bugtraq (date)

bugtraq (date)

[Thread Index] [Top] [All Lists]

November 30, 2006

LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks, 21:55
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION, blueshisha, 21:14
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs, 20:38
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt, 20:22
contentserv 4.x, capt . nem0, 20:10
safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer, 19:57
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection, 19:36
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle, 19:28
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez, 19:15
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt, 19:00
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS, mr_kaliman, 18:48
[USN-390-1] evince vulnerability, Kees Cook, 18:21
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 16:28
Secunia Research: MailEnable IMAP Service Two Vulnerabilities, Secunia Research, 16:15
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities, security, 14:17
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff, 13:22
[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution, Martin Schulze, 12:52

November 29, 2006

[USN-389-1] GnuPG vulnerability, Kees Cook, 20:12
Potentially OT: AJAX article, clappymonkey, 18:31
[USN-388-1] KOffice vulnerability, Kees Cook, 18:20
Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, Stuart Moore, 17:44
[Aria-Security Team] FipsSHOP SQL Injection, Advisory, 17:19
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks, 16:53
New Windows tool - PWDumpX v1.0, Reed Arvin, 16:33
RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Shawn Fitzgerald, 16:19
OWASP JBroFuzz 0.3 Fuzzer Released!, subere, 15:55
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability, jesper . jurcenoks, 15:41
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability, Mike Prosser, 15:32
Multiple Vulnerabilities in AlternC version 0.9.5, Vincent A . Menard, 15:28
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability, Secunia Research, 15:10
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security, 15:05
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 14:29
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, philip anselmo, 14:08
ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 13:42
iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability, iDefense Labs, 13:36
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, raven, 13:18
Re: ProFTPD mod_tls pre-authentication buffer overflow, Mark Wadham, 13:00
b2evolution Remote File inclusion Vulnerability, tarkus, 12:28
Re: [Full-disclosure] New report on Teredo security, Jeroen Massar, 12:03
New report on Teredo security, Jim Hoagland, 11:44

November 28, 2006

[USN-385-1] tar vulnerability, Kees Cook, 20:42
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, yalnifj, 19:56
[ GLSA 200611-24 ] LHa: Multiple vulnerabilities, Raphael Marichez, 19:07
[ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability, Raphael Marichez, 18:57
[ GLSA 200611-23 ] Mono: Insecure temporary file creation, Raphael Marichez, 18:08
[USN-387-1] Dovecot vulnerability, Kees Cook, 16:14
b2evolution XSS Vulnerabilities, tarkus, 15:53
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, Mefisto, 14:44
ProFTPD mod_tls pre-authentication buffer overflow, research, 13:54
TSLSA-2006-0066 - multi, Trustix Security Advisor, 13:32
evince buffer overflow exploit (gv), kspecial, 13:11
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 13:10
[USN-386-1] ImageMagick vulnerability, Kees Cook, 12:49
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steven M. Christey, 11:57
Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, Jon Hart, 11:45
Re: [WEB SECURITY] The state of JavaScript Hacking, bugtraq, 01:13
uPhotoGallery (v 1.1) SQL Injection, Advisory, 00:29
[ GLSA 200611-22 ] Ingo H3: Folder name shell command injection, Sune Kloppenborg Jeppesen, 00:14

November 27, 2006

CVE-2006-5815: remote code execution in ProFTPD, John Morrissey, 23:44
GnuPG 1.4 and 2.0 buffer overflow, Werner Koch, 23:27
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, research, 23:06
ClickContact SQL Injection, Advisory, 22:31
AIDE problem handling symlinks, fryxar fryxar, 22:14
Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield, 21:11
2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (AT), 20:04
RE: Cracking String Encryption in Java Obfuscated Bytecode, Jeremy Epstein, 19:53
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, sflist, 19:39
[ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen, 18:53
MHL-2006-003 Public Advisory: "mboard" file creation issue, Mayhemic Labs Security, 18:07
iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs, 17:51
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, Francesco Laurita, 17:15
rPSA-2006-0219-1 info install-info texinfo, rPath Update Announcements, 16:48
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, x___ . _, 16:32
Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit), str0ke, 16:15
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 15:58
CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo, 15:47
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), liuqx, 15:27
rPSA-2006-0218-1 ImageMagick, rPath Update Announcements, 15:26
iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability, iDefense Labs, 14:37
[SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities, Noah Meyerhans, 14:36
VMware 5.5.1 Local Buffer Overflow (HTML Exploit), NormandiaN_MailID, 13:48
ClickGallery Sql Injection, Advisory, 13:46
Clickblog Sql Injection, Advisory, 13:32
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename), liuqx, 13:27
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Tim Newsham, 13:09
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution, Moritz Muehlenhoff, 12:05
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability, Advisory, 11:29
[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability, Advisory, 11:14

November 25, 2006

mAlbum v0.3 local file inclusion, tux025, 16:15
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God), 16:04
Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky, 14:50
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl, 14:39
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 14:30
Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer, 12:24
Free tool for pattern identification (for researchers), Gary Golomb, 12:15
Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz, 12:04
AttackAPI 2.0 alpha, pdp (architect), 11:54
Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74, 11:47
Siap Cms Sql Injection (login.asp), nagazakig74, 11:36
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God), 11:26
Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin, 11:16

November 24, 2006

Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise, 19:13
New Windows tool - NBTEnum 3.3, Reed Arvin, 18:45
DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar, 18:30
WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory, 18:16
[ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen, 18:09
CPanel 11 Multiple Cross-Site Scription, Advisory, 18:02
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child, 17:49
[Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory, 16:58
Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig, 16:18
[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen, 15:10
Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij, 14:43
[Aria-Security Team] iNews News Manager SQL Injection, Advisory, 14:16
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory, 13:48
[Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory, 13:26
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory, 12:51
Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto, 12:32
Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET, 12:05
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst, 12:05
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory, 11:53
Wolflab Burning Board Lite 1.0.2 two sql injections, retrog, 11:51
[ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen, 11:38
mmgallery Multiple vulnerabilities, saudi, 11:35
Cross site scripting & fullpath disclosure, saudi, 11:19
Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico, 11:05

November 23, 2006

Cracking String Encryption in Java Obfuscated Bytecode, subere, 18:24
Active PHP Bookmarks (apb.php) Remote file include, philip anselmo, 17:49
[ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen, 16:10
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories, 15:58
Re: *BSD banner INT overflow vulnerability, admin, 14:53
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security, 14:31
Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include, webmaster, 14:30
Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio, 13:42
Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A, 13:32
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc, 12:58
Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI, 12:38
Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell, 12:20
CFP - VII National Computer and Information Security Conference, Jeimy Cano, 12:04
NVIDIA nView (keystone) local Denial Of service, no-reply, 11:47
Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik, 11:20

November 22, 2006

Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on, 18:53
XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14, 18:33
Perl proxy checker using samair.ru, Iko Riyadi, 18:28
CONFidence 2007 CFP, andrzej . targosz, 18:22
Re: *BSD banner INT overflow vulnerability, Bob Beck, 17:52
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito, 17:35
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security, 16:52
Re: Re: *BSD banner INT overflow vulnerability, evilrabbi, 16:36
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito, 16:22
Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato, 15:29
Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim, 15:05
"Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover, 13:01
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield, 12:40
Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti, 11:54
*BSD banner INT overflow vulnerability, Gruzicki Wlodek, 11:17
Re: *BSD banner INT overflow vulnerability, Steve Shockley, 11:14
RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K, 10:56
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research, 10:43

November 21, 2006

Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni, 21:08
[USN-381-1] Firefox vulnerabilities, Kees Cook, 19:50
RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K, 19:13
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 19:11
Vulnerability in PostNuke, sni-labs, 18:52
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team, 18:35
Clarifying integer overflows vs. signedness errors, Steven M. Christey, 18:16
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI, 18:03
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge, 17:41
[USN-382-1] Thunderbird vulnerabilities, Kees Cook, 17:16
JiRos Links Manager[injection sql & xss permanent], saps . audit, 17:14
creadirectory [injection sql & xss], saps . audit, 16:52
Link Exchange Lite [injection sql], saps . audit, 16:28
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin, 15:48
aBitWhizzy [local file include], saps . audit, 14:50
[SECURITY] [DSA 1218-1] New proftpd packages fix denial of service, Moritz Muehlenhoff, 14:44
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research, 14:31
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit, 14:12
[ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen, 13:54
Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research, 13:38
[ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen, 13:20
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev, 13:09
[KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani, 12:38
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories, 12:22
Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl, 12:09
Which is more secure? Oracle vs. Microsoft, David Litchfield, 11:52
[USN-384-1] OpenLDAP vulnerability, Kees Cook, 11:35
The Classified Ad System [multiple xss & injection sql], saps . audit, 03:30
[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security, 03:07
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression, Moritz Muehlenhoff, 02:36
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r, 02:15
Re: GPhotos 1.5 Multiple vulnerabilities, packet, 01:20
Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 00:51
Classified System [injection sql], saps . audit, 00:10

November 20, 2006

[ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 23:49
my little weblog => Cross Site Scripting, the_3dit0r, 23:16
mAlbum v0.3 Multiple vulnerabilitizzz, tux025, 22:41
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code, Moritz Muehlenhoff, 22:03
Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r, 21:27
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security, 20:46
BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r, 20:27
[SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service, Moritz Muehlenhoff, 20:17
[ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen, 19:48
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r, 19:46
Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 19:31
[ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 19:13
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass, Moritz Muehlenhoff, 19:00
[ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen, 18:44
The Week of Oracle Database Bugs, Cesar, 18:42
LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r, 18:19
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security, 18:16
[SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution, Moritz Muehlenhoff, 17:52
Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r, 17:25
mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r, 17:14
mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r, 16:56
iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r, 16:39
enomphp => 4.0 Remote Traversal Directory, the_3dit0r, 16:28
klf-realty [injection sql], saps . audit, 16:04
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r, 15:51
dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r, 15:30
Shopping_Catalog Remote File Include exploit, the_3dit0r, 14:55
RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen, 14:52
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r, 14:15
gNews Publisher SQL Injection Vulnerabilites, Advisory, 14:15
Rialto 1.6[admin login bypass & multiples injections sql], saps . audit, 13:50
eClassifieds [injection sql], saps . audit, 13:48
Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev, 13:33
PHPOLL => 0.96 Cross Site Scripting, the_3dit0r, 13:24
ehomes [multiples injections sql], saps . audit, 13:17
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt, 12:58
PhpBB Module Dimension Remote File Include, bluespy . ok, 12:40
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities, Moritz Muehlenhoff, 12:25
Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit, 12:14
Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info, 12:08
Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r, 12:07
Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis, 11:46
Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen, 11:29

November 18, 2006

Re: Phpjobscheduler 3.0 - Multiple Remote File Include, str0ke, 17:52
Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, security-list, 17:47
GPhotos 1.5 Multiple vulnerabilities, tux025, 17:21
Re: Phpjobscheduler 3.0 - Multiple Remote File Include, Stefano Zanero, 16:40
Re: A-Cart PRO SQL Injection, gmdarkfig, 16:32
Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, gmdarkfig, 16:16
A-Cart 2.0 SQL Injection, Advisory, 15:06
linksys wrt54g v5 authentication bypass fixed, Ginsu Rabbit, 14:30
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite, Advisory, 14:12
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues, admin, 13:59
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, Advisory, 13:38
PhpBB Module Dimension Remote File Include, bluespy . ok, 13:11
BLOG:CMS <= 4.1.3 XSS, katatafish, 13:07
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 13:04
Vikingboard (0.1.2) [ multiples vulnerability ], saps . audit, 12:52
Drone Armies C&C Report - 17 Nov 2006, c2report, 12:47
Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection, gmdarkfig, 12:26
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING, pagvac, 12:07
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues, admin, 11:57
A-Cart PRO SQL Injection, Advisory, 11:46

November 17, 2006

Re: dev_wms => 1.5 Remote File Include Vulnerabilities, Stefano Zanero, 19:53
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability, security, 19:38
Infinitytechs Restaurants CM, saps . audit, 19:18
Re: Airmagnet management interfaces multiple vulnerabilities, ckuan, 19:01
Re: blogcms => 4.0.0 Remote File Include, Stefano Zanero, 18:49
Dating Site [ login bypass & xss], saps . audit, 17:54
MosReporter Joomla Component Remote File Inclusion Exploi, crackers_child, 17:37
XSS vBulletin 3.6.X Admin Control Painel, insanity, 17:15
20/20 datashed [ multiples injection sql ], saps . audit, 17:04
igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote, info, 16:20
Aspmforum [ multiples injection sql (get&post)], saps . audit, 16:02
Sphpblog => 0.8 Remote File Include Vulnerabilities, the_3dit0r, 15:45
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Reversemode, 15:29
TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability, liuqx, 15:10
20/20 real estate [ multiples injection sql ], saps . audit, 14:53
20/20 auto gallery [ multiples injection sql ], saps . audit, 14:33
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory], Advisory, 14:15
Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), dean, 13:18
[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 13:04
TSLSA-2006-0065 - libpng, Trustix Security Advisor, 12:50
[ GLSA 200611-09 ] libpng: Denial of Service, Sune Kloppenborg Jeppesen, 12:36
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS), security-alert, 12:21
[USN-383-1] libpng vulnerability, Kees Cook, 12:04
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png), OpenPKG, 11:56
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities, security, 11:40
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities, security, 03:06
Active News Manager [ injection sql (post&get)], saps . audit, 02:51
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd), OpenPKG, 02:24
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities, security, 01:54
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities, security, 01:46
Kerio WebSTAR local privilege escalation, K F (lists), 01:34
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities, security, 01:21
Pilot Cart V.7.2 [ injection sql (post) ], saps . audit, 00:40
Storystream => 4.0 Remote File Include Vulnerability Exploit, the_3dit0r, 00:29
RED Blog => Remote File Include Vulnerability Exploit, the_3dit0r, 00:04

November 16, 2006

blogcms => 4.0.0 Remote File Include, the_3dit0r, 23:51
ASPintranet SQL Injection, Advisory, 23:39
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit, the_3dit0r, 23:25
Image gallery with Access Database SQL Injection, Advisory, 23:13
rPSA-2006-0211-1 libpng, rPath Update Announcements, 22:59
Links smbclient command execution, Teemu Salmela, 22:41
UK Security Convention - Continuity 2006, Manchester 2600, 22:20
RE: VBulletin DoS Exploit [ all Versions ], Bart Seresia, 22:07
Secunia Research: Panda ActiveScan Multiple Vulnerabilities, Secunia Research, 21:57
eggblog=> 3.1.0 Cross Site Scripting, the_3dit0r, 21:45
Hot Links download backup authorized vulnerabilities (re-post with some edit), hack2prison, 21:36
Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Lucas Holt, 21:25
worksystem => Remote File Include Vulnerability Exploit, the_3dit0r, 21:16
ASP Cart [multiples injection sql (post & get)], saps . audit, 20:58
Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include, AG- Spider, 20:48
BlogTorrent-preview => 0.92 Cross Site Scripting, the_3dit0r, 20:40
Sphpblog => 0.8 Cross Site Scripting, the_3dit0r, 20:33
i-Gallery 3.4 Cross Site Scripting, Advisory, 20:21
Myphotos => Remote File Include Vulnerability Exploit, the_3dit0r, 19:56
Helm Cross Site Scripting, Advisory, 19:45
ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability, zdi-disclosures, 19:38
BaalAsp forum [login bypass ,injections sql(post), xss(post)], saps . audit, 19:28
CandyPress Store[ multiples injection sql ], saps . audit, 19:20
Vulnerabilities in Client Service for NetWare, Avert, 19:11
Whitepaper: Implementing and Detecting a PCI Rootkit, John Heasman, 18:59
eShopping Cart [injection sql], saps . audit, 18:44
Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Marcello Barnaba, 18:27
Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), revenge, 18:11
discloser => 0.0.4 Remote File Include Vulnerability Exploit, the_3dit0r, 17:54
dev_wms => 1.5 Remote File Include Vulnerabilities, the_3dit0r, 17:40
Re: Apple Safari "match" Buffer Overflow Vulnerability, J. Oquendo, 17:15
Secunia Research: MDaemon Insecure Default Directory Permissions, Secunia Research, 16:59
Chetcpasswd 2.x: multiple vulnerabilities, riclem, 16:37
Bloo => 1.00 Remote File Include Vulnerability, the_3dit0r, 16:07
Team Evil - Incident #2, beSIRT, 15:52
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues, admin, 15:30
OdysseusBlog => 1.0.0 Cross Site Scripting, the_3dit0r, 14:40
PhpMyAdmin all version [multiples vulnerability], saps . audit, 14:15
Hot Links download backup authorized vulnerabilities, hack2prison, 13:57
discloser => 0.0.4 Remote File Include Vulnerabilities, the_3dit0r, 13:21
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection, Advisory, 12:58
MetaCart e-Shop [multiples injection sql (get & post)], saps . audit, 12:42
E-commerce Kit 1 PayPal Edition [ injection sql ], saps . audit, 12:27
Bloo => 1.00 Cross Site Scripting, the_3dit0r, 12:07
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability, security, 01:28
FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 00:55
Helm Cross-Site Scripting (XSS), Advisory, 00:36

November 15, 2006

Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research, 23:50
E-Calendar Pro 3.0 [ login bypass & injection sql (post)], saps . audit, 23:28
[SECURITY] [DSA 1212-1] New openssh packages fix denial of service, Noah Meyerhans, 22:53
[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability, security, 20:52
TSLSA-2006-0063 - multi, Trustix Security Advisor, 20:15
TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 19:43
DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 17:34
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo), OpenPKG, 16:32
NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon), 15:23
MultiCalendars [ multiples injection sql ], saps . audit, 14:54
[SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution, Moritz Muehlenhoff, 12:41
Dragon calendar [ login bypass & injection sql ], saps . audit, 11:43

November 14, 2006

hpecs shopping cart[login bypass & injection sql (post)], saps . audit, 21:56
A-Cart pro[ injection sql (post&get)], saps . audit, 21:41
A+ Store E-Commerce[ injection sql & xss (post) ], saps . audit, 21:24
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability, zdi-disclosures, 21:11
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, zdi-disclosures, 20:57
EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, eEye Advisories, 20:35
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux], K F (lists), 19:45
Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner, 19:39
[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'], K F (lists), 19:28
Property Site Manager [login bypass ,multiples injection sql & xss (get)], saps . audit, 18:08
Blogme v3 [admin login bypass & xss (post)], saps . audit, 17:53
FunkyASP Glossary v1.0 [injection sql], saps . audit, 17:39
Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php), navairum, 17:19
Evolve Merchant[ injection sql ], saps . audit, 16:53
Car Site Manager [injection sql & xss (get)], saps . audit, 16:46
Inventory Manager [injection sql & xss (get)], saps . audit, 16:24
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Glynn Clements, 16:00
Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Stefan Esser, 15:44
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick FitzGerald, 15:43
Apple Safari "match" Buffer Overflow Vulnerability, jbh_cg, 15:15
BPG Content Management System SQL Injection, Advisory, 14:58
Engine Manager SQL Injection, Advisory, 14:42
ECommerce Store Shop Builder, Advisory, 14:16
eShopping SQL Injection, Advisory, 13:54
Ustore SQL Injection, Advisory, 13:33
WWWeb Cocepts SQL Injection, Advisory, 13:09
SiteXpress SQL Injection, Advisory, 12:47
ASPintranet SQL Injection, Advisory, 12:35
Real Estate Listing System SQL Injection, Advisory, 12:17
[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze, 11:56
Re: GNU gv Stack Overflow Vulnerability, Noam Rathaus, 00:01

November 13, 2006

[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows, Raphael Marichez, 23:26
Re: Wordpress File Inclusion, Expanders, 23:25
VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2, VMware Security team, 23:09
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue, VMware Security team, 22:53
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit, ajannhwt, 22:41
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1, VMware Security team, 22:38
New Bug MiniBB Forum <= 2 Remote File Include (index.php), philip anselmo, 22:22
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2, VMware Security team, 22:20
[ GLSA 200611-08 ] RPM: Buffer overflow, Raphael Marichez, 22:03
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez, 21:39
[ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities, Raphael Marichez, 21:24
SinFP 2.04 release, works under Windows, GomoR, 21:23
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4, VMware Security team, 21:07
DirectAdmin Multiple Cross Site Scription, Advisory, 20:41
Challenges faced by automated web application security assessment tools, bugtraq, 20:40
[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery, Moritz Muehlenhoff, 20:24
Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt, 20:16
[VulnWatch] iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, iDefense Labs, 20:15
[FLSA-2006:211760] Updated gzip package fixes security issues, David Eisenstein, 19:59
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability, ajannhwt, 19:57
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit, ajannhwt, 19:28
Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, Noam Rathaus, 19:10
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt, 18:49
Old SAP exploits, Nicob, 18:45
CPanel Multiple Cross Site Scription, Advisory, 18:28
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability, ajannhwt, 18:07
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability, ajannhwt, 17:47
ELOG Web Logbook Remote Denial of Service Vulnerability, OS2A BTO, 17:34
Phpdebug 1.1.0 - Remote File Include by Firewall, Firewall1954, 17:34
Phpjobscheduler 3.0 - Multiple Remote File Include, Firewall1954, 17:14
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow, zdi-disclosures, 16:57
Digipass Go3 Token Dumper (at least for 2006), fcollyer, 16:50
VBulletin DoS Exploit [ all Versions ], root, 16:33
Web Interface remote file inclusion, navairum, 16:30
Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", rvirtue, 16:09
shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit, crackers_child, 15:50
infinicart [ multiples injection sql & xss (post) ], saps . audit, 15:48
XSS in Email Signature Script, miladkaleh, 15:30
[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities, Moritz Muehlenhoff, 15:11
Re: Wordpress File Inclusion, emc3, 14:53
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit, ajannhwt, 14:51
Re: feedsplitter considered harmful, wmodes, 14:35
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability, ajannhwt, 14:31
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick Boyce, 14:19
NuRems 1.0 Remote XSS/SQL Injection Exploit, ajannhwt, 14:12
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit, ajannhwt, 13:50
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability, ajannhwt, 13:43
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit, ajannhwt, 13:32
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit, ajannhwt, 13:14
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure], benjilenoob, 12:59
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue, admin, 12:56
TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability, stormhacker, 12:49
Wordpress File Inclusion, vannovax, 12:36
Mega Mall [ multiples injection sql & full path disclosure ], saps . audit, 12:35
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery, Moritz Muehlenhoff, 12:25
Exophpdesk V1.2 - Remote File Include, firewall1954, 12:20
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, philipp . niedziela, 12:01
encapscms 0.3.6 - Remote File Include by Firewall, firewall1954, 11:42

November 10, 2006

ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability, zdi-disclosures, 16:47
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit, corrado . liotta, 14:24
[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, corrado . liotta, 13:34
[ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez, 12:58
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap), OpenPKG, 12:41
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 12:29
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities, security, 12:17
rPSA-2006-0207-1 openssh openssh-client openssh-server, rPath Update Announcements, 12:05
rPSA-2006-0206-1 firefox thunderbird, rPath Update Announcements, 11:49
rPSA-2006-0205-1 php php-mysql php-pgsql, rPath Update Announcements, 11:34
rPSA-2006-0204-1 kernel, rPath Update Announcements, 11:21

November 09, 2006

[ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities, Matthias Geerdsen, 18:11
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert, 17:57
Wheatblog [multiple xss (post) & full path disclosure], saps . audit, 17:49
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob, 17:37
[USN-379-1] texinfo vulnerability, Kees Cook, 17:28
LandShop Real Estate [multiple injection sql & xss], saps . audit, 17:18
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities, Moritz Muehlenhoff, 17:07
GNU gv Stack Overflow Vulnerability, Renaud Lifchitz, 16:58
bitweaver <=1.3.1 [injection sql (post) & xss (post)], saps . audit, 16:48
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability, security, 16:32
omnistar article manager [multiples injection sql], saps . audit, 16:12

November 08, 2006

Antwort: Joomla 1.0.11 Remote File Include, srunschke, 21:31
FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive, FreeBSD Security Advisories, 20:28
FreeWebshop <=2.2.2 [local file include & xss], saps . audit, 20:03
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research, 19:26
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities, security, 18:58
Speedwiki 2.0 Arbitrary File Upload Vulnerability, saps . audit, 18:25
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability, h4ck3riran, 17:48
iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs, 16:33
Abarcar Realty Portal [injection sql], saps . audit, 16:22
Re: Hotmail and Windows Live Mail XSS Vulnerabilities, HASEGAWA Yosuke , 15:54
TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability, TSRT, 15:39
phpsatk => Remote File Include Vulnerability EXploit, h4ck3riran, 15:09
Portix-PHP [login bypass & xss (post)], saps . audit, 15:00
iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities, iDefense Labs Security Advisories, 14:48
Lotus Notes pre-login User.ID key leak, Andrew Christensen, 14:22
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability, security, 13:49
Y.A.N.S sql injection, navairum, 13:33
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability, ajannhwt, 13:16
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities, ajannhwt, 12:53
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop, Cisco Systems Product Security Incident Response Team, 12:34
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities, security, 12:19
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006, Manh Tho, 12:02
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh), OpenPKG, 11:53
[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error, security, 11:42

November 07, 2006

WFTPD Pro Server 3.23 Buffer Overflow, Joxean Koret, 21:21
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, Jesper Jurcenoks, 19:54
XSS in Kayako SupportSuite v3.00.32, hacker hackers, 18:34
[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez, 18:23
WarFTPd 1.82.00-RC11 Remote Denial Of Service, Joxean Koret, 17:22
Minimizing error cascades in vulnerability information management, Steven M. Christey, 16:30
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability, security, 16:13
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, jesper . jurcenoks, 16:03
Re: IE7 website security certificate discrediting exploit, inge_eivind . henriksen, 15:44
News publication system remote File include, navairum, 15:25
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities, security, 15:10
GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability, skulmatic, 13:26
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability, security, 13:12
[USN-376-2] imlib2 regression fix, Kees Cook, 12:58
Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, simo64, 12:02
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob, 11:48

November 06, 2006

IE7 website security certificate discrediting exploit, inge_eivind . henriksen, 19:32
Re: Firefox 1.5.0.7 Exploit, Lubomir Kundrak, 18:35
ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability, zdi-disclosures, 18:19
Re: Firefox 1.5.0.7 Exploit, OOZIE, 18:17
VulnDisco Pack for Metasploit, Evgeny Legerov, 18:02
XSS Vulnerability in Zend Framework Preview 0.2.0, security, 17:44
Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, broken-proxy, 17:41
Hotmail and Windows Live Mail XSS Vulnerabilities, applesoup, 17:25
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities, Moritz Muehlenhoff, 17:01
[SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution, Moritz Muehlenhoff, 16:23
RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes, 16:10
Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New), ajannhwt, 16:01
Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan, 15:55
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues, admin, 15:39
TSLSA-2006-0061 - multi, Trustix Security Advisor, 15:33
[ GLSA 200611-02 ] Qt: Integer overflow, Matthias Geerdsen, 15:21
Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server, ProCheckUp Research, 14:56
Joomla 1.0.11 Remote File Include, root, 14:43
MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-, 14:37
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss], saps . audit, 14:22
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jerome Athias, 14:13
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability, erdc, 14:05
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability, erdc, 13:47
Re: @cid stats v2.3 File Include, Heiko Wundram, 13:40
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability, erdc, 13:25
Mail Drives Security Considerations, darkz . gsa, 13:19
[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability, erdc, 13:03
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jan Heisterkamp, 12:53
PHP Rapid Kill All Version File Injection, null_hack, 12:43
Stanford university SCARF user editing, navairum, 12:30
Article Script v1.*and v1.6.3 Sql injection, liz0, 12:21
@cid stats v2.3 File Include, mahmood ali, 12:02

November 04, 2006

Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Thierry Zoller, 15:44
IF-CMS multiples XSS vunerabilities, saps . audit, 15:15
Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, saps . audit, 15:03
[USN-377-1] NVIDIA vulnerability, Kees Cook, 14:43
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues, admin, 14:26
[USN-378-1] RPM vulnerability, Kees Cook, 14:04
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind), OpenPKG, 13:44
Web Directory Pro bypass Vulnerabilities, hack2prison, 13:22
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php), OpenPKG, 13:04
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Paul Laudanski, 12:49
MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, admin, 12:36
Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan, 12:22
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby), OpenPKG, 12:08
[USN-376-1] imlib2 vulnerabilities, Kees Cook, 11:55

November 03, 2006

ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability, zdi-disclosures, 17:42
XSS in script Mobile, m-0-t, 16:27
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 16:14
SIMPLOG 0.9.3 injection sql & multiple xss, saps . audit, 15:53
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation, Steve Kemp, 14:08
[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability, Matthias Geerdsen, 13:54
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, harrisonholland, 13:41
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales, 13:31
Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A, 13:18
Re: Firefox 1.5.0.7 Exploit, Martin Pitt, 13:06
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities, security, 12:56
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue, security, 12:34
Re: phpMyConferences <= 8.0.2 Remote File Inclusion, Steven M. Christey, 12:21
EUSecWest/London CFP extended to Nov. 7, Dragos Ruiu, 12:14

November 02, 2006

Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability, Stefan Esser, 19:18
RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Richard Stanway, 19:08
RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes, 19:01
Re: Firefox 1.5.0.7 Exploit, Bram Dumolin, 18:51
Re: Firefox 1.5.0.7 Exploit, Robert McGrew, 18:30
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä, 18:10
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä, 17:48
Educational write-up by Amit Klein: "A Refreshing Look at Redirection", Amit Klein, 17:31
[USN-375-1] PHP vulnerability, Martin Pitt, 16:17
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS), security-alert, 16:05
[SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass, Moritz Muehlenhoff, 15:53
iodine client 0.3.2 buffer overflow, poplix, 15:06
Firefox 1.5.0.7 Exploit, koenig, 14:54
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability, Stefan Esser, 14:37
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], securfrog, 14:24
Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00, Nicob, 14:09
Internet Explorer 7 - Still Spyware Writers' Heaven, avivra, 13:51

November 01, 2006

[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege, security-alert, 18:59
[USN-374-1] wvWare vulnerability, Kees Cook, 18:29
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access, security-alert, 17:48
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution, security-alert, 17:33
Re: PLS-Bannieres 1.21 (bannieres.php) File Include, Stefano Zanero, 17:16
[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert, 16:59
rPSA-2006-0202-1 tshark wireshark, rPath Update Announcements, 16:38
Outpost Insufficient validation of 'SandBox' driver input buffer, Matousec - Transparent security Research, 16:11
tikiwiki 1.9.5 mysql password disclosure & xss, securfrog, 15:32
[USN-371-1] Ruby vulnerability, Kees Cook, 13:50
Asterisk Local and Remote Denial of Service vulnerability, sil, 13:39
[USN-373-1] mutt vulnerabilities, Kees Cook, 13:26
Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass, Cisco Systems Product Security Incident Response Team, 13:13
Re: phpLedAds 2.0(dir) File Include, Stefano Zanero, 13:00
Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion, 12:57
[USN-370-1] screen vulnerability, Kees Cook, 11:24
Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A, 10:41
Re: Re: Simple Machines Forum (SMF) XSS issue, oldiesmann, 10:24
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0, security, 10:09
iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability, iDefense Labs, 09:56
iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability, iDefense Labs, 09:41
iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability, iDefense Labs, 09:30