bugtraq (date)

bugtraq (date)

[Thread Index] [Top] [All Lists]

December 30, 2006

Enigma WordPress Bridge (boarddir) Remote File Include, xorontr, 16:26
Enigma Coppermine Bridge (boarddir) Remote File Include, xorontr, 16:11
[vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability, vulnpost-remove, 12:37
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, inge_eivind . henriksen, 12:27
MythControl (MythTV remote control) arbitrary code execution, sapheal, 12:18
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit, Reversemode, 12:10

December 29, 2006

Re: XSS in script Mobilelib GOLD v2, gamr-14, 15:34
DoceboLMS Xss Vuln., starext, 14:10
LDU <= 8.x (journal.php) SQL Injection Vulnerability, starext, 13:52
QuickCam linux device driver allows arbitrary code execution, sapheal, 11:53
XSS in script Mobilelib GOLD v2, gamr-14, 11:40
XSS with default page parameter in Oracle Portal 10g, duchaikhtn, 11:19

December 28, 2006

[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution, Moritz Muehlenhoff, 14:24
[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution, Moritz Muehlenhoff, 12:58
Re: XSS with Vbulletin (new idea !), micmast, 12:31
[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m), OpenPKG GmbH, 12:11
Re: XSS - CMS Made Simple v1.0.2, nanoymaster, 12:03
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution, Moritz Muehlenhoff, 11:55
SMS handling OpenSER remote code executing, sapheal, 11:49
Re: XSS with Vbulletin (new idea !), l . d . 0, 11:42
OpenSER OSP Module remote code execution, sapheal, 11:36
[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution, Moritz Muehlenhoff, 11:26
Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities, xorontr, 11:21

December 27, 2006

ShmooCon Announcement, B Potter, 16:57
NtRaiseHardError Csrss.exe memory Disclosure exploit, Reversemode, 16:36
Re: Cross site scripting & fullpath disclosure, james . brown, 15:06
Secure Login Manager Multiple Input Validation Vulnerabilities, DoZ, 13:10
Host directory full disclosure and input error, hack2prison, 13:00
Re: XSS with Vbulletin (new idea !), bas, 12:50
Re: The (in)security of Xorg and DRI, Pavel Kankovsky, 12:40
Re: LuckyBot v3 Remote File Include, Stuart Moore, 12:33
Re: phpcms <=- 1.1.7 Remote File Inclusion, Hugo van der Kooij, 12:21

December 26, 2006

Re: phpcms <=- 1.1.7 Remote File Inclusion, Stuart Moore, 17:59
Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns, 16:09
[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links), OpenPKG GmbH, 11:28
[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser), OpenPKG GmbH, 11:19
LuckyBot v3 Remote File Include, i-k-t, 11:09
logahead UNU edition 1.0 Remote File Upload & code execution, corrado . liotta, 11:07
XSS - CMS Made Simple v1.0.2, Curtis Zimmerman, 10:56
HLStats Remote SQL Injection Exploit, nospam, 10:47
PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability, xorontr, 10:38
phpcms <=- 1.1.7 Remote File Inclusion, Zarloule04, 10:24
Cahier de texte V2.2 Bypass general access protection exploit, gmdarkfig, 10:16

December 25, 2006

PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities, DoZ, 16:26
[SECURITY] [DSA 1241-1] New squirrelmail packages fix cross-site scripting, Moritz Muehlenhoff, 16:13
XSS with Vbulletin (new idea !), ashraf1984, 15:42
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein, 15:07
Forum AnyBoard - Sql Inyection By Firewall, Firewall1954, 14:08
Fishyshoop Security Vulnerability, James Gray, 13:51
TimberWolf 1.2.2 vulnerable to XSS, corrado . liotta, 13:41
Chatwm V1.0 SqL Injection Vuln., ShaFuq31, 13:26
Okul Merkezi Portal v1.0 Remote File IncLude Vuln., ShaFuq31, 12:35
iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability, iDefense Labs, 12:27
iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability, iDefense Labs, 12:04

December 23, 2006

Multiple Bugs in Future Internet ( XSS & SQL Injection ), xx_hack_xx_2004, 14:14
Efkan Forum v1.0 SqL Inj. Vuln., ShaFuq31, 14:12
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability, zdi-disclosures, 13:25
ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability, zdi-disclosures, 13:15
ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability, zdi-disclosures, 13:07
Re: Multiple Remote Vulnerabilities in KISGB, str0ke, 12:21
Re: Multiple Remote Vulnerabilities in KISGB, 3APA3A, 12:12

December 22, 2006

SQID v0.2 - SQL Injection Digger., contact, 15:42
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, putosoft softputo, 13:51
Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Mike, 13:35
TSLSA-2006-0074 - multi, Trustix Security Advisor, 12:40
Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Thierry Zoller, 12:25
Oracle Applications/Portal 9i/10g Cross Site Scripting, putosoft softputo, 12:11
rPSA-2006-0234-1 firefox, rPath Update Announcements, 11:57
Xt-News 0.1 : SQL Injection Vulnerability & XSS, mr_kaliman, 11:45
RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Michele Cicciotti, 11:36

December 21, 2006

Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio, 18:44
RE: Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch, 18:25
Re: Oracle Portal 10g HTTP Response Splitting, majororacle, 18:11
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh, 18:06
PWDumpX updated (includes CacheDump functionality), Reed Arvin, 17:54
OpenSER 1.1.0 parse_config buffer overflow vulnerability, sapheal, 17:30
[OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby), OpenPKG GmbH, 17:22
Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus, 17:15
Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus, 17:01
Re: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad, 16:50
Re: RE: Trend Micro's Vista "0day exploit auction" claim, agoodhez1, 16:43
[TOOL] untidy - XML Fuzzer, Andres Riancho, 16:31
Re: Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images, matthieu . paineauSTOPSPAM, 16:26
SQID v0.1 - SQL Inhection Digger., contact, 16:20
Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, 3APA3A, 16:15
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Alexander Sotirov, 16:03
RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic), Michele Cicciotti, 15:54
Ixprim CMS 1.2 Remote Blind SQL Injection Exploit, gmdarkfig, 15:45
Re: [Full-disclosure] Fun with event logs (semi-offtopic), endrazine, 15:34
Re: Enforcing Java Security Manager in Restricted Windows Environments?, jim, 15:28
RE: [Full-disclosure] Fun with event logs (semi-offtopic), Michele Cicciotti, 15:18
[ MDKSA-2006:234 ] - Updated mono packages fix vulnerability, security, 14:50
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A, 14:28
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution, Steve Kemp, 13:53
Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic), 3APA3A, 13:45
Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A, 13:15
Re: Oracle <= 9i / 10g File System Access via utl_file Exploit, Marco Ivaldi, 12:59
Fun with event logs (semi-offtopic), 3APA3A, 12:39
[CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability, Williams, James K, 12:12
NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory, security, 11:59
[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus), OpenPKG GmbH, 11:47

December 20, 2006

[USN-397-1] mono vulnerability, Kees Cook, 17:45
RE: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad, 17:28
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy, 16:19
RE: Trend Micro's Vista "0day exploit auction" claim, Roger A. Grimes, 16:08
[ GLSA 200612-21 ] Ruby: Denial of Service vulnerability, Raphael Marichez, 15:53
[ GLSA 200612-20 ] imlib2: Multiple vulnerabilities, Raphael Marichez, 15:43
[ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability, Raphael Marichez, 15:28
[security bulletin] HPSBST02180 SSRT061288 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-072 Through MS06-078, security-alert, 15:05
[security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege, security-alert, 14:54
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton, 14:19
Re: Oracle <= 9i / 10g File System Access via utl_file Exploit, sumit kumar soni, 13:45
Mono XSP ASP.NET Server sourcecode disclosure vulnerability, jose . palanco, 13:30
NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory, security, 12:20
Oracle Portal 10g HTTP Response Splitting, putosoft softputo, 12:05
SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability, SEC Consult Research, 11:52
ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability, zdi-disclosures, 11:37

December 19, 2006

RE: Cisco not honoring update promises?, Michael Scheidell, 19:08
MkPortal Urlobox Cross Site Request Forgery, info, 17:51
Multiple Bugs in MINI WEB SHOP, xx_hack_xx_2004, 17:30
Oracle <= 9i / 10g File System Access via utl_file Exploit, none, 16:58
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit, none, 16:42
Burak Yilmaz Download Portal Sql Injection Vuln., ShaFuq31, 16:13
xss in Support Cards v1 ( oSTicket ), l . d . 0, 15:59
Trend Micro's Vista "0day exploit auction" claim, Ryan Meyer, 15:15
RE: [BULK] - New Skype Worm, Hubbard, Dan, 13:33
HP Printers FTP Server Denial Of Service, Joxean Koret, 13:18
New Skype Worm, Christopher Mosby, 13:01
Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo., filip . palian, 12:41
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities, 7all7, 12:25
HITBSecConf2007 - Dubai - Call for Papers now open!, Praburaajan, 12:08
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability, security, 11:51
[ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability, security, 11:34

December 18, 2006

[security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS), security-alert, 17:47
Re: Checkpoint NG3 ICMP Flood, Hugo van der Kooij, 16:43
Re: Checkpoint NG3 ICMP Flood, Michael Schwartzkopff, 16:16
Re: Cisco not honoring update promises?, rsmoak, 16:02
[ GLSA 200612-18 ] ClamAV: Denial of Service, Sune Kloppenborg Jeppesen, 15:37
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Marcus Meissner, 15:27
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Kamchybek Jusupov, 14:17
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, p . kerr, 14:06
Checkpoint NG3 ICMP Flood, bdmoraes, 13:56
Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow, Secunia Research, 13:41
SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response, research, 13:27
RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability, saudi, 13:11
Re: The (in)security of Xorg and DRI, Darren Reed, 12:59
HyperVM Cross-Site Scripting, Advisory, 12:45
Cisco not honoring update promises?, Michael Scheidell, 12:33
Re: The (in)security of Xorg and DRI, Darren Reed, 12:20
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution, Moritz Muehlenhoff, 12:10
[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities, Moritz Muehlenhoff, 12:00
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities, Dann Frazier, 11:48

December 16, 2006

Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs., Pasi Sjoholm, 18:53
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Hunger, 15:27
[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities, DoZ, 14:24
Contra Haber Sistemi v1.0 SqL Injection Vuln., ShaFuq31, 14:09
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, willysr, 13:56
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, George Yobst, 13:39
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, ox90x86, 13:30
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, bastyaelvtars, 13:21
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, gplit, 13:06
Odysseus 2.0 / Telemachus 1.0 (Beta), Dave, 12:51
Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln., ShaFuq31, 12:42
XSS in gmial google, gamr-14, 12:32
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Dragos Ruiu, 12:22
RE: Windows Explorer WMV File Denial Of Service Vulnerability, Ulises Cuñé, 12:09
Drone Armies C&C Report - 15 Dec 2006, c2report, 11:58

December 15, 2006

[OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd), OpenPKG GmbH, 18:28
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Josh Bressers, 17:23
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 16:44
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Bruno Lustosa, 15:44
Bypassing process identification of several personal firewalls and HIPS, Matousec - Transparent security Research, 14:45
Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, gplit, 13:10
Re: The (in)security of Xorg and DRI, Nicolas RUFF, 12:13
Project Server 2003 - Credential Disclosure, Brett Moore, 11:41
[security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access, security-alert, 11:15
Windows Media MID File Denial Of Service Vulnerability, sehato, 11:01
[USN-396-1] gdm vulnerability, Kees Cook, 10:54
Windows Explorer WMV File Denial Of Service Vulnerability, sehato, 10:44
TSLSA-2006-0072 - clamav, Trustix Security Advisor, 10:34
BitDefender AV Packed PE File Parsing Engine Heap Overflow, security, 10:29
[ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability, security, 10:17

December 14, 2006

Top 10 Real Computer Crimes for 2007, Pete Herzog, 20:07
[ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH, Sune Kloppenborg Jeppesen, 19:40
CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th), Dragos Ruiu, 19:32
Kerio MailServer < 6.3.1 remote Denial of Service, research, 18:19
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Gadi Evron, 18:18
[ GLSA 200612-17 ] GNU Radius: Format string vulnerability, Raphael Marichez, 17:10
Re: Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, schafer_jeffrey, 16:50
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Juha-Matti Laurio, 15:45
Re: iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability, iDefense Labs, 15:28
Re: The newest Word flaw is due to malformed data structure handling, Juha-Matti Laurio, 15:27
NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page, Gadi Evron, 15:02
[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 14:48
[VulnWatch] iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability, iDefense Labs, 14:43
[CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities, Williams, James K, 14:24
[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability, security, 13:45
[ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability, security, 13:22
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, schafer_jeffrey, 13:03
rPSA-2006-0232-1 libgsf, rPath Update Announcements, 12:58
[USN-380-2] avahi regression, Martin Pitt, 12:32
[ GLSA 200612-16 ] Links: Arbitrary Samba command execution, Raphael Marichez, 11:42
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Jerome Athias, 11:25
HyperAccess - Multiple Vulnerabilities, Brett Moore, 11:08
GenesisTrader v1.0 - Multiple Vulnerabilities, mr_kaliman, 10:41
The (in)security of Xorg and DRI, Darren Reed, 10:40
Call for papers and presenters - Dec. 15th deadline, Mike Allgeier, 10:34
Re: The newest Word flaw is due to malformed data structure handling, Steven M. Christey, 10:17

December 13, 2006

ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability, zdi-disclosures, 17:45
CORE-2006-1127: ProFTPD Controls Buffer Overflow, CORE Security Technologies Advisories, 17:30
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability, zdi-disclosures, 16:49
[VulnWatch] IBM DB2 Remote DoS during CONNECT processing, Team SHATTER, 15:54
ASP Cmd Shell On IIS 5.1, Brett Moore, 14:30
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks, Steve Kemp, 13:04
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service, Steve Kemp, 11:55
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service, Steve Kemp, 11:32
Re: worksystem => Remote File Include Vulnerability Exploit, Laurent . van_den_reysen, 11:13

December 12, 2006

Re: Re: The newest Word flaw is due to malformed data structure handling, test, 18:49
ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability, zdi-disclosures, 18:27
Re: shopsite advisory, bugtraq, 18:20
[ GLSA 200612-14 ] Trac: Cross-site request forgery, Sune Kloppenborg Jeppesen, 18:05
[ GLSA 200612-13 ] libgsf: Buffer overflow, Sune Kloppenborg Jeppesen, 17:48
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability, zdi-disclosures, 17:41
[VulnWatch] iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability, iDefense Labs, 17:39
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:32
[VulnWatch] iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability, iDefense Labs, 16:36
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability, zdi-disclosures, 16:26
Secunia Research: Internet Explorer Script Error Handling Memory Corruption, Secunia Research, 16:08
Re: The newest Word flaw is due to malformed data structure handling, Dave \"No, not that one\" Korn, 15:54
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), chinese soup, 15:41
Re: [fuzzing] OWASP Fuzzing page, Joxean Koret, 15:31
BLOG:CMS Remote file include Vulnerability, security, 15:22
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability, zdi-disclosures, 15:04
Re: PHP 5.2.0 session.save_path safe_mode and open_basedir bypass, Ismail Donmez, 15:00
rPSA-2006-0231-1 squirrelmail, rPath Update Announcements, 13:52
rPSA-2006-0230-1 evince, rPath Update Announcements, 13:34
Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability, rko . thelegendkiller, 13:17
[SBDA] SiteKiosk - FileSystem Access, Brett Moore, 13:09
OpenLDAP kbind authentication buffer overflow, Solar Eclipse, 12:49
[ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability, security, 12:27
Re: The newest Word flaw is due to malformed data structure handling, Alexander Sotirov, 12:07
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow, Raphael Marichez, 11:44

December 11, 2006

[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability, security, 21:45
[ GLSA 200612-05 ] KOffice shared libraries: Heap corruption, Sune Kloppenborg Jeppesen, 21:36
Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow, Secunia Research, 20:42
[ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez, 20:09
RFID access control tokens widely open to cloning, Adam Laurie, 19:51
[ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities, Raphael Marichez, 19:19
[ GLSA 200612-04 ] ModPlug: Multiple buffer overflows, Raphael Marichez, 19:00
Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup, Williams, James K, 18:52
The newest Word flaw is due to malformed data structure handling, Juha-Matti Laurio, 18:37
[ GLSA 200612-10 ] Tar: Directory traversal vulnerability, Matthias Geerdsen, 18:21
Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup, Williams, James K, 18:06
[ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez, 17:54
Re: Another, different MS Word 0-day vulnerability reported, Juha-Matti Laurio, 17:39
looking for security community input, Gadi Evron, 17:06
Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability, Secunia Research, 16:55
Another, different MS Word 0-day vulnerability reported, Juha-Matti Laurio, 16:23
shopsite advisory, DoZ, 16:17
Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document, Juha-Matti Laurio, 15:22
Multiple vulnerabilities in Winamp Web Interface 7.5.13, Luigi Auriemma, 15:03
[ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez, 14:49
ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities, Raphael Marichez, 14:20
Firefox 2.0 security bug: Extensions can hide themself, azurIt, 13:57
RFIDIOt release - version 0.1i, Adam Laurie, 13:33
Unauthenticated access to IBM Host On-Demand administration pages, Ferguson, David (Kansas City), 13:13
[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities, security, 13:07
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow, Raphael Marichez, 12:49
D-LINK DWL-2000AP+ remote DoS, poplix, 12:31
[SBDA] - ColdFusion MX7 - Multiple Vulnerabilities, Brett Moore, 12:11
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, robert, 11:54
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities, Dann Frazier, 11:44

December 09, 2006

[SECURITY] [DSA 1232-1] New clamav packages fix denial of service, Moritz Muehlenhoff, 13:30
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution, Moritz Muehlenhoff, 13:21
AnnonceScriptHP V2.0 Multiple Vulnerabilities, mr_kaliman, 13:12
Messageriescripthp V2.0 XSS & SQL Injection, mr_kaliman, 13:00
ProNews V1.5 XSS & SQL Injection, mr_kaliman, 12:51
KDPics Multiple Vulnerabities, mr_kaliman, 12:39
[ GLSA 200612-02 ] xine-lib: Buffer overflow, Sune Kloppenborg Jeppesen, 12:30
Call For Papers: SecurityOPUS 2007, Sharkey, 12:20
Re: XSS in JAB Guest Book, Barnz, 12:11
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability, iDefense Labs, 12:01
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability, iDefense Labs, 11:53
iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability, iDefense Labs, 11:43

December 08, 2006

Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch, 19:59
PhpBB Toplist 1.3.7 Xss Vuln., starext, 19:18
ASX Playlists and Jumping to Conclusions, Sûnnet Beskerming, 18:15
[USN-394-1] Ruby vulnerability, Kees Cook, 18:02
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass, cxib, 17:48
Animated Smiley Generator File Include Vul., starext, 17:32
LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability, advisories, 17:16
LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability, advisories, 16:59
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), chinese soup, 16:48
[CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability, Williams, James K, 15:10
Midicart vulerable, ifx, 14:40
Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written, Juha-Matti Laurio, 13:48
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow, Steve Kemp, 13:15
[OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar), OpenPKG GmbH, 12:56
TSLSA-2006-0070 - multi, Trustix Security Advisor, 12:41
[Aria-Security Team] cPanel BoxTrapper Cross Site Scripting, Advisory, 12:33
[Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting, Advisory, 12:24
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting, Advisory, 12:08

December 07, 2006

EEYE: Intel Network Adapter Driver Local Privilege Escalation, eEye Advisories, 22:05
[OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg), OpenPKG GmbH, 21:01
DUdirectory Admin Panel SQL Injection, Meftun, 18:23
[USN-393-2] GnuPG2 vulnerabilities, Kees Cook, 17:22
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Tomasz Kojm, 16:11
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit, crackers_child, 15:58
Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, 3APA3A, 15:54
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, michele.sandrelli@katamail.com, 15:34
[USN-390-3] evince-gtk vulnerability, Kees Cook, 15:20
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, Juha-Matti Laurio, 15:18
phpbb 2.0.x [xss], saps . audit, 15:00
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), Andrius Paurys, 14:36
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Luke Borg, 14:31
Re: The Week of Oracle Database Bugs, Tony Jambu, 14:14
[USN-393-1] GnuPG vulnerability, Kees Cook, 14:02
Some Thoughts about Office Open XML and Malware Detection, Jan P. Monsch, 13:50
Re: XSS in JAB Guest Book, Steven M. Christey, 13:27
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability, TSRT, 13:08
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Gadi Evron, 13:05
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Tomasz Kojm, 12:49
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, Andrew Simmons, 12:45
Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability, info, 12:22
Linksys WIP 330 VoIP wireless phone crash from Nmap scan, Shawn Merdinger, 12:09
[ GLSA 200612-01 ] wv library: Multiple integer overflows, Sune Kloppenborg Jeppesen, 12:04
New MySpace worm could be on its way, pdp (architect), 11:49
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability, zdi-disclosures, 11:48

December 06, 2006

Microsoft 0-day word vulnerability - Secunia - Extremely critical, Ryan Buena, 20:17
rPSA-2006-0227-1 gnupg, rPath Update Announcements, 18:30
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability, security, 16:29
rPSA-2006-0226-1 kernel, rPath Update Announcements, 14:46
GnuPG: remotely controllable function pointer [CVE-2006-6235], Werner Koch, 14:00
SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability, research, 13:32
Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Hendrik Weimer, 13:15
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell, 13:02
BTSaveMySql 1.2 (acces to config files), sn0oPy . team, 12:46
Oracle PL/SQL Fuzzing Tool, Joxean Koret, 12:31
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution, Martin Schulze, 12:16
FreeBSD Security Advisory FreeBSD-SA-06:26.gtar, FreeBSD Security Advisories, 11:57
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem, FreeBSD Security Advisories, 11:39
Uploadscript Vulnerabilities: Text file Hash password, hack2prison, 11:26
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), José Carlos Nieto Jarquín, 11:14
Internet Explorer 6. CSS Expression Denial of Service (P.o.C.), José Carlos Nieto Jarquín, 11:03
Barracuda Convert-UUlib library buffer overflow leads to remote compromise, Jean-Sébastien Guay-Leroux, 10:53
[USN-390-2] evince vulnerability, Kees Cook, 10:38
[ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability, security, 10:20
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability, eEye Advisories, 10:07

December 05, 2006

HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert, 19:44
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Ansgar -59cobalt- Wiechers, 19:22
[security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert, 17:43
Re: EasyPage Portal ( all ver )SQL Injection, saps . audit, 17:26
Re: Symantec LiveState Agent for Windows vulnerabi, eugeny gladkih, 17:05
Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln, saps . audit, 16:50
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution, Moritz Muehlenhoff, 16:31
eEye's Zero-Day Tracker Launch, chinese soup, 16:26
Re: Symantec LiveState Agent for Windows vulnerabi, Damjan, 16:21
EasyPage Portal ( all ver )SQL Injection, matrix, 16:02
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Steve Shockley, 15:38
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Thor (Hammer of God), 15:30
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, eugeny gladkih, 14:48
DistrRTgen 1.0 launched!, Martin Jørgensen, 14:04
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal, Mariano Nuñez Di Croce, 14:03
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features, Mariano Nuñez Di Croce, 13:47
Re: [Aria-Security Team] uGestBook SQL Injection Vuln, Stuart Moore, 13:05
URL Rdirecction Bug Yahoo, matrix, 12:56
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell, 12:44
Re: Evolve Merchant[ injection sql ], tony, 12:29
Re: GnuPG 1.4 and 2.0 buffer overflow, Damien Miller, 12:16
Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, 3APA3A, 12:09
[KOffice security advisory] KOffice OLEfilter integer overflow, Dirk Mueller, 12:07
SNORT Covered channels detector patch, fryxar fryxar, 11:53
TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities, TSRT, 11:38

December 04, 2006

new xss in modbb forum, h angel, 21:15
Re: Multiple bugs in TFT-Gallery, simo64, 20:51
rPSA-2006-0211-2 doxygen libpng, rPath Update Announcements, 18:57
XSS in JAB Guest Book, nj, 18:38
[USN-392-1] xine-lib vulnerability, Kees Cook, 18:32
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, ss_team, 18:22
[ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability, security, 18:09
[USN-391-1] libgsf vulnerability, Kees Cook, 18:06
Re: aBitWhizzy [local file include], john . goodman, 17:53
F-Prot Antivirus for Unix: heap overflow and Denial of Service, research, 17:28
Multiple bugs in TFT-Gallery, nj, 17:13
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze, 16:52
Re: Invision Gallery 2.0.7 SQL Injection Vulnerability, emin, 16:38
[Aria-Security Team] uGestBook SQL Injection Vuln, Advisory, 16:18
Re: UPublisher Exploit - Superfreaker, me, 15:51
Vt-Forum Lite System V.1.3 Xss Vuln., starext, 15:19
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution, Moritz Muehlenhoff, 14:57
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze, 14:38
MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, ajannhwt, 14:20
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting, ajannhwt, 14:03
2[xss]Vulnerabilities in Script Mobile Ac4p.com, gamr-14, 13:52
SMF upload XSS vulnerability, Jessica Hope, 13:40
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze, 13:28
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities, Martin Schulze, 13:16
Online BookMarks Multiple SQL Injection/XSS Vulnerabilities, security, 13:03
fl0p - passive L7 flow fingerprinting, Michal Zalewski, 12:47
[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail, ISecAuditors Security Advisories, 12:36
Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln., ShaFuq31, 12:22
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail, ISecAuditors Security Advisories, 12:10
listpics v5, blasterim, 11:58
[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS, ISecAuditors Security Advisories, 11:41

December 02, 2006

[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln, Advisory, 15:02
[Aria-Security Team] DuWare DuForum SQL Injection Vuln, Advisory, 14:37
CuteNews 1.3.6 XSS, emulamex, 14:21
[Aria-Security Team] DuWare DuDownloads SQL Injection Vuln, Advisory, 14:06
[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability, security, 13:46
KhaledMuratList mdb, blasterim, 13:32
PHPNews 1.3.0 XSS, emulamex, 13:19
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln, Advisory, 12:59
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln, Advisory, 12:34
[Aria-Security Team] DuWare DuNews SQL Injection Vuln, Advisory, 12:22
[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability, security, 12:11
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-, 01:19
Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Simon Josefsson, 00:17

December 01, 2006

rPSA-2006-0222-1 tar, rPath Update Announcements, 23:52
TSLSA-2006-0068 - multi, Trustix Security Advisor, 22:14
Aspee Ziyareti Defteri (tr) Sql injection Vuln., ShaFuq31, 22:02
rPSA-2006-0224-1 gnupg, rPath Update Announcements, 21:35
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle, 20:53
[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff, 20:19
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability, iDefense Labs, 19:48
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability, iDefense Labs, 19:29
rPSA-2006-0220-1 dovecot, rPath Update Announcements, 18:29
deV!L`z Clanportal - SQL Injection [061124a], Tim Weber, 17:18
Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability, Matousec - Transparent security Research, 16:01
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite, Noah Meyerhans, 15:27
Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability, dh, 15:18
deV!L`z Clanportal - Arbitrary File Upload [061124b], Tim Weber, 14:12
[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites, Advisory, 13:58
rPSA-2006-0221-1 openldap openldap-clients openldap-servers, rPath Update Announcements, 13:44
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability, security, 13:13
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability, security, 12:44
Invision Gallery 2.0.7 SQL Injection Vulnerability, infection, 12:34
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation, Steve Kemp, 12:26
Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, emin, 12:12
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures, 11:54