Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
443 messages
starting Jan 24 08 and
ending Jan 22 08
Date index |
Thread index |
Author index
0in . email
Tiger PHP News System SQL Injection 0in . email (Jan 24)
3APA3A
Re: Remote File Disclosure in phpCMS 1.2.2 3APA3A (Jan 29)
securityvulns.com russian vulnerabilities digest 3APA3A (Jan 03)
Re: [Full-disclosure] what is this? 3APA3A (Jan 14)
Re: Defeating audio captcha systems 3APA3A (Jan 16)
Re: FortiGuard: URL Filtering Application Bypass Vulnerability 3APA3A (Jan 04)
multiple CAPTCHA automation test bypass digest 3APA3A (Jan 03)
Re[2]: [Full-disclosure] what is this? 3APA3A (Jan 14)
Aaron Cake
RE: [HSC] Snitz Forums Multiple Vulnerabilities Aaron Cake (Jan 07)
Aaron Collins
Re: PIX Privilege Escalation Vulnerability Aaron Collins (Jan 25)
admin
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server admin (Jan 23)
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure admin (Jan 21)
Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability admin (Jan 03)
OneCMS Vulnerabilities admin (Jan 07)
Web Wiz NewsPad Directory traversal admin (Jan 23)
[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) Admin (Jan 25)
Re: what is this? admin (Jan 14)
Web Wiz Forums Directory traversal admin (Jan 23)
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS admin (Jan 28)
MODx CMS Source code disclosure, local file inclusion admin (Jan 02)
Adrian Leuenberger
[CSNC] OKI C5510MFP Printer Password Disclosure Adrian Leuenberger (Jan 17)
Adrian P
BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP Adrian P (Jan 10)
Call Jacking: Phreaking the BT Home Hub Adrian P (Jan 21)
advisories
Corsaire Security Advisory: Sun J2RE DoS issue advisories (Jan 08)
Alessandro Tanasi
eTicket 'index.php' Cross Site Scripting Path Vulnerability Alessandro Tanasi (Jan 28)
Alexander Bochmann
Re: At long last -- Extra Outlooks! Alexander Bochmann (Jan 11)
Alexander Sotirov
Facebook security contact Alexander Sotirov (Jan 28)
anastasiosm
Level-One WBR-3460A Grants Root Access anastasiosm (Jan 08)
Asterisk Security Team
AST-2008-001: Crash from transfer using BYE with Also header Asterisk Security Team (Jan 02)
Audun Larsen
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search Audun Larsen (Jan 01)
Aufmuth Andreas
AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability Aufmuth Andreas (Jan 04)
avivra
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra (Jan 03)
Attackers can SkypeFind you avivra (Jan 31)
Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra (Jan 03)
RE: Skype videomood XSS avivra (Jan 17)
azizov
SocksCap Stack Overflow (<= 2.40-051231) azizov (Jan 18)
banner
CSRF/XSS in Sungard Banner banner (Jan 29)
benleavett
Re: Utimaco Safeguard Easy vulnerability benleavett (Jan 17)
bugs+securityfocus
Re: PR07-38: XSS on sIFR bugs+securityfocus (Jan 22)
bugtraq
phpBB2 2.0.22 Cross Site Scripting Vulnerability bugtraq (Jan 02)
Casper . Dik
Re: At long last -- Extra Outlooks! Casper . Dik (Jan 14)
Charles Hooper
phpIP 4.3.2 - Numerous SQL Injection Vulnerablities Charles Hooper (Jan 28)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Cisco Systems Product Security Incident Response Team (Jan 23)
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability Cisco Systems Product Security Incident Response Team (Jan 30)
Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Cisco Systems Product Security Incident Response Team (Jan 16)
Cisco Security Advisory: Default Passwords in the Application Velocity System Cisco Systems Product Security Incident Response Team (Jan 23)
come2waraxe
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 come2waraxe (Jan 16)
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 come2waraxe (Jan 21)
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 come2waraxe (Jan 16)
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11 come2waraxe (Jan 21)
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 come2waraxe (Jan 30)
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 come2waraxe (Jan 31)
CORE Security Technologies Advisories
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow CORE Security Technologies Advisories (Jan 17)
CORE-2007-1106: SynCE Remote Command Injection CORE Security Technologies Advisories (Jan 07)
CORE-2007-1219: Firebird Remote Memory Corruption Core Security Technologies Advisories (Jan 28)
crazy frog crazy frog
Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
what is this? crazy frog crazy frog (Jan 14)
Re: what is this? crazy frog crazy frog (Jan 15)
Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 14)
Re: what is this? crazy frog crazy frog (Jan 14)
Re: what is this? crazy frog crazy frog (Jan 14)
Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
cxib
PHP 5.2.5 cURL safe_mode bypass cxib (Jan 23)
Daniel Roethlisberger
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340) Daniel Roethlisberger (Jan 29)
Daniel Weber
Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber (Jan 15)
Danux
FortiGuard: URL Filtering Application Bypass Vulnerability Danux (Jan 04)
David Malone
Re: common dns misconfiguration can lead to "same site" scripting David Malone (Jan 22)
db
PacerCMS Multiple Vulnerabilities (XSS/SQL) db (Jan 22)
ImageAlbum Remote SQL Injection Vulnerabilities db (Jan 11)
Denis
Re[2]: what is this? Denis (Jan 15)
Re[2]: what is this? Denis (Jan 15)
Re: what is this? Denis (Jan 15)
dev
Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities dev (Jan 28)
digit2004
gdb bug digit2004 (Jan 25)
Digital Security Research Group
Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group (Jan 31)
[!!FIX Information ] Nucleus 3.31 XSS in path Digital Security Research Group (Jan 29)
Nucleus 3.31 XSS in path Digital Security Research Group (Jan 29)
Remote File Disclosure in phpCMS 1.2.2 Digital Security Research Group (Jan 29)
[DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group (Jan 31)
Digital Security Research Group [DSecRG]
[DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG] (Jan 16)
LFI in Tuned Studios Templates Digital Security Research Group [DSecRG] (Jan 09)
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] (Jan 16)
Dominic Hargreaves
Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
DoZ
[HSC] Snitz Forums Multiple Vulnerabilities DoZ (Jan 07)
Simple Machines Forum Cross-Site Scripting Vulnerabilities DoZ (Jan 10)
DVLabs
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability DVLabs (Jan 16)
TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability DVLabs (Jan 16)
ebk_lists
Word 2007 Email as PDF path disclosure flaw ebk_lists (Jan 10)
effectiveness63
Php Search Remote Inclusion effectiveness63 (Jan 21)
Eloy Paris
Re: PIX Privilege Escalation Vulnerability Eloy Paris (Jan 24)
Enno Rey
Troopers 08 Security Conference, Call for Papers Enno Rey (Jan 22)
Eric Davis
RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Eric Davis (Jan 23)
erne
NetRisk 1.9.7 Remote File Inclusion Vulnerability erne (Jan 05)
Eyal Udassin
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution Eyal Udassin (Jan 25)
C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow Eyal Udassin (Jan 25)
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability Eyal Udassin (Jan 25)
Felipe M. Aragon
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability Felipe M. Aragon (Jan 23)
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Felipe M. Aragon (Jan 23)
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities Felipe M. Aragon (Jan 23)
Florian Weimer
Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer (Jan 11)
Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer (Jan 21)
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution Florian Weimer (Jan 22)
Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer (Jan 22)
Francois Labreque
Re: At long last -- Extra Outlooks! Francois Labreque (Jan 14)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:02.libc FreeBSD Security Advisories (Jan 15)
FreeBSD Security Advisory FreeBSD-SA-08:01.pty FreeBSD Security Advisories (Jan 15)
g0rk3m-31
AmpJuke-0.7.0 (index.php) Xss VuLn. g0rk3m-31 (Jan 29)
Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj. g0rk3m-31 (Jan 30)
tinyBB v0.2 Message Board Remote File Inc. g0rk3m-31 (Jan 30)
g30rg3_x
XSRF under Dean’s Permalinks Migration 1.0 g30rg3_x (Jan 22)
Gadi Evron
Re: what is this? Gadi Evron (Jan 14)
Re: [Full-disclosure] what is this? Gadi Evron (Jan 15)
gmdarkfig
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability gmdarkfig (Jan 21)
gokhankaya
mcGuestbook v1.2 Remote File Inc. gokhankaya (Jan 16)
GomoR
Re: Country by Country ISA Computer Sets GomoR (Jan 18)
SinFP fingerprinting tool online demo GomoR (Jan 18)
grossman
MegaBBS ASP Forum Cross-Site Scripting grossman (Jan 21)
Gynvael Coldwind
SDL_Image 1.2.6 and prior GIF handling buffer overflow Gynvael Coldwind (Jan 23)
hadihadi_zedehal_2006
boastMachine <=3.1 SQL Injection Vulnerbility hadihadi_zedehal_2006 (Jan 21)
Clever Copy <=3.0 Multiple Remote Vulnerabilities hadihadi_zedehal_2006 (Jan 17)
MTCMS <=2.0 SQL Injection Vulnerbility hadihadi_zedehal_2006 (Jan 10)
netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 (Jan 07)
Hanno Böck
re-resting of zzuf results Hanno Böck (Jan 11)
Cross site scripting (XSS) in Moodle 1.8.3 Hanno Böck (Jan 12)
H D Moore
Metasploit Framework v3.1 Released H D Moore (Jan 28)
hempel
AXIGEN 5.0.x AXIMilter Format String Exploit hempel (Jan 21)
Hernan Ochoa
Pass-The-Hash Toolkit v1.2 released. Hernan Ochoa (Jan 21)
WifiZoo v1.3 released (minor release) Hernan Ochoa (Jan 21)
hey
Re: Article DashBoard all version SQL Injection Vulnerability hey (Jan 18)
houssamix
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities houssamix (Jan 18)
iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities iDefense Labs (Jan 17)
iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability iDefense Labs (Jan 04)
iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability iDefense Labs (Jan 17)
iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability iDefense Labs (Jan 07)
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Labs (Jan 15)
iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Labs (Jan 16)
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Labs (Jan 15)
iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability iDefense Labs (Jan 24)
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Labs (Jan 15)
iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability iDefense Labs (Jan 09)
iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability iDefense Labs (Jan 24)
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Labs (Jan 15)
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities iDefense Labs (Jan 17)
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability iDefense Labs (Jan 17)
info
Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit info (Jan 10)
infocus
[INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS infocus (Jan 09)
[INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected infocus (Jan 09)
James C. Slora Jr.
Pipe to FOR Crashes CMD James C. Slora Jr. (Jan 15)
Jamie Riden
Re: what is this? Jamie Riden (Jan 15)
Jamie Strandboge
[USN-570-1] boost vulnerabilities Jamie Strandboge (Jan 16)
[USN-568-1] PostgreSQL vulnerabilities Jamie Strandboge (Jan 14)
[USN-560-1] Tomboy vulnerability Jamie Strandboge (Jan 08)
[USN-573-1] PulseAudio vulnerability Jamie Strandboge (Jan 31)
[USN-564-1] Net-SNMP vulnerability Jamie Strandboge (Jan 09)
Jan Heisterkamp
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 15)
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
J. Carlos Nieto
Joomla 1.0.13 CSRF J. Carlos Nieto (Jan 08)
Re: Joomla 1.0.13 CSRF J. Carlos Nieto (Jan 08)
Jim Harrison
RE: Country by Country ISA Computer Sets Jim Harrison (Jan 22)
jmacaranas
Making big money... jmacaranas (Jan 18)
joachim . schneider
Re: Re: Utimaco Safeguard Easy vulnerability joachim . schneider (Jan 18)
John Simpson
Re: Cryptome: NSA has real-time access to Hushmail servers John Simpson (Jan 03)
Jonathan Smith
Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)
J. Oquendo
Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo (Jan 14)
José M. Palazón Romero
Exploiting the SpamBam plugin for wordpress José M. Palazón Romero (Jan 15)
Defeating audio captcha systems José M. Palazón Romero (Jan 15)
Jose Nazario
Re: what is this? Jose Nazario (Jan 14)
Josh Berkus
PostgreSQL 2007-01-07 Cumulative Security Release Josh Berkus (Jan 07)
Kees Cook
[USN-562-1] opal vulnerability Kees Cook (Jan 09)
[USN-561-1] pwlib vulnerability Kees Cook (Jan 09)
[USN-565-1] Squid vulnerability Kees Cook (Jan 09)
[USN-569-1] libxml2 vulnerability Kees Cook (Jan 15)
[USN-571-1] X.org vulnerabilities Kees Cook (Jan 18)
[USN-572-1] apt-listchanges vulnerability Kees Cook (Jan 19)
[USN-563-1] CUPS vulnerabilities Kees Cook (Jan 09)
[USN-567-1] Dovecot vulnerability Kees Cook (Jan 10)
[USN-566-1] OpenSSH vulnerability Kees Cook (Jan 10)
[USN-571-2] X.org regression Kees Cook (Jan 19)
Kurt Grutzmacher
Re: common dns misconfiguration can lead to "same site" scripting Kurt Grutzmacher (Jan 19)
L4teral
eTicket 1.5.5.2 Multiple Vulnerabilities L4teral (Jan 07)
Layer One
LayerOne 2008 - CFP Released Layer One (Jan 07)
lcashdol
Two vulnerabilities for PatchLink Update Client for Unix. lcashdol (Jan 25)
Lee Dilkie
Re: Cryptome: NSA has real-time access to Hushmail servers Lee Dilkie (Jan 03)
linlei99
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples linlei99 (Jan 17)
Liquidmatrix Security Digest
Advisory: Tripwire Enterprise/Server XSS Vulnerability Liquidmatrix Security Digest (Jan 29)
Luigi Auriemma
Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma (Jan 16)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 11)
Buffer-overflow and format string in White_Dune 0.29beta791 Luigi Auriemma (Jan 02)
Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma (Jan 25)
Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 Luigi Auriemma (Jan 02)
Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 14)
Pre-auth buffer-overflow in mySQL through yaSSL Luigi Auriemma (Jan 04)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 14)
Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 10)
Multiple vulnerabilities in yaSSL 1.7.5 Luigi Auriemma (Jan 04)
Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 Luigi Auriemma (Jan 09)
Some DoS in some telnet servers Luigi Auriemma (Jan 04)
m3venge
Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge (Jan 18)
Marcello Barnaba (void)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) (Jan 14)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) (Jan 10)
Mario Contestabile
RE: what is this? Mario Contestabile (Jan 14)
M. Burnett
RE: Re: Cryptome: NSA has real-time access to Hushmail servers M. Burnett (Jan 03)
MC Iglo
Privileg escalation in Omegasoft Insel 7 MC Iglo (Jan 09)
Memisyazici, Aras
RE: what is this? Memisyazici, Aras (Jan 15)
RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras (Jan 03)
Metaeye SG
SQID v0.3 - SQL Injection Digger. Metaeye SG (Jan 14)
michael . lambie
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm michael . lambie (Jan 18)
Michael Wojcik
RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik (Jan 30)
Michal Zalewski
Tool availability - browser DOM Checker Michal Zalewski (Jan 26)
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication Michal Zalewski (Jan 03)
milad_sa2007
Pre Dynamic Institution bypass milad_sa2007 (Jan 25)
E-SMART CART bypass milad_sa2007 (Jan 25)
Pre Hotel and Resorts reservation portal login bypass milad_sa2007 (Jan 25)
ASPired2Protect bypass milad_sa2007 (Jan 28)
Minded Security Research Labs
Apache mod_negotiation Xss and Http Response Splitting Minded Security Research Labs (Jan 22)
morin . josh
Naymz multiple XSS morin . josh (Jan 11)
SocialURL Login Page Cross-Site Scripting morin . josh (Jan 07)
Moritz Muehlenhoff
[SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities Moritz Muehlenhoff (Jan 21)
[SECURITY] [DSA 1446-1] New wireshark packages fix denial of service Moritz Muehlenhoff (Jan 03)
[SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service Moritz Muehlenhoff (Jan 03)
[SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff (Jan 21)
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 03)
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation Moritz Muehlenhoff (Jan 14)
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 24)
[SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression Moritz Muehlenhoff (Jan 19)
[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service Moritz Muehlenhoff (Jan 21)
[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service Moritz Muehlenhoff (Jan 14)
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 21)
[SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution Moritz Muehlenhoff (Jan 21)
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 1445-1] New maradns packages fix denial of service Moritz Muehlenhoff (Jan 03)
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 14)
[SECURITY] [DSA 1444-2] New php5 packages fix regression Moritz Muehlenhoff (Jan 24)
[SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 14)
[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 03)
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service Moritz Muehlenhoff (Jan 16)
mparker
Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split mparker (Jan 21)
muuratsalo experimental hack lab
nilson's blogger 0.11 remote file disclosure vulnerabilities muuratsalo experimental hack lab (Jan 31)
sflog! 0.96 remote file disclosure vulnerabilities muuratsalo experimental hack lab (Jan 31)
nbbn
vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn (Jan 07)
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability nbbn (Jan 28)
MyBB 1.2.11 Multiple XSRF Vulnerabilities nbbn (Jan 18)
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities nbbn (Jan 29)
DeluxeBB 1.1 XSS Vulnerabilitie nbbn (Jan 22)
Re: vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn (Jan 07)
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability nbbn (Jan 24)
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability nbbn (Jan 23)
Webspell 4.01.02 2 Vulnerabilites nbbn (Jan 30)
neothermic
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic (Jan 03)
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic (Jan 03)
Nick FitzGerald
Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
Re: Exploit in IE6,7 Nick FitzGerald (Jan 28)
Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 15)
nnposter
F5 BIG-IP Web Management List Search XSS nnposter (Jan 14)
F5 BIG-IP Web Management ASM Security Report XSS nnposter (Jan 26)
8e6 Technologies R3000 Internet Filter Bypass by Request Split nnposter (Jan 16)
Noah Meyerhans
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability Noah Meyerhans (Jan 10)
none
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 none (Jan 11)
Re[2]: what is this? none (Jan 15)
no-reply
[Aria-Security.Net] Real Estate Web SQL Injection no-reply (Jan 16)
cPanel Hosting Manager (dohtaccess.html) no-reply (Jan 16)
Ofer Shezaf
RE: Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf (Jan 03)
New Web Hacking Incidents at WHID Ofer Shezaf (Jan 07)
Recent Web Hacks: WHID update for Janury 30th 2008 Ofer Shezaf (Jan 30)
First (Major) web hacking incidents for 2008. Sign of the year to come? Ofer Shezaf (Jan 09)
Oliver Goebel
IMF 2008 - Call for Papers Oliver Goebel (Jan 18)
oliver karow
BitDefender Update Server - Unauthorized Remote File Access Vulnerability oliver karow (Jan 19)
p4imi0
sysHotel On Line Remote File Disclosure Vulnerability. p4imi0 (Jan 08)
ClanSphere 2007.4.4 Remote File Disclosure Vulnerability. p4imi0 (Jan 28)
Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. p4imi0 (Jan 07)
Paul Schmehl
Re: First (Major) web hacking incidents for 2008. Sign of the year to come? Paul Schmehl (Jan 09)
pdp (architect)
Hacking The Interwebs pdp (architect) (Jan 14)
Pete Finnigan
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU Pete Finnigan (Jan 30)
Peter Watkins
Re: Latest round of web hacking incidents for 2007 & Project news Peter Watkins (Jan 03)
pete . sage
Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow pete . sage (Jan 29)
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability pete . sage (Jan 29)
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution pete . sage (Jan 29)
Pierre-Yves Rofes
[ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution Pierre-Yves Rofes (Jan 31)
[ GLSA 200801-19 ] GOffice: Multiple vulnerabilities Pierre-Yves Rofes (Jan 30)
[ GLSA 200801-20 ] libxml2: Denial of Service Pierre-Yves Rofes (Jan 30)
[ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation Pierre-Yves Rofes (Jan 09)
[ GLSA 200801-02 ] R: Multiple vulnerabilities Pierre-Yves Rofes (Jan 09)
[ GLSA 200801-04 ] OpenAFS: Denial of Service Pierre-Yves Rofes (Jan 09)
[ GLSA 200801-22 ] PeerCast: Buffer overflow Pierre-Yves Rofes (Jan 31)
[ GLSA 200801-05 ] Squid: Denial of Service Pierre-Yves Rofes (Jan 09)
[ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities Pierre-Yves Rofes (Jan 30)
ProCheckUp Research
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ProCheckUp Research (Jan 10)
PR07-38: XSS on sIFR ProCheckUp Research (Jan 22)
r2t
Exploit in IE6,7 r2t (Jan 28)
PhPress-0.3.0 Read All Sql Information For Config r2t (Jan 26)
Raphael Marichez
[ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities Raphael Marichez (Jan 29)
[ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service Raphael Marichez (Jan 30)
[ GLSA 200801-17 ] Netkit FTP Server: Denial of Service Raphael Marichez (Jan 30)
Raphaël Marichez
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities Raphaël Marichez (Jan 24)
Reed Arvin
PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes. Reed Arvin (Jan 07)
PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes Reed Arvin (Jan 07)
retrog
ImageShack Toolbar FileUploader Class insecurities retrog (Jan 24)
Reversemode
[Reversemode Paper] Exploiting WDM Audio Drivers Reversemode (Jan 07)
Richard Powell
Re: Country by Country ISA Computer Sets Richard Powell (Jan 18)
rich cannings
XSS Vulnerabilities in Common Shockwave Flash Files rich cannings (Jan 02)
Robbie Gill
Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 Robbie Gill (Jan 05)
Robert Buchholz
[ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability Robert Buchholz (Jan 28)
[ GLSA 200801-06 ] Xfce: Multiple vulnerabilities Robert Buchholz (Jan 10)
ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow Robert Buchholz (Jan 08)
[ GLSA 200801-13 ] ngIRCd: Denial of Service Robert Buchholz (Jan 28)
[ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code Robert Buchholz (Jan 28)
[ GLSA 200801-01 ] unp: Arbitrary command execution Robert Buchholz (Jan 09)
[ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code Robert Buchholz (Jan 28)
[ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code Robert Buchholz (Jan 21)
[ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities Robert Buchholz (Jan 21)
[ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Robert Buchholz (Jan 21)
Robert McArdle
Re: what is this? Robert McArdle (Jan 14)
Re: what is this? Robert McArdle (Jan 14)
Robert Scheck
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) Robert Scheck (Jan 18)
rPath Update Announcements
rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
rPSA-2008-0016-1 postgresql postgresql-server rPath Update Announcements (Jan 16)
rPSA-2008-0021-1 kernel rPath Update Announcements (Jan 17)
rPSA-2008-0029-1 bind bind-utils rPath Update Announcements (Jan 24)
rPSA-2008-0030-1 CherryPy rPath Update Announcements (Jan 24)
rPSA-2008-0017-1 libxml2 rPath Update Announcements (Jan 16)
rPSA-2008-0004-1 tshark wireshark rPath Update Announcements (Jan 03)
rPSA-2008-0006-1 libexif rPath Update Announcements (Jan 05)
rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (Jan 05)
rPSA-2008-0015-1 cairo rPath Update Announcements (Jan 16)
rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Update Announcements (Jan 17)
rPSA-2008-0008-1 cups rPath Update Announcements (Jan 05)
rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements (Jan 30)
S21sec labs
Safari 2 Denial of Service S21sec labs (Jan 12)
security
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities security (Jan 16)
PHPEchoCMS Multible remote vulnerabilitis security (Jan 17)
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability security (Jan 26)
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities security (Jan 17)
[ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities security (Jan 03)
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security (Jan 09)
[ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities security (Jan 08)
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Jan 12)
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability security (Jan 10)
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities security (Jan 16)
[ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities security (Jan 30)
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities security (Jan 15)
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration security (Jan 14)
[ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities security (Jan 09)
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability security (Jan 24)
[ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service security (Jan 05)
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities security (Jan 21)
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability security (Jan 12)
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security (Jan 09)
[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities security (Jan 25)
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability security (Jan 22)
[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack security (Jan 31)
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities security (Jan 24)
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration security (Jan 12)
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities security (Jan 24)
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities security (Jan 23)
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities security (Jan 12)
[ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities security (Jan 09)
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities security (Jan 22)
[ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security (Jan 11)
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities security (Jan 24)
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities security (Jan 24)
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module security (Jan 15)
security-alert
HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert (Jan 08)
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) security-alert (Jan 23)
HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert (Jan 08)
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert (Jan 17)
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code security-alert (Jan 15)
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 security-alert (Jan 15)
[security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution security-alert (Jan 09)
[security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert (Jan 03)
Security Basic
New search engine for exploits Security Basic (Jan 18)
Sergio 'shadown' Alvarez
Some hashes for the record Sergio 'shadown' Alvarez (Jan 22)
s f
Re: Latest round of web hacking incidents for 2007 & Project news s f (Jan 04)
ship_nx
Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ship_nx (Jan 11)
Smasher
JoomlaFlash Component Multiple Remote File Inclusion Smasher (Jan 17)
Re: Garment Center (index.cgi) Local File Inclusion Smasher (Jan 14)
Garment Center (index.cgi) Local File Inclusion Smasher (Jan 14)
snagg
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 snagg (Jan 14)
sp3x
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability sp3x (Jan 11)
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability sp3x (Jan 11)
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) sp3x (Jan 15)
Stefano Zanero
CFP: EuroSec Workshop (March 31st, 2008) Stefano Zanero (Jan 11)
Steve Kemp
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution Steve Kemp (Jan 17)
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution Steve Kemp (Jan 05)
[SECURITY] [DSA 1450-1] New util-linux packages fix programming error Steve Kemp (Jan 05)
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution Steve Kemp (Jan 17)
[SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service Steve Kemp (Jan 07)
[SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems Steve Kemp (Jan 08)
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error Steve Kemp (Jan 05)
[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code Steve Kemp (Jan 05)
Steven M. Christey
Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
str0ke
Re: Buffer-overflow in Quicktime Player 7.3.1.70 str0ke (Jan 11)
Sw33t . h4cK3r
contactforms "cforms-css.php" Remote File Inclusion Sw33t . h4cK3r (Jan 31)
VB Marketing "tseekdir.cgi" Local File Inclusion Sw33t . h4cK3r (Jan 28)
sys-project
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily sys-project (Jan 14)
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit sys-project (Jan 16)
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit sys-project (Jan 16)
Tavis Ormandy
common dns misconfiguration can lead to "same site" scripting Tavis Ormandy (Jan 18)
tbbunn
Re: Re: PIX Privilege Escalation Vulnerability tbbunn (Jan 25)
PIX Privilege Escalation Vulnerability tbbunn (Jan 24)
The Fungi
Re: Country by Country ISA Computer Sets The Fungi (Jan 18)
the . tiger100
Re: mcGuestbook v1.2 Remote File Inc. the . tiger100 (Jan 18)
Thijs Kinkhorst
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service Thijs Kinkhorst (Jan 09)
[SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities Thijs Kinkhorst (Jan 19)
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting Thijs Kinkhorst (Jan 26)
[SECURITY] [DSA 1459-1] New gforge packages fix SQL injection Thijs Kinkhorst (Jan 14)
[SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure Thijs Kinkhorst (Jan 09)
Thor (Hammer of God)
RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
RE: At long last -- Extra Outlooks! Thor (Hammer of God) (Jan 14)
Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 15)
At long last -- Extra Outlooks! Thor (Hammer of God) (Jan 11)
RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 21)
Country by Country Computer Sets now available for ISA 2004 Thor (Hammer of God) (Jan 16)
SQL scalar function to convert big int to dot notation Thor (Hammer of God) (Jan 16)
RE: At long last - Extra Outlooks! Thor (Hammer of God) (Jan 14)
RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
Tomaz
RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
tomaz . bratusa
Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa (Jan 07)
ucon
uCon 2008 call for participation - Recife, Brazil ucon (Jan 10)
underwater
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT underwater (Jan 05)
Uninformed Journal
Uninformed Journal Release Announcement: Volume 9 Uninformed Journal (Jan 28)
Valdis . Kletnieks
Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks (Jan 15)
vivek_infosec
xss in w3-msql error page vivek_infosec (Jan 03)
VMware Security team
VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 VMware Security team (Jan 08)
UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team (Jan 23)
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team (Jan 08)
wargame89
Flaw in Alice gate2 pluswifi adsl modem wargame89 (Jan 21)
webmaster
Re: OneCMS Vulnerabilities webmaster (Jan 28)
xcross87
Article DashBoard all version SQL Injection Vulnerability xcross87 (Jan 15)
Max's File Uploader File Upload Vulnerability xcross87 (Jan 15)
MicroNews Admin Direct Access vulnerability xcross87 (Jan 15)
Yousef Syed
Re: what is this? Yousef Syed (Jan 16)
zdi-disclosures
ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability zdi-disclosures (Jan 14)
ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability zdi-disclosures (Jan 18)
رومانسي هكر
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include رومانسي هكر (Jan 21)
Belong Site Builder 0.1b Bypass Admincp رومانسي هكر (Jan 22)