bugtraq (date)

bugtraq (date)

[Thread Index] [Top] [All Lists]

April 30, 2007

[VulnWatch] iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability, iDefense Labs, 15:34

April 29, 2007

[VulnWatch] AFFLIB(TM): Multiple Buffer Overflows, VSR Advisories, 22:01
[VulnWatch] AFFLIB(TM): Time-of-Check-Time-of-Use File Race, VSR Advisories, 20:47
[VulnWatch] AFFLIB(TM): Multiple Shell Metacharacter Injections, VSR Advisories, 19:31
[VulnWatch] AFFLIB(TM): Multiple Format String Injections, VSR Advisories, 18:02

April 27, 2007

[VulnWatch] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability, iDefense Labs, 16:00
[VulnWatch] iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability, iDefense Labs, 14:27

April 26, 2007

[VulnWatch] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs, 18:25

April 24, 2007

[VulnWatch] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz, 14:52

April 23, 2007

[VulnWatch] Apache/PHP REQUEST_METHOD XSS Vulnerability, Michal Majchrowicz, 19:23
[VulnWatch] iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability, iDefense Labs, 16:01

April 22, 2007

Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org, seko, 23:50
Re: Internet Explorer Crash, Kevin Finisterre (lists), 23:49

April 21, 2007

RE: Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing, Roger A. Grimes, 10:16
MediaBeez Sql query Execution .. Wear isn't ?? :), security, 10:10

April 20, 2007

[VulnWatch] Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL, Team SHATTER, 02:39
[VulnWatch] iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability, iDefense Labs, 01:26
[VulnWatch] iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow, iDefense Labs, 00:14

April 19, 2007

[VulnWatch] iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability, iDefense Labs, 22:26
[VulnWatch] Cross Domain XMLHttpRequest, Michal Majchrowicz, 20:53

April 18, 2007

Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks, Praburaajan, 22:58

April 16, 2007

Akamai Technologies Security Advisory 2007-0001, Akamai Security Team, 21:14
Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit, seko, 20:48
Microsoft DNS Server Remote Code execution: Analysis and exploit, mballano, 20:48
[ GLSA 200704-11 ] Vixie Cron: Denial of Service, Matthias Geerdsen, 20:47
MyBlog <= 0.9.8 Remote Command Execution Exploit, BlackHawk, 15:05
[MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue, admin, 15:04
ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research, 15:03
ActionPoll Script (actionpoll.php) Remote File Include // starhack.org, seko, 15:03
Re: phpMyChat-0.14.5, stuart_smith, 15:03
LS simple guestbook - arbitrary code execution, jd2k2000, 15:00

April 14, 2007

phpMyChat-0.14.5, k4rtal, 15:39
bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy, the_3dit0r, 15:30
Maian Weblog v3.1, k4rtal, 15:08
Flip-search-add-on 2.0, k4rtal, 14:53
Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities, the_3dit0r, 14:44
MySpeach v1.9, k4rtal, 14:26
B2evolution 1.6 RFi, k4rtal, 14:18
Maian Gallery v1.0, k4rtal, 14:04
Maian Search v1.1, k4rtal, 13:48
FloweRS v2.0 Cross Site Scripting, the_3dit0r, 13:34
MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities, the_3dit0r, 13:18
bloofoxCMS 0.2.2 Cross Site Scripting, the_3dit0r, 13:08
Back-End CMS Database Tables v0.4.7 Cross Site Scripting, the_3dit0r, 13:00
Re: Steganos Encrypted Safe NOT so safe, Andreas Beck, 12:47
VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit, meftun, 12:39
Re: Vbulletin 3.6.5 Sql Injection ! [misc.php], scott-REMOVE, 12:27

April 13, 2007

Vbulletin 3.6.5 Sql Injection ! [misc.php], seko, 16:52
TSRT-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability, TSRT, 16:35
[waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke, come2waraxe, 12:32
[MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue, admin, 12:11
[OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed, Matteo Beccati, 11:59
[OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed, Matteo Beccati, 11:44
[Argeniss] Hacking Databases for owning your data (paper), Cesar, 11:33

April 12, 2007

[USN-452-1] KDE library vulnerability, Kees Cook, 19:28
iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability, iDefense Labs, 19:18
Aircrack-ng (airodump-ng) remote buffer overflow vulnerability, jonny, 18:34
FAC GuestBook v2.0 remote database disclosure vulnerability, the_3dit0r, 18:28
RE: Critical phpwiki c99shell exploit, Ryan Neufeld, 18:18
Re: Cross site scripting in mephisto 0.7.3, encytemedia, 18:02
Chatness <= 2.5.3 - Arbitrary Code Execution, jd2k2000, 18:00
phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites, the_3dit0r, 17:43
TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy, the_3dit0r, 16:19
[security bulletin] HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege, security-alert, 15:20
Cross site scripting in mephisto 0.7.3, Hanno Böck, 15:12
Re: Critical phpwiki c99shell exploit, Jamie Riden, 15:02
Re: Critical phpwiki c99shell exploit, Gadi Evron, 14:44
[security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution, security-alert, 14:41
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System, Cisco Systems Product Security Incident Response Team, 14:26
[ GLSA 200704-08 ] DokuWiki: Cross-site scripting vulnerability, Matthias Geerdsen, 14:22
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points, Cisco Systems Product Security Incident Response Team, 14:09
[security bulletin] HPSBUX01137 SSRT5954 rev.9 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS), security-alert, 13:34
[security bulletin] HPSBST02206 SSRT071354 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-014, security-alert, 13:07
Critical phpwiki c99shell exploit, rurban, 12:51
CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3, Hanno Böck, 12:39
INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows, infocus, 12:17
CVE-2007-1871: Cross site scripting in chcounter 3.1.3, Hanno Böck, 11:59
HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS), security-alert, 11:45
E107 - (v0.7.8) Access Escalation Vulnerbility - PoC, jd2k2000, 11:30

April 11, 2007

[ MDKSA-2007:082 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities, security, 20:48
iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities, iDefense Labs, 19:22
[ MDKSA-2007:075-1 ] - Updated qt4 packages to address utf8 decoder bug, security, 19:11
[ MDKSA-2007:083 ] - Updated apache-mod_perl packages fix DoS vulnerability, security, 17:52
[ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 16:41
Steganos Encrypted Safe NOT so safe, frankrizzo604, 16:11
PunBB <= 1.2.14 Remote Code Execution (Exploit), gmdarkfig, 15:58
PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory), gmdarkfig, 15:56
Re: Latinchat Denial Of Service, d4rksoft, 15:41
Re: On-going Internet Emergency and Domain Names, Alexander Klimov, 15:27
CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability, john, 14:53
[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue, admin, 14:38
[VulnWatch] Cosign SSO Authentication Bypass, Jon Oberheide, 13:45
pL-PHP beta 0.9 - Multiple Vulnerabilities, omnipresent, 13:28
New bug :), asdasd asdsadas, 13:00
nEw Bug :D, asdasd asdsadas, 11:52
[ MDKSA-2007:080-1 ] - Updated tightvnc packages fix integer overflow vulnerabilities, security, 11:37
webMethods Glue Management Console Directory Traversal, Patrick Webster, 11:22

April 10, 2007

[ MDKSA-2007:081-1 ] - Updated freetype2 packages fix vulnerability, security, 18:03
Re: vbulletin admincp sql injection, rjmjr69, 16:58
[ MDKSA-2007:077-1 ] - Updated krb5 packages fix vulnerabilities, security, 16:00
iDefense Security Advisory 04.10.07: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability, iDefense Labs, 15:28
Secunia Research: Microsoft Agent URL Parsing Memory Corruption Vulnerability, Secunia Research, 14:57
PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities, seko, 14:55
EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation, eEye Advisories, 14:43
EEYE: Windows VDM Zero Page Race Condition Privilege Escalation, eEye Advisories, 14:30
DEF CON One Five CfP in effect!, The Dark Tangent, 12:00
phpGalleryScript 1.0 - File Inclusion Vulnerabilities, z12xxa, 11:40
[USN-450-1] ipsec-tools vulnerability, Kees Cook, 11:29

April 09, 2007

iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability, iDefense Labs, 17:50
Re: Re: Mybb Hot Editor Plugin Local File Inclusion, liz0, 16:06
rPSA-2007-0070-1 openoffice.org, rPath Update Announcements, 15:29
xodagallery Remote Code Execution Vulnerability, the_3dit0r, 13:33
Re: Mybb Hot Editor Plugin Local File Inclusion, Kevin Finisterre (lists), 13:32
Hot Editor v4.0 Local File Inclusion, liz0, 13:08
Mybb Hot Editor Plugin Local File Inclusion, liz0, 12:54
QuizShock 1.6.1 - Cross-Site Scripting Vulnerability, john, 12:52
Request It : Song Request System 1.0b - remote file inclusion, mail, 12:39
Gsylvain35 Portail Web Remote File Include Vulnerabilities, the_3dit0r, 12:28
DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability, john, 12:25
Remot File Include In Script Lore v1, RaeD, 12:10
phpMyAdmin 2.6.1 Local Cross Site Scripting, the_3dit0r, 12:07
Take Control In Script Jeebles Directory, RaeD, 11:55
Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit, k4rtal, 11:44
UBB.threads (<= 6.1.1) SQL Injection Vulnerability, john, 11:42

April 07, 2007

witshare 0.9 Remote File Include Vulnerabilitiy, the_3dit0r, 16:22
CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit, ajannhwt, 15:03
Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation, GomoR, 12:13
[MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues, Securityaudit, 12:04
PHP <= 5.2.1 wbmp file handling integer overflow, Ivan Fratric, 11:57
[ GLSA 200704-07 ] libwpd: Multiple vulnerabilities, Raphael Marichez, 11:48
[ GLSA 200704-06 ] Evince: Stack overflow in included gv code, Raphael Marichez, 11:39

April 06, 2007

LayerOne 2007 - Speaker Line up Announced, Layer One, 17:43
[SECURITY] [DSA 1278-1] New man-db packages fix arbitrary code execution, Noah Meyerhans, 17:36
AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption, Piotr Bania, 13:23
AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption, Piotr Bania, 13:13
AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero), Piotr Bania, 13:02
livor 2.5 Cross-Site Scripting Vulnerability, rko . thelegendkiller, 12:51
[MajorSecurity Advisory #41]onelook courts online - Session fixation Issue, Securityaudit, 12:39
[MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue, Securityaudit, 12:29
ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability, zdi-disclosures, 12:23
[MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue, Securityaudit, 12:18
Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation, Jim Hoagland, 12:10
phpContact Multiple Remote File Inclusion Vulnerabilities, rko . thelegendkiller, 12:06
ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity, zdi-disclosures, 12:03
ACLS ineffective in SQL-Ledger and LedgerSMB, Chris Travers, 11:54
Re: Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug, Thor Larholm, 11:43
[VulnWatch] Re: [Full-disclosure] Mozilla Firefox Insecure Element Stealth Injection Vulnerability, 3APA3A, 11:21

April 05, 2007

[security bulletin] HPSBUX02204 SSRT071341 rev.1 - HP-UX Running CIFS Server (Samba), Remote Denial of Service (DoS), security-alert, 17:04
FLEA-2007-0010-1: evolution, Foresight Linux Essential Announcement Service, 15:58
Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service, UniquE, 15:28
FLEA-2007-0009-1: xorg-x11 freetype, Foresight Linux Essential Announcement Service, 15:18
FLEA-2007-0008-1: krb5, Foresight Linux Essential Announcement Service, 15:07
iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability, iDefense Labs, 12:27
Microsoft .NET request filtering bypass vulnerability (BID 20753), research, 12:18
iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability, iDefense Labs, 12:03
iDefense Security Advisory 04.04.07: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability, iDefense Labs, 11:47
[ MDKSA-2007:081 ] - Updated freetype2 packages fix vulnerability, security, 11:42
Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug, Daniel Veditz, 11:38
[ MDKSA-2007:080 ] - Updated tightvnc packages fix integer overflow vulnerabilities, security, 11:29
LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589, Chris Travers, 11:28
[ MDKSA-2007:079 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security, 11:17

April 04, 2007

[ MDKSA-2007:078 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security, 19:50
VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates, VMware Security team, 19:44
Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug, pdp (architect), 19:09
[ MDKSA-2007:077 ] - Updated krb5 packages fix vulnerabilities, security, 19:07
Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection, r00t-balance, 18:54
[SECURITY] [DSA 1277-1] New XMMS packages fix arbitrary code execution, Noah Meyerhans, 18:43
Re: More information on ZERT patch for ANI 0day, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 17:49
Re: More information on ZERT patch for ANI 0day, Jason Frisvold, 17:37
Re: More information on ZERT patch for ANI 0day, Jason Frisvold, 17:27
Several Windows image viewers vulnerabilities, Ivan Fratric, 17:12
High Risk Vulnerability in OpenOffice, NGSSoftware Insight Security Research, 16:59
Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180), Marco Ivaldi, 16:46
rPSA-2007-0062-1 firefox, rPath Update Announcements, 16:45
Mozilla Firefox Insecure Element Stealth Injection Vulnerability, Michal Majchrowicz, 16:29
[ MDKSA-2007:076 ] - Updated kdelibs packages to address UTF8 issue in KJS, security, 16:16
MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy, the_3dit0r, 16:15
MyBlog: PHP and MySQL Blog/CMS software Cross-Site Scripting Vulnerabilitiy, the_3dit0r, 15:57
rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements, 15:57
phpechocms2 Remote File Include Vulnerabilities, the_3dit0r, 15:42
iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability, iDefense Labs, 15:30
phpechocms v.2 Cross-Site Scripting Vulnerabilitiy, the_3dit0r, 15:25
Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy, the_3dit0r, 15:11
rPSA-2007-0066-1 kdelibs qt-x11-free, rPath Update Announcements, 15:09
K-CMS v1.0 Remote File Include Vulnerabilities, the_3dit0r, 14:58
rPSA-2007-0067-1 nas, rPath Update Announcements, 14:48
iXon_CMS 0.30 Remote File Include Vulnerabilities, the_3dit0r, 14:44
Remot File Include In phpexplorator_2_0, RaeD, 14:25
[MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues, Securityaudit, 14:12
[ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug, security, 14:11
CYBSEC Release: SAP Security - Paper & Tool release, Mariano Nuñez Di Croce, 14:01
rPSA-2007-0064-1 ImageMagick, rPath Update Announcements, 13:57
CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service, CYBSEC Advisories, 13:43
[USN-449-1] krb5 vulnerabilities, Kees Cook, 13:40
CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow, CYBSEC Advisories, 13:26
lite-cms-0.2.1 Remote File Include Vulnerabilities, the_3dit0r, 13:16
CYBSEC Security Pre-Advisory: SAP RFC_START_GUI RFC Function Buffer Overflow, CYBSEC Advisories, 13:13
CYBSEC Security Pre-Advisory: SAP RFC_START_PROGRAM RFC Function Multiple Vulnerabilities, CYBSEC Advisories, 13:01
iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability, iDefense Labs, 12:56
CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure, CYBSEC Advisories, 12:42
rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements, 12:36
Three New Papers on Oracle Forensics, David Litchfield, 12:31
[ GLSA 200704-03 ] OpenAFS: Privilege escalation, Raphael Marichez, 12:15
iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability, iDefense Labs, 11:59
[ MDKSA-2007:075 ] - Updated qt4 packages to address utf8 decoder bug, security, 11:46
[ GLSA 200704-05 ] zziplib: Buffer Overflow, Raphael Marichez, 11:29

April 03, 2007

Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation, Jim Hoagland, 18:05
[ GLSA 200704-02 ] MIT Kerberos 5: Arbitrary remote code execution, Sune Kloppenborg Jeppesen, 17:55
[SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities, Moritz Muehlenhoff, 17:30
FLEA-2007-0006-1: ImageMagick, Foresight Linux Essential Announcement Service, 17:19
ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow, zdi-disclosures, 17:01
Re: More information on ZERT patch for ANI 0day, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 16:54
FLEA-2007-0007-1: nas, Foresight Linux Essential Announcement Service, 16:48
iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability, iDefense Labs, 16:33
Re: On-going Internet Emergency and Domain Names, Bob Fiero, 16:29
Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA, Andrea Purificato - bunker, 16:04
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956], Tom Yu, 16:01
Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA, Gadi Evron, 15:51
iDefense Security Advisory 04.03.07: Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability, iDefense Labs, 15:42
MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216], Tom Yu, 15:28
FLEA-2007-0006-2: ImageMagick, Foresight Linux Essential Announcement Service, 15:20
MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957], Tom Yu, 14:56
Re: More information on ZERT patch for ANI 0day, Stefan Kelm, 14:39
Re: [Full-disclosure] More information on ZERT patch for ANI 0day, Matthew Murphy, 14:25
Re[2]: APOP vulnerability, 3APA3A, 13:51
Re: APOP vulnerability, Gaëtan LEURENT, 13:39
Remote File Include In Script stat12, RaeD, 13:15
Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA, Andrea \"bunker\" Purificato, 12:57
MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit, gmdarkfig, 12:43
[MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue, SecurityAudit, 12:31
Re: APOP vulnerability, 3APA3A, 12:17
Re: Exploiting Microsoft dynamic Dns updates, Denis Jedig, 12:02
TWOVB][ The Week Of Vista Bugs: the truth is out there, TWOVB Team, 11:50
[SECURITY] [DSA 1275-1] New zope2.7 packages fix cross-site scripting flaw, Noah Meyerhans, 11:42

April 02, 2007

iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities, iDefense Labs, 17:39
[ GLSA 200704-01 ] Asterisk: Two SIP Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen, 17:15
[CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007, rd, 16:57
Re: Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability, str0ke, 16:42
Re: Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability, jasus, 15:22
iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability, iDefense Labs, 15:13
APOP vulnerability, Gaëtan LEURENT, 14:00
Re: AIX 4.3 lsmcode local root command execution, Shiva Persaud, 13:51
WOVB #01: Bypassing Vista Firewall, Flying over obstructive line, TWOVB Team, 13:38
More information on ZERT patch for ANI 0day, Gadi Evron, 13:36
iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities, iDefense Labs, 13:21
Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability, mufti . rizal, 13:18
Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch), jamikazu, 13:09
0day Oracle 10g exploit - dbms_aq.enqueue - become DBA, Andrea \"bunker\" Purificato, 13:00
Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180), Pavel Kankovsky, 12:55
Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research, 12:42
[SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution, Noah Meyerhans, 12:36
DirectAdmin persistant XSS [takeover an Administrator`s account], Kanedaaa Bohater, 12:30
Re: Drake CMS v0.3.2 < = RFi Vulnerabilities, legolas558, 12:30
[ GLSA 200703-28 ] CUPS: Denial of Service, Raphael Marichez, 12:16
[security bulletin] HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Access, security-alert, 12:15
[ GLSA 200703-27 ] Squid: Denial of Service, Raphael Marichez, 12:03
MS announces out-of-band patch for ANI 0day, Gadi Evron, 11:51
2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability, BorN To K!LL BorN To K!LL, 11:48
Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC, vaughan . montgomery, 11:36