lolo lolo
SiteScape Forum TCL injection lolo lolo (Dec 20)
Luigi Auriemma
Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma (Dec 27)
Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Luigi Auriemma (Dec 07)
Filesystem access in DOSBox 0.72 Luigi Auriemma (Dec 10)
Multiple vulnerabilities in Feng 0.1.15 Luigi Auriemma (Dec 27)
Buffer-overflow in Extended Module Player 2.5.1 Luigi Auriemma (Dec 27)
Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma (Dec 27)
Upload directory traversal in Easy File Sharing 4.5 Luigi Auriemma (Dec 07)
Unicode buffer-overflow in Zoom Player 6.00b2 Luigi Auriemma (Dec 24)
Heap overflow in PeerCast 0.1217 Luigi Auriemma (Dec 17)
Two vulnerabilities in Simple HTTPD 1.38 Luigi Auriemma (Dec 07)
Update: Clients buffer-overflow in Live for Speed 0.5X10 Luigi Auriemma (Dec 24)
Multiple vulnerabilities in BadBlue 2.72b Luigi Auriemma (Dec 10)
Double directory traversal in ImgSvr 0.6.21 Luigi Auriemma (Dec 24)
Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) Luigi Auriemma (Dec 07)
Buffer-overflow in CoolPlayer 217 Luigi Auriemma (Dec 28)
Buffer-overflow and format string in VideoLAN VLC 0.8.6d Luigi Auriemma (Dec 24)
Multiple vulnerabilities in BarracudaDrive 3.7.2 Luigi Auriemma (Dec 10)
Multiple vulnerabilities in libnemesi 0.6.4-rc1 Luigi Auriemma (Dec 27)
Array overflow in id3lib (devel CVS) Luigi Auriemma (Dec 19)
Buffer-overflow in WinUAE 1.4.4 Luigi Auriemma (Dec 21)
Maciej Gąsiorowski
smbfs and apache+php source code disclosure Maciej Gąsiorowski (Dec 19)
Major Malfunction
DC4420 - London DEFCON chapter Christmas Party - 11th December Major Malfunction (Dec 01)
malibu . r
Logaholic Web Analytics Software malibu . r (Dec 24)
mark seiden-via mac
Re: Cryptome: NSA has real-time access to Hushmail servers mark seiden-via mac (Dec 31)
Mark Thomas
[CVE-2007-5342] Apache Tomcat's default security policy is too open Mark Thomas (Dec 24)
Martin Huter
squids ICAP implementation lacks a defer check when reading from ICAP server Martin Huter (Dec 10)
Martin Schulze
[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution Martin Schulze (Dec 05)
[SECURITY] [DSA 1421-1] New wesnoth packages fix arbitrary file disclosure Martin Schulze (Dec 06)
Matthew Leeds
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Matthew Leeds (Dec 12)
Matthias Bethke
Potential SQL injection vulnerability in Apache::AuthCAS Matthias Bethke (Dec 07)
M. Burnett
RE: Cryptome: NSA has real-time access to Hushmail servers M. Burnett (Dec 26)
Mesut Timur
Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability Mesut Timur (Dec 24)
Falt4 CMS Security Report/Advisory Mesut Timur (Dec 10)
Michal Bucko
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Michal Bucko (Dec 05)
[ELEYTT] Public Advisory 05-12-2007 Michal Bucko (Dec 05)
michele dallachiesa
The Cookie Tools v0.3 -- first public release michele dallachiesa (Dec 10)
Milen Rangelov
sing (debian) vunlerability? Milen Rangelov (Dec 03)
mj
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability mj (Dec 20)
morin . josh
Fingerprints in Astaro Security Gateway v7.1 morin . josh (Dec 31)
Moritz Jodeit
Apple OS X Software Update Remote Command Execution Moritz Jodeit (Dec 17)
Moritz Muehlenhoff
[SECURITY] [DSA 1417-1] New asterisk packages fix SQL injection Moritz Muehlenhoff (Dec 03)
[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities Moritz Muehlenhoff (Dec 08)
[SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution Moritz Muehlenhoff (Dec 28)
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities Moritz Muehlenhoff (Dec 26)
Re: sing (debian) vunlerability? Moritz Muehlenhoff (Dec 04)
[SECURITY] [DSA 1425-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Dec 08)
[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution Moritz Muehlenhoff (Dec 10)
[SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution Moritz Muehlenhoff (Dec 29)
[SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Dec 19)
Naujoks, Hans-Dietmar
AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar (Dec 14)
AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar (Dec 13)
nbbn
Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability nbbn (Dec 20)
NetAuctionHelp Support
Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection NetAuctionHelp Support (Dec 06)
no-reply
Aria-Security.Net: PenPals Login and search page SQL Injection no-reply (Dec 06)
Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection no-reply (Dec 10)
noreply
Lotfian Brochure and cataloge Script XSS And SQL Injection noreply (Dec 03)
bttlxeForum Multiple SQL Injection And Cross Site Scripting noreply (Dec 10)
NSFOCUS Security Team
NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability NSFOCUS Security Team (Dec 06)
Ofer Shezaf
Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf (Dec 27)
office
XZero Community Classifieds <= v4.95.11 LFI & SQL Injection office (Dec 27)
oldguy
Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities oldguy (Dec 31)
organiser () syscan org
SyScan'08 Call For Paper/Training organiser () syscan org (Dec 18)
Ork
Security and hacking papers Ork (Dec 10)
otto
Re: Wordpress - Broken Access Control otto (Dec 17)
Re: Wordpress - Broken Access Control otto (Dec 19)
p4imi0
xeCMS 1.x.x Remote File Disclosure Vulnerability. p4imi0 (Dec 19)
ezContents Version 1.4.5 Remote File Disclosure Vulnerability. p4imi0 (Dec 05)
pawel2827
CCMS v3.1 Demo <= SQL Injection Vulnerability 0day pawel2827 (Dec 29)
CuteNews Arbitrary File Download AllVersion pawel2827 (Dec 29)
Pierre-Yves Rofes
[ GLSA 200712-02 ] Cacti: SQL injection Pierre-Yves Rofes (Dec 05)
[ GLSA 200712-09 ] Ruby-GNOME2: Format string error Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-15 ] libexif: Multiple vulnerabilities Pierre-Yves Rofes (Dec 29)
[ GLSA 200712-07 ] Lookup: Insecure temporary file creation Pierre-Yves Rofes (Dec 10)
UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code Pierre-Yves Rofes (Dec 06)
[ GLSA 200712-05 ] PEAR::MDB2: Information disclosure Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-16 ] Exiv2: Integer overflow Pierre-Yves Rofes (Dec 29)
[ GLSA 200712-17 ] exiftags: Multiple vulnerabilities Pierre-Yves Rofes (Dec 29)
[ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution Pierre-Yves Rofes (Dec 31)
[ GLSA 200712-22 ] Opera: Multiple vulnerabilities Pierre-Yves Rofes (Dec 31)
[ GLSA 200712-06 ] Firebird: Multiple buffer overflows Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-10 ] Samba: Execution of arbitrary code Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-11 ] Portage: Information disclosure Pierre-Yves Rofes (Dec 13)
[ GLSA 200712-01 ] Hugin: Insecure temporary file creation Pierre-Yves Rofes (Dec 05)
[ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code Pierre-Yves Rofes (Dec 10)
[ GLSA 200712-12 ] IRC Services: Denial of Service Pierre-Yves Rofes (Dec 13)
poehls
MS Office 2007: Target of Hyperlinks not covered by Digital Signatures poehls (Dec 13)
MS Office 2007: Digital Signature does not protect Meta-Data poehls (Dec 12)
OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents poehls (Dec 13)
poplix
pdflib long filename multiple bufferoverflows poplix (Dec 24)
porkythepig
HP laptops Software Update tool vulnerability porkythepig (Dec 19)
HP notebooks remote code execution vulnerability (multiple series) porkythepig (Dec 11)
Praburaajan
HITBSecConf2007 Malaysia Videos Now Available Praburaajan (Dec 06)
Prolog Error
Meridian Prolog Manager Username and Plain Text Password Disclosure Prolog Error (Dec 11)
recklessb
Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability recklessb (Dec 18)
research
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software research (Dec 03)
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability research (Dec 03)
PR06-09: BEA Plumtree portal full version disclosure vulnerability research (Dec 03)
SYMSA-2007-015 research (Dec 19)
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users research (Dec 03)
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection research (Dec 04)
retrog
iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit retrog (Dec 18)
RaidenHTTPD 2.0.19 ulang cmd exec poc exploit retrog (Dec 17)
SurgeMail v.38k4 webmail Host header crash retrog (Dec 17)
Robert Buchholz
[ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows Robert Buchholz (Dec 18)
[ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities Robert Buchholz (Dec 31)
[ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities Robert Buchholz (Dec 29)
[ GLSA 200712-19 ] Syslog-ng: Denial of Service Robert Buchholz (Dec 29)
[ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities Robert Buchholz (Dec 29)
[ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code Robert Buchholz (Dec 31)
[ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities Robert Buchholz (Dec 29)
[ GLSA 200712-14 ] CUPS: Multiple vulnerabilities Robert Buchholz (Dec 18)
Rob Thompson
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Rob Thompson (Dec 10)
Re: Cryptome: NSA has real-time access to Hushmail servers Rob Thompson (Dec 31)
root
Moodle SQL Injection root (Dec 21)
rPath Update Announcements
rPSA-2007-0261-1 samba samba-swat rPath Update Announcements (Dec 10)
rPSA-2007-0255-1 nss_ldap rPath Update Announcements (Dec 01)
rPSA-2007-0268-1 kdebase rPath Update Announcements (Dec 17)
rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (Dec 17)
rPSA-2007-0257-1 rsync rPath Update Announcements (Dec 05)
rPSA-2007-0260-1 firefox rPath Update Announcements (Dec 07)
rPSA-2007-0269-1 kernel rPath Update Announcements (Dec 18)
rPSA-2007-0264-1 mod_dav_svn subversion rPath Update Announcements (Dec 12)
rPSA-2007-0262-1 e2fsprogs rPath Update Announcements (Dec 11)
Sarasa
[Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks Sarasa (Dec 06)
Secunia Research
Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability Secunia Research (Dec 10)
security
[ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities security (Dec 14)
[ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability security (Dec 04)
[ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability security (Dec 07)
[ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability security (Dec 05)
[ MDKSA-2007:244 ] - Updated samba packages fix vulnerability security (Dec 12)
[ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities security (Dec 04)
[ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability security (Dec 05)
[ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw security (Dec 07)
[ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service security (Dec 13)
[ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow security (Dec 06)
[ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities security (Dec 11)
[ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities security (Dec 11)
[ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability security (Dec 11)
security-alert
[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code security-alert (Dec 06)
[security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access security-alert (Dec 04)
HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert (Dec 14)
[security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert (Dec 15)
[security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access security-alert (Dec 20)
[security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069 security-alert (Dec 18)
[security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert (Dec 27)
[security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) security-alert (Dec 13)
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert (Dec 21)
[security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS) security-alert (Dec 20)
[security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos) security-alert (Dec 20)
[security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert (Dec 13)
security curmudgeon
Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability security curmudgeon (Dec 07)
Re: BellaBiblio Admin Login Bypass security curmudgeon (Dec 07)
Re: Phorm v3.0 Remote File Upload Vulnerability security curmudgeon (Dec 07)
Re: Friend Script 2.5 - 2.4 Remote File İnclude security curmudgeon (Dec 07)
Re: SQL Injection in saphp "showcat.php" security curmudgeon (Dec 03)
Re: SQL Injection in SaphpLesson2.0 "show.php" security curmudgeon (Dec 03)
Security Officer
AST-2007-027 - Database matching order permits host-based authentication to be ignored Security Officer (Dec 18)
Seth
Re: Cryptome: NSA has real-time access to Hushmail servers Seth (Dec 31)
shino
Re: Sql Injection in wordpress 2.3.1 shino (Dec 05)
shpcs08
Call for Papers - Security and High Performance Computing System 2008 shpcs08 (Dec 10)
shsuff
Re: PHP <= 5.2.5 Safe Mode Bypass shsuff (Dec 24)
Sowhat
Avast! AntiVirus TAR Processing Remote Heap Corruption Sowhat (Dec 06)
Stefan Kanthak
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953) Stefan Kanthak (Dec 10)
Stefano Di Paola
The first release of SWFIntruder is out ! Stefano Di Paola (Dec 04)
Steve Kemp
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution Steve Kemp (Dec 07)
[SECURITY] [DSA 1431-1] New ruby-gnome2 packages fix execution of arbitrary code Steve Kemp (Dec 11)
[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service Steve Kemp (Dec 11)
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code Steve Kemp (Dec 17)
[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities Steve Kemp (Dec 07)
[SECURITY] [DSA 1433-1] New centericq packages fix execution of code Steve Kemp (Dec 17)
[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting Steve Kemp (Dec 11)
Steve Shockley
Re: Cryptome: NSA has real-time access to Hushmail servers Steve Shockley (Dec 27)
Sw33t . h4cK3r
SQL MKPortal M1.1 Rc1 Sw33t . h4cK3r (Dec 13)
swhite
+ Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 swhite (Dec 13)
sys-project
Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection sys-project (Dec 27)
Uber Uploader <= 5.3.6 Remote File Upload Vulnerability sys-project (Dec 17)
milliscripts (dir.php) Cross-Site Scripting Vulnerability sys-project (Dec 31)
PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability sys-project (Dec 20)
SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability sys-project (Dec 24)
th3 . r00k . nospam
Anon Proxy Server - Remote Code Execution th3 . r00k . nospam (Dec 15)
PHP RPG - Sql Injection and Session Information Disclosure. th3 . r00k . nospam (Dec 15)
Oreon/Centreon - Multiple Remote File Inclusion th3 . r00k . nospam (Dec 15)
Re: Wordpress - Broken Access Control th3 . r00k . nospam (Dec 18)
Phpay - Local File Inclusion th3 . r00k . nospam (Dec 15)
Wordpress - Broken Access Control th3 . r00k . nospam (Dec 15)
The-0utl4w-noreply
[Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection The-0utl4w-noreply (Dec 20)
Instant Softwares DatingSite SQL Injection The-0utl4w-noreply (Dec 31)
theredc0ders
Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug theredc0ders (Dec 17)
The Security Community
Fwd: Websense 6.3.1 Filtering Bypass The Security Community (Dec 13)
thesinoda
Realplayer 11 DOS attack when processing a malformed AU file on MS Vista and XP thesinoda (Dec 01)
Thijs Kinkhorst
[SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution Thijs Kinkhorst (Dec 28)
[SECURITY] [DSA 1434-1] New mydns packages fix denial of service Thijs Kinkhorst (Dec 17)
[SECURITY] [DSA 1418-1] New cacti packages fix SQL injection Thijs Kinkhorst (Dec 03)
[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression Thijs Kinkhorst (Dec 28)
[SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation Thijs Kinkhorst (Dec 05)
[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection Thijs Kinkhorst (Dec 28)
Thomas Roessler
[MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets Thomas Roessler (Dec 04)
Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets) Thomas Roessler (Dec 04)
Thor (Hammer of God)
RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God) (Dec 31)
RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God) (Dec 21)
Tomas Kuliavas
Unsanitized scripting in RoundCube webmail Tomas Kuliavas (Dec 10)
Two vulnerabilities in SquirrelMail GPG plugin Tomas Kuliavas (Dec 10)
Valdis . Kletnieks
Re: Cryptome: NSA has real-time access to Hushmail servers Valdis . Kletnieks (Dec 27)
webmaster () networkdefense biz
Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data webmaster () networkdefense biz (Dec 13)
Williams, James K
[CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities Williams, James K (Dec 07)
[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability Williams, James K (Dec 21)
x 86
POC for samba send_mailslot() x 86 (Dec 14)
yannick . warnier
Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities yannick . warnier (Dec 24)
zdi-disclosures
ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability zdi-disclosures (Dec 18)
ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability zdi-disclosures (Dec 18)
ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability zdi-disclosures (Dec 06)
ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities zdi-disclosures (Dec 10)
ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability zdi-disclosures (Dec 11)
ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption zdi-disclosures (Dec 11)
ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability zdi-disclosures (Dec 11)
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability zdi-disclosures (Dec 18)
ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability zdi-disclosures (Dec 11)
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows zdi-disclosures (Dec 06)
zinho
[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise zinho (Dec 31)