Home page logo
/

519 messages starting Jan 01 06 and ending Feb 01 06
Date index | Thread index | Author index

Sunday, 01 January

[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities XFOCUS Security Team

Tuesday, 03 January

[ GLSA 200601-01 ] pinentry: Local privilege escalation Thierry Carrez
[USN-234-1] cpio vulnerability Martin Pitt
Re: WMF Exploit Justin Myers
[USN-233-1] fetchmail vulnerability Martin Pitt
[KAPDA::#19] - Html Injection in vBulletin 3.5.2 alireza hassani
Re: RE: WMF Exploit grasshopa
Re: WMF Exploit Frank Knobbe
[eVuln] PHPjournaler SQL Injection Vulnerability alex
[eVuln] Chipmunk Guestbook XSS Vulnerability alex
[ GLSA 200512-18 ] XnView: Privilege escalation Thierry Carrez
[eVuln] Chimera Web Portal System Multiple Vulnerabilities alex
NicoFTP Stack Overflow k4p0k4p0
Drupal all versiyon xss cehennem.org liz0
[eVuln] inTouch Authentication Bypass alex
[eVuln] B-net Software Multiple XSS Vulnerabilities alex
[eVuln] VEGO Web Forum SQL Injection Vulnerability alex
[eVuln] ScozBook "adminname" Authentication Bypass alex
SCO Openserver 5.0.x exploit rod hedor
[eVuln] oaBoard PHP Code Execution alex
RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau
Winrar 3.30 Local Buffer Overflow Alpha_Programmer
Re: Drupal all versiyon xss cehennem.org RSnake
WMF round-up, updates and de-mystification Gadi Evron
Re: Drupal all versiyon xss cehennem.org security
WMF SETABORTPROC exploit SanjayR
Re: [Full-disclosure] WMF round-up, updates and de-mystification Nancy Kramer
Re: [Full-disclosure] WMF round-up, updates and de-mystification InfoSecBOFH
RE: WMF Exploit Paul
Re: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne
RE: [Full-disclosure] WMF round-up, updates and de-mystification Larry Seltzer
[eVuln] VEGO Links Builder Authentication Bypass alex
Re: WMF round-up, updates and de-mystification Gadi Evron
RE: [funsec] WMF round-up, updates and de-mystification Larry Seltzer
New from the MS Advisory Larry Seltzer
Recruitment Software allows MySQL credentials disclosure Rafael San Miguel Carrasco
WSJ: The new "metasploit" computer virus Richard M. Smith
[eVuln] phpBook PHP Code Execution alex

Wednesday, 04 January

[eVuln] PHPenpals SQL Injection Vulnerabilit alex
RE: WMF round-up, updates and de-mystification Krpata, Tyler
WMF exploit Andreas Marx
Another WMF exploit workaround Ivan Arce
Download Accelerator Plus can be tricked to download malicious file visitbipin
[eVuln] Lizard Cart CMS SQL Injection Vulnerability alex
Re: WMF round-up, updates and de-mystification Adam Shostack
Re: WMF Exploit Paul Laudanski

Thursday, 05 January

Re[2]: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne
Dumb IE6/XP denial of service found on the web 8ux1fpd02
Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability Eloy A. Paris
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability Mandriva Security Team
RE: WMF Exploit Discussion Lists
Re: WMF browser-ish exploit vectors Nick FitzGerald
Re: WTF?? Nick FitzGerald
Mapping and Remote manipulation of databases Gandalf The White
WMF: New Metasploit Framework Module H D Moore
Re: WTF?? anthony . aykut
Re: WMF browser-ish exploit vectors Dave Korn
Re: WMF Exploit Joshua
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability labs-no-reply () idefense com
Re: Dumb IE6/XP denial of service found on the web Francois Labreque
Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey
what we REALLY learned from WMF Gadi Evron

Friday, 06 January

RE: Dumb IE6/XP denial of service found on the web Mario Contestabile
MD:Pro - Malware Distribution Project anthony . aykut
[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 eufrato
[eVuln] TinyPHPForum Multiple Vulnerabilities alex
CyberShop User Login Sql Injection night_warrior771
What is sbininitd port 65534 ??? waltdnes
iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability labs-no-reply () idefense com
HylaFAX Security advisory - fixed in HylaFAX 4.2.4 Aidan Van Dyk
Contact information for Symantec Vulnerability Management secure
RE: Download Accelerator Plus can be tricked to download malicious file NaPa
SysCP WebFTP local file inclusion vulnerability Thomas Henlich
Uninformed Journal Release Announcement: Volume 3 Uninformed
[USN-236-1] xpdf vulnerabilities Martin Pitt
MS released a patch today - MS06-001 Duran, Jason IT0
[USN-235-1] sudo vulnerability Martin Pitt
Windows PHP 4.x "0-day" buffer overflow mercenary
Re: Download Accelerator Plus can be tricked to download malicious file visitbipin
Interview: Ilfak Guilfanov Matthew Murphy
RE: WMF browser-ish exploit vectors James C Slora Jr
[eVuln] ADNForum Multiple Vulnerabilities alex
Re: New from the MS Advisory Damaged Industries
iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability labs-no-reply () idefense com
APPLE-SA-2006-01-05 AirPort firmware update noreply
[security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access security-alert
MD5s of Unofficial patches and other mistakes Forrest J. Cavalier III
[eVuln] TheWebForum Script Insertion and Authentication Bypass alex
Did MS pull an Ilfak? (MS patch bindiff results) Gadi Evron
Re: MS released a patch today - MS06-001 Anthony R. Nemmer
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team
Re: Download Accelerator Plus can be tricked to download malicious file Dave Korn
MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities Mandriva Security Team
[USN-238-1] Blender vulnerability Martin Pitt
Re: what we REALLY learned from WMF Thor (Hammer of God)
[USN-237-1] nbd vulnerability Martin Pitt
[eVuln] Proyecto Domus 'email' XSS Vulnerability alex

Saturday, 07 January

Re: Dumb IE6/XP denial of service found on the web Kim Christensen
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team
[ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code Sune Kloppenborg Jeppesen
[ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[USN-238-2] Blender vulnerability Martin Pitt
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team
Re: MD:Pro - Malware Distribution Project Rembrandt
Recon2006 - Call for papers Hugo Fortier
Re: [USN-237-1] nbd vulnerability Florian Weimer
[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking Sune Kloppenborg Jeppesen
[eVuln] NavBoard BBcode XSS Vulnerability alex
Re: Interview: Ilfak Guilfanov Randal L. Schwartz

Sunday, 08 January

Survey on Vuln Disclosure: Request for Participation Richard Forno

Monday, 09 January

xorg server 6.8.2 and below on 64bit arch serj
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities frankruder
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities frankruder
[SECURITY] [DSA 929-1] New petris packages fix buffer overflow Michael Stone
[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability Michael Stone
NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure NetBSD Security Officer
NetBSD Security Advisory 2006-002: settimeofday() time wrap NetBSD Security Officer
[eVuln] Foxrum BBCode XSS Vulnerabilty alex
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution Martin Schulze
[eVuln] Venom Board SQL Injection Vulnerability alex
Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability info
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution Martin Schulze
iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability labs-no-reply () idefense com
Re: Did MS pull an Ilfak? (MS patch bindiff results) Brett Glass
AOL Multiple Cross Site Scripting Vulnerability simo
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team
Html_Injection in vBulletin 3.5.2 the_bekir

Tuesday, 10 January

AIM Multiple Cross Site Scripting Vulnerability simo
Orjinweb E-commerce serxwebun
Php-Nuke Pool and News Module IMG Tag Cross Site night_warrior771
Re: Interview: Ilfak Guilfanov Denis Jedig
Xoops Pool Module IMG Tag Cross Site Scripting night_warrior771
[eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) alex
MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team
industry standards - current status [was: what we REALLY learned from WMF] Gadi Evron
Research: Malware Action Detection and Protection Arman Nayyeri
[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution Michael Stone
[SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities Michael Stone
Re: Html_Injection in vBulletin 3.5.2 Steven M. Christey
[SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability Michael Stone
[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution Michael Stone
Multiple Vulnerabilities in Hummingbird Collaboration luca . carettoni
iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability labs-no-reply () idefense com
[USN-239-1] libapache2-mod-auth-pgsql vulnerability Martin Pitt
[security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert
[USN-236-2] xpdf vulnerabilities in kword, kpdf Martin Pitt
Re: Html_Injection in vBulletin 3.5.2 info
Re: Did MS pull an Ilfak? (MS patch bindiff results) Joe Polk
[FLSA-2006:136323] Updated gettext package fixes security issues Marc Deslauriers
BSD Securelevels: Circumventing protection of files flagged immutable RedTeam Pentesting
[FLSA-2006:152907] Updated htdig packages fix security issues Marc Deslauriers
Malware - future trends Dancho Danchev
Time modification flaw in BSD securelevels on NetBSD and Linux RedTeam Pentesting
[FLSA-2006:152922] Updated ethereal packages fix security issues Marc Deslauriers
[FLSA-2006:168375] Updated mozilla packages fix security issues Marc Deslauriers

Wednesday, 11 January

New PEAR / Apache2Triad Exploit jd2k2000
Re: Dumb IE6/XP denial of service found on the web rebornrebel
Microsoft Exchange Critical Vulnerability NGSSoftware Insight Security Research
Microsoft Outlook Critical Vulnerability NGSSoftware Insight Security Research
Updated Advisories - Incorrect CVE Information Advisories
Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team
[EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow Advisories
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow Advisories
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Advisories
[RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server bugzilla
[ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow Stefan Cornelius
Advisory: XSS attack on Superonline.com email service. nukedx
RE: Did MS pull an Ilfak? (MS patch bindiff results) Greg Wroblewski
Serial Line Sniffer 0.4.4 Buffer Overflow Sintigan
FreeBSD Security Advisory FreeBSD-SA-06:03.cpio FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:02.ee FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex FreeBSD Security Advisories
PostgreSQL security releases 8.0.6 and 8.1.2 PostgreSQL Security
FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] FreeBSD Security Advisories
SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) Ludwig Nussel
eStara Softphone SIP stack Buffer Overflow Vulnerability zwell
Re: Did MS pull an Ilfak? (MS patch bindiff results) Denis Jedig

Thursday, 12 January

[FLSA-2006:167803] Updated mysql packages fix security issues Marc Deslauriers
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) nukedx
[eVuln] MyPhPim Arbitrary File Upload alex
[USN-235-2] sudo vulnerability Martin Pitt
[EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow Advisories
MDKSA-2006:010 - Updated cups packages fix several vulnerabilities Mandriva Security Team
H-Sphere Security Vulnerability M.Neset KABAKLI
Advisory 02/2006: PHP ext/mysqli Format String Vulnerability Stefan Esser
Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability Stefan Esser
Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution Martin Schulze
EUSecWest papers and CanSecWest CFP Dragos Ruiu
[USN-241-1] Apache vulnerabilities Adam Conrad
Session data pollution vulnerabilities in web applications Alla Bezroutchko
[SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification Martin Schulze
Re: [Full-disclosure] Session data pollution vulnerabilities in web applications Frank Knobbe
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx
FogBugz Cross Site Scripting Vulnerability M.Neset KABAKLI
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution Martin Schulze
Cisco, haven't we learned anything? (technician reset) Gadi Evron
Multiple PHP Toolkit for PayPal Vulnerabilities uinC Team
Interspire TrackPoint NX XSS Vulnerability M.Neset KABAKLI
ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability zdi-disclosures
[eVuln] TankLogger SQL Injection Vulnerability alex
[eVuln] ACal Authentication Bypass & PHP Code Insertion alex

Friday, 13 January

[eVuln] Wordcircle Authentication Bypass alex
[eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities alex
Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx
Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit nukedx
[USN-240-1] bogofilter vulnerability Martin Pitt
Re: industry standards - current status [was: what we REALLY learned from WMF] D. Hazelton
Helm XSS Vulnerability M.Neset KABAKLI
Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability secresearch
[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service Martin Schulze
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution Martin Schulze
[ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen
SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002) Marcus Meissner
MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities Mandriva Security Team
[ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code Sune Kloppenborg Jeppesen
[ GLSA 200601-08 ] Blender: Heap-based buffer overflow Sune Kloppenborg Jeppesen
Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access secresearch
iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow labs-no-reply () idefense com
Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability secresearch

Saturday, 14 January

mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation xwings
[ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities Stefan Cornelius
[FLSA-2006:152803] Updated lesstif packages fix security issues Marc Deslauriers
MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities Mandriva Security Team
FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw FreeBSD Security Advisories
PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski
[eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities alex
ezDatabase 2.0 and below none
FullPath disclosure in Xaraya 1.0.1 king_purba
[KAPDA::#21] - HomeFtp v1.1 Denial of Service [a]
MyBB 1.0.2 SQL injection in usercp.php addmimistrator
Hacking With The Google Search Engine Paul Laudanski
[NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops Advisories

Sunday, 15 January

[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution Martin Schulze
[EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability Advisories
WMF vulnerability was a deliberate backdoor? Brooks, Shane
MyBB 1.0.2 SQL injection addmimistrator
DCP Portal Cross-Site Scripting Vulnerability night_warrior771
AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability night_warrior771
[eVuln] Light Weight Calendar PHP Code Execution alex
Re: MSN Messenger Password Decrypter for WinXP/2003 kuku
Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075

Monday, 16 January

DIMVA 2006 Call for Papers Thomas Biege
TSLSA-2006-0002 - multi Trustix Security Advisor
TSL-2006-0001 - postgresql Trustix Security Advisor
DDSN CMS Admin Panel SQL Injection Vulnerability khc
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server ISecAuditors Security Advisories
Visual Studio Remote Code Execution priest
MDKSA-2006:013 - Updated kolab packages fix vulnerability Mandriva Security Team
DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' KF (lists)
[SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution Martin Schulze
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities oliver karow
[SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation Martin Schulze
Directory traversal in phpXplorer Oriol Torrent
[eVuln] Bit 5 Blog JavaScript Insertion Vulnerability alex
RE: WMF vulnerability was a deliberate backdoor? Alex Eckelberry
CounterPath eyeBeam Handing SIP header Vulnerabilities zwell
WehnTrust - When you have to trust Wehntrust Thierry Zoller
Homeftp r1.0.7 Denial of Service cvh
Re: WMF vulnerability was a deliberate backdoor? Denis Jedig

Tuesday, 17 January

[USN-242-1] mailman vulnerabilities Martin Pitt
Re: WMF vulnerability was a deliberate backdoor? Steve Friedl
iWar 0.07 PSTN auditing tool released... Da Beave
Reverse Proxy Cross Site Scripting Shalom Carmel
Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust H D Moore
Re: MyBB 1.0.2 SQL injection in usercp.php o . y . 6
Re: WMF vulnerability was a deliberate backdoor? Mike Ely
[eVuln] Benders Calendar SQL Injection alex
[eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability alex
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075
Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit patrickthomassen
Microsoft knew about the WMF flaw for years Richard M. Smith
EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability Josh Zlatin
Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability info
PunBB BBCode URL Tag Script Injection Vulnerability night_warrior771
Re: MSN Messenger Password Decrypter for WinXP/2003 James_gmail-ij
Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact
[SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution Martin Schulze
[USN-243-1] tuxpaint vulnerability Martin Pitt
[HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1 zinho
White Album Sql &#304;njection biyosecurity.be liz0
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements inge . henriksen
MDKSA-2006:014 - Updated wine packages fix WMF vulnerability Mandriva Security Team
MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities Mandriva Security Team
MDKSA-2006:016 - Updated clamav packages fix vulnerability Mandriva Security Team
IndonesiaHack Advisory HTML injection in PHP Fusebox king_purba
ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen
Re: Reverse Proxy Cross Site Scripting Amit Klein (AKsecurity)
XSS in WBNews < = v1.1.0 dragonjar
[eVuln] BlogPHP Authentication Bypass alex
[eVuln] microBlog SQL Injection Vulnerability alex
[eVuln] microBlog BBCode XSS Vulnerability alex
Re: Microsoft knew about the WMF flaw for years Gadi Evron
Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability Secunia Research
PowerPortal Cross-Site Scripting Vulnerability night_warrior771
[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities Martin Schulze
Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit Dave Korn
[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation Martin Schulze
Cerberus FTP Server 2.32 Denial of Service cvh
Re: Fullpath disclosure in roundcube webmail roundcube
[eVuln] CaLogic Calendars Multiple XSS Vulnerabilities alex

Wednesday, 18 January

[ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation Thierry Carrez
WEP-Client-Communication-Dumbdown (WCCD) Vulnerability Michael.Wade
[eVuln] geoBlog SQL Injection Vulnerability alex
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi
Oracle DBMS Access Control Bypass in Login shulman
Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext ak
Re: Directory traversal in phpXplorer Stan Bubrouski
Oracle Reports - Read parts of files via desname (fixed after 874 days) ak
Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) ak
Oracle Critical Patch Update - January 2006 NGSSoftware Insight Security Research
Oracle Reports - Read parts of files via customize(fixed after 875 days) ak
Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA ak
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess() Thierry Zoller
Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at]
Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075
Re: PunBB BBCode URL Tag Script Injection Vulnerability Rickard Andersson
[eVuln] Flog Information Disclosure Vulnerability alex
[eVuln] aoblogger Multiple Vulnerabilities alex
Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Call Manager Denial of Service Cisco Systems Product Security Incident Response Team
MyBB 1.0.2 Sniffing table perfix bug in search.php addmimistrator
XMB Forum HTML Code Injection [at]
ICQ Cross Site Scripting Vulnerability simo
Re: MSN Messenger Password Decrypter for WinXP/2003 frank boldewin

Thursday, 19 January

[USN-244-1] Linux kernel vulnerabilities Martin Pitt
MyBB Signature HTML Code Injection [at]
Re: WMF vulnerability was a deliberate backdoor? Gadi Evron
HITBSecConf2005 Videos Released Praburaajan
IRM 015: File system path disclosure on TYPO3 Web Content Manager Advisories
Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability Fortinet Research
Land Down Under Signature HTML Code Injection [at]
[eVuln] WebspotBlogging Authentication Bypass Vulnerability alex

Friday, 20 January

Cisco Security Advisory: Cisco Call Manager Privilege Escalation Cisco Systems Product Security Incident Response Team
Re: Re: MSN Messenger Password Decrypter for WinXP/2003 null
CAID 33756 - DM Deployment Common Component Vulnerabilities Williams, James K
-2- [XSS] in ar-blog v 5.2 s3ude
Google's Blogger.com classic HTTP response splitting vulnerability Meder Kydyraliev
Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager Michael Shigorin
[security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) security-alert
Phpclanwebsite BBCode IMG Tag XSS Vulnerability [at]
Re: Directory traversal in phpXplorer Stan Bubrouski
Critical security advisory #006 tftpd32 Format string admin
MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability Mandriva Security Team
FreeBSD Security Advisory FreeBSD-SA-06:05.80211 FreeBSD Security Advisories
Change passwd 3.1 (SquirrelMail plugin ) rod hedor
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT ak
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT ak
Re: Microsoft knew about the WMF flaw for years Steven M. Christey
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability labs-no-reply () idefense com
iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability labs-no-reply () idefense com
iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability labs-no-reply () idefense com
phpXplorer file inclusion biyosecurity.be liz0
[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow Dirk Mueller
MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities Mandriva Security Team
[SECURITY] [DSA 949-1] New crawl packages fix potential group games execution Martin Schulze
DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' KF (lists)
Claroline 1.7.2, sso identification vulnerability karmaguedon
BlogPHP config.php SQL injection login bypass addmimistrator
BlogPHP config.php SQL injection login bypass addmimistrator
Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Florian Weimer
[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow Michael Stone
SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003) Ludwig Nussel
MySQL 5.0 information leak? Bernd Wurst
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow Michael Stone
[SECURITY] [DSA 946-1] New sudo packages fix privilege escalation Martin Schulze
[eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure alex

Saturday, 21 January

[eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities alex
[eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities alex
MyBB Signature HTML Code Injection n

Sunday, 22 January

Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Stan Bubrouski
MDKSA-2006:019 - Updated kdelibs packages fix vulnerability Mandriva Security Team
Tumbleweed EMF 6.x Processing Issues jcary2543
RE: MySQL 5.0 information leak? Burton Strauss
BlogPHP config.php SQL injection login bypassed addmimistrator

Monday, 23 January

CodeCon program announced, early registration deadline nearing Len Sassaman
Re: MySQL 5.0 information leak? Stephen Frost
[USN-245-1] KDE library vulnerability Martin Pitt

Wednesday, 25 January

[ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability Sune Kloppenborg Jeppesen
High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server NGSSoftware Insight Security Research
Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released Gadi Evron
fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321) ma+bt
[eVuln] e-moBLOG SQL Injection Vulnerability alex
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure alex
ANN: New release of CORE FORCE free endpoint security package Core FORCE team
[USN-246-1] imagemagick vulnerabilities Martin Pitt
[SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution Martin Schulze
Call For Paper - SyScan'06 Singapore organiser () syscan org
[SECURITY] [DSA 955-1] New mailman packages fix denial of service Michael Stone
[eVuln] CheesyBlog XSS Vulnerability alex
Workaround for unpatched Oracle PLSQL Gateway flaw David Litchfield
Technical Note by Amit Klein: "XST Strikes Back" Amit Klein (AKsecurity)
HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability h4cky0u . org
[SECURITY] [DSA 947-2] New clamav packages fix heap overflow Michael Stone
FreeBSD Security Advisory FreeBSD-SA-06:07.pf FreeBSD Security Advisories
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability alex
Updated ipsec-tools packages fix vulnerability security
Rosiello Security - Eterm-LibAST Advisory angelo

Thursday, 26 January

FreeBSD Security Advisory FreeBSD-SA-06:06.kmem FreeBSD Security Advisories
Re: Tumbleweed EMF 6.x Processing Issues support
[security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege security-alert
[eVuln] miniBloggie Authentication Bypass alex
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting Martin Schulze
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting roozbeh_afrasiabi
Newsphp Multiple SQL Injection Vulnerabilities at
[eVuln] Text Rider Sensitive Information Disclosure alex
Re: IndonesiaHack Advisory HTML injection in PHP Fusebox brian428
What A Click! [Internet Explorer] mikx
MyBB 1.0.2 XSS attack in search.php redirection addmimistrator
Updated mozilla-thunderbird packages fix vulnerability security
Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting iNETstore Support
[SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities Martin Schulze
[ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability Stefan Cornelius
[security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006 security-alert
SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004) Ludwig Nussel
HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities h4cky0u . org
SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) Marcus Meissner
BlackWorm: 2 million infected? ISP notifications. Gadi Evron
SamiFTPd buffer overflow admin
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team
[HSC] Multiple transversal bug in vis spher3
[eVuln] AndoNET Blog SQL Injection Vulnerability alex
[ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat ISecAuditors Security Advisories
Windows mem leakage endrazine
[eVuln] "my little homepage" products [link] BBCode XSS Vulnerability alex
[SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution Martin Schulze
[ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability Stefan Cornelius
Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Gadi Evron
Re: MySQL 5.0 information leak? Lance James
Buffer Overflow /Font on mIRC Crowdat Kurobudetsu
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution Martin Schulze
Re: MySQL 5.0 information leak? Johan De Meersman
[ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability security
[ Rosiello Security ] Eterm-LibAST Advisory angelo
iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability labs-no-reply () idefense com
Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Dude VanWinkle

Friday, 27 January

BitComet URI Proof of Concept nick58
RE: MySQL 5.0 information leak? Burton Strauss
[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution Martin Schulze
[Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} Cesar
[ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability security
hello code . shell
[ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities security
[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities Martin Schulze
Re: [security] What A Click! [Internet Explorer] yossarian
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] Williams, James K
Shareaza P2P Remote Vulnerability Ryan Smith
[ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities security
Re: [security] What A Click! [Internet Explorer] Lance James

Saturday, 28 January

Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi
The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns) cvh
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi
Ege Internet Web Desing Remote Command Exucetion botan
Multiple vulnerabilities in CommuniGate Pro Server Evgeny Legerov
LibAST 0.7 Release Fixes Security Vulnerability Michael Jennings

Sunday, 29 January

BlackWorm naming confusing [CME entry now available] Gadi Evron
[eVuln] Pixelpost Photoblog XSS Vulnerability alex
[FLSA-2006:152845] Updated perl packages fix security issues Marc Deslauriers
BlackWorm technical information Gadi Evron
CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability Williams, James K
[SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting Martin Schulze

Monday, 30 January

zbattle.net c_lispfedora
Re: MySQL 5.0 information leak? Duncan Simpson
Cross Site Cooking Michal Zalewski
Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox pr1nce_empire
[ GLSA 200601-14 ] LibAST: Privilege escalation Sune Kloppenborg Jeppesen
UebiMiau Webmail System Security Vulnerability M.Neset KABAKLI
Re: BlackWorm naming confusing [CME entry now available] Jose Nazario
[ GLSA 200601-15 ] Paros: Default administrator password Sune Kloppenborg Jeppesen
TSLSA-2006-0004 - multi Trustix Security Advisor
EasyCMS vulnerable to XSS injection. preben
[SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting Martin Schulze
Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password Yvan Boily
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl > hessam
RE: Cross Site Cooking Michal Zalewski
Arescom NetDSL-1000 DoS atack source framirez
Winamp 5.12 - 0day exploit - code execution through playlist Process
sPaiz-Nuke Cross-Site Scripting Vulnerability [at]
Nuked-klaN Cross-Site Scripting Vulnerability [at]
Re: [security] What A Click! [Internet Explorer] yossarian
Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401) orambaldini
gnome evolution mail client inline text file DoS issue Mike Davis
BlackWorm: statistics and numbers Gadi Evron
XSS flaw in MG2 Image Gallery (v.0.5.1) preben
MyBB 1.2 Local File Incusion
CME-24 (BlackWorm) Users' FAQ Gadi Evron
Re: Arescom NetDSL-1000 DoS atack source Pim van Riezen
[SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution Martin Schulze
Etomite CMS "Backdoored" [at]
[ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities security
Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal
Verified evasion in Snort at
New worm crawling trough blogs?! blog . worm

Tuesday, 31 January

[ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities security
Re: CME-24 (BlackWorm) Users' FAQ Gadi Evron
[ GLSA 200601-16 ] MyDNS: Denial of Service Sune Kloppenborg Jeppesen
[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Sune Kloppenborg Jeppesen
Etomite followup information security curmudgeon
Daffodil CRM - vulnerable to SQL-injection. preben
BrowserCRM vulnerable for XSS preben
Cerberus Helpdesk vulnerable to XSS preben
Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio
Re: EasyCMS vulnerable to XSS injection. kim
Proof of concept for CommuniGate Pro Server vulnerability Evgeny Legerov
MyCO multiple vulnerabilities revnic
[SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution Martin Schulze
FarsiNews 2.1 PHP Remote File Inclusion h e
[SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze
Nmap 4.00 Released Fyodor
Xmame 0.102 local vulnerability proof-of-concept Rafael San Miguel Carrasco
[SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze

Wednesday, 01 February

Windows Access Control Demystified sudhakar+bugtraq
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]