Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
341 messages
starting May 01 08 and
ending May 31 08
Date index |
Thread index |
Author index
Thursday, 01 May
XSS in AstroCam Steffen Wendzel
iDefense Security Advisory 04.30.08: Akamai Download Manager Arbitrary Program Execution Vulnerability iDefense Labs
[SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities Thijs Kinkhorst
Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) Team SHATTER
mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln irancrash
vlBook 1.21 (ALL VERSION) irancrash
Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) Team SHATTER
Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) Team SHATTER
[SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS) irancrash
Friday, 02 May
Re: netOffice Dwins 1.3 Remote code execution. luiswang
[SECURITY] [DSA 1566-1] New cpio packages fix denial of service Steve Kemp
BlackBook v1.0 Multiple XSS Vulnerabilities irancrash
Lifetype 1.2.7 XSS Vulnerability irancrash
project alumni v1.0.9 (info.php) SQL Injection Vulnerability hadihadi_zedehal_2006
Zomplog 3.8.2 XSS Vulnerability irancrash
[ MDVSA-2008:095 ] - Updated OpenOffice.org packages fix vulnerabilities security
chicomas.2.0.4 hadikiamarsi
Denial of Service in Call of Duty 4 1.5 Luigi Auriemma
rPSA-2008-0157-1 kernel rPath Update Announcements
blur6ex-0.3.462 LOCAL FILE INCLUSION Vulnerbility hadihadi_zedehal_2006
Saturday, 03 May
Fixed: LiveCart SQL injection vulnerability fixed since version 1.1.2 LiveCart
[TOOL] SSL Capable NetCat (and more) GomoR
SiteXS CMS Remote File Upload Vulnerability hadikiamarsi
Re: GroupWise 7.0 mailto: scheme buffer overflow hollebcons
Photos and Presentation Materials from HITBSecConf2008 - Dubai Released Praburaajan
Maian Gallery v2.0 XSS Vulnerability irancrash
Maian Cart v1.1 XSS Vulnerabilities irancrash
Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION) irancrash
Maian Guestbook v3.2 XSS Vulnerabilities irancrash
Maian Weblog v4.0 XSS Vulnerabilities irancrash
Maian Greeting v2.1 Multiple Vulnerabilities (XSS/SQL INJECTION) irancrash
Maian Support v1.3 Xss Vulnerabilities irancrash
Multiple vulnerabilities in WebMod 0.48 Luigi Auriemma
Maian Recipe v1.2 Xss Vulnerabilities irancrash
Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection) irancrash
Maian Links v3.1 XSS Vulnerabilities irancrash
Monday, 05 May
Microsot DID DISCLOSE potential Backdoor J. Oquendo
Re: Re: GroupWise 7.0 mailto: scheme buffer overflow jplopezy
Re: Lifetype 1.2.7 XSS Vulnerability securityfocus
Maian Uploader v4.0 XSS Vulnerabilities irancrash
LifeType 1.2.8 irancrash
[USN-606-1] CUPS vulnerability Jamie Strandboge
[SECURITY] [DSA 1567-1] New blender packages fix arbitrary code execution Devin Carraway
[ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability erdc
[ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability erdc
[SECURITY] [DSA 1568-1] New b2evolution packages fix cross site scripting Thijs Kinkhorst
[ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability erdc
[ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability erdc
Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit sys-project
[ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability erdc
[ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability erdc
[SECURITY] [DSA 1569-1] New cacti packages fix multiple vulnerabilities Thijs Kinkhorst
Novell eDirectory DoS via HTTP headers Nicob
Novell eDirectory unauthenticated access to SOAP interface Nicob
CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability CORE Security Technologies Advisories
Tuesday, 06 May
[ GLSA 200805-01 ] Horde Application Framework: Multiple vulnerabilities Pierre-Yves Rofes
Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 mkanat
Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability Stefan Esser
[ GLSA 200805-02 ] phpMyAdmin: Information disclosure Pierre-Yves Rofes
[SECURITY] [DSA 1569-2] New cacti packages fix regression Thijs Kinkhorst
Advisory SE-2008-03: PHP Multibyte Shell Command Escaping Bypass Vulnerability Stefan Esser
[SECURITY] [DSA 1554-2] New roundup packages fix regression Thijs Kinkhorst
[tool announcement] tmin - a handy fuzzing test case optimizer Michal Zalewski
HPSBUX02324 SSRT080034 rev.1 - HP-UX Running Netscape Directory Server (NDS), Local Gain Extended Privileges security-alert
RE: Microsot DID DISCLOSE potential Backdoor Ken Schaefer
HPSBUX02332 SSRT080056 rev.1 - HP-UX running Apache with PHP, Remote Denial of Service (DoS), Gain Extended Privileges security-alert
[security bulletin] HPSBMA02331 SSRT080000 rev.2 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges security-alert
[USN-608-1] KDE vulnerability Jamie Strandboge
QTOFileManager V 1.0<== Remote File Upload Vulnerability Cr4zY . CrAcKeR
Invitation - OWASP AppSec Europe May 19-22 2008 - Belgium Sebastien Deleersnyder
[USN-607-1] Emacs vulnerabilities Jamie Strandboge
Power Editor LOCAL FILE INCLUSION Vulnerbility hadihadi_zedehal_2006
[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code Steve Kemp
[USN-605-1] Thunderbird vulnerabilities Jamie Strandboge
Sphider 1.3.4 Cross Site Scripting decoder-bugtraq
mvnForum 1.1 Cross Site Scripting decoder-bugtraq
Wednesday, 07 May
[ MDVSA-2008:097 ] - Updated kdelibs packages fix vulnerability in start_kdeinit security
[ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff security
[ MDVSA-2008:098 ] - Updated openssh packages fix vulnerability security
rPSA-2008-0157-1 kernel narita.hiroo
[Advisory Update]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability cocoruder
Adobe Acrobat Professional Javascript For PDF Security Feature Bypass and Memory Corruption Vulnerabilities cocoruder
rPSA-2008-0162-1 kernel rPath Update Announcements
[USN-609-1] OpenOffice.org vulnerabilities Kees Cook
[USN-610-1] LTSP vulnerability Kees Cook
[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation Tobias Heinlein
Multiple XSS In TuxCMS All Version hadikiamarsi
Re: QTOFileManager V 1.0<== Remote File Upload Vulnerability Cr4zY . CrAcKeR
Vulnerability in Multiple Web Application linux0day
VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability Cr4zY . CrAcKeR
Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo
RE: Microsot DID DISCLOSE potential Backdoor Ken Schaefer
Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo
Exploiting Google MX servers as Open SMTP Relays pablo . ximenes
Thursday, 08 May
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability iDefense Labs
Novell Client <= 4.91 SP4 Local Stack overflow / B.S.O.D (unauthentificated user) laurent . gaffie
Re: After 6 months - fix available for Microsoft DNS cache poisoning attack rick . a . cook
[ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities Pierre-Yves Rofes
ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities hadihadi_zedehal_2006
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability iDefense Labs
ZYWALL Referer Header XSS Vulnerability Deniz Cevik
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability iDefense Labs
Re: [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability catalina . danila
Re: After 6 months - fix available for Microsoft DNS cache poisoning attack Amit Klein
[USN-611-1] Speex vulnerability Jamie Strandboge
FLEA-2008-0008-1 firefox Foresight Linux Essential Announcement Service
[USN-611-2] vorbis-tools vulnerability Jamie Strandboge
Friday, 09 May
[USN-611-3] GStreamer Good Plugins vulnerability Jamie Strandboge
Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero
XSS and CSRF vulnerability on Cpanel 11 Matteo Carli
[ GLSA 200805-08 ] InspIRCd: Denial of Service Robert Buchholz
Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability Deniz Cevik
[ GLSA 200805-07 ] Linux Terminal Server Project: Multiple vulnerabilities Robert Buchholz
[ GLSA 200805-06 ] Firebird: Data disclosure Robert Buchholz
FInal EUSecWest 2008 Speakers Dragos Ruiu
[ MDVSA-2008:099 ] - Updated ImageMagick packages fix vulnerabilities security
SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit sys-project
Saturday, 10 May
Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib
Re: Exploiting Google MX servers as Open SMTP Relays Michael Scheidell
OtherLogic[vocourse.php]SQL Injection Exploit Breeeeh
Re: Exploiting Google MX servers as Open SMTP Relays Gadi Evron
Re: Exploiting Google MX servers as Open SMTP Relays Todd T. Fries
Re: Exploiting Google MX servers as Open SMTP Relays Todd T. Fries
Monday, 12 May
[ GLSA 200805-09 ] MoinMoin: Privilege escalation Pierre-Yves Rofes
Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053
[SECURITY] [DSA 1573-1] New rdesktop packages fix several vulnerabilities Thijs Kinkhorst
[ MDVSA-2008:100 ] - Updated perl packages fix denial of service vulnerability security
Joomla Component xsstream-dm 0.01 Beta SQL Injection houssamix
Re: Exploiting Google MX servers as Open SMTP Relays Clifton Royston
Re: Exploiting Google MX servers as Open SMTP Relays Bojan Zdrnja
[ GLSA 200805-10 ] Pngcrush: User-assisted execution of arbitrary code Pierre-Yves Rofes
[SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities Thijs Kinkhorst
Confirmed Program for SyScan'08 Hong Kong organiser () syscan org
[SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities Thijs Kinkhorst
Re: Re: Exploiting Google MX servers as Open SMTP Relays pablo . ximenes
[SECURITY] [DSA 1574-1] New icedove packages fix several vulnerabilities Moritz Muehlenhoff
Re: Exploiting Google MX servers as Open SMTP Relays Lamont Granquist
[security bulletin] HPSBUX02334 SSRT071403 rev.1 - HP-UX Running ftp, Remote Denial of Service (DoS) security-alert
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib
Tuesday, 13 May
[ GLSA 200805-11 ] Chicken: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200805-12 ] Blender: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200805-13 ] PTeX: Multiple vulnerabilities Pierre-Yves Rofes
[MajorSecurity Advisory #52]ActualAnalyzer family - Cross Site Scripting Issues admin
[SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service dann frazier
iDefense Security Advisory 05.12.08: Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability iDefense Labs
[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator Florian Weimer
[USN-612-1] OpenSSL vulnerability Jamie Strandboge
[USN-612-2] OpenSSH vulnerability Jamie Strandboge
TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability DVLabs
ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability zdi-disclosures
iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability iDefense Labs
[ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code Pierre-Yves Rofes
Cisco BBSM Captive Portal Cross-site Scripting brad . antoniewicz
Wednesday, 14 May
[SECURITY] [DSA 1577-1] New gforge packages fix insecure temporary files Thijs Kinkhorst
Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability cocoruder
Malformed Acrobat Distiller 8 .joboptions Paul Craig
[USN-612-4] ssl-cert vulnerability Kees Cook
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness Florian Weimer
CFP: European Conference on Computer Network Defense Stefano Zanero
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
[USN-612-5] OpenSSH update Jamie Strandboge
[ GLSA 200805-15 ] libid3tag: Denial of Service Tobias Heinlein
Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Re: Cisco BBSM Captive Portal Cross-site Scripting Eloy Paris
Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability" William A. Rowe, Jr.
[ GLSA 200805-16 ] OpenOffice.org: Multiple vulnerabilities Robert Buchholz
[USN-612-6] OpenVPN regression Jamie Strandboge
Thursday, 15 May
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero
Kostenloses Linkmanagementscript SQL Injection Vulnerabilities hadihadi_zedehal_2006
Debian generated SSH-Keys working exploit mm
Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408) Robbie (Rupinder) Gill
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan
RE: Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities (UNCLASSIFIED) Walker, Theresa A CIV DISA CSD
SunShop Version 3.5.1 Remote Blind Sql Injection irvian . info
ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability zdi-disclosures
ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability zdi-disclosures
Friday, 16 May
Hack.lu 2008 CfP info
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Jon Ribbens
[SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness Noah Meyerhans
[ MDVSA-2008:102 ] - Updated libvorbis packages fix vulnerabilities security
[ MDVSA-2008:101 ] - Updated rdesktop packages fix vulnerabilities security
Saturday, 17 May
IOS rootkits Gadi Evron
PHP-Nuke Module KuraniKerim [sid] SQL Injection lovebug
CFP for HITBSecConf2008 - Malaysia now open Praburaajan
[SECURITY] [DSA 1578-1] New php4 packages fix several vulnerabilities Thijs Kinkhorst
StanWeb.CMS (default.asp id) Remote SQL Injection Exploit sys-project
Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053
Monday, 19 May
Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Paul Szabo
Cpanel all version >> root access with a reseller account. a . jasbi
Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tim
Re: Apple iPhone 1.1.3 remote DoS exploit sohotguy
[SECURITY] [DSA 1579-1] New netpbm-free packages fix arbitrary code execution Devin Carraway
Smeego CMS vulnerability 0in . email
Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability William A. Rowe, Jr.
Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure Brett Moore
Re: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan
Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection Brett Moore
Wordpress Malicious File Execution Vulnerability tan_prathan
Microsoft word javascript execution jplopezy
DoS attacks using SQL Wildcards - White Paper Ferruh Mavituna
Tuesday, 20 May
Re: Cpanel all version >> root access with a reseller account. dave
[ MDVSA-2008:103 ] - Updated libid3tag packages fix denial of service vulnerability security
[security bulletin] HPSBST02336 SSRT080071 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029 security-alert
Mtr - remote and local stack overflow - uncomment situation in libresolv. pi3
[SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation Thijs Kinkhorst
ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability zdi-disclosures
AppServ Open Project < = 2.5.10 Remote XSS Vulnerability tan_prathan
An account of the Estonian Internet War Gadi Evron
CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities Williams, James K
[USN-612-7] OpenSSH update Kees Cook
Vulnerability Advisory on GnuTLS josh
eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities hadihadi_zedehal_2006
Vbulletin 3.7.0 Gold >> Sql injection on faq.php a . jasbi
Secunia Research: Foxit Reader "util.printf()" Buffer Overflow Secunia Research
ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow zdi-disclosures
Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability tan_prathan
[security bulletin] HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access security-alert
[security bulletin] HPSBUX02332 SSRT080056 rev.2 - HP-UX Running Apache With PHP, Remote Denial of Service (DoS), Gain Extended Privileges security-alert
[SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution Florian Weimer
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities ascii
RE: An account of the Estonian Internet War Viktor Larionov
[SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution Thijs Kinkhorst
[SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities Thijs Kinkhorst
[ GLSA 200805-17 ] Perl: Execution of arbitrary code Tobias Heinlein
[ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities Robert Buchholz
[ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities Robert Buchholz
RE: An account of the Estonian Internet War Gadi Evron
CORE-2008-0415: Borland Interbase 2007 Integer Overflow CORE Security Technologies
Wednesday, 21 May
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php martin . meredith
[ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities security
[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability Digital Security Research Group
[DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution Digital Security Research Group
Re: mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln alighieri_m
Re: Re: Re: Exploiting Google MX servers as Open SMTP Relays pablo . ximenes
[USN-613-1] GnuTLS vulnerabilities Kees Cook
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Voice Portal Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
[USN-612-8] openssl-blacklist update Jamie Strandboge
[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code Steve Kemp
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php Matias Blanco
CORE-2008-0126: Multiple vulnerabilities in iCal Core Security Technologies Advisories
iDefense Security Advisory 05.21.08: Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability iDefense Labs
www file share pro 5.30 insecure multiple output
Thursday, 22 May
MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub Adrian Pastor
[ GLSA 200805-20 ] GnuTLS: Execution of arbitrary code Robert Buchholz
ZDI-08-028: IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability zdi-disclosures
ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability zdi-disclosures
ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability zdi-disclosures
ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability zdi-disclosures
PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability tan_prathan
phpSQLiteCMS Multiple Remote XSS Vulnerability tan_prathan
[security bulletin] HPSBUX02337 SSRT080072 rev.1 - HP-UX Running HP-UX Secure Shell, Local Unauthorized Access and Denial of Service (DoS) security-alert
Exteen Blog XSS Remote Cookie Disclosure Exploit tan_prathan
BMForum Remote 5.6 Miltiple XSS Vulnerability tan_prathan
/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised Asterisk Security Team
rPSA-2008-0174-1 gnutls rPath Update Announcements
IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability Mark Crowther
abledating 2.4 >> Sql injection and cross site scripting on search_results.php a . jasbi
[SECURITY] [DSA 1586-1] New xine-lib packages fix several vulnerabilities Devin Carraway
Re: /home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised Florian Weimer
Friday, 23 May
Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php andy . huang
[DSECRG-08-024] Multiple Security Vulnerabilities (RFI,LFI,XSS) in QuateCMS Digital Security Research Group
e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability hadihadi_zedehal_2006
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script Ricardo Martins - Chief Security Officers
[DSECRG-08-025] Local File Include in OneCMS 2.5 Digital Security Research Group
rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements
xt:Commerce possible DoS decoder-bugtraq
Saturday, 24 May
[ MDVSA-2008:106 ] - Updated gnutls packages fix denial of service vulnerabilities security
dzoic handshakes sql injection >> index.php on $fname a . jasbi
Re: BosNews v4.0 Remote add user admin sales
vuln in WordPress plugin Upload File(UP) my
PCPIN Chat 6: potential XSS vulnerability in URL redirection script admin
Monday, 26 May
Re: IOS rootkits (fwd) Gadi Evron
Re: vuln in WordPress plugin Upload File(UP) none
Excuse Online (pwd) SQL Injection Vulnerability unohope
phpFix v2 Multiple SQL Injection Vulnerability unohope
function sleep() in all versions of PHP gogulas
Mini-CWB <= 2.1.1 Remote XSS Vulnerability tan_prathan
Class System v2.3 Multiple Remote Vulnerabilities unohope
Ablespace 1.0 'cat_id' Parameter SQL Injection Vulnerability a . jasbi
Campus Bulletin Board v3.4 Multiple Remote Vulnerabilities unohope
SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability Security Objectives, Inc.
Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem Aviram Jenik
Repair Online v1.2 (sentout) Create Admin Vulnerability unohope
Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability irancrash
[SECURITY] [DSA 1587-1] New mtr packages fix execution of arbitrary code Steve Kemp
Re: function sleep() in all versions of PHP Mark Sanders
T2'08: Call for Papers 2008 (Helsinki / Finland) Tomi Tuominen
Tuesday, 27 May
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php skyline
[security bulletin] HPSBUX02335 SSRT071454 rev.2 - HP-UX Running useradd(1M), Local Unauthorized Access security-alert
RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability hadihadi_zedehal_2006
IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH
Re: CORE-2008-0126: Multiple vulnerabilities in iCal security curmudgeon
Re: function sleep() in all versions of PHP Juan Miguel - Prisma Virtual -
Security, Open Source Style Josh Bressers
Re: MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub Adrian Pastor
Re: function sleep() in all versions of PHP cxib
[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
Re: function sleep() in all versions of PHP Charles Morris
Re: function sleep() in all versions of PHP Michael G. Reed
rPSA-2008-0177-1 emacs emacs-leim rPath Update Announcements
[ GLSA 200805-21 ] Roundup: Permission bypass Tobias Heinlein
Re: IOS Rookit: the sky isn't falling (yet) Felix 'FX' Lindner
iDefense Security Advisory 05.27.08: EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability iDefense Labs
ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability zdi-disclosures
iDefense Security Advisory 05.27.08: EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities iDefense Labs
Wednesday, 28 May
rPSA-2008-0178-1 php php-mysql php-pgsql rPath Update Announcements
Re: function sleep() in all versions of PHP Glynn Clements
RE: function sleep() in all versions of PHP Michael Wojcik
[NSG_28-5-08] CA Internet Security Suite 2008 (UmxEventCli.dll/SaveToFile()) remote file corruption poc ipsdix
Re: CORE-2008-0126: Multiple vulnerabilities in iCal Steven M. Christey
rPSA-2008-0105-1 evolution rPath Update Announcements
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses Gerald (Jerry) Carter
[security bulletin] HPSBUX02334 SSRT071403 rev.2 - HP-UX Running ftp, Remote Denial of Service (DoS) security-alert
[ MDVSA-2008:107 ] - Updated openssl package fixes denial of service vulnerabilities security
Vulnerability Advisory on OpenSSL josh
Bypassing URL Authentication and Authorization with HTTP Verb Tampering Arshan Dabirsiaghi
Calcium web calendar: Reflected XSS Marvin Simkin
Thursday, 29 May
Secunia Research: Samba "receive_smb_raw()" Buffer Overflow Vulnerability Secunia Research
Secunia Research: imlib2 PNM and XPM Buffer Overflow Secunia Research
FlashBlog Remote File Upload Vulnerability mefisto
[ GLSA 200805-23 ] Samba: Heap-based buffer overflow Tobias Heinlein
Re: [HV-INFO] Enova hardware encryption: false sense of security rwann
[ GLSA 200805-22 ] MPlayer: User-assisted execution of arbitrary code Tobias Heinlein
Flash Blog Sql Injection 16 . her0
[ MDVSA-2008:108 ] - Updated samba packages fix arbitrary code execution vulnerability security
RE: Bypassing URL Authentication and Authorization with HTTP Verb Tampering Jim Harrison
dvbbs8.2(access/sql)version login.asp remote sql injection hackerb
Re: [HV-INFO] Enova hardware encryption: false sense of security rwann
XEROX DocuShare URL XSS Injection Vulnerabilities DoZ
Friday, 30 May
Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability Admin
VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues VMware Security team
[SECURITY] [DSA 1590-1] New samba packages fix arbitrary code execution Florian Weimer
Saturday, 31 May
[SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
VisualSentinel 0.7 Cross Agent Scripting Vulnerability bugtraq
LokiCMS Multiple Vulnerabilities through Authorization weakness Alireza Hassani
Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability m . morcote
SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier Charles Vaughn