bugtraq (date)

bugtraq (date)

[Thread Index] [Top] [All Lists]

March 31, 2007

Remot File Include In Aardvark Topsites PHP 5, RaeD Hasadya, 13:28
Remot File Include In Shop-SCRIPT FREE, RaeD Hasadya, 13:18
Remot File Include In SLAED_CMS_2, RaeD Hasadya, 13:09
PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC, UniquE, 12:58
Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov, 12:47
Windows .ANI Stack Overflow Exploit, devcode29, 12:37
On-going Internet Emergency and Domain Names, Gadi Evron, 12:28
CA BrightStor ARCserve Backup Mediasvr.exe vulnerability, Williams, James K, 12:19
RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038), Eric Sites, 12:10
Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov, 11:59
Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Jan Wrobel, 11:50

March 30, 2007

TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability, TSRT, 18:09
Busting The Bluetooth Myth, Max Moser, 17:58
[ GLSA 200703-26 ] file: Integer underflow, Raphael Marichez, 17:44
ANI Zeroday, Third Party Patch, Marc Maiffret, 13:09
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, support, 12:38
[ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability, erdc, 12:25
The Week Of Vista Bugs [TWOVB], TWOVB Team, 12:06
Re: Bypass phishing protection in Firefox / Opera, Łukasz Pilorz, 11:54
AIX 4.3 lsmcode local root command execution, pr1nce_empire, 11:46
DrakeCMS multiple vulerabilities, security, 11:31
VMSA-2007-0002 VMware ESX security updates, VMware Security team, 11:24
CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability, M. Shirk, 11:18
0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov, 11:12
Mybb Change Password Vulnerability, security, 11:06

March 29, 2007

Re: Re: Bypass phishing protection in Firefox / Opera, zonafirefox, 18:54
FLEA-2007-0005-1: slocate, Foresight Linux Essential Announcement Service, 18:44
[ MDKSA-2007:073 ] - Updated openoffice.org packages to address vulnerabilities, security, 18:37
[ GLSA 200703-25 ] Ekiga: Format string vulnerability, Raphael Marichez, 18:02
[ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror, security, 17:30
FLEA-2007-0004-1: openoffice.org, Foresight Linux Essential Announcement Service, 16:50
iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability, iDefense Labs, 15:17
[ MDKSA-2007:071 ] - Updated xmms packages to address integer vulnerabilities, security, 14:33
AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability, Justin Seitz, 14:23
Re: Re: Bypass phishing protection in Firefox / Opera, bob, 14:13
Windows Live Spaces logged user NetworkSetup.aspx cross site scripting, paolo . difebbo, 13:31
Re: Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability, acme, 12:56
[Full-disclosure] [USN-447-1] KDE library vulnerabilities, Kees Cook, 12:40
Widespread vulnerabilities in Libero.it/Infostrada.it web portals, rosario . valotta, 12:34
Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability, bithedz, 12:21
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, support, 12:05
Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit, ajannhwt, 12:00
Re: Bypass phishing protection in Firefox / Opera, Anonymous, 11:48
Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability, 3APA3A, 11:38
rPSA-2007-0061-1 inkscape, rPath Update Announcements, 11:31
[VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability, Michał Majchrowicz, 00:32

March 28, 2007

Arbitrary Command Execution in DataDomain Administrator Interface, Elliot Kendall, 16:00
[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze, 15:23
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue, Moritz Naumann, 14:40
Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180), Tim Rees, 14:23
Re: [viewvc-users] Update: ViewCVS and ViewVC 'checkout view' content type fixation issue, C. Michael Pilato, 14:12
Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team, 13:55
Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)., William A. Rowe, Jr., 13:54
Re: [SECURITY ALERT] osTicket bugs, eticket, 13:41
Re: Multiple Vulnerabilities In osTicket, eticket, 13:30
ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability, zdi-disclosures, 13:12
iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability, iDefense Labs, 13:12
iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability, iDefense Labs, 12:52
[Full-Disclosure] Another XSS vulnerability in italian Libero.it, Matteo G.P. Flora, 12:37
Corel Wordperfect Office X3 Stack Overflow, jonny, 12:25
[USN-446-1] NAS vulnerabilities, Kees Cook, 12:12
Bypass phishing protection in Firefox / Opera, zonafirefox, 11:59
[USN-445-1] XMMS vulnerabilities, Kees Cook, 11:47
[USN-444-1] OpenOffice.org vulnerabilities, Kees Cook, 11:32
Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC, andy, 11:20

March 27, 2007

Re: RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability, 5150sd, 18:14
Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability, Robert Święcki, 16:43
[USN-443-1] Firefox vulnerability, Kees Cook, 16:19
[SECURITY] [DSA 1273-1] New nas packages fix multiple remote vulnerabilities, Noah Meyerhans, 14:13
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01, skillTube.com, 13:33
[ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability, security, 13:19
Linux Kernel DCCP Memory Disclosure Vulnerability, Robert Święcki, 13:08
Yahoo! Messenger Auth Bypass Vulnerability, kishor . tech, 12:55
[KDE Security Advisory] KDE ioslave PASV port scanning vulnerability, Dirk Mueller, 12:41
[ECHO_ADV_78$2007] C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability, erdc, 12:28
[KAPDA::#64] - Flexbb Sql Injection, alireza hassani, 12:13
Metasploit Framework 3.0 RELEASED!, H D Moore, 12:02
Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC, UniquE, 11:49
Re: Path Disclosure - Wordpress 2.1.2, jm, 11:39
Re: Horde Webmail Multiple HTML Injection vulnerability, Jan Schneider, 11:28

March 26, 2007

[ GLSA 200703-24 ] mgv: Stack overflow in included gv code, Raphael Marichez, 16:21
[USN-442-1] Evolution vulnerability, Kees Cook, 16:08
[USN-441-1] Squid vulnerability, Kees Cook, 15:48
Libero.it (italian ISP) XSS vulnerability, rosario . valotta, 14:08
Playstation 3 "Remote Play" Remote DoS Exploit, mak0b, 13:57
FLEA-2007-0003-1: cups, Foresight Linux Essential Announcement Service, 13:41
Re: **SubHub v2.3.0**, webmaster, 13:30
PHP 5.2.1 with PECL phpDOC local buffer overflow, retrog, 13:19
Multiple XSS in IronMail, Javier Olascoaga, 13:11
Re: [Full-disclosure] XSS at Aon.at, Austrian ISP, Nikolay Kichukov, 13:06
Re: Linksys WAG200G - Information disclosure, Bartłomiej Ochman, 12:48
Satel Lite for PhpNuke (Satellite.php) <= Local File Inclusion, stormhacker, 12:32
Fizzle : Firefox Extension Vulnerability, CrYpTiC MauleR, 12:19
Mephisto blog is vulnerable to XSS, Sergey Tikhonov, 12:17
Horde Webmail Multiple HTML Injection vulnerability, DoZ, 12:04
Path Disclosure - Wordpress 2.1.2, lj, 11:57
CcCounter 2.0 cross-site scripting vulnerability, localexploit, 11:52
Re: Remote File Include In phpBB-2.0.19, neothermic, 11:40
BOGUS: Remote File Include In phpBB-2.0.19, Cornelius Riemenschneider, 11:38

March 24, 2007

Remote File Include In phpBB-2.0.19, RaeD Hasadya, 14:51
FLEA-2007-0002-1: inkscape, Foresight Linux Essential Announcement Service, 11:45
File Upload System V1.0 (AD_BODY_TEMP) multiple file include, ngevedBangetAsli, 11:37

March 23, 2007

Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi, Cold - Zero, 18:41
iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability, iDefense Labs, 15:28
iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability, iDefense Labs, 14:05
[ MDKSA-2007:069 ] - Updated inkscape packages to format string vulnerability, security, 12:09
CRLF injection in PHP ftp function, fangxiaodun, 11:58

March 22, 2007

[ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability, security, 18:25
[NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server, Lluis Mora, 18:24
[NB07-09] Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server, Lluis Mora, 18:10
[SECURITY] [DSA 1272-1] New tcpdump packages fix denial of service, Moritz Muehlenhoff, 18:00
[NB07-08] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server, Lluis Mora, 17:57
[NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server, Lluis Mora, 17:44
[NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server, Lluis Mora, 17:37
[NB07-22] Multiple vulnerabilities in NETxEIB OPC server, Lluis Mora, 17:32
[ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability, security, 17:20
Remote File Include In Coppermine Photo Gallery, RaeD Hasadya, 17:11
Remote File Include In copyright © James Coyle; JCcorp, RaeD Hasadya, 15:30
ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, yearsilent, 13:49
rPSA-2007-0059-1 file, rPath Update Announcements, 13:36
FLEA-2007-0001-1: firefox, Foresight Linux Essential Announcement Service, 13:21
[USN-440-1] MySQL vulnerability, Kees Cook, 13:06
[USN-439-1] file vulnerability, Kees Cook, 12:53
CFP for RAID 2007: Extended due date for papers: April 8th, jeffh, 12:43
[ECHO_ADV_77$2007] Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability, erdc, 12:32
**SubHub v2.3.0**, anon, 12:16

March 21, 2007

Two new DoS Vulnerabilities in Asterisk Fixed, Matt Riddell (NZ), 17:45
RE: Your Opinion, Neale Green, 17:08
HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access, security-alert, 15:21
[security bulletin] HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 15:05
Secunia Research: XMMS Integer Overflow and Underflow Vulnerabilities, Secunia Research, 12:51
Secunia Research: Evolution Shared Memo Categories Format String Vulnerability, Secunia Research, 12:33
Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow, Secunia Research, 12:23
[USN-438-1] Inkscape vulnerability, Kees Cook, 12:13
[ MDKSA-2007:066 ] - Updated OpenAFS packages address vulnerability, security, 12:02
[ MDKSA-2007:065 ] - Updated nas packages address multiple vulnerabilities, security, 11:52

March 20, 2007

[ GLSA 200703-21 ] PHP: Multiple vulnerabilities, Raphael Marichez, 19:15
Re: Linksys WAG200G - Information disclosure, Shawn Merdinger, 19:00
[ GLSA 200703-23 ] WordPress: Multiple vulnerabilities, Raphael Marichez, 18:44
[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze, 18:38
[ GLSA 200703-22 ] Mozilla Network Security Service: Remote execution of arbitrary code, Raphael Marichez, 18:06
Re: Your Opinion +, Thor (Hammer of God), 17:37
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug, Noah Meyerhans, 17:23
Linksys WAG200G - Information disclosure, dniggebrugge, 17:06
Helix Server heap overflow, research, 16:52
Re: Your Opinion, Jack Lloyd, 15:30
Re: Your Opinion, Paul Stepowski, 15:18
RE: Your Opinion, jay.tomas, 15:12
RE: Your Opinion, Jim Harrison, 14:56
RE: Your Opinion, Jim Harrison, 14:54
Re: Conflict of Interest - My summary, crazy frog crazy frog, 14:43
Re: Your Opinion, Andrew Kramer, 14:38
Microsoft coverup ? Stolen Xbox live accounts list of known victims - Please Help, Kevin Finisterre (lists), 13:12
Call For Papers - IT Underground Dublin, marcin . tkaczyk, 12:55
w-agora [multiples file upload,xss,full path disclosure,error sql], none, 12:39
Advisory - Redirection Vulnerability in wp-login.php., Metaeye SG, 12:23
Re: WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include, craig, 12:09
Web Wiz Forums 8.05 (MySQL version) SQL Injection, Ivan Fratric, 11:56
Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy, Sea Shark, 11:39

March 19, 2007

ZynOS v3.40 One packet killer, Joxean Koret, 19:00
[USN-437-1] libwpd vulnerability, Kees Cook, 18:47
Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability, str0ke, 16:27
w-agora version 4.2.1 Information Disclosure Vulnerability, jesper . jurcenoks, 16:10
w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks, 15:56
[Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation, Reversemode, 15:38
Conflict of Interest - My summary, Mark Litchfield, 15:18
Re: Your Opinion +, Alex Belits, 15:00
RE: Your Opinion, Alex Eckelberry, 14:43
Re: Your Opinion, Forrest J. Cavalier III, 14:27
phpx 3.5.15 multiples vulnerabilities, none, 14:04
CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability, snakeapollon, 13:48
Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability, dh, 13:30
Unclassified NewsBoard 1.6.3 multiples logs disclosure, none, 13:20
RE: Bypassing Mcafee Entreprise Password Protection, Rogheden Anders, 13:10
[ GLSA 200703-20 ] LSAT: Insecure temporary file creation, Raphael Marichez, 12:54
[ GLSA 200703-19 ] LTSP: Authentication bypass in included LibVNCServer code, Raphael Marichez, 12:38
[ GLSA 200703-18 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez, 12:24
[ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code, Raphael Marichez, 12:11
MetaForum <= 0.513 Beta - Remote file upload Vulnerability, aeroxteam------nospam-----, 11:58
[SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file, Martin Schulze, 11:45
Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day, gmdarkfig, 11:32
Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB, Chris Travers, 11:17

March 17, 2007

[SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution, Martin Schulze, 17:18
Re: Bypassing Mcafee Entreprise Password Protection, 3APA3A, 16:59
Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability, starcadi, 16:46
RE: Your Opinion, Jim Harrison, 12:54
Re: Your Opinion, Casper . Dik, 12:43
Your Opinion +, Mark Litchfield, 12:33
Re: Your Opinion, The Fungi, 12:23
CLBOX <= (signup.php header) Remote File Include Vulnerability, BorN To K!LL BorN To K!LL, 12:14
Bypassing Mcafee Entreprise Password Protection, thesinoda, 12:03
[ GLSA 200703-16 ] Apache JK Tomcat Connector: Remote execution of arbitrary code, Raphael Marichez, 11:53
[ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities, Raphael Marichez, 11:43
[ GLSA 200703-14 ] Asterisk: SIP Denial of Service, Raphael Marichez, 11:34

March 16, 2007

RE: Your Opinion, Scott Blake, 17:31
Re: Your Opinion, William A. Rowe, Jr., 17:20
Re: Your Opinion, Neil Dickey, 17:11
[NETRAGARD-20070316 SECURITY ADVISORY][FrontBase Database <= 4.2.7 ALL PLATFORMS][REMOTE BUFFER OVERFLOW CONDITION][LEVEL: EASY][RISK:MEDIUM], Netragard Security Advisories, 17:02
Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot, Steven M. Christey, 16:52
[ MDKSA-2007:064 ] - Updated openoffice.org packages to address libwpd heap overflow vulnerabilities, security, 16:44
[ MDKSA-2007:063 ] - Updated libwpd packages to address heap overflow vulnerabilities, security, 16:36
Re: Your Opinion, Crispin Cowan, 16:24
RE: Your Opinion, Mario Contestabile, 16:04
Re: Your Opinion, Jonathan Glass (GM), 15:56
Re: Your Opinion, bugtraq, 15:44
rPSA-2007-0057-1 libwpd, rPath Update Announcements, 15:42
rPSA-2007-0056-1 gnupg, rPath Update Announcements, 15:28
Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit, UniquE, 15:19
Your Opinion, Mark Litchfield, 15:09
iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities, iDefense Labs, 14:59
April, 2007 is the "Month of Myspace Bugs", mondo_armando, 13:12
Call For Papers - IT Underground Dublin, Marcin Tkaczyk, 13:05
Re: fx-APP Version 0.0.8.1, osdesk, 13:01
RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, Topolski, Leo, 12:49
Oracle Portal PORTAL.wwv_main.render_warning_screen XSS, Sea Shark, 12:32
Rot 13 <= (enkrypt.php) Remote File Disclosure Vulnerability, BorN To K!LL BorN To K!LL, 12:19
[CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities, Williams, James K, 12:09
MS07-012 Not Fixed, Greg Sinclair, 11:57
[SECURITY] [DSA 1267-1] New webcalendar packages fix remote file inclusion, Moritz Muehlenhoff, 11:47
DirectAdmin Cross Site Scripting XSS, Mandr4ke . root, 11:35
Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php, Bastian Ahrens, 11:28

March 15, 2007

Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 18:05
Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit, UniquE, 17:48
PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln, BorN To K!LL BorN To K!LL, 17:34
WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include, drackanz, 17:15
vbulletin admincp sql injection, disfigure, 17:10
Re: Firekeeper - IDS for Firefox available, Gadi Evron, 16:57
LIBFtp 5.0 (sprintf(), strcpy()) Multiple local buffer overflow, starcadi starcadi, 16:33
- Call for chapters - Handbook of Research on Digital Anti-forensics and In-security Governance, Jeimy Cano, 16:16
QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow, starcadi starcadi, 16:04
RE: Phishing using IE7 local resource vulnerability, avivra, 15:03
Re: XSS vulnerability in the online help system of several Cisco products, Eloy Paris, 14:38
Re: Phishing using IE7 local resource vulnerability, robert, 14:15
PHP <= 4.4.6 ibase_connect() local buffer overflow, retrog, 13:48
iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability, iDefense Labs, 13:39
Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues, Moritz Naumann, 13:29
Remote File Inclusion in ViperWeb, asamad, 13:04
XSS vulnerability in the online help system of several Cisco products, cassio, 13:03
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Nicolas RUFF, 12:49
Norton Insufficient validation of 'SymTDI' driver input buffer, Matousec - Transparent security Research, 12:35
Orion-Blog v2.0 Version Remote Privilege Escalation Exploit, UniquE, 12:23
[ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability, erdc, 12:06
IBM Rational ClearQuest Web - Cross Site Scripting, james, 11:53
[ECHO_ADV_76$2007] Company WebSite Builder PRO (INCLUDE_PATH) Remote File Inclusion Vulnerability, erdc, 11:41
Horde 3.1.4 (RC1) fixes XSS issue, Moritz Naumann, 11:33

March 14, 2007

Woltab Burning Board SQL Injection usergroups.php, x666, 18:40
[ GLSA 200703-13 ] SSH Communications Security's Secure Shell Server: SFTP privilege escalation, Raphael Marichez, 18:12
Phishing using IE7 local resource vulnerability, avivra, 16:12
WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit, UniquE, 14:34
Re: Remote File Include In Script PHP Photo Album, Steven M. Christey, 14:13
[ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability, erdc, 13:58
[ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability, erdc, 13:46
[ECHO_ADV_71$2007] AMP v3.2 (base_path) Remote File Inclusion Vulnerability, erdc, 13:33
iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, iDefense Labs, 13:28
Re: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, retrog, 13:21
Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability, starcadi starcadi, 13:15
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 13:08
New report on Windows Vista network attack surface, Jim Hoagland, 12:55
SymEvent Driver Local Access System Denial of Service, Matousec - Transparent security Research, 12:46
SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal, David Matscheko, 12:36
[ GLSA 200703-12 ] SILC Server: Denial of Service, Matthias Geerdsen, 12:28
n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection, security, 12:20
n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion, security, 12:12
[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery, Moritz Muehlenhoff, 12:04
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery, security, 12:00
n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation, security, 11:49
[ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code, Raphael Marichez, 11:49

March 13, 2007

Re: SecurityFocus is turning seven. What's next? - OFFTOPIC - Please excuse the X-Post, crazy frog crazy frog, 20:24
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow, CORE Security Technologies Advisories, 18:46
Re: Php Nuke POST XSS on steroids, Paul Laudanski, 18:09
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Paweł Goleń, 17:08
[ MDKSA-2007:062 ] - Updated xine-lib packages to address buffer overflow vulnerability, security, 16:15
[ MDKSA-2007:061 ] - Updated mplayer packages to address buffer overflow vulnerability, security, 15:53
Re: Firekeeper - IDS for Firefox available, Bob Beck, 15:41
Re: Re: RIM BlackBerry Pearl 8100 Browser DoS, clappymonkey, 15:34
Re: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln, Mailinglists Address, 15:18
JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit, UniquE, 14:55
[USN-432-2] GnuPG2, GPGME vulnerability, Kees Cook, 14:35
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Daniel Hazelton, 14:26
Re: Firekeeper - IDS for Firefox available, Jan Wrobel, 14:20
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Reversemode, 14:14
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Richard Huxton, 14:06
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Gadi Evron, 13:51
[ECHO_ADV_73$2007] MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability, erdc, 13:32
Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln, BorN To K!LL BorN To K!LL, 13:28
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 13:17
Re: Remote File Include In Script moodle-1.7.1, martin, 13:01
Re: Re: Firekeeper - IDS for Firefox available, irondell, 12:55
Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007, Paul Böhm, 12:33
Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Thierry Zoller, 12:31
[ECHO_ADV_69$2007] OES (Open Educational System) 0.1beta Remote File Inclusion Vulnerability, erdc, 12:20
RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability, Dr Joe, 12:09
[USN-436-1] KTorrent vulnerabilities, Kees Cook, 12:06
Re: Firekeeper - IDS for Firefox available, Jan Wrobel, 11:56
[USN-435-1] Xine vulnerability, Kees Cook, 11:52
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Steven M. Christey, 11:36
Re: RIM BlackBerry Pearl 8100 Browser DoS, anon, 11:36
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Steven M. Christey, 11:24

March 12, 2007

[security bulletin] HPSBUX02196 SSRT071318 rev.2 - HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code, security-alert, 14:51
Re: PHP-Nuke <= 8.0 Cookie Manipulation (lang), Paul Laudanski, 14:30
RIM BlackBerry Pearl 8100 Browser DoS, clappymonkey, 14:15
GuppY v4.0 remote del files/index, sn0oPy . team, 13:54
Fantastico In all Version Cpanel 10.x <= local File Include, z3r0 z3r0.2.z3r0, 13:40
Re: Wiki Remote Authentication Bypass Vulnerability, Matt D. Harris, 13:31
AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability, BorN To K!LL BorN To K!LL, 13:23
Re: Php Nuke POST XSS on steroids, Paul Laudanski, 13:04
Re: Php Nuke POST XSS on steroids, ascii, 12:55
Wiki Remote Authentication Bypass Vulnerability, DoZ, 12:39
[security bulletin] HPSBUX02129 SSRT061149 rev.2 - HP-UX running SLP, Remote Unauthorized Access, security-alert, 12:31
Remote File Include In ClipShare.v1.5.3, RaeD Hasadya, 12:26
Remote File Include In Script moodle-1.7.1, RaeD Hasadya, 12:11
Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 12:05
Re: Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God), 11:51
Remote File Include In Script PHP Photo Album, RaeD Hasadya, 11:43

March 10, 2007

[SECURITY] [DSA 1265-1] New Mozilla packages fix several vulnerabilities, Martin Schulze, 15:06
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefan Esser, 14:56
Re: Firekeeper - IDS for Firefox available, Bob Beck, 14:00
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 13:51
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God), 13:40
[ GLSA 200703-10 ] KHTML: Cross-site scripting (XSS) vulnerability, Raphael Marichez, 13:29
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, ascii, 13:07
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefano Di Paola, 12:58
Re: PHP Classifieds 7.1 - Remote File Include Vulnerability, support, 12:50
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefan Esser, 12:40
NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit, gmdarkfig, 12:31
[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability, erdc, 12:22
Pre-open files attack agains locked file, 3APA3A, 12:14
Grayscale <= 0.8.0 Multiple Vulnerabilities, omnipresent, 12:04
WWWboard password disclosure, r00t2000, 11:53
Fıstıq Duyuru Scripti Remote Sql İnjection Exploit, crazy_king, 11:44
Remote File Include In Script SoftNews Media Group, RaeD Hasadya, 11:34
Remote File Include In Script Premod SubDog 2, RaeD Hasadya, 11:24
PHP-Nuke <= 8.0 Cookie Manipulation (lang), programmer, 11:15
[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper), Cesar, 11:07

March 09, 2007

[ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities, Raphael Marichez, 21:20
[USN-433-1] Xine vulnerability, Kees Cook, 20:56
[ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability, erdc, 20:19
RE: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 20:14
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Tim, 19:53
wwwpaintboar(newsfile) Remote File Inclusion Vulnerability, saw_xyz, 19:44
RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 19:13
[ GLSA 200703-08 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez, 18:17
WordPress XSS under function wp_title(), g30rg3_x, 17:57
Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today), Chris Travers, 17:46
Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God), 17:27
[ MDKSA-2007:060 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 17:12
Re: Sql injection in WordPress 2.1.2, steven, 16:58
Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 16:20
[ MDKSA-2007:058 ] - Updated ekiga packages fix string vulnerabilities., security, 15:51
HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection, UniquE, 15:40
Re: Firekeeper - IDS for Firefox available, Jex, 15:30
SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service, research, 14:26
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, M. Burnett, 14:15
Re: Word Press Sensitive Directory exposure (SQL), Francesco Laurita, 13:43
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Laundrup, Jens, 13:41
RE: Microsoft Windows Vista/2003/XP/2000 file management security issues, M. Burnett, 13:28
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 13:28
SecurityFocus is turning seven. What's next? - OFFTOPIC - Please excuse the X-Post, Alfred Huger, 13:07
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 13:07
Remote File Include In Script Coppermine Photo Gallery, RaeD Hasadya, 12:53
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, KJKHyperion, 12:46
[CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability, Williams, James K, 12:28
Remote File Include In Script copyright (c) James Coyle; JCcorp, RaeD Hasadya, 12:27
Sql injection in WordPress 2.1.2, Omid, 12:15
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Tim, 12:14
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes, 12:01
SyScan'07 - Call for Paper - NEW UPDATES, organiser@syscan.org, 11:56
Php Nuke POST XSS on steroids, ascii, 11:46
Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, hugo, 11:41
XSS In Script deviantART, RaeD Hasadya, 11:33
MS07-016 FTP Response DOS PoC, Mathew Rowley, 11:24
TSLSA-2007-0009 - multi, Trustix Security Advisor, 11:20
[USN-434-1] Ekiga vulnerability, Kees Cook, 11:12
Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005), Daniel Roethlisberger, 10:59
[ MDKSA-2007:059 ] - Updated gnupg packages provide enhanced forgery detection, security, 10:50

March 08, 2007

PHP import_request_variables() arbitrary variable overwrite, Stefano Di Paola, 17:43
Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A, 15:20
Re: Word Press Sensitive Directory exposure (SQL), none, 14:42
Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot -, Mailinglists Address, 13:28
[USN-432-1] GnuPG vulnerability, Kees Cook, 12:52
[ MDKSA-2007:054 ] - Updated kdelibs packages to address DoS issue in KDE Javascript, security, 12:34
Word Press Sensitive Directory exposure (SQL), r00t2000, 12:25
[ MDKSA-2007:055 ] - Updated mplayer packages to address buffer overflow vulnerability, security, 12:20
[ MDKSA-2007:056 ] - Updated tcpdump packages address off-by-one overflow, security, 12:07
PHP 4.4.6 crack_opendict() local buffer overflow poc exploit, retrog, 12:06
dynaliens v2.0/v2.1 bypass admin authentification + XSS, sn0oPy . team, 11:57
[ MDKSA-2007:057 ] - Updated xine-lib packages to address buffer overflow vulnerability, security, 11:53
[USN-424-2] PHP regression, Kees Cook, 11:48
Ann: Backtrack 2.0 released, Thierry Zoller, 11:40
Black Hat USA CFP Now Open!, Jeff Moss, 11:33

March 07, 2007

rPSA-2007-0052-1 kdelibs, rPath Update Announcements, 18:34
rPSA-2007-0051-1 mod_python, rPath Update Announcements, 18:25
Buffer-overflow in Conquest client 8.2a (svn 691), Luigi Auriemma, 18:11
Lazarus Guestbook (admin.php)Remote File Include Expliot, c_r_ck, 18:01
FLSA - foresight linux security announcements, Jonathan Smith, 17:52
[SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities, Moritz Muehlenhoff, 17:18
ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability, zdi-disclosures, 15:26
ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability, zdi-disclosures, 15:15
Re: Re: Wordpress <= v2.1.0, ciri, 14:56
RPS 6.2 SQL Injection Exploit, s0cratex, 13:56
Re: [Full-disclosure] month of PHP bugs, secondary message?, Marcus Meissner, 13:45
month of PHP bugs, secondary message?, Gadi Evron, 13:36
Re: Remote File Include In DBImageGallery, tg, 13:27
Firekeeper - IDS for Firefox available, Jan Wrobel, 13:16
xss in phpmyadmin >=2.8.0 and < 2.10.0, alfa, 13:05
iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities, iDefense Labs, 12:53
Re: Drake CMS v0.3.2 < = RFi Vulnerabilities, legolas558, 12:42
[ MDKSA-2007:053 ] - Updated util-linux packages address umount crash issue, security, 12:05
[ MDKSA-2007:052 ] - Updated Thunderbird packages fix multiple vulnerabilities, security, 11:49
[USN-431-1] Thunderbird vulnerabilities, Kees Cook, 11:27
[SECURITY] [DSA 1263-1] New clamav packages fix denial of service, Moritz Muehlenhoff, 11:14

March 06, 2007

[USN-430-1] mod_python vulnerability, Kees Cook, 17:27
[USN-429-1] tcpdump vulnerability, Kees Cook, 17:19
[ GLSA 200703-07 ] STLport: Possible remote execution of arbitrary code, Matthias Geerdsen, 16:09
rPSA-2007-0050-1 kernel, rPath Update Announcements, 15:22
Re: Extending JavaScript Portscanning to Include Banner Grabbing, Vincent Archer, 13:56
Re: Tinyportal Shoutbox, ichbin, 13:21
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass, retrog, 13:14
[Reversemode Advisory] Apple Quicktime Color ID remote heap corruption, Reversemode, 12:51
[security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS), security-alert, 12:25
Re: XXS in script Phorum, Maurice Makaay, 12:16
[security bulletin] HPSBUX02153 SSRT061181 rev.3 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert, 12:11
Apple QuickTime udta ATOM Integer Overflow, Sowhat, 11:48
Call for Participation Chaos Communication Camp 2007, fukami, 11:36
Re: Wordpress <= v2.1.0, vvitkov@intergenia.de, 11:34
Apple QuickTime Player Remote Heap Overflow, Piotr Bania, 11:19

March 05, 2007

RE: Wordpress <= v2.1.0, McCarty, Eric C., 18:42
iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability, iDefense Labs, 18:34
CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability, CORE Security Technologies Advisories, 18:22
DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25, Chris Travers, 16:43
Wordpress <= v2.1.0, ciri, 15:12
XSS Remote In vCard 2.6 (c)2002, RaeD Hasadya, 14:41
HITBSecConf2007 - Malaysia: Call for Papers now Open, Praburaajan, 14:15
Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6, Sebastian Wolfgarten, 13:52
LI-Guestbook SQL Injection Vulnerability, bugtraq, 13:31
Sava's GuestBook Multiple Vulnerabilities, bugtraq, 13:18
XXS in script Phorum, RaeD Hasadya, 13:08
Extending JavaScript Portscanning to Include Banner Grabbing, mark, 12:45
Konqueror DoS Via JavaScript Read Of FTP Iframe, mark, 12:27
ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities, Stefan Friedli, 12:09
[ GLSA 200703-06 ] AMD64 x86 emulation Qt library: Integer overflow, Raphael Marichez, 11:58
Show Password Admin In Script Uploadscript, RaeD Hasadya, 11:49
[SECURITY] [DSA 1262-1] New gnomemeeting packages fix arbitrary code execution, Moritz Muehlenhoff, 11:39

March 03, 2007

Re: SPAW Editor PHP Edition, Steve Watt, 18:02
[ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities, Raphael Marichez, 17:51
ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code, Raphael Marichez, 17:41
Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, ron . kleinman, 17:20
Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities, emptysands, 17:02
[Fwd: Re: Angel LMS 7.1 - Remote SQL Injection], don bailey, 16:48
rPSA-2007-0040-3 firefox thunderbird, rPath Update Announcements, 16:33
Re: Evading the Norman SandBox Analyzer, John Smith, 16:23
Re: Evading the Norman SandBox Analyzer, Arne Vidstrom, 16:13
BJ Webring XSS, sn0oPy . team, 14:26
Tyger Bug Tracking System Multiple Vulnerability, corrado . liotta, 14:09
rPSA-2007-0048-1 tcpdump, rPath Update Announcements, 13:54
[ GLSA 200703-04 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez, 13:50
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit, gmdarkfig, 13:39
WordPress source code compromised to enable remote code execution, ifsecure, 12:54
[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities, security, 12:11

March 02, 2007

Limited format string in Netrek 2.12.0, Luigi Auriemma, 15:46
Remote File Include In DBImageGallery, RaeD Hasadya, 15:24
Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day, MC Iglo, 15:12
Re: Re: WordPress Search Function SQL-Injection, none, 14:22
[VulnWatch] iDefense Security Advisory 03.02.07: Kaspersky AntiVirus UPX File Decompression DoS Vulnerability, iDefense Labs, 14:20
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day, SaMuschie, 14:04
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability, zdi-disclosures, 13:11
vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln., meto5757, 12:29
[ GLSA 200703-03 ] ClamAV: Denial of Service, Raphael Marichez, 12:14
[USN-428-2] Firefox regression, Kees Cook, 12:01
SPAW Editor PHP Edition, RaeD Hasadya, 11:52
[ GLSA 200703-02 ] SpamAssassin: Long URI Denial of Service, Raphael Marichez, 11:42
[ GLSA 200703-01 ] Snort: Remote execution of arbitrary code, Raphael Marichez, 11:31

March 01, 2007

Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, jrgong420, 18:28
aWebNews V 1.1, mostafa_ragab, 18:17
LayerOne 2007 - Call for Papers and Pre-Registration, Layer One, 17:59
WB News Remote File Include in all versions, mostafa_ragab, 17:46
Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit, revenge, 17:37
aWebNews v 1.1=>RFI, mostafa_ragab, 17:23
Re: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), sithlordstorm, 17:08
Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting, the_3dit0r, 16:59
Re: Angel LMS 7.1 - Remote SQL Injection, str0ke, 16:49
Serendipity unauthenticated SQL-Injection, SaMuschie, 16:34
Angel LMS 7.1 - Remote SQL Injection, Guns, 12:28
Comodo Bypassing settings protection using magic pipe Vulnerability, Matousec - Transparent security Research, 12:17
[USN-416-2] nvidia-glx-config regression, Martin Pitt, 12:05
[ MDKSA-2007:051 ] - Updated snort packages fix DoS vulnerability, security, 11:53
Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB, Chris Travers, 11:41