Home page logo
/

603 messages starting Apr 24 06 and ending Apr 26 06
Date index | Thread index | Author index

Apple Mac OS X Safari 2.0.3 Vulnerability (Apr 24)

3APA3A

Re: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 04)
Re[2]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 10)
Re[3]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 16)

86400s

Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2] 86400s (Apr 12)

Aaron Kaplan

manila.userland cross site scriptable Aaron Kaplan (Apr 15)

Aaron Phillips

Re: Apple Mac OS X Safari 2.0.3 Vulnerability Aaron Phillips (Apr 26)

adam

[SA-03] Example of Grsecurity protection avoid. adam (Apr 18)

addmimistrator

[KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack addmimistrator (Apr 09)
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting addmimistrator (Apr 15)
[KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack addmimistrator (Apr 16)

Aditya

XSS Bug in OpenGear Server Website Aditya (Apr 24)

admin

phpListPro <= 2.0 - Remote File Include Vulnerability admin (Apr 11)
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability admin (Apr 19)
[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability admin (Apr 24)
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability admin (Apr 24)

advisory

Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error advisory (Apr 21)
Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key advisory (Apr 21)
Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability advisory (Apr 21)
Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows advisory (Apr 21)
Land Down Under 802 and below version Path Disclosure Vulnerability Advisory (Apr 27)

ak

Oracle read-only user can insert/update/delete data via specially crafted views ak (Apr 10)
SQL Injection in package SYS.DBMS_LOGMNR_SESSION ak (Apr 19)

alex

[eVuln] Null news SQL Injection Vulnerability alex (Apr 09)
[eVuln] phpNewsManager Multiple SQL Injections alex (Apr 09)
[eVuln] VSNS Lemon Multiple Vulnerabilities alex (Apr 10)
[eVuln] vCounter - sourceworkshop SQL Injection Vulnerability alex (Apr 10)
[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability alex (Apr 10)
[eVuln] phpNewsManager Multiple SQL Injections alex (Apr 10)
[eVuln] [V]Book Multiple Vulnerabilities alex (Apr 11)
[eVuln] VNews Multiple Vulnerabilities alex (Apr 11)
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities alex (Apr 12)
[eVuln] qliteNews SQL Injection Vulnerability alex (Apr 13)
[eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities alex (Apr 15)
[eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities alex (Apr 15)
[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities alex (Apr 16)
[eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities alex (Apr 17)
[eVuln] Wire Plastik wpBlog SQL Injection Vulnerability alex (Apr 17)
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities alex (Apr 19)
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities alex (Apr 20)
[eVuln] MWGuest XSS Vulnerability alex (Apr 20)
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities alex (Apr 21)
[eVuln] RateIt SQL Injection Vulnerability alex (Apr 24)
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities alex (Apr 26)

Alexander Klimov

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov (Apr 18)

Alexey Dobriyan

Re: Format string in Doomsday 1.8.6 Alexey Dobriyan (Apr 10)

ali

linksubmit <= All version Html Tag Injector in index.php ali (Apr 01)
SiteMan <= All version SQL injection in admin_login.asp ali (Apr 01)
VWar <= ver 1.21 Remote Code Execution Exploit ali (Apr 22)

alireza hassani

[KAPDA::#41] - Mambo/Joomla rss component vulnerability alireza hassani (Apr 18)

A . L . M . Buxey

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup A . L . M . Buxey (Apr 15)

almfnod

google xss almfnod (Apr 09)

Alvaro Olavarria

Dokeos 1.6.4 SQL Injection Vulnerability Alvaro Olavarria (Apr 15)

aminrayden

Farsinews Cross-Site Scripting & Path disclosure vulnerability aminrayden (Apr 15)
NextAge Shopping Cart Software XSS AminRayden (Apr 25)

Andreas Beck

Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS Andreas Beck (Apr 25)

Andy Meyers

RE: google xss Andy Meyers (Apr 10)

anonss

Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors. anonss (Apr 13)

Ansgar -59cobalt- Wiechers

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Ansgar -59cobalt- Wiechers (Apr 18)

Anton Ivanov

Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 10)

ArkanoiD

Re: On product vulnerability history and vulnerability complexity ArkanoiD (Apr 03)

arko . dhar

PhpWebFTP 3.2 Login Script arko . dhar (Apr 17)
Scry Gallery XSS Vulnerability arko . dhar (Apr 24)
VWar Path Disclosure arko . dhar (Apr 24)
PhpWebFtp Cross Site Scripting Vulnerability arko . dhar (Apr 25)

assurance.com.au

Multiple vulnerabilities in Linux based Cisco products assurance.com.au (Apr 19)

Bernhard Fischer

Re: DoS-ing sysklogd? Bernhard Fischer (Apr 04)

Bernhard Mueller

SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Bernhard Mueller (Apr 13)

Billy Bues

Re: Apple Mac OS X Safari 2.0.3 Vulnerability Billy Bues (Apr 25)

Blyth A J C (Comp)

2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (Comp) (Apr 12)

Bob Goodman

Re: Strengthen OpenSSH security? Bob Goodman (Apr 23)

BoNy-m

MySmartBB<---v 1.1.x SQL Injection/XSS BoNy-m (Apr 26)

botan

FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan (Apr 01)
QuickBlogger v1.4 Cross-Site Scripting botan (Apr 13)
phpFaber TopSites Script Cross-Site Scripting botan (Apr 16)
Calendarix "yearcal.php" XSS Attacking botan (Apr 17)
MyEvent Remote File Execution And XSS Attacking botan (Apr 17)
phpLister v. 0.4.1 XSS Attacking botan (Apr 18)
ContentBoxx Login.php Cross-Site Scripting botan (Apr 19)
EasyGallery Cross-Site Scripting botan (Apr 19)
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP) botan (Apr 28)
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability botan (Apr 28)
[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability botan (Apr 28)

Brandon S. Allbery KF8NH

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Brandon S. Allbery KF8NH (Apr 15)

Breeeeh

DCForumLite V 3.0<--XSS/SQL Injection Breeeeh (Apr 25)

Brett Glass

Strengthen OpenSSH security? Brett Glass (Apr 20)

bugtraq

[BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1 bugtraq (Apr 13)
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2 bugtraq (Apr 13)
[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 bugtraq (Apr 13)
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 bugtraq (Apr 14)

c0ntexb

Windows Help Heap Overflow c0ntexb (Apr 13)
Remote Xine Format String Vulnerability c0ntexb (Apr 18)

c0redump

Re: Strengthen OpenSSH security? c0redump (Apr 21)

Carson Gaspar

Re: Strengthen OpenSSH security? Carson Gaspar (Apr 20)

Cesar

[Argeniss] Alert - Yahoo! Webmail XSS Cesar (Apr 17)
[Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure Cesar (Apr 20)
[Argeniss] Alert - Yahoo! Mail XSS vulnerability Cesar (Apr 28)
Re: Recent Oracle exploit is _actually_ an 0day with no patch Cesar (Apr 28)

cfp

RUXCON 2006 Call for Papers cfp (Apr 04)

Cheng Peng Su

Yahoo! Mail XSS Vulnerability Cheng Peng Su (Apr 23)

chris

Firefox Remote Code Execution and DoS 1.5.0.2 chris (Apr 24)
Re: phpMyForum Cross Site Scripting & CRLF injection chris (Apr 30)

Christine Kronberg

Re: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 09)
Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 15)
Re[3]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 19)
Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 20)

Christophe Garault

Re: DoS-ing sysklogd? Christophe Garault (Apr 04)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco 11500 Content Services Switch HTTP Request Vulnerability Cisco Systems Product Security Incident Response Team (Apr 09)
Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities Cisco Systems Product Security Incident Response Team (Apr 10)
Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities Cisco Systems Product Security Incident Response Team (Apr 19)
Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance Cisco Systems Product Security Incident Response Team (Apr 19)
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team (Apr 26)

coderpunk

Flaw in commonly used bash random seed method coderpunk (Apr 03)

codexploder

Autonomous LAN party File iNclusion codexploder (Apr 09)

Colin Keigher

Re: Apple Mac OS X Safari 2.0.3 Vulnerability Colin Keigher (Apr 24)

crasher

Multiple Vulnerabilities in LucidCMS crasher (Apr 03)
Vulnerabilities in SPIP crasher (Apr 10)
Multiple vulnerabilities in Blur6ex crasher (Apr 11)
Vulnerabilities in lifetype crasher (Apr 15)
Vulnerabilities in Papoo crasher (Apr 15)
Vulnerabilities in MODx crasher (Apr 15)

CrAzY . CrAcKeR

ThWboard 3 Beta 2.84 Cross Site Scripting CrAzY . CrAcKeR (Apr 20)
axoverzicht.cgi<==Remote File Inclusion CrAzY . CrAcKeR (Apr 20)
Mini-NUKE v2.3<<--- SQL Injection CrAzY . CrAcKeR (Apr 21)
BK Forum <<--V.4.0 SQL Injection CrAzY . CrAcKeR (Apr 21)
vbulletin<--3.0.x SQL Injection CrAzY . CrAcKeR (Apr 24)
poll.pl<--remote commands execution exploit CrAzY . CrAcKeR (Apr 30)

Crispin Cowan

Re: On product vulnerability history and vulnerability complexity Crispin Cowan (Apr 03)

CS_Advisories Mailbox

SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability CS_Advisories Mailbox (Apr 04)

cxib

Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature cxib (Apr 03)
phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 cxib (Apr 10)
function *() php/apache Crash PHP 4.4.2 and 5.1.2 cxib (Apr 10)
tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2 cxib (Apr 10)
copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 cxib (Apr 10)

d4igoro

Manila <= 9.5 - XSS Vulnerabilities d4igoro (Apr 11)
Tritanium Bulletin Board 1.2.3 - XSS d4igoro (Apr 11)
PowerClan 1.14 - SQL Injection d4igoro (Apr 15)
planetSearch+ - XSS Vulnerabilities d4igoro (Apr 15)
Linpha 1.1.0 - XSS Vulnerabilities d4igoro (Apr 18)

Damian Put

[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) Damian Put (Apr 10)

Damien Miller

Re: Strengthen OpenSSH security? Damien Miller (Apr 21)

daniel

Re: evoBlog Remote Name tag Script injection daniel (Apr 24)

Dariusz Kolasinski

Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack Dariusz Kolasinski (Apr 17)

darmawan_salihun

Re: Bios Information Leakage darmawan_salihun (Apr 10)

dave . de

Re: phpBB Admin command execution dave . de (Apr 19)

Dave English

Re: Flaw in commonly used bash random seed method Dave English (Apr 04)

Dave Korn

Re: Flaw in commonly used bash random seed method Dave Korn (Apr 05)
[Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Dave Korn (Apr 15)

David Litchfield

Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 26)
Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 28)
Re: Recent Oracle exploit is _actually_ an 0day with no patch David Litchfield (Apr 30)

Debasis Mohanty

Google Reader "preview" and "lens" script improper feed validation Debasis Mohanty (Apr 10)

defa

Confixx SQL Injection exploit (confixx_exploit.pl) defa (Apr 19)

dennis

SMART Technologies SynchronEyes Remote Denial of Services dennis (Apr 04)

Dennis Brown

Re: WebVulnCrawl searching excluded directories for hackable web servers Dennis Brown (Apr 03)

Derek Soeder

RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Derek Soeder (Apr 15)

Dirk Mueller

[Kaffeine Security Advisory] Heap based buffer overflow in http_peek() Dirk Mueller (Apr 09)

dr . jr7

SQL Injection in Chipmunk Guestbook dr . jr7 (Apr 09)
Remote File Inclusion in VBulletin ImpEx dr . jr7 (Apr 13)

Dr-Jr7

photokorn 1.53 , 1.542 << Sql Dr-Jr7 (Apr 25)

dumdidumdideldey

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup dumdidumdideldey (Apr 15)

Duncan Simpson

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Duncan Simpson (Apr 25)

easy . mask

BetaBoard Cross Site Scripting vulnerability easy . mask (Apr 17)

eEye Advisories

[EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow eEye Advisories (Apr 26)

Eliah Kagan

Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure Eliah Kagan (Apr 16)

Erwan David

Re: recursive DNS servers DDoS as a growing DDoS problem Erwan David (Apr 09)

Esteban Martinez Fayo

Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting Esteban Martinez Fayo (Apr 12)

eufrato

[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato (Apr 05)
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion eufrato (Apr 05)
[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure eufrato (Apr 10)

Evans, Arian

RE: redirection vuln crawlers breed & security through obscurity Evans, Arian (Apr 19)
RE: (addendum) redirection vuln crawlers breed & security through obscurity Evans, Arian (Apr 20)

fabio

Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS fabio (Apr 25)

Felix von Leitner

gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner (Apr 17)

fingerout

Linux Kernel Local DoS vulnerability. fingerout (Apr 09)

Florian Weimer

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer (Apr 18)

Forrest J. Cavalier III

Re: On product vulnerability history and vulnerability complexity Forrest J. Cavalier III (Apr 03)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III (Apr 18)

François Harvey

[SecuriWeb 2006.1] directory traversal in Asterisk () Home and ARI François Harvey (Apr 21)

franz

Re: Another Internet Explorer Address Bar Spoofing Vulnerability franz (Apr 04)
Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure franz (Apr 15)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-06:14.fpu FreeBSD Security Advisories (Apr 19)

Gabor Gombas

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas (Apr 19)

Gadi Evron

Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 01)
Re: On product vulnerability history and vulnerability complexity Gadi Evron (Apr 03)
Re: On product vulnerability history and vulnerability complexity Gadi Evron (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 09)

gboyce

RE: recursive DNS servers DDoS as a growing DDoS problem gboyce (Apr 01)

GentleSecurity Team

GeSWall 2.2 – Free Intrusion Prevention System for Windows GentleSecurity Team (Apr 01)

Geo.

RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 09)
RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 10)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 19)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Geo. (Apr 23)

gergero

Re: Limbo CMS code execution gergero (Apr 05)

hainamluke

Another Internet Explorer Address Bar Spoofing Vulnerability hainamluke (Apr 03)
Another way to spoof Internet Explorer Address Bar hainamluke (Apr 05)

H D Moore

Re: IE6 Crash H D Moore (Apr 10)

h e

TUGZip Archive Extraction Directory traversal h e (Apr 10)
blur6ex Local File Inclusion and SQL injection . h e (Apr 18)

hessam

Tiny PHP forum - vulns hessam (Apr 17)

Hubbard, Dan

RE: [BULK] - Websense Filter Bypass Hubbard, Dan (Apr 21)

Ian MacPhedran

Re: Apple Mac OS X Safari 2.0.3 Vulnerability Ian MacPhedran (Apr 30)

Ilker Temir

Re: Multiple vulnerabilities in Linux based Cisco products Ilker Temir (Apr 19)

info

RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities info (Apr 19)

infocus

Multiple PHP4/PHP5 vulnerabilities infocus (Apr 24)

inge . henriksen

Multiple browsers Windows mailto protocol Office 2003 file attachment exploit inge . henriksen (Apr 25)

iovdin

Re: Confixx 3.1.2 <= SQL Injection iovdin (Apr 13)
Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ? iovdin (Apr 15)

it_underground

IT Underground, London 2006 - call for papers it_underground (Apr 12)

Ivan Sergio Borgonovo

redirection vuln crawlers breed & security through obscurity Ivan Sergio Borgonovo (Apr 19)

izimask

Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability izimask (Apr 15)

jalvare7

Re: Buffer-overflow in Ultr () VNC 1.0.1 viewer and server jalvare7 (Apr 10)

Jamie Riden

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Jamie Riden (Apr 20)

Jasper Bryant-Greene

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Apr 05)
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Apr 05)

jat-public01

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01 (Apr 18)

Javier Olascoaga

Invision Power Board 2.1.5 POC Javier Olascoaga (Apr 30)

Javor Ninov

Re: On product vulnerability history and vulnerability complexity Javor Ninov (Apr 04)

Jean-Sébastien Guay-Leroux

Barracuda LHA archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux (Apr 04)
Barracuda ZOO archiver security bug leads to remote compromise Jean-Sébastien Guay-Leroux (Apr 04)
[Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security Jean-Sébastien Guay-Leroux (Apr 05)

Jeff Moss

Black Hat Call for Papers and Registration now open Jeff Moss (Apr 05)

jens

Re: Apple Mac OS X Safari 2.0.3 Vulnerability jens (Apr 26)

Jeremy Ashcraft

Re: Simplog <=0.9.2 multiple vulnerabilities Jeremy Ashcraft (Apr 15)

JiM / aEGIS

Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - JiM / aEGIS (Apr 18)

Jim Ley

Re: google xss Jim Ley (Apr 11)

Jim Pingle

Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 05)
Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 09)

Joachim Schipper

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Joachim Schipper (Apr 15)

john

Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup john (Apr 19)

John Biederstedt

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup John Biederstedt (Apr 23)

John Bond

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data John Bond (Apr 05)

John E. Fleming

RE: [BULK] - Websense Filter Bypass John E. Fleming (Apr 24)

john mullee

Re: On classifying attacks john mullee (Apr 03)

Juha-Matti Laurio

Re: RE: IBM Juha-Matti Laurio (Apr 15)

Julien L.

Avast Linux Home Edition (vulnerability on a temporary folder creation) Julien L. (Apr 15)

Justin Shore

RE: DoS-ing sysklogd? Justin Shore (Apr 03)

Kaveh Razavi

Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow Kaveh Razavi (Apr 24)
Fenice - Open Media Streaming Server remote BOF exploit Kaveh Razavi (Apr 25)

Kd

Re: Strengthen OpenSSH security? Kd (Apr 21)

Kevin Waterson

Re: phpMyAdmin 2.7.0-pl1 Kevin Waterson (Apr 15)

Kevin Wilcox

Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit Kevin Wilcox (Apr 15)

kim

Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability kim (Apr 20)

king_purba

MAXDEV CMS Multiple vulnerabilities king_purba (Apr 10)
Multiple vulnerability in jupiter CMS king_purba (Apr 10)
Vegadns blind sql injection and cross site scripting king_purba (Apr 10)

koper

Tlen.PL e-mail XSS vulnerability. koper (Apr 19)

Kornbrust, Alexander

RE: Recent Oracle exploit is _actually_ an 0day with no patch Kornbrust, Alexander (Apr 28)

kr4ch

phpMyAdmin 2.7.0-pl1 kr4ch (Apr 13)
FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass] kr4ch (Apr 17)

kvea

Re: XV multiple buffer overflows (update) kvea (Apr 26)

Lance James

PowerPoint Phishing Trojan Lance James (Apr 25)

Layer One

LayerOne 2006 - Finalized Speaker Line-Up Announced Layer One (Apr 10)

liz0

Matt Wright Guestbook Xss Script &#304;njection liz0 (Apr 10)
Shadowed Portal Cross Site Scripting liz0 (Apr 10)
Virtual War File &#304;nclusion liz0 (Apr 10)

Luigi Auriemma

Format string in Doomsday 1.8.6 Luigi Auriemma (Apr 04)
Buffer-overflow in Ultr () VNC 1.0.1 viewer and server Luigi Auriemma (Apr 04)
Re: Buffer-overflow in Ultr () VNC 1.0.1 viewer and server Luigi Auriemma (Apr 09)
Buffer-overflow and crash in Fenice OMS 1.10 Luigi Auriemma (Apr 24)
Denial of service bugs in OpenTTD 0.4.7 Luigi Auriemma (Apr 24)
Format string bug in Skulltag 0.96f Luigi Auriemma (Apr 24)

MaddHatter

Re: Strengthen OpenSSH security? MaddHatter (Apr 21)

mailinglist mailinglist

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sen mailinglist mailinglist (Apr 05)

Måns Nilsson

RE: recursive DNS servers DDoS as a growing DDoS problem Måns Nilsson (Apr 04)

Marc Deslauriers

[FLSA-2006:152873] Updated xine package fixes security issues Marc Deslauriers (Apr 09)
[FLSA-2006:152896] Updated mod_python package fixes a security issue Marc Deslauriers (Apr 09)
[FLSA-2006:156139] Updated tcpdump packages fix security issues Marc Deslauriers (Apr 09)
[FLSA-2006:156290] Updated cyrus-imapd packages fix security issues Marc Deslauriers (Apr 09)
[FLSA-2006:170411] Updated imap packages fix security issue Marc Deslauriers (Apr 09)
[FLSA-2006:183571-1] Updated tar package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:183571-2] Updated tar package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:180159] Updated unzip package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:184074] Updated pine package fixes security issue Marc Deslauriers (Apr 09)
[FLSA-2006:184098] Updated libc-client packages fixes security issue Marc Deslauriers (Apr 09)
[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue Marc Deslauriers (Apr 09)

Marco Ivaldi

Re: recursive DNS servers DDoS as a growing DDoS problem Marco Ivaldi (Apr 05)

Mario Contestabile

RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Mario Contestabile (Apr 21)

Martin Pitt

[USN-266-1] dia vulnerabilities Martin Pitt (Apr 03)
[USN-267-1] mailman vulnerability Martin Pitt (Apr 04)
[USN-268-1] Kaffeine vulnerability Martin Pitt (Apr 10)
[USN-269-1] xscreensaver vulnerability Martin Pitt (Apr 11)
[USN-270-1] xpdf vulnerabilities Martin Pitt (Apr 13)
[USN-271-1] Firefox vulnerabilities Martin Pitt (Apr 20)
[USN-272-1] cyrus-sasl2 vulnerability Martin Pitt (Apr 24)
[USN-273-1] Ruby vulnerability Martin Pitt (Apr 24)
[USN-274-1] MySQL vulnerability Martin Pitt (Apr 27)
[USN-275-1] Mozilla vulnerabilities Martin Pitt (Apr 27)

Martin Schulze

[SECURITY] [DSA 1000-2] New Apache2::Request packages fix denial of service Martin Schulze (Apr 03)
[SECURITY] [DSA 1031-1] New cacti packages fix several vulnerabilities Martin Schulze (Apr 09)
[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation Martin Schulze (Apr 09)
[SECURITY] [DSA 1028-1] New libimager-perl packages fix denial of service Martin Schulze (Apr 10)
[SECURITY] [DSA 1027-1] New mailman packages fix denial of service Martin Schulze (Apr 10)
[SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities Martin Schulze (Apr 10)
[SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities Martin Schulze (Apr 10)
[SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution Martin Schulze (Apr 10)
[SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution Martin Schulze (Apr 10)
[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution Martin Schulze (Apr 21)
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution Martin Schulze (Apr 22)
[SECURITY] [DSA 1040-1] New gdm packages fix local root exploit Martin Schulze (Apr 24)
[SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities Martin Schulze (Apr 24)
[SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution Martin Schulze (Apr 25)
[SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service Martin Schulze (Apr 25)
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Apr 26)
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Apr 26)
[SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution Martin Schulze (Apr 26)
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution Martin Schulze (Apr 28)
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Apr 28)

Matthias Geerdsen

[ GLSA 200604-03 ] FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module Matthias Geerdsen (Apr 04)

Matthijs

Re: Flaw in commonly used bash random seed method Matthijs (Apr 03)
Re: Flaw in commonly used bash random seed method Matthijs (Apr 04)
Re: Flaw in commonly used bash random seed method Matthijs (Apr 05)

mattmecham

Re: Invision Vulnerabilities, including remote code execution mattmecham (Apr 27)

Memisyazici, Aras

RE: Another way to spoof Internet Explorer Address Bar Memisyazici, Aras (Apr 09)

mfoxhacker

TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability mfoxhacker (Apr 30)

Michael Chamberlain

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain (Apr 18)

Michael Scheidell

RE: IBM Michael Scheidell (Apr 13)
RE: osCommerce "extras/" information/source code disclosure Michael Scheidell (Apr 16)

Michael Wojcik

RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik (Apr 18)

Michal Zalewski

Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski (Apr 11)
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Michal Zalewski (Apr 13)
MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 23)

Mike Hoskins

Re: Strengthen OpenSSH security? Mike Hoskins (Apr 20)

Mike Weller

RE: Invision Vulnerabilities, including remote code execution Mike Weller (Apr 30)

miky

Another flaw in Firefox 1.5.0.2: to open files from remote miky (Apr 18)

Milen Rangelov

DoS-ing sysklogd? Milen Rangelov (Apr 01)

moep

Serendipity Blog vuln moep (Apr 15)

Moonen, Ralph

Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance Moonen, Ralph (Apr 25)

Moritz Muehlenhoff

[SECURITY] [DSA 1022-1] New storebackup packages fix several vulnerabilities Moritz Muehlenhoff (Apr 05)
[SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Apr 09)
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 10)
[SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution Moritz Muehlenhoff (Apr 10)
[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation Moritz Muehlenhoff (Apr 12)
[SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 12)
[SECURITY] [DSA 1034-1] New horde2 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 15)
[SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation Moritz Muehlenhoff (Apr 16)
[SECURITY] [DSA 1036-1] New bsdgames packages fix local privilege escalation Moritz Muehlenhoff (Apr 17)

Moriyoshi Koizumi

Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi (Apr 04)
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Moriyoshi Koizumi (Apr 10)

Morning Wood

Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood (Apr 18)
Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS Morning Wood (Apr 18)

Mustafa Can Bjorn IPEKCI

ASPSitem <= 1.83 Remote SQL Injection Vulnerability Mustafa Can Bjorn IPEKCI (Apr 20)
dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 22)
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (Apr 22)
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 24)
Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI (Apr 24)

n0m3rcy

Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS n0m3rcy (Apr 15)
Shbablek Mail Vulnerablitiy - Cross-Site Scripting n0m3rcy (Apr 19)
FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility n0m3rcy (Apr 24)
BK Forum <= 4.0 Remote SQL Injection n0m3rcy (Apr 24)

Nate Eldredge

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge (Apr 19)

newslist () security-briefings com

New site about security conferences : www.security-briefings.com newslist () security-briefings com (Apr 20)

NGSSoftware Insight Security Research

Multiple critical and high risk issues in Oracle's database server NGSSoftware Insight Security Research (Apr 18)

Nick FitzGerald

RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Nick FitzGerald (Apr 21)

nobody

Re: Snipe Gallery <= 3.1.4 Multiple XSS nobody (Apr 17)

noch22

phpBB Admin command execution noch22 (Apr 15)
phpBB template file code execution noch22 (Apr 15)

noreply

Re: Bypassing ISA Server 2004 with IPv6 noreply (Apr 11)

no . spam

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup no . spam (Apr 19)

NSFOCUS Security Team

NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability NSFOCUS Security Team (Apr 24)
NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability NSFOCUS Security Team (Apr 24)

ntwak0

ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ntwak0 (Apr 24)

nukedx

Re: Mini-NUKE v2.3<<--- SQL Injection nukedx (Apr 21)
Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. nukedx (Apr 25)

office

Re: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 office (Apr 19)

offtopic

Re: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 09)
Re: Re[3]: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 21)

Oliver Goebel

IMF 2006 - Submission Deadline Extension Oliver Goebel (Apr 12)

omnipresent

bloggage Remote SQL Injection omnipresent (Apr 21)
RIblog Remote SQL Injection Exploit omnipresent (Apr 24)

optix_prorat100

Re: SQL injection in Invision Power Board v2.1.5 optix_prorat100 (Apr 10)

OS2A BTO

NASL 'Split' function Buffer overflow Vulnerability OS2A BTO (Apr 25)

outlaw

SQL Injection On DUportal outlaw (Apr 26)
XXS Attack On FarsiNews outlaw (Apr 26)
Local XXS Attack On CuteNews outlaw (Apr 26)
Cireos Portal Cross Site Scripting outlaw (Apr 28)
Neomail.pl Local Cross Site Scripting outlaw (Apr 28)
XSS Attack On DirectAdmin Hosting Managment outlaw (Apr 30)

o . y . 6

MyBB 1.10 New CrossSiteScripting o . y . 6 (Apr 03)
ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz o . y . 6 (Apr 05)
MyBB 1.10 'newthread.php' < CrossSiteScripting > o . y . 6 (Apr 10)
MyBB 1.10 New XSS ' member.php ' o . y . 6 (Apr 13)
MyBB 1.10 New CrossSiteScripting ' member.php ' o . y . 6 (Apr 13)
FlexBB 0.5.5 Bypass Exploit o . y . 6 (Apr 17)
WWWThread RC 3 MultBugs o . y . 6 (Apr 19)
FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection o . y . 6 (Apr 23)
MyBB 1.1.1 Local SQL Injections o . y . 6 (Apr 27)

pagvac

Re: google xss pagvac (Apr 12)

paolo . difebbo

Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC) paolo . difebbo (Apr 03)

Paul Stepowski

Re: recursive DNS servers DDoS as a growing DDoS problem Paul Stepowski (Apr 01)

Paul Wouters

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Paul Wouters (Apr 19)

pc . tech2

Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability pc . tech2 (Apr 09)

phaas

Re: Buffer-overflow in Ultr () VNC 1.0.1 viewer POC phaas (Apr 12)

ptt

IBM ptt (Apr 11)

putosoft softputo

Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo (Apr 19)

qex

Tiny Web Gallery <= 1.4 XSS qex (Apr 16)
PhpGuestbook <= 1.0 XSS qex (Apr 16)
FlexBB <= 0.5.7 BETA XSS qex (Apr 16)
Boardsolution <= 1.12 XSS qex (Apr 16)
Snipe Gallery <= 3.1.4 Multiple XSS qex (Apr 16)
ShoutBOOK <= 1.1 XSS qex (Apr 17)
Neuron Blog <= 1.1 XSS qex (Apr 17)
AnimeGenesis <= XSS qex (Apr 17)
axoverzicht.cgi <= XSS qex (Apr 18)
ThWboard <= 3 Beta 2.84 SQL Injection Qex (Apr 19)
4images <= 1.7 XSS qex (Apr 21)
Websense Filter Bypass qex (Apr 21)
r57shell.php <= 1.3 XSS qex (Apr 21)
Instant Photo Gallery <= Multiple XSS qex (Apr 25)
Instant Photo Gallery <= Multiple XSS qex (Apr 25)
DevBB <= 1.0.0 XSS qex (Apr 26)
Open Bulletin Board < Multiple Vulnerability qex (Apr 26)

r0xes . ratm

XMB Forum 1.9.5-Final XSS r0xes . ratm (Apr 10)
RevoBoard [email] tag XSS r0xes . ratm (Apr 13)
W-Agora 4.20 XSS r0xes . ratm (Apr 30)
TextFileBB 1.0.16 Multiple XSS r0xes . ratm (Apr 30)

r57shell

a Yahoo Vulnerability r57shell (Apr 15)

raven

Re: Cantv/Movilnet's Web SMS vulnerability. raven (Apr 03)

Recon

Recon 2006: speaker lineup announcement Recon (Apr 13)

RedTeam Pentesting

PAJAX Remote Code Injection and File Inclusion Vulnerability RedTeam Pentesting (Apr 15)

Renaud Deraison

Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison (Apr 25)
Re: NASL 'Split' function Buffer overflow Vulnerability Renaud Deraison (Apr 25)

revnic

TalentSoft Web+Shop Path Disclosure revnic (Apr 13)

rey . gigataras

Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability rey . gigataras (Apr 19)

rgod

ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution rgod (Apr 04)
PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions) rgod (Apr 10)
PHPMyChat <= 0.14.5 remote commands execution rgod (Apr 10)
PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection rgod (Apr 10)
PHPList <= 2.10.2 remote commands execution rgod (Apr 10)
Simplog <=0.9.2 multiple vulnerabilities rgod (Apr 12)
osCommerce "extras/" information/source code disclosure rgod (Apr 15)
PHP Album <= 0.3.2.3 remote commnads execution rgod (Apr 16)
- PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - rgod (Apr 17)
PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn rgod (Apr 20)
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn rgod (Apr 20)

rg . viza

Re: Re: PHPList <= 2.10.2 remote commands execution rg . viza (Apr 11)

Richard Horsman

[SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability Richard Horsman (Apr 05)

robert

Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion robert (Apr 15)

robsekeris

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup robsekeris (Apr 20)

Romain . Le . Guen

Bypassing ISA Server 2004 with IPv6 Romain . Le . Guen (Apr 04)

Romain . Le-Guen

Re: Re: Bypassing ISA Server 2004 with IPv6 Romain . Le-Guen (Apr 09)

root__

Jbook Cross Site Scripting root__ (Apr 10)
phpMyForum Cross Site Scripting & CRLF injection root__ (Apr 10)
PHPWebGallery Multiple Cross Site Scripting Vulnerabilities root__ (Apr 10)

Ross Wheeler

Re: recursive DNS servers DDoS as a growing DDoS problem Ross Wheeler (Apr 09)

Roy . Batty

Ad-Aware Revisited Roy . Batty (Apr 20)

rubengarrote

XSS Bug in Cherokee Webserver rubengarrote (Apr 10)

satanchild123

SQL injection exploit IPB <= 2.1.4 satanchild123 (Apr 27)

scott

Re: vbulletin<--3.0.x SQL Injection scott (Apr 24)

Sean Scott

RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Sean Scott (Apr 25)

secfoc

Re: PHPList <= 2.10.2 remote commands execution secfoc (Apr 11)

Secunia Research

Secunia Research: AN HTTPD Script Source Disclosure Vulnerability Secunia Research (Apr 03)
Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities Secunia Research (Apr 13)
Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow Secunia Research (Apr 26)
Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability Secunia Research (Apr 28)

Secure

[Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation Secure (Apr 18)
[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities secure (Apr 21)

securiteam

SAXoPRESS - directory traversal securiteam (Apr 12)
Re: SAXoPRESS - directory traversal aka Saxotech Online securiteam (Apr 15)

security

[ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability security (Apr 04)
[ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities security (Apr 04)
[ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty security (Apr 09)
[ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities security (Apr 09)
[ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability security (Apr 10)
[ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities security (Apr 10)
[ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability security (Apr 11)
[ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability security (Apr 11)
[ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability security (Apr 12)
[ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities security (Apr 18)
[ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities. security (Apr 25)
[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability security (Apr 25)
[ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities security (Apr 25)
[ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities security (Apr 26)
[ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability security (Apr 26)

security-alert

[security bulletin] HPSBPI2109 SSRT061141 rev.1 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information security-alert (Apr 04)
[security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 09)
[security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS) security-alert (Apr 10)
[security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access security-alert (Apr 10)
[security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 13)
[security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 19)
[security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access security-alert (Apr 20)
[security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS) security-alert (Apr 20)
[security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Apr 27)
[security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access security-alert (Apr 27)
[security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006 security-alert (Apr 27)

security curmudgeon

Re: Instant Photo Gallery <= Multiple XSS security curmudgeon (Apr 27)

selfar2002

INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit selfar2002 (Apr 11)
AzDGVote File inclusion selfar2002 (Apr 11)
phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit selfar2002 (Apr 13)
SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit selfar2002 (Apr 13)

sh0rtie

Re: Another Internet Explorer Address Bar Spoofing Vulnerability sh0rtie (Apr 10)

shaun

Re: phpWebsite <= SQL Injection (friend.php) & (article.php) shaun (Apr 13)

Siegfried

Re: [Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)
Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Siegfried (Apr 01)

silentproducts

Myspace.com - Intricate Script Injection silentproducts (Apr 10)

simo64

Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload simo64 (Apr 09)
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites simo64 (Apr 21)

Simon Boulet

Re: recursive DNS servers DDoS as a growing DDoS problem Simon Boulet (Apr 05)

sn4k3 . 23

Confixx 3.1.2 <= Cross Site Scripting Vuln sn4k3 . 23 (Apr 11)
Confixx 3.1.2 <= SQL Injection sn4k3 . 23 (Apr 11)
CuteNews 1.4.1 <= Cross Site Scripting sn4k3 . 23 (Apr 19)

somebody

Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup somebody (Apr 19)

somerandomaddress99

Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup somerandomaddress99 (Apr 19)

Soothackers

Clansys Multiple Xss Vulnerabilities Soothackers (Apr 13)
PatroNet CMS Xss Vuln Soothackers (Apr 13)

Sowhat

Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities Sowhat (Apr 11)
Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability Sowhat (Apr 12)
WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability Sowhat (Apr 28)

sp3x

Re: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 sp3x (Apr 15)

spam

Invision Vulnerabilities, including remote code execution spam (Apr 25)

spic

Re: VWar Path Disclosure spic (Apr 30)

SRC Telindus

[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access SRC Telindus (Apr 11)

Stan Bubrouski

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Stan Bubrouski (Apr 15)

Stefan Cornelius

[ GLSA 200604-01 ] MediaWiki: Cross-site scripting vulnerability Stefan Cornelius (Apr 04)
[ GLSA 200604-02 ] Horde Application Framework: Remote code execution Stefan Cornelius (Apr 04)
[ GLSA 200604-05 ] Doomsday: Format string vulnerability Stefan Cornelius (Apr 10)

Stefan Lochbihler

Neon Responder (Dos,Exploit) Stefan Lochbihler (Apr 17)

stend

Re: IBM stend (Apr 13)

Steven M. Christey

Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Steven M. Christey (Apr 01)
Re: On product vulnerability history and vulnerability complexity Steven M. Christey (Apr 03)
Re: On product vulnerability history and vulnerability complexity Steven M. Christey (Apr 04)
Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey (Apr 09)
Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2 Steven M. Christey (Apr 12)
Re: Multiple vulnerabilities in Blur6ex Steven M. Christey (Apr 13)
Re: QuickBlogger v1.4 Cross-Site Scripting Steven M. Christey (Apr 15)
Re: CuteNews 1.4.1 <= Cross Site Scripting Steven M. Christey (Apr 20)
Re: Invision Vulnerabilities, including remote code execution Steven M. Christey (Apr 26)
Re: Instant Photo Gallery <= Multiple XSS Steven M. Christey (Apr 27)
Re: Recent Oracle exploit is _actually_ an 0day with no patch Steven M. Christey (Apr 28)

Steve VanDevender

Re: Flaw in commonly used bash random seed method Steve VanDevender (Apr 10)

stormhacker

SimpleBBS v1.1(posts.php) remote command execution stormhacker (Apr 13)

Sune Kloppenborg Jeppesen

[ GLSA 200604-04 ] Kaffeine: Buffer overflow Sune Kloppenborg Jeppesen (Apr 10)
[ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 10)
[ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service Sune Kloppenborg Jeppesen (Apr 21)
[ GLSA 200604-10 ] zgv, xzgv: Heap overflow Sune Kloppenborg Jeppesen (Apr 21)
[ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import Sune Kloppenborg Jeppesen (Apr 24)
[ GLSA 200604-13 ] fbida: Insecure temporary file creation Sune Kloppenborg Jeppesen (Apr 24)
[ GLSA 200604-15 ] xine-ui: Format string vulnerabilities Sune Kloppenborg Jeppesen (Apr 26)
[ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Apr 26)
[ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors Sune Kloppenborg Jeppesen (Apr 27)

susam . pal

XSS Vulnerability in Guest-book script powered by Community Architect susam . pal (Apr 19)

susam_pal

SQL Injection in incredibleindia.org susam_pal (Apr 20)

t4h4

Phpwebgallery <= 1.4.1 SQL injection Vulnerability t4h4 (Apr 03)

tel

IE6 Crash tel (Apr 10)

testx444

Fortinet28 box does not resist has small synflood! testx444 (Apr 19)

the_day

BL4's SMTP server BufferOverflow Vulnerable the_day (Apr 28)
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability the_day (Apr 28)

theguywhocouldwipeyourphpBB

Re: Re: Re: phpBB 2.06 search.php SQL injection theguywhocouldwipeyourphpBB (Apr 01)

Theo de Raadt

Re: Strengthen OpenSSH security? Theo de Raadt (Apr 21)

Thierry Carrez

[ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb Thierry Carrez (Apr 15)
[ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability Thierry Carrez (Apr 17)
[ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution Thierry Carrez (Apr 22)
[ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez (Apr 24)
[ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez (Apr 28)

Thierry Zoller

Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow Thierry Zoller (Apr 15)

Thomas Guyot-Sionnest

RE: recursive DNS servers DDoS as a growing DDoS problem Thomas Guyot-Sionnest (Apr 04)

Thomas Hochstein

Re: redirection vuln crawlers breed & security through obscurity Thomas Hochstein (Apr 23)

Thor (Hammer of God)

Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 17)
Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 19)
Re: Re[3]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 21)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 23)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Thor (Hammer of God) (Apr 25)

Tim

Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 05)

Tom Ferris

Re: Apple Mac OS X Safari 2.0.3 Vulnerability Tom Ferris (Apr 25)

tranceformer

Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability tranceformer (Apr 15)

uid0

SQuery <= 4.5 Remote File Inclusion Exploit uid0 (Apr 01)
PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit uid0 (Apr 01)
VWar <= 1.5.0 R12 Remote File Inclusion Exploit uid0 (Apr 03)

Victor Brilon

Re: Vulnerabilities in MOD Victor Brilon (Apr 16)

visitbipin

NOD32 local privilege escalation vulnerability visitbipin (Apr 05)

Vladimir Levijev

Re: google xss Vladimir Levijev (Apr 13)

w3 . _

Xss In SaphpLesson3.0 w3 . _ (Apr 09)
Xss In ar-blog v 5.2 W3 . _ (Apr 15)
Xss In bMachine 2&#1643;7 W3 . _ (Apr 17)

xcon

Welcome to XCon2006 in China! xcon (Apr 09)

xx_hack_xx_2004

SQL Injection in Softbiz Image Gallery xx_hack_xx_2004 (Apr 03)

yamcho

DbbS<=2.0-alpha Multiple Vulnerabilities yamcho (Apr 17)

Yannick von Arx

[no subject] Yannick von Arx (Apr 27)

zachofalltrades

Re: Multiple Vulnerabilities in LucidCMS zachofalltrades (Apr 19)

zdi-disclosures

ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability zdi-disclosures (Apr 11)
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow zdi-disclosures (Apr 13)
ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability zdi-disclosures (Apr 15)
ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability zdi-disclosures (Apr 17)
ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability zdi-disclosures (Apr 26)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault