Home page logo
/

439 messages starting Dec 01 06 and ending Dec 30 06
Date index | Thread index | Author index

Friday, 01 December

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures
Invision Gallery 2.0.7 SQL Injection Vulnerability infection
Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability emin
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation Steve Kemp
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability security
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability security
rPSA-2006-0221-1 openldap openldap-clients openldap-servers rPath Update Announcements
[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites Advisory
deV!L`z Clanportal - Arbitrary File Upload [061124b] Tim Weber
deV!L`z Clanportal - SQL Injection [061124a] Tim Weber
Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability dh
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite Noah Meyerhans
Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability Matousec - Transparent security Research
rPSA-2006-0220-1 dovecot rPath Update Announcements
Aspee Ziyareti Defteri (tr) Sql injection Vuln. ShaFuq31

Saturday, 02 December

iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability iDefense Labs
[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability iDefense Labs
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability Dude VanWinkle
rPSA-2006-0224-1 gnupg rPath Update Announcements
TSLSA-2006-0068 - multi Trustix Security Advisor
Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Simon Josefsson
rPSA-2006-0222-1 tar rPath Update Announcements
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability -= SHELL =- -= SHELL =-
[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability security
[Aria-Security Team] DuWare DuNews SQL Injection Vuln Advisory
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln Advisory
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln Advisory
PHPNews 1.3.0 XSS emulamex
KhaledMuratList mdb blasterim
[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability security
[Aria-Security Team] DuWare DuDownloads SQL Injection Vuln Advisory
CuteNews 1.3.6 XSS emulamex
[Aria-Security Team] DuWare DuForum SQL Injection Vuln Advisory
[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln Advisory

Monday, 04 December

[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS ISecAuditors Security Advisories
listpics v5 blasterim
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail ISecAuditors Security Advisories
Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln. ShaFuq31
[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail ISecAuditors Security Advisories
fl0p - passive L7 flow fingerprinting Michal Zalewski
Online BookMarks Multiple SQL Injection/XSS Vulnerabilities security
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
SMF upload XSS vulnerability Jessica Hope
2[xss]Vulnerabilities in Script Mobile Ac4p.com gamr-14
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting ajannhwt
MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit ajannhwt
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution Moritz Muehlenhoff
Vt-Forum Lite System V.1.3 Xss Vuln. starext
Re: UPublisher Exploit - Superfreaker me
[Aria-Security Team] uGestBook SQL Injection Vuln Advisory
Re: Invision Gallery 2.0.7 SQL Injection Vulnerability emin
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze
Multiple bugs in TFT-Gallery nj
[USN-392-1] xine-lib vulnerability Kees Cook
F-Prot Antivirus for Unix: heap overflow and Denial of Service research
Re: aBitWhizzy [local file include] john . goodman
[USN-391-1] libgsf vulnerability Kees Cook
[ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability security
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team
XSS in JAB Guest Book nj
rPSA-2006-0211-2 doxygen libpng rPath Update Announcements

Tuesday, 05 December

Re: Multiple bugs in TFT-Gallery simo64
new xss in modbb forum h angel
TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities TSRT
SNORT Covered channels detector patch fryxar fryxar
[KOffice security advisory] KOffice OLEfilter integer overflow Dirk Mueller
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell
Re: GnuPG 1.4 and 2.0 buffer overflow Damien Miller
Re: [Aria-Security Team] uGestBook SQL Injection Vuln Stuart Moore
Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit 3APA3A
Re: Evolve Merchant[ injection sql ] tony
URL Rdirecction Bug Yahoo matrix
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features Mariano Nuñez Di Croce
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal Mariano Nuñez Di Croce
DistrRTgen 1.0 launched! Martin Jørgensen
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution Moritz Muehlenhoff
Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God)
EasyPage Portal ( all ver )SQL Injection matrix
Re: Symantec LiveState Agent for Windows vulnerabi Damjan
eEye's Zero-Day Tracker Launch chinese soup
Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln saps . audit
Re: Symantec LiveState Agent for Windows vulnerabi eugeny gladkih
Re: EasyPage Portal ( all ver )SQL Injection saps . audit
[security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert
HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert

Wednesday, 06 December

Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability eEye Advisories
[ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability security
[USN-390-2] evince vulnerability Kees Cook
Barracuda Convert-UUlib library buffer overflow leads to remote compromise Jean-Sébastien Guay-Leroux
Internet Explorer 6. CSS Expression Denial of Service (P.o.C.) José Carlos Nieto Jarquín
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) José Carlos Nieto Jarquín
Uploadscript Vulnerabilities: Text file Hash password hack2prison
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:26.gtar FreeBSD Security Advisories
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution Martin Schulze
Oracle PL/SQL Fuzzing Tool Joxean Koret
BTSaveMySql 1.2 (acces to config files) sn0oPy . team
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell
Multiple Vendor Unusual MIME Encoding Content Filter Bypass Hendrik Weimer
SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability research
GnuPG: remotely controllable function pointer [CVE-2006-6235] Werner Koch
rPSA-2006-0226-1 kernel rPath Update Announcements
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability security
rPSA-2006-0227-1 gnupg rPath Update Announcements

Thursday, 07 December

Microsoft 0-day word vulnerability - Secunia - Extremely critical Ryan Buena
New MySpace worm could be on its way pdp (architect)
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability zdi-disclosures
[ GLSA 200612-01 ] wv library: Multiple integer overflows Sune Kloppenborg Jeppesen
Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger
Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability info
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability TSRT
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Andrew Simmons
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Gadi Evron
Re: XSS in JAB Guest Book Steven M. Christey
Some Thoughts about Office Open XML and Malware Detection Jan P. Monsch
[USN-393-1] GnuPG vulnerability Kees Cook
Re: The Week of Oracle Database Bugs Tony Jambu
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Luke Borg
phpbb 2.0.x [xss] saps . audit
[USN-390-3] evince-gtk vulnerability Kees Cook
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Juha-Matti Laurio
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass michele.sandrelli () katamail com
Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass 3APA3A
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit crackers_child
Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm
[USN-393-2] GnuPG2 vulnerabilities Kees Cook
DUdirectory Admin Panel SQL Injection Meftun

Friday, 08 December

[OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg) OpenPKG GmbH
EEYE: Intel Network Adapter Driver Local Privilege Escalation eEye Advisories
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting Advisory
[Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting Advisory
[Aria-Security Team] cPanel BoxTrapper Cross Site Scripting Advisory
TSLSA-2006-0070 - multi Trustix Security Advisor
[OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar) OpenPKG GmbH
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow Steve Kemp
Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written Juha-Matti Laurio
Midicart vulerable ifx
[CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability Williams, James K
[USN-394-1] Ruby vulnerability Kees Cook
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup
LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories
LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories
Animated Smiley Generator File Include Vul. starext
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass cxib
PhpBB Toplist 1.3.7 Xss Vuln. starext
ASX Playlists and Jumping to Conclusions Sûnnet Beskerming

Saturday, 09 December

Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch
iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability iDefense Labs
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability iDefense Labs
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability iDefense Labs
Re: XSS in JAB Guest Book Barnz
Call For Papers: SecurityOPUS 2007 Sharkey
[ GLSA 200612-02 ] xine-lib: Buffer overflow Sune Kloppenborg Jeppesen
KDPics Multiple Vulnerabities mr_kaliman
ProNews V1.5 XSS & SQL Injection mr_kaliman
Messageriescripthp V2.0 XSS & SQL Injection mr_kaliman
AnnonceScriptHP V2.0 Multiple Vulnerabilities mr_kaliman
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1232-1] New clamav packages fix denial of service Moritz Muehlenhoff

Monday, 11 December

[ GLSA 200612-04 ] ModPlug: Multiple buffer overflows Raphael Marichez
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities Dann Frazier
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz robert
D-LINK DWL-2000AP+ remote DoS poplix
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez
[SBDA] - ColdFusion MX7 - Multiple Vulnerabilities Brett Moore
Unauthenticated access to IBM Host On-Demand administration pages Ferguson, David (Kansas City)
[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities security
RFIDIOt release - version 0.1i Adam Laurie
Firefox 2.0 security bug: Extensions can hide themself azurIt
ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez
Multiple vulnerabilities in Winamp Web Interface 7.5.13 Luigi Auriemma
[ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities Raphael Marichez
Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document Juha-Matti Laurio
Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio
looking for security community input Gadi Evron
shopsite advisory DoZ
[ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities Raphael Marichez
Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability Secunia Research
Re: Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio
Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup Williams, James K
[ GLSA 200612-10 ] Tar: Directory traversal vulnerability Matthias Geerdsen
The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio
Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup Williams, James K

Tuesday, 12 December

[ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez
RFID access control tokens widely open to cloning Adam Laurie
[ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities Raphael Marichez
Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow Secunia Research
[ GLSA 200612-05 ] KOffice shared libraries: Heap corruption Sune Kloppenborg Jeppesen
[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability security
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez
Re: The newest Word flaw is due to malformed data structure handling Alexander Sotirov
[ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability security
OpenLDAP kbind authentication buffer overflow Solar Eclipse
[SBDA] SiteKiosk - FileSystem Access Brett Moore
Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability rko . thelegendkiller
rPSA-2006-0230-1 evince rPath Update Announcements
rPSA-2006-0231-1 squirrelmail rPath Update Announcements
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability zdi-disclosures
Re: [fuzzing] OWASP Fuzzing page Joxean Koret
Re: PHP 5.2.0 session.save_path safe_mode and open_basedir bypass Ismail Donmez
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability zdi-disclosures
BLOG:CMS Remote file include Vulnerability security
Re: The newest Word flaw is due to malformed data structure handling Dave \"No, not that one\" Korn
Secunia Research: Internet Explorer Script Error Handling Memory Corruption Secunia Research
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities Sune Kloppenborg Jeppesen
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability zdi-disclosures
[ GLSA 200612-13 ] libgsf: Buffer overflow Sune Kloppenborg Jeppesen
[ GLSA 200612-14 ] Trac: Cross-site request forgery Sune Kloppenborg Jeppesen
Re: shopsite advisory bugtraq
ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability zdi-disclosures
Re: Re: The newest Word flaw is due to malformed data structure handling test

Wednesday, 13 December

iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability iDefense Labs
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service Steve Kemp
Re: worksystem => Remote File Include Vulnerability Exploit Laurent . van_den_reysen
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service Steve Kemp
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks Steve Kemp
ASP Cmd Shell On IIS 5.1 Brett Moore
IBM DB2 Remote DoS during CONNECT processing Team SHATTER
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability zdi-disclosures
ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability zdi-disclosures
CORE-2006-1127: ProFTPD Controls Buffer Overflow CORE Security Technologies Advisories

Thursday, 14 December

Re: The newest Word flaw is due to malformed data structure handling Steven M. Christey
Call for papers and presenters - Dec. 15th deadline Mike Allgeier
The (in)security of Xorg and DRI Darren Reed
[ GLSA 200612-16 ] Links: Arbitrary Samba command execution Raphael Marichez
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Jerome Athias
GenesisTrader v1.0 - Multiple Vulnerabilities mr_kaliman
HyperAccess - Multiple Vulnerabilities Brett Moore
[USN-380-2] avahi regression Martin Pitt
rPSA-2006-0232-1 libgsf rPath Update Announcements
Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey
[ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability security
[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability security
NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page Gadi Evron
[CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities Williams, James K
Re: The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio
[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security
iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Labs
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Juha-Matti Laurio
Re: iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Labs
Re: Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey
[ GLSA 200612-17 ] GNU Radius: Format string vulnerability Raphael Marichez
Kerio MailServer < 6.3.1 remote Denial of Service research
[ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH Sune Kloppenborg Jeppesen

Friday, 15 December

Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Gadi Evron
CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th) Dragos Ruiu
Top 10 Real Computer Crimes for 2007 Pete Herzog
[ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability security
BitDefender AV Packed PE File Parsing Engine Heap Overflow security
TSLSA-2006-0072 - clamav Trustix Security Advisor
Windows Explorer WMV File Denial Of Service Vulnerability sehato
[USN-396-1] gdm vulnerability Kees Cook
Windows Media MID File Denial Of Service Vulnerability sehato
[security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access security-alert
Project Server 2003 - Credential Disclosure Brett Moore
Re: The (in)security of Xorg and DRI Nicolas RUFF
Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit
Bypassing process identification of several personal firewalls and HIPS Matousec - Transparent security Research
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Bruno Lustosa
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Josh Bressers
[OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd) OpenPKG GmbH

Saturday, 16 December

Drone Armies C&C Report - 15 Dec 2006 c2report
RE: Windows Explorer WMV File Denial Of Service Vulnerability Ulises Cuñé
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Dragos Ruiu
XSS in gmial google gamr-14
Do&#287;antepe Ziyareti Defteri (tr) Sql Injection Vuln. ShaFuq31
Odysseus 2.0 / Telemachus 1.0 (Beta) Dave
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! willysr
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! bastyaelvtars
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! ox90x86
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! George Yobst
Contra Haber Sistemi v1.0 SqL Injection Vuln. ShaFuq31
[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities DoZ
Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Hunger
Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs. Pasi Sjoholm

Monday, 18 December

[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities Dann Frazier
[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution Moritz Muehlenhoff
Re: The (in)security of Xorg and DRI Darren Reed
Cisco not honoring update promises? Michael Scheidell
HyperVM Cross-Site Scripting Advisory
Re: The (in)security of Xorg and DRI Darren Reed
RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability saudi
SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response research
Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow Secunia Research
Checkpoint NG3 ICMP Flood bdmoraes
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! p . kerr
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Kamchybek Jusupov
Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Marcus Meissner
[ GLSA 200612-18 ] ClamAV: Denial of Service Sune Kloppenborg Jeppesen
Re: Cisco not honoring update promises? rsmoak
Re: Checkpoint NG3 ICMP Flood Michael Schwartzkopff
Re: Checkpoint NG3 ICMP Flood Hugo van der Kooij
[security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS) security-alert

Tuesday, 19 December

[ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability security
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability security
HITBSecConf2007 - Dubai - Call for Papers now open! Praburaajan
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities 7all7
Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo. filip . palian
New Skype Worm Christopher Mosby
HP Printers FTP Server Denial Of Service Joxean Koret
RE: [BULK] - New Skype Worm Hubbard, Dan
Trend Micro's Vista "0day exploit auction" claim Ryan Meyer
xss in Support Cards v1 ( oSTicket ) l . d . 0
Burak Yilmaz Download Portal Sql Injection Vuln. ShaFuq31
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit none
Oracle <= 9i / 10g File System Access via utl_file Exploit none
Multiple Bugs in MINI WEB SHOP xx_hack_xx_2004
MkPortal Urlobox Cross Site Request Forgery info
RE: Cisco not honoring update promises? Michael Scheidell

Wednesday, 20 December

ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability zdi-disclosures
SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability SEC Consult Research
Oracle Portal 10g HTTP Response Splitting putosoft softputo
NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory security
Mono XSP ASP.NET Server sourcecode disclosure vulnerability jose . palanco
Re: Oracle <= 9i / 10g File System Access via utl_file Exploit sumit kumar soni
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting Brian Eaton
[security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege security-alert
[security bulletin] HPSBST02180 SSRT061288 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-072 Through MS06-078 security-alert
[ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability Raphael Marichez
[ GLSA 200612-20 ] imlib2: Multiple vulnerabilities Raphael Marichez
[ GLSA 200612-21 ] Ruby: Denial of Service vulnerability Raphael Marichez
RE: Trend Micro's Vista "0day exploit auction" claim Roger A. Grimes
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip quincy
RE: Trend Micro's Vista "0day exploit auction" claim Simple Nomad
[USN-397-1] mono vulnerability Kees Cook

Thursday, 21 December

[CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability Williams, James K
[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus) OpenPKG GmbH
NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory security
Re: Oracle <= 9i / 10g File System Access via utl_file Exploit Marco Ivaldi
Fun with event logs (semi-offtopic) 3APA3A
Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A
Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) 3APA3A
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution Steve Kemp
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A
[ MDKSA-2006:234 ] - Updated mono packages fix vulnerability security
Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip 3APA3A
RE: [Full-disclosure] Fun with event logs (semi-offtopic) Michele Cicciotti
Re: Enforcing Java Security Manager in Restricted Windows Environments? jim
Re: [Full-disclosure] Fun with event logs (semi-offtopic) endrazine
Ixprim CMS 1.2 Remote Blind SQL Injection Exploit gmdarkfig
RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) Michele Cicciotti
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov
SQID v0.1 - SQL Inhection Digger. contact
Re: Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images matthieu . paineauSTOPSPAM
[TOOL] untidy - XML Fuzzer Andres Riancho
Re: RE: Trend Micro's Vista "0day exploit auction" claim agoodhez1
Re: Trend Micro's Vista "0day exploit auction" claim Simple Nomad
Re: MkPortal Urlobox Cross Site Request Forgery securityfocus
[OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby) OpenPKG GmbH
Re: MkPortal Urlobox Cross Site Request Forgery securityfocus
OpenSER 1.1.0 parse_config buffer overflow vulnerability sapheal
PWDumpX updated (includes CacheDump functionality) Reed Arvin
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Pukhraj Singh
Re: Oracle Portal 10g HTTP Response Splitting majororacle
RE: Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch
Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Juha-Matti Laurio

Friday, 22 December

RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Michele Cicciotti
Xt-News 0.1 : SQL Injection Vulnerability & XSS mr_kaliman
rPSA-2006-0234-1 firefox rPath Update Announcements
Oracle Applications/Portal 9i/10g Cross Site Scripting putosoft softputo
Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Thierry Zoller
TSLSA-2006-0074 - multi Trustix Security Advisor
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting putosoft softputo
Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Mike
SQID v0.2 - SQL Injection Digger. contact

Saturday, 23 December

Re: Multiple Remote Vulnerabilities in KISGB 3APA3A
Re: Multiple Remote Vulnerabilities in KISGB str0ke
ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability zdi-disclosures
ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability zdi-disclosures
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability zdi-disclosures
Efkan Forum v1.0 SqL Inj. Vuln. ShaFuq31
Multiple Bugs in Future Internet ( XSS & SQL Injection ) xx_hack_xx_2004

Monday, 25 December

iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability iDefense Labs
Okul Merkezi Portal v1.0 Remote File IncLude Vuln. ShaFuq31
Chatwm V1.0 SqL Injection Vuln. ShaFuq31
Fishyshoop Security Vulnerability James Gray
TimberWolf 1.2.2 vulnerable to XSS corrado . liotta
Forum AnyBoard - Sql Inyection By Firewall Firewall1954
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure") Amit Klein
XSS with Vbulletin (new idea !) ashraf1984
[SECURITY] [DSA 1241-1] New squirrelmail packages fix cross-site scripting Moritz Muehlenhoff
PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities DoZ

Tuesday, 26 December

Cahier de texte V2.2 Bypass general access protection exploit gmdarkfig
phpcms <=- 1.1.7 Remote File Inclusion Zarloule04
PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability xorontr
LuckyBot v3 Remote File Include i-k-t
HLStats Remote SQL Injection Exploit nospam
XSS - CMS Made Simple v1.0.2 Curtis Zimmerman
logahead UNU edition 1.0 Remote File Upload & code execution corrado . liotta
[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser) OpenPKG GmbH
[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links) OpenPKG GmbH
Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure") Martin Johns
Re: phpcms <=- 1.1.7 Remote File Inclusion Stuart Moore

Wednesday, 27 December

Re: phpcms <=- 1.1.7 Remote File Inclusion Hugo van der Kooij
Re: LuckyBot v3 Remote File Include Stuart Moore
Re: The (in)security of Xorg and DRI Pavel Kankovsky
Re: XSS with Vbulletin (new idea !) bas
Host directory full disclosure and input error hack2prison
Secure Login Manager Multiple Input Validation Vulnerabilities DoZ
Re: Cross site scripting & fullpath disclosure james . brown
NtRaiseHardError Csrss.exe memory Disclosure exploit Reversemode
ShmooCon Announcement B Potter

Thursday, 28 December

[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution Moritz Muehlenhoff
Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities xorontr
[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution Moritz Muehlenhoff
OpenSER OSP Module remote code execution sapheal
Re: XSS with Vbulletin (new idea !) l . d . 0
SMS handling OpenSER remote code executing sapheal
Re: XSS - CMS Made Simple v1.0.2 nanoymaster
[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m) OpenPKG GmbH
Re: XSS with Vbulletin (new idea !) micmast
[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff

Friday, 29 December

XSS in script Mobilelib GOLD v2 gamr-14
XSS with default page parameter in Oracle Portal 10g duchaikhtn
QuickCam linux device driver allows arbitrary code execution sapheal
LDU <= 8.x (journal.php) SQL Injection Vulnerability starext
DoceboLMS Xss Vuln. starext
Re: XSS in script Mobilelib GOLD v2 gamr-14

Saturday, 30 December

csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit Reversemode
MythControl (MythTV remote control) arbitrary code execution sapheal
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit inge_eivind . henriksen
[vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability vulnpost-remove
Enigma Coppermine Bridge (boarddir) Remote File Include xorontr
Enigma WordPress Bridge (boarddir) Remote File Include xorontr
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]