Bugtraq: by date

439 messages starting Nov 01 07 and ending Nov 30 07
Date index | Thread index | Author index

Thursday, 01 November

ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability zdi-disclosures
Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure kingoftheworld92
CFP: International workshop on Secure Software Engineering - Deadline extended! secse08
Re: Comments re ISC's announcement on bind9 security Henrik Langos
ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability zdi-disclosures
sBlog 0.7.3 Beta Cross Site Request Forgery Guns
ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability zdi-disclosures
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability zdi-disclosures
ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability zdi-disclosures
ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability zdi-disclosures
mac trojan in-the-wild Gadi Evron
(tool announce) Orizon v0.50 announce Paolo Perego
SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client Bernhard Mueller
Re: Comments re ISC's announcement on bind9 security Network Protocol Security
Re: Airkiosk/formlib application is XSS vuln Raymond Pete
Re: Airkiosk/formlib application is XSS vuln skien
Cryptome: NSA has access to Windows Mobile smartphones Juha-Matti Laurio
Two XSS on Blue Coat ProxySG Management Console research
[ MDKSA-2007:203 ] - Updated xen packages fix multiple vulnerabilities security
Re: Re: Comments re ISC's announcement on bind9 security ntn
ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities zdi-disclosures
Re: Comments re ISC's announcement on bind9 security Theo de Raadt
Re: Comments re ISC's announcement on bind9 security Tim
Re: mac trojan in-the-wild Matthew Leeds
[ MDKSA-2007:204 ] - Updated cups packages fix vulnerability security
RE: mac trojan in-the-wild Thor (Hammer of God)
RE: mac trojan in-the-wild Alex Eckelberry
RE: mac trojan in-the-wild Alex Eckelberry
RE: Cryptome: NSA has access to Windows Mobile smartphones Kurt Dillard

Friday, 02 November

[ GLSA 200711-01 ] gFTP: Multiple vulnerabilities Pierre-Yves Rofes
IM upgrade automated social engineering attack Dragos Ruiu
[ GLSA 200711-03 ] Gallery: Multiple vulnerabilities Pierre-Yves Rofes
Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows Secunia Research
[ GLSA 200711-02 ] OpenSSH: Security bypass Pierre-Yves Rofes
Scribe <= 2.0 Remote PHP Code Execution kingoftheworld92
Re: Comments re ISC's announcement on bind9 security Shane Kerr
Re: Comments re ISC's announcement on bind9 security Tim
Re: Comments re ISC's announcement on bind9 security Shane Kerr
[USN-537-2] Compiz vulnerability Kees Cook
Re: mac trojan in-the-wild Nick FitzGerald
Re: mac trojan in-the-wild nnp
Re: [botnets] re MAC trojan (fwd) Gadi Evron
RE: mac trojan in-the-wild Memisyazici, Aras
RE: mac trojan in-the-wild Roger A. Grimes
Re: [Full-disclosure] mac trojan in-the-wild Peter Besenbruch
Re: mac trojan in-the-wild Robert McArdle
Re: [Full-disclosure] mac trojan in-the-wild Paul Schmehl
the heart of the problem [was: RE: mac trojan in-the-wild] Gadi Evron
RE: mac trojan in-the-wild Roger A. Grimes
RE: mac trojan in-the-wild Thor (Hammer of God)
RE: mac trojan in-the-wild Jim Harrison
RE: mac trojan in-the-wild Gadi Evron
Re: [Full-disclosure] mac trojan in-the-wild Peter Besenbruch
[UPH-07-03] Firefly Media Server remote format string vulnerability nnp
Re: [UPH-07-01] Firefly Media Server DoS nnp
Re: [UPH-07-03] Firefly Media Server remote format string vulnerability nnp
[UPH-07-01] Firefly Media Server DoS nnp
[UPH-07-02] Firefly Media Server DoS nnp
DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) Roman Medina-Heigl Hernandez
[ MDKSA-2007:205 ] - Updated opal packages fix vulnerability security

Saturday, 03 November

phphelpdesk Multiple vulnerabilities Joseph . giron13
[ MDKSA-2007:206 ] - Updated pwlib packages fix vulnerability security
[SECURITY] [DSA 1397-1] New mono packages fix integer overflow Moritz Muehlenhoff

Monday, 05 November

Skalinks <= 1_5 Cross Site Request Forgery Add Admin djvincy
JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit gmdarkfig
[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution Noah Meyerhans
[Tool] sqlmap: a blind SQL injection tool (release 0.5) Bernardo Damele
iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability iDefense Labs
Re: Comments re ISC's announcement on bind9 security Tim
Leopard's firewall damages Skype and WoW Juergen Schmidt
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution Florian Weimer
iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability iDefense Labs
ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability zdi-disclosures
ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability zdi-disclosures
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability zdi-disclosures
ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability zdi-disclosures

Tuesday, 06 November

[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff
[ MDKSA-2007:207 ] - Updated perl packages fix vulnerability security
[ MDKSA-2007:208 ] - Updated ghostscript packages fix vulnerability security
rPSA-2007-0232-1 perl rPath Update Announcements
[ MDKSA-2007:209 ] - Updated netpbm packages fix vulnerability security
[USN-539-1] CUPS vulnerability Kees Cook
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix mj
Re: IM upgrade automated social engineering attack Roman Shirokov
SMF .htaccess bypass h3llcode
Re: SMF .htaccess bypass Matt D. Harris
Re: IM upgrade automated social engineering attack Dragos Ruiu
IDMOS v1.0 Alpha Multiple RFI Vulnerability Guns
Re: SMF .htaccess bypass anuj tenani
Cypress BX script backdoored? Chris
PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection Guns
MyWebFTP Password Disclosure [NO-REPLY]
rPSA-2007-0231-1 pcre rPath Update Announcements
iDefense Security Advisory 11.06.07: Microsoft DebugView Privilege Escalation Vulnerability iDefense Labs
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution Florian Weimer
[ GLSA 200711-04 ] Evolution: User-assisted remote execution of arbitrary code Pierre-Yves Rofes
[ MDKSA-2007:210 ] - Updated xfs package prevents arbitrary code execution vulnerabilities security
[ GLSA 200711-05 ] SiteBar: Multiple issues Pierre-Yves Rofes

Wednesday, 07 November

SiteMinder Agent: Cross Site Scripting Giuseppe Gottardi
Secunia Research: Link Grammar "separate_sentence()" Buffer Overflow Secunia Research
Secunia Research: AbiWord Link Grammar "separate_sentence()" Buffer Overflow Secunia Research
Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities Secunia Research
[ GLSA 200711-06 ] Apache: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200711-07 ] Python: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200711-08 ] libpng: Multiple Denials of Service Pierre-Yves Rofes
[SECURITY] [DSA 1402-1] New gforge packages fix several vulnerabilities Steve Kemp
iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability iDefense Labs
[ GLSA 200711-09 ] MadWifi: Denial of Service Pierre-Yves Rofes
[ GLSA 200711-10 ] Mono: Buffer overflow Pierre-Yves Rofes

Thursday, 08 November

Re: iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability buzzy
Aria-Security.Net Research: Request For Travel Sql Injection Advisory
Simple Machine Forum - Private section/posts/info disclosure h3llcode
[OpenPKG-SA-2007.023] OpenPKG Security Advisory (perl) OpenPKG GmbH
Re: SiteMinder Agent: Cross Site Scripting securityfocus
[ GLSA 200711-12 ] Tomboy: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows Pierre-Yves Rofes
[security bulletin] HPSBUX02285 SSRT071484 rev.1 - HP-UX Running Aries PA Emulator, Local Unauthorized Access security-alert
[ GLSA 200711-13 ] 3proxy: Denial of Service Pierre-Yves Rofes
[ MDKSA-2007:211 ] - Updated pcre packages fix vulnerability security
Aria-Security.Net Research: Lotfian BROCHURE Management System Advisory
[ MDKSA-2007:212 ] - Updated pcre packages fix vulnerability security
[ MDKSA-2007:213 ] - Updated pcre packages fix vulnerability security
[SECURITY] [DSA 1404-1] New gallery2 packages fix privilege escalation Thijs Kinkhorst
AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application The Asterisk Development Team
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting Thijs Kinkhorst

Friday, 09 November

[ MDKSA-2007:214 ] - Updated flac packages fix vulnerability security
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's Dragos Ruiu
[ MDKSA-2007:215 ] - Updated openldap packages fix vulnerability security
Re: Re: SiteMinder Agent: Cross Site Scripting overet
li-guestbook sql inj abc . seo
xoops mylinks module - sql injection root
Re: SiteMinder Agent: Cross Site Scripting Williams, James K
Re: Simple Machine Forum - Private section/posts/info disclosure klynn . securityfocus
Re: Simple Machine Forum - Private section/posts/info disclosure Jindrich Kubec

Saturday, 10 November

iDefense Security Advisory 11.09.07: AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities iDefense Labs
[SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution Thijs Kinkhorst
SQL injection bug found in TBSource. drakomo
iDefense Security Advisory 11.09.07: IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability iDefense Labs
[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities Thijs Kinkhorst

Monday, 12 November

[48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow [48bits] vulndev
Aria-Security.Net Research: Rapid Classified HotList Image Advisory
[SECURITY] [DSA 1405-2] New zope-cmfplone packages fix regression Thijs Kinkhorst
Re: Re: Simple Machine Forum - Private section/posts/info disclosure rx
Eggblog v3.1.0 XSS Vulnerability mesut
FLEA-2007-0063-1 perl Foresight Linux Essential Announcement Service
FLEA-2007-0066-1 ImageMagick Foresight Linux Essential Announcement Service
Oracle 0-day to get SYSDBA access pete
Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Jan Newger
FLEA-2007-0068-1 ruby Foresight Linux Essential Announcement Service
PeopleAggregatory security advisory - re CVE-2007-5631 phil
PHP-Nuke Module Advertising Blind SQL Injection Guns
CVE-2007-3694: Cross site scripting (XSS) in broadcast machine Hanno Böck
FLEA-2007-0064-1 pcre Foresight Linux Essential Announcement Service
FLEA-2007-0067-1 pidgin Foresight Linux Essential Announcement Service
iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability iDefense Labs
FLEA-2007-0065-1 libpng Foresight Linux Essential Announcement Service
Re: Standing Up Against German Laws - Project HayNeedle johan beisser
FLEA-2007-0069-1 perl Foresight Linux Essential Announcement Service
Cisco IOS Shellcode Research
Alice - dns spoofer fabio
Re: Standing Up Against German Laws - Project HayNeedle Matt D. Harris
RFID: Security Briefings angelo
HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges security-alert
AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service L4teral
[ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities Pierre-Yves Rofes
Re: Standing Up Against German Laws - Project HayNeedle johan beisser
[ GLSA 200711-15 ] FLAC: Buffer overflow Pierre-Yves Rofes
[ MDKSA-2007:204-1 ] - Updated cups packages fix vulnerability security
[ GLSA 200711-16 ] CUPS: Memory corruption Pierre-Yves Rofes
PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script research

Tuesday, 13 November

[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS ISecAuditors Security Advisories
ATC-08 Call for papers (repost) atc08
Re: Bosdev Multiple vulnerabilities sales
[ MDKSA-2007:216 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
After 6 months - fix available for Microsoft DNS cache poisoning attack Amit Klein
PHP <= 5.2.5 stream_wrapper_register() denial of service laurent . gaffie
PHP <= 5.2.5 Gettext Lib Multiple Denial of service laurent . gaffie
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Peter Conrad
Oracle 11g/10g Installation Vulnerability David Litchfield
Re: Standing Up Against German Laws - Project HayNeedle Florian Echtler
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Duncan Simpson
[USN-540-1] flac vulnerability Kees Cook
iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability iDefense Labs
Re: Standing Up Against German Laws - Project HayNeedle Paul Wouters
[ MDKSA-2007:217 ] - Updated libpng packages fix multiple vulnerabilities security
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle johan beisser
Re: Standing Up Against German Laws - Project HayNeedle johan beisser
Re: Standing Up Against German Laws - Project HayNeedle Valdis . Kletnieks
Re: Standing Up Against German Laws - Project HayNeedle Stefano Zanero
[USN-541-1] Emacs vulnerability Kees Cook
ExoPHPdesk user profile XSS / profile SQL injection Joseph . giron13

Wednesday, 14 November

DocuSafe "Search" SQL Injection No-Reply
Aria-Security.Net: MetaCart SQL Injection No-Reply
Predictable DNS transaction IDs in Microsoft DNS Server Alla Bezroutchko
[USN-542-1] poppler vulnerabilities Kees Cook
Free Forums "search" Sql Injection No-Reply
Konqueror Remote Denial Of Service laurent . gaffie
Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0 IRM Research
[security bulletin] HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) security-alert
[ MDKSA-2007:218 ] - Updated mono packages fix arbitrary code execution vulnerability security
Re: Standing Up Against German Laws - Project HayNeedle Raj Mathur
[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities Pierre-Yves Rofes
Re: Standing Up Against German Laws - Project HayNeedle imipak
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability DVLabs
[ GLSA 200711-18 ] Cpio: Buffer overflow Pierre-Yves Rofes
[ GLSA 200711-19 ] TikiWiki: Multiple vulnerabilities Pierre-Yves Rofes
Breaking RSA: Totient indirect factorization gandlf
[ GLSA 200711-20 ] Pioneers: Denial of Service Pierre-Yves Rofes
Re: Standing Up Against German Laws - Project HayNeedle Frank Guthausen

Thursday, 15 November

iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability iDefense Labs
Re: Breaking RSA: Totient indirect factorization Alexander Klimov
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability iDefense Labs
iDefense Security Advisory 11.14.07: Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability iDefense Labs
Some hashes for the record shadown
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability iDefense Labs
[security bulletin] HPSBUX02284 SSRT071483 rev.2 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access security-alert
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd Gerald (Jerry) Carter
[SAMBA] CVE-2007-5398 - Remote Code Execution in Samba's nmbd Gerald (Jerry) Carter
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability Secunia Research
Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges Nick Boyce
Re: Breaking RSA: Totient indirect factorization Clifton Royston
Aida-Web Information Exposure MC Iglo
[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability Tobias Klein
[ MDKSA-2007:219 ] - Updated xpdf packages fix vulnerabilities security
EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications eEye Advisories
Re: Breaking RSA: Totient indirect factorization gandlf
[USN-542-2] KOffice vulnerabilities Jamie Strandboge
PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter) research
PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page research
[ MDKSA-2007:220 ] - Updated gpdf packages fix vulnerabilities security
[USN-543-1] VMWare vulnerabilities Kees Cook

Friday, 16 November

[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability RISE Security
[USN-544-1] Samba vulnerabilities Jamie Strandboge
[ MDKSA-2007:221 ] - Updated kdegraphics packages fix vulnerabilities in kpdf security
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability cocoruder
AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat
Javamail login username and password same email problem thetaung
Re: Breaking RSA: Totient indirect factorization Watson Ladd
Re: Breaking RSA: Totient indirect factorization Erick Galinkin

Saturday, 17 November

JiRos Upload Manager SQL Injection no-reply
rPSA-2007-0241-1 samba samba-swat rPath Update Announcements
[USN-544-2] Samba regression Jamie Strandboge
RE: Standing Up Against German Laws - Project HayNeedle Quark IT - Hilton Travis
Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability CaseArmour.net Security Administrator
net-finity (links.php) Remote SQL Injection Vulnerability verys-secret
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability verys-secret
Myspace Clone Script (index.php) Remote File Inclusion Vulnerability verys-secret
security contact for mitsubishi electric? Chris Withers
Sciurus Hosting Panel Code İnjection admin
[ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities security
[ MDKSA-2007:223 ] - Updated pdftohtml packages fix vulnerabilities security
[ MDKSA-2007:224 ] - Updated samba packages fix vulnerabilities security

Monday, 19 November

Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability Juha-Matti Laurio
[ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability erdc
[ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200711-26 ] teTeX: Multiple vulnerabilities Pierre-Yves Rofes
Vulnerability Hash Database - Maillist Sowhat
Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability jf
[ GLSA 200711-25 ] MySQL: Denial of Service Pierre-Yves Rofes
[ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200711-21 ] Bochs: Multiple vulnerabilities Pierre-Yves Rofes
VigileCMS 1.4 Multiple Remote Vulnerabilities info
Belkin Wireless G Router DoS r00t
[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability security
Crash in LIVE555 Media Server 2007.11.01 Luigi Auriemma
IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam
[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code Pierre-Yves Rofes
[SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution Moritz Muehlenhoff
[Aria-Secutiy Net] Click&BaneX SQL Injection no-reply
Re: IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam
Citrix NetScaler Web Management XSS nnposter
Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Nils Toedtmann
Wordpress Cookie Authentication Vulnerability Steven J. Murdoch
Alcatel OmniPCX Enterprise VoIP Vulnerability daniel . stirnimann
rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements
[ GLSA 200711-28 ] Perl: Buffer overflow Pierre-Yves Rofes
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Kapetanakis Giannis
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Graeme Fowler
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Michal Zalewski
[ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs security

Tuesday, 20 November

Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Nils Toedtmann
[security bulletin] HPSBUX02289 SSRT071461 rev.1 - HP-UX Running BIND 8, Remote DNS Cache Poisoning security-alert
Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN joel
[ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities security
[ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities security
EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow eEye Advisories
[ GLSA 200711-29 ] Samba: Execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200711-30 ] PCRE: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200711-31 ] Net-SNMP: Denial of Service Pierre-Yves Rofes
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Kapetanakis Giannis
[ GLSA 200711-32 ] Feynmf: Insecure temporary file creation Pierre-Yves Rofes
Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS) Adrian P
[ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities security

Wednesday, 21 November

[Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection no-reply
Re: Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH
Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection no-reply
rPSA-2007-0243-1 flac rPath Update Announcements
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Paul Schmehl
[ MDKSA-2007:230 ] - Updated tetex packages fix vulnerabilities security
rPSA-2007-0245-1 kernel rPath Update Announcements
rPSA-2007-0245-2 kernel rPath Update Announcements
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Gadi Evron
E-vanced Solutions Multiple Vulnerabilites Joseph . giron13
GWextranet Multiple Vulnerabilites Joseph . giron13
[SECURITY] [DSA 1408-1] New kdegraphics packages fix arbitrary code execution Moritz Muehlenhoff
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities bugtraq
Ucms <= 1.8 Backdoor Remote Command Execution Exploit bugtraq
SkyPortal vRC6 Multiple Remote Vulnerabilities bugtraq

Thursday, 22 November

[ MDKSA-2007:224-1 ] - Updated samba packages fix vulnerabilities security
Wheatblog (wB) Remote File inclusion .. security
Aria-Security.net: NetAuctionHelp SQL Injection no-reply
[ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities erdc
Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de) zero-x
GetBlog local File inclusion .. security
[Argeniss] Data0: Next generation malware for stealing databases (Paper) Cesar
MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .. security
Re: Simple Machines Forum multiple sql injection flaws with exploit code. root
VigileCMS <= 1.8 Stealth Remote Command Execution Exploit bugtraq
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability DoZ
Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities Steve Kemp
Using CSRF to Attack Mobile Phones avivra
[ MDKSA-2007:231 ] - Updated cacti packages fix SQL injection vulnerability security
Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gg_vuln

Friday, 23 November

Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25
Aria-Security.net: Irola My-Time v3.5 SQL Injection no-reply
Re: MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .. BlackHawk
[0day Remote Command Execution] VigileCMS <= 1.8 Stealth wegotyourbox
Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx
Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael
Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability sdfkjsomcoismwevoiweo
Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25
Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability cybermilitan
Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael
[ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities security

Saturday, 24 November

Bitcomet Resource Browser v1.1 XSS jplopezy
Aria-Security.net: CoolShot E-Lite POS 1.0 no-reply
Re: Aria-Security.net: NetAuctionHelp SQL Injection support
PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution kingoftheworld92
[ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check ISecAuditors Security Advisories
vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable cybermilitan
Amber Script 1.0 (show_content.php id) Local File Inclusion Vulnerability cybermilitan
NetAuctionHelp Classified Ads v1.0 SQL Injection no-reply
Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection no-reply

Monday, 26 November

[SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation Moritz Muehlenhoff
Aria-Security.Net: Gouae DWD Realty SQL Injection noreply
[SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation Moritz Muehlenhoff
[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities Steve Kemp
[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation Moritz Muehlenhoff
HPSBST02291 SSRT071498 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062 security-alert
PHP 5.2.4 mail.force_extra_parameters unsecure cxib
GWExtranet Script Injections & Privilege Escalation Vulnerability DoZ
two bytehoard 2.1 bugs Ernesto Alvarez
Skype DoS mail
PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability sys-project
[ GLSA 200711-33 ] nss_ldap: Information disclosure Pierre-Yves Rofes
Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection sys-project
Citrix NetScaler Web Management Cookie Weakness nnposter
FMDeluxe (index.php) Cross-Site Scripting Vulnerability sys-project
[SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities Noah Meyerhans
[ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities Pierre-Yves Rofes
2007-06 Sentinel Protection Server Directory Traversal VulnerabilityResearch
SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability sys-project
DeluxeBB E-Mail Address Change Security Bypass bugtraq
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection kingoftheworld92
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92
Directory Traversal in SafeNet Sentinel Protection Server and Keys Server Elliot Kendall
JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability sys-project
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92
ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability zdi-disclosures
FIGIS (FILogin.do) Bypass SQL Injection Vulnerability sys-project
CONFidence 2008 CfP andrzej . targosz

Tuesday, 27 November

[USN-545-1] link-grammar vulnerability Kees Cook
Creating Backdoors in Cisco IOS using Tcl IRM Research
[USN-546-1] Firefox vulnerabilities Kees Cook
OWASP Israel Conference 2007, Dec 3rd 2007 Ofer Shezaf
[USN-547-1] PCRE vulnerabilities Kees Cook
[security bulletin] HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert
Ruby/Gnome2 0.16.0 Format String Vulnerability chris . rohlf
Announce: RFIDIOt release RFIDIOt-0.1r, November 2007 Adam Laurie
National Computer and Information Security Conferences ACIS 2008 - COLOMBIA Jeimy Cano
[SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff
Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl Nicolas FISCHBACH
Eurologon CMS Multiple SQL Injection kingoftheworld92
Eurologon CMS Db credentials disclosure / files download kingoftheworld92
Re: Creating Backdoors in Cisco IOS using Tcl michael
PHPkit 1.6.1 (include.php?path=) Remote File Inclusion sys-project
Liferay Enterprise Portal multiple XSS morin . josh
[SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution Moritz Muehlenhoff
PHPSlideShow XSS Update morin . josh
[SECURITY] [DSA 1415-1] New tk8.4 packages fix arbitrary code execution Moritz Muehlenhoff
Win2K3 Priv Escalation justin
CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor Core Security Technologies Advisories

Wednesday, 28 November

RE: Win2K3 Priv Escalation Matt Ausmus
Re: Win2K3 Priv Escalation Jan Münther
Microsoft FTP Client Multiple Bufferoverflow Vulnerability Rajesh Sethumadhavan
Secunia Research: Symantec Backup Exec Job Engine Denial of Service Secunia Research
Re: Win2K3 Priv Escalation Justin@ESC
RE: Win2K3 Priv Escalation Thor (Hammer of God)
Gekko <=0.8.2 (temp directory) Path Disclosure sys-project
SYM07-029 Symantec BEWS Multiple DoS in Job Engine Secure
[ MDKSA-2007:232 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Some Data of POC2007 poc2007
[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities security
Re: Gekko <=0.8.2 (temp directory) Path Disclosure J. Carlos Nieto
rPSA-2007-0252-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements
[USN-548-1] Pidgin vulnerability Kees Cook
[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities security

Thursday, 29 November

[security bulletin] HPSBMA02283 SSRT071319 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBUX02292 SSRT071499 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities Steve Kemp
Digital Armaments November-December Hacking Challenge: Diffuse Client Application (10.000$ extra) info
APC Management Vulnerability garys
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability 3APA3A
FreeBSD Security Advisory FreeBSD-SA-07:09.random FreeBSD Security Advisories
IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS IRM Research
FreeBSD Security Advisory FreeBSD-SA-07:10.gtar FreeBSD Security Advisories
ERRATA: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service Pierre-Yves Rofes
AST-2007-025 - SQL Injection issue in res_config_pgsql Asterisk Security Team
AST-2007-026 - SQL Injection issue in cdr_pgsql Asterisk Security Team
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Valdis . Kletnieks
[USN-549-1] PHP vulnerabilities Kees Cook
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Steve Shockley

Friday, 30 November

Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Matthew Leeds
[ MDKSA-2007:224-3 ] - Updated samba packages fix regressions security
SCARE metrics and tool release Pete Herzog
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Vincent Archer
DOS in Realplayer 11 ActiveX on Win Vista and Win XP SP2 thesinoda
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability 3APA3A
PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script research
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method research
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script research
Re: Aria-Security.net: CoolShot E-Lite POS 1.0 coolshot
rPSA-2007-0254-1 idle python rPath Update Announcements
27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Max Moser
QEMU code_gen_buffer overflow POC TeLeMan
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Jacob Appelbaum

Previous period

Next period