Bugtraq: by date

Sunday, 1 January
- [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities XFOCUS Security Team
Tuesday, 3 January
- [ GLSA 200601-01 ] pinentry: Local privilege escalation Thierry Carrez
Monday, 2 January
- [USN-234-1] cpio vulnerability Martin Pitt
Sunday, 1 January
- Re: WMF Exploit Justin Myers
Monday, 2 January
- [USN-233-1] fetchmail vulnerability Martin Pitt
Sunday, 1 January
- [KAPDA::#19] - Html Injection in vBulletin 3.5.2 alireza hassani
- Re: RE: WMF Exploit grasshopa_at_securityfocus.com
Friday, 30 December
- Re: WMF Exploit Frank Knobbe
Sunday, 1 January
- [eVuln] PHPjournaler SQL Injection Vulnerability alex_at_evuln.com
- [eVuln] Chipmunk Guestbook XSS Vulnerability alex_at_evuln.com
Friday, 30 December
- [ GLSA 200512-18 ] XnView: Privilege escalation Thierry Carrez
Sunday, 1 January
- [eVuln] Chimera Web Portal System Multiple Vulnerabilities alex_at_evuln.com
- NicoFTP Stack Overflow k4p0k4p0_at_hotmail.com
Monday, 2 January
- Drupal all versiyon xss cehennem.org liz0_at_bsdmail.com
Sunday, 1 January
- [eVuln] inTouch Authentication Bypass alex_at_evuln.com
Monday, 2 January
- [eVuln] B-net Software Multiple XSS Vulnerabilities alex_at_evuln.com
Sunday, 1 January
- [eVuln] VEGO Web Forum SQL Injection Vulnerability alex_at_evuln.com
Monday, 2 January
- [eVuln] ScozBook "adminname" Authentication Bypass alex_at_evuln.com
- SCO Openserver 5.0.x exploit rod hedor
Sunday, 1 January
- [eVuln] oaBoard PHP Code Execution alex_at_evuln.com
Monday, 2 January
- RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau
- Winrar 3.30 Local Buffer Overflow Alpha_Programmer_at_LinuxMail.ORG
Tuesday, 3 January
- Re: Drupal all versiyon xss cehennem.org RSnake
- WMF round-up, updates and de-mystification Gadi Evron
- Re: Drupal all versiyon xss cehennem.org security_at_drupal.org
- WMF SETABORTPROC exploit SanjayR
- Re: [Full-disclosure] WMF round-up, updates and de-mystification Nancy Kramer
- Re: [Full-disclosure] WMF round-up, updates and de-mystification InfoSecBOFH
Saturday, 31 December
- RE: WMF Exploit Paul
Tuesday, 3 January
- Re: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne
- RE: [Full-disclosure] WMF round-up, updates and de-mystification Larry Seltzer
Sunday, 1 January
- [eVuln] VEGO Links Builder Authentication Bypass alex_at_evuln.com
Tuesday, 3 January
- Re: WMF round-up, updates and de-mystification Gadi Evron
- RE: [funsec] WMF round-up, updates and de-mystification Larry Seltzer
- New from the MS Advisory Larry Seltzer
Saturday, 31 December
- Recruitment Software allows MySQL credentials disclosure Rafael San Miguel Carrasco
Tuesday, 3 January
- WSJ: The new "metasploit" computer virus Richard M. Smith
Sunday, 1 January
- [eVuln] phpBook PHP Code Execution alex_at_evuln.com
- [eVuln] PHPenpals SQL Injection Vulnerabilit alex_at_evuln.com
Tuesday, 3 January
- RE: WMF round-up, updates and de-mystification Krpata, Tyler
- WMF exploit Andreas Marx
Wednesday, 4 January
- Another WMF exploit workaround Ivan Arce
- Download Accelerator Plus can be tricked to download malicious file visitbipin_at_hotmail.com
Tuesday, 3 January
- [eVuln] Lizard Cart CMS SQL Injection Vulnerability alex_at_evuln.com
- Re: WMF round-up, updates and de-mystification Adam Shostack
- Re: WMF Exploit Paul Laudanski
- Re[2]: [funsec] WMF round-up, updates and de-mystification Pierre Vandevenne
Saturday, 31 December
- Dumb IE6/XP denial of service found on the web 8ux1fpd02_at_sneakemail.com
Friday, 30 December
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability Eloy A. Paris
- MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability Mandriva Security Team
- RE: WMF Exploit Discussion Lists
- Re: WMF browser-ish exploit vectors Nick FitzGerald
- Re: WTF?? Nick FitzGerald
- Mapping and Remote manipulation of databases Gandalf The White
- WMF: New Metasploit Framework Module H D Moore
Saturday, 31 December
- Re: WTF?? anthony.aykut_at_frame4.com
Tuesday, 3 January
- Re: WMF browser-ish exploit vectors Dave Korn
- Re: WMF Exploit Joshua
Thursday, 5 January
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability labs-no-reply_at_idefense.com
- Re: Dumb IE6/XP denial of service found on the web Francois Labreque
Wednesday, 4 January
- Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey
Thursday, 5 January
- what we REALLY learned from WMF Gadi Evron
- RE: Dumb IE6/XP denial of service found on the web Mario Contestabile
- MD:Pro - Malware Distribution Project anthony.aykut_at_frame4.com
- [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 eufrato_at_gmail.com
Wednesday, 4 January
- [eVuln] TinyPHPForum Multiple Vulnerabilities alex_at_evuln.com
Thursday, 5 January
- CyberShop User Login Sql Injection night_warrior771_at_hotmail.com
Wednesday, 4 January
- What is sbininitd port 65534 ??? waltdnes_at_waltdnes.org
Thursday, 5 January
- iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability labs-no-reply_at_idefense.com
Wednesday, 4 January
- HylaFAX Security advisory - fixed in HylaFAX 4.2.4 Aidan Van Dyk
- Contact information for Symantec Vulnerability Management secure_at_symantec.com
- RE: Download Accelerator Plus can be tricked to download malicious file NaPa
- SysCP WebFTP local file inclusion vulnerability Thomas Henlich
- Uninformed Journal Release Announcement: Volume 3 Uninformed
Thursday, 5 January
- [USN-236-1] xpdf vulnerabilities Martin Pitt
- MS released a patch today - MS06-001 Duran, Jason IT0
- [USN-235-1] sudo vulnerability Martin Pitt
Wednesday, 4 January
- Windows PHP 4.x "0-day" buffer overflow mercenary_at_hushmail.com
Thursday, 5 January
- Re: Download Accelerator Plus can be tricked to download malicious file visitbipin_at_hotmail.com
Wednesday, 4 January
- Interview: Ilfak Guilfanov Matthew Murphy
Thursday, 5 January
- RE: WMF browser-ish exploit vectors James C Slora Jr
- [eVuln] ADNForum Multiple Vulnerabilities alex_at_evuln.com
- Re: New from the MS Advisory Damaged Industries
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability labs-no-reply_at_idefense.com
- APPLE-SA-2006-01-05 AirPort firmware update noreply_at_securityfocus.com
Friday, 6 January
- [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access security-alert_at_hp.com
- MD5s of Unofficial patches and other mistakes Forrest J. Cavalier III
- [eVuln] TheWebForum Script Insertion and Authentication Bypass alex_at_evuln.com
Thursday, 5 January
- Did MS pull an Ilfak? (MS patch bindiff results) Gadi Evron
- Re: MS released a patch today - MS06-001 Anthony R. Nemmer
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team
Friday, 6 January
- Re: Download Accelerator Plus can be tricked to download malicious file Dave Korn
Thursday, 5 January
- MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities Mandriva Security Team
Friday, 6 January
- [USN-238-1] Blender vulnerability Martin Pitt
Thursday, 5 January
- Re: what we REALLY learned from WMF Thor (Hammer of God)
Friday, 6 January
- [USN-237-1] nbd vulnerability Martin Pitt
Thursday, 5 January
- [eVuln] Proyecto Domus 'email' XSS Vulnerability alex_at_evuln.com
Wednesday, 4 January
- Re: Dumb IE6/XP denial of service found on the web Kim Christensen
Thursday, 5 January
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team
Wednesday, 4 January
- [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code Sune Kloppenborg Jeppesen
Friday, 6 January
- [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities Sune Kloppenborg Jeppesen
- [USN-238-2] Blender vulnerability Martin Pitt
Thursday, 5 January
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team
- Re: MD:Pro - Malware Distribution Project Rembrandt
- Recon2006 - Call for papers Hugo Fortier
Friday, 6 January
- Re: [USN-237-1] nbd vulnerability Florian Weimer
Saturday, 7 January
- [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking Sune Kloppenborg Jeppesen
- [eVuln] NavBoard BBcode XSS Vulnerability alex_at_evuln.com
- Re: Interview: Ilfak Guilfanov Randal L. Schwartz
Thursday, 5 January
- Survey on Vuln Disclosure: Request for Participation Richard Forno
Sunday, 8 January
- xorg server 6.8.2 and below on 64bit arch serj_at_varna.net
Saturday, 7 January
- Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities frankruder_at_hotmail.com
Monday, 9 January
- [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities frankruder_at_hotmail.com
- [SECURITY] [DSA 929-1] New petris packages fix buffer overflow Michael Stone
- [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability Michael Stone
- NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure NetBSD Security Officer
- NetBSD Security Advisory 2006-002: settimeofday() time wrap NetBSD Security Officer
- [eVuln] Foxrum BBCode XSS Vulnerabilty alex_at_evuln.com
- [SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution Martin Schulze
- [eVuln] Venom Board SQL Injection Vulnerability alex_at_evuln.com
- Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability info_at_digitalarmaments.com
- [SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution Martin Schulze
- iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability labs-no-reply_at_idefense.com
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Brett Glass
Saturday, 7 January
- AOL Multiple Cross Site Scripting Vulnerability simo_at_morx.org
Monday, 9 January
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities Mandriva Security Team
Sunday, 8 January
- Html_Injection in vBulletin 3.5.2 the_bekir_at_savsak.com
Saturday, 7 January
- AIM Multiple Cross Site Scripting Vulnerability simo_at_morx.org
Friday, 6 January
- Orjinweb E-commerce serxwebun_at_linuxmail.org
Saturday, 7 January
- Php-Nuke Pool and News Module IMG Tag Cross Site night_warrior771_at_hotmail.com
- Re: Interview: Ilfak Guilfanov Denis Jedig
- Xoops Pool Module IMG Tag Cross Site Scripting night_warrior771_at_hotmail.com
- [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) alex_at_evuln.com
Friday, 6 January
- MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities Mandriva Security Team
Monday, 9 January
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities Mandriva Security Team
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities Mandriva Security Team
Friday, 6 January
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities Mandriva Security Team
Monday, 9 January
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities Mandriva Security Team
Friday, 6 January
- industry standards - current status [was: what we REALLY learned from WMF] Gadi Evron
- Research: Malware Action Detection and Protection Arman Nayyeri
Monday, 9 January
- [SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution Michael Stone
- [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities Michael Stone
- Re: Html_Injection in vBulletin 3.5.2 Steven M. Christey
Tuesday, 10 January
- [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability Michael Stone
- [SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution Michael Stone
- Multiple Vulnerabilities in Hummingbird Collaboration luca.carettoni_at_securenetwork.it
- iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability labs-no-reply_at_idefense.com
Monday, 9 January
- [USN-239-1] libapache2-mod-auth-pgsql vulnerability Martin Pitt
Tuesday, 10 January
- [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert_at_hp.com
Monday, 9 January
- [USN-236-2] xpdf vulnerabilities in kword, kpdf Martin Pitt
- Re: Html_Injection in vBulletin 3.5.2 info_at_hoder.com
Tuesday, 10 January
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Joe Polk
Monday, 9 January
- [FLSA-2006:136323] Updated gettext package fixes security issues Marc Deslauriers
- BSD Securelevels: Circumventing protection of files flagged immutable RedTeam Pentesting
- [FLSA-2006:152907] Updated htdig packages fix security issues Marc Deslauriers
Tuesday, 10 January
- Malware - future trends Dancho Danchev
Monday, 9 January
- Time modification flaw in BSD securelevels on NetBSD and Linux RedTeam Pentesting
- [FLSA-2006:152922] Updated ethereal packages fix security issues Marc Deslauriers
- [FLSA-2006:168375] Updated mozilla packages fix security issues Marc Deslauriers
Sunday, 8 January
- New PEAR / Apache2Triad Exploit jd2k2000_at_hotmail.com
- Re: Dumb IE6/XP denial of service found on the web rebornrebel_at_hotmail.co.uk
Tuesday, 10 January
- Microsoft Exchange Critical Vulnerability NGSSoftware Insight Security Research
- Microsoft Outlook Critical Vulnerability NGSSoftware Insight Security Research
Wednesday, 11 January
- Updated Advisories - Incorrect CVE Information Advisories
- Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team
- [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow Advisories
- [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow Advisories
- [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Advisories
- [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server bugzilla_at_redhat.com
Tuesday, 10 January
- [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow Stefan Cornelius
Wednesday, 11 January
- Advisory: XSS attack on Superonline.com email service. nukedx_at_nukedx.com
Tuesday, 10 January
- RE: Did MS pull an Ilfak? (MS patch bindiff results) Greg Wroblewski
- Serial Line Sniffer 0.4.4 Buffer Overflow Sintigan_at_shellcoders.com
Wednesday, 11 January
- FreeBSD Security Advisory FreeBSD-SA-06:03.cpio FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:02.ee FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex FreeBSD Security Advisories
- PostgreSQL security releases 8.0.6 and 8.1.2 PostgreSQL Security
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED] FreeBSD Security Advisories
- SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) Ludwig Nussel
- eStara Softphone SIP stack Buffer Overflow Vulnerability zwell_at_sohu.com
- Re: Did MS pull an Ilfak? (MS patch bindiff results) Denis Jedig
Tuesday, 10 January
- [FLSA-2006:167803] Updated mysql packages fix security issues Marc Deslauriers
Wednesday, 11 January
- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) nukedx_at_nukedx.com
Tuesday, 10 January
- [eVuln] MyPhPim Arbitrary File Upload alex_at_evuln.com
Monday, 9 January
- [USN-235-2] sudo vulnerability Martin Pitt
Wednesday, 11 January
- [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow Advisories
Tuesday, 10 January
- MDKSA-2006:010 - Updated cups packages fix several vulnerabilities Mandriva Security Team
Thursday, 12 January
- H-Sphere Security Vulnerability M.Neset KABAKLI
- Advisory 02/2006: PHP ext/mysqli Format String Vulnerability Stefan Esser
- Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability Stefan Esser
- Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution Martin Schulze
Wednesday, 11 January
- EUSecWest papers and CanSecWest CFP Dragos Ruiu
Thursday, 12 January
- [USN-241-1] Apache vulnerabilities Adam Conrad
- Session data pollution vulnerabilities in web applications Alla Bezroutchko
- [SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification Martin Schulze
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications Frank Knobbe
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx_at_nukedx.com
- FogBugz Cross Site Scripting Vulnerability M.Neset KABAKLI
- [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution Martin Schulze
- Cisco, haven't we learned anything? (technician reset) Gadi Evron
- Multiple PHP Toolkit for PayPal Vulnerabilities uinC Team
- Interspire TrackPoint NX XSS Vulnerability M.Neset KABAKLI
- ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability zdi-disclosures_at_3com.com
- [eVuln] TankLogger SQL Injection Vulnerability alex_at_evuln.com
- [eVuln] ACal Authentication Bypass & PHP Code Insertion alex_at_evuln.com
- [eVuln] Wordcircle Authentication Bypass alex_at_evuln.com
- [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities alex_at_evuln.com
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx_at_nukedx.com
- Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit nukedx_at_nukedx.com
Wednesday, 11 January
- [USN-240-1] bogofilter vulnerability Martin Pitt
Monday, 9 January
- Re: industry standards - current status [was: what we REALLY learned from WMF] D. Hazelton
Thursday, 12 January
- Helm XSS Vulnerability M.Neset KABAKLI
- Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability secresearch_at_fortinet.com
Friday, 13 January
- [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service Martin Schulze
- [SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution Martin Schulze
Thursday, 12 January
- [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen
Friday, 13 January
- SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002) Marcus Meissner
Thursday, 12 January
- MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities Mandriva Security Team
- [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code Sune Kloppenborg Jeppesen
- [ GLSA 200601-08 ] Blender: Heap-based buffer overflow Sune Kloppenborg Jeppesen
- Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access secresearch_at_fortinet.com
Friday, 13 January
- iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow labs-no-reply_at_idefense.com
Thursday, 12 January
- Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability secresearch_at_fortinet.com
Tuesday, 10 January
- mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation xwings_at_securityfocus.com
- [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities Stefan Cornelius
Monday, 9 January
- [FLSA-2006:152803] Updated lesstif packages fix security issues Marc Deslauriers
Tuesday, 10 January
- MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities Mandriva Security Team
Wednesday, 11 January
- FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw FreeBSD Security Advisories
Tuesday, 10 January
- PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski
- [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities alex_at_evuln.com
Saturday, 14 January
- ezDatabase 2.0 and below none_at_none.com
- FullPath disclosure in Xaraya 1.0.1 king_purba_at_yahoo.co.uk
- [KAPDA::#21] - HomeFtp v1.1 Denial of Service cvh_at_securityfocus.com,
- MyBB 1.0.2 SQL injection in usercp.php addmimistrator_at_gmail.com
- Hacking With The Google Search Engine Paul Laudanski
- [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops Advisories
Wednesday, 11 January
- [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution Martin Schulze
Tuesday, 10 January
- [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability Advisories
Friday, 13 January
- WMF vulnerability was a deliberate backdoor? Brooks, Shane
- MyBB 1.0.2 SQL injection addmimistrator_at_gmail.com
- DCP Portal Cross-Site Scripting Vulnerability night_warrior771_at_hotmail.com
- AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability night_warrior771_at_hotmail.com
- [eVuln] Light Weight Calendar PHP Code Execution alex_at_evuln.com
Thursday, 12 January
- Re: MSN Messenger Password Decrypter for WinXP/2003 kuku_at_kuku.com
- Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075_at_gmail.com
Friday, 13 January
- DIMVA 2006 Call for Papers Thomas Biege
- TSLSA-2006-0002 - multi Trustix Security Advisor
- TSL-2006-0001 - postgresql Trustix Security Advisor
- DDSN CMS Admin Panel SQL Injection Vulnerability khc_at_bsdmail.org
- [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server ISecAuditors Security Advisories
- Visual Studio Remote Code Execution priest_at_priestmaster.org
Thursday, 12 January
- MDKSA-2006:013 - Updated kolab packages fix vulnerability Mandriva Security Team
- DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' KF (lists)
Monday, 16 January
- [SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution Martin Schulze
Sunday, 15 January
- Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities oliver karow
- [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation Martin Schulze
Monday, 16 January
- Directory traversal in phpXplorer Oriol Torrent
Sunday, 15 January
- [eVuln] Bit 5 Blog JavaScript Insertion Vulnerability alex_at_evuln.com
- RE: WMF vulnerability was a deliberate backdoor? Alex Eckelberry
- CounterPath eyeBeam Handing SIP header Vulnerabilities zwell_at_sohu.com
Monday, 16 January
- WehnTrust - When you have to trust Wehntrust Thierry Zoller
Sunday, 15 January
- Homeftp r1.0.7 Denial of Service cvh_at_securityfocus.com
Monday, 16 January
- Re: WMF vulnerability was a deliberate backdoor? Denis Jedig
- [USN-242-1] mailman vulnerabilities Martin Pitt
Sunday, 15 January
- Re: WMF vulnerability was a deliberate backdoor? Steve Friedl
Saturday, 14 January
- iWar 0.07 PSTN auditing tool released... Da Beave
Sunday, 15 January
- Reverse Proxy Cross Site Scripting Shalom Carmel
Monday, 16 January
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust H D Moore
Sunday, 15 January
- Re: MyBB 1.0.2 SQL injection in usercp.php o.y.6_at_hotmail.com
- Re: WMF vulnerability was a deliberate backdoor? Mike Ely
- [eVuln] Benders Calendar SQL Injection alex_at_evuln.com
- [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability alex_at_evuln.com
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075_at_gmail.com
- Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit patrickthomassen_at_gmail.com
Monday, 16 January
- Microsoft knew about the WMF flaw for years Richard M. Smith
Sunday, 15 January
- EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability Josh Zlatin
Monday, 16 January
- Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability info_at_digitalarmaments.com
- PunBB BBCode URL Tag Script Injection Vulnerability night_warrior771_at_hotmail.com
- Re: MSN Messenger Password Decrypter for WinXP/2003 James_gmail-ij
Sunday, 15 January
- Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact_at_webappsec.org
Monday, 16 January
- [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution Martin Schulze
- [USN-243-1] tuxpaint vulnerability Martin Pitt
Saturday, 14 January
- [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1 zinho_at_hackerscenter.com
Sunday, 15 January
- White Album Sql İnjection biyosecurity.be liz0_at_bsdmail.com
Saturday, 14 January
- Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements inge.henriksen_at_booleansoft.com
Monday, 16 January
- MDKSA-2006:014 - Updated wine packages fix WMF vulnerability Mandriva Security Team
- MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities Mandriva Security Team
- MDKSA-2006:016 - Updated clamav packages fix vulnerability Mandriva Security Team
- IndonesiaHack Advisory HTML injection in PHP Fusebox king_purba_at_yahoo.co.uk
- ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Sune Kloppenborg Jeppesen
Tuesday, 17 January
- Re: Reverse Proxy Cross Site Scripting Amit Klein (AKsecurity)
- XSS in WBNews < = v1.1.0 dragonjar_at_gmail.com
- [eVuln] BlogPHP Authentication Bypass alex_at_evuln.com
- [eVuln] microBlog SQL Injection Vulnerability alex_at_evuln.com
- [eVuln] microBlog BBCode XSS Vulnerability alex_at_evuln.com
- Re: Microsoft knew about the WMF flaw for years Gadi Evron
- Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability Secunia Research
- PowerPortal Cross-Site Scripting Vulnerability night_warrior771_at_hotmail.com
- [SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities Martin Schulze
- Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit Dave Korn
- [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation Martin Schulze
Sunday, 15 January
- Cerberus FTP Server 2.32 Denial of Service cvh_at_securityfocus.com
Tuesday, 17 January
- Re: Fullpath disclosure in roundcube webmail roundcube_at_gmail.com
Monday, 16 January
- [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities alex_at_evuln.com
- [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation Thierry Carrez
- WEP-Client-Communication-Dumbdown (WCCD) Vulnerability Michael.Wade_at_ferguson.com
- [eVuln] geoBlog SQL Injection Vulnerability alex_at_evuln.com
Tuesday, 17 January
- Attacking Automatic Wireless Network Selection Dino A. Dai Zovi
- Oracle DBMS Access Control Bypass in Login shulman_at_imperva.com
- Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext ak_at_red-database-security.com
Monday, 16 January
- Re: Directory traversal in phpXplorer Stan Bubrouski
Tuesday, 17 January
- Oracle Reports - Read parts of files via desname (fixed after 874 days) ak_at_red-database-security.com
- Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) ak_at_red-database-security.com
- Oracle Critical Patch Update - January 2006 NGSSoftware Insight Security Research
- Oracle Reports - Read parts of files via customize(fixed after 875 days) ak_at_red-database-security.com
- Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA ak_at_red-database-security.com
- [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess() Thierry Zoller
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability night_warrior771_at_securityfocus.com,
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability paul14075_at_gmail.com
- Re: PunBB BBCode URL Tag Script Injection Vulnerability Rickard Andersson
- [eVuln] Flog Information Disclosure Vulnerability alex_at_evuln.com
- [eVuln] aoblogger Multiple Vulnerabilities alex_at_evuln.com
Wednesday, 18 January
- Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Call Manager Denial of Service Cisco Systems Product Security Incident Response Team
Saturday, 14 January
- MyBB 1.0.2 Sniffing table perfix bug in search.php addmimistrator_at_gmail.com
Wednesday, 18 January
- XMB Forum HTML Code Injection night_warrior771_at_securityfocus.com,
- ICQ Cross Site Scripting Vulnerability simo_at_morx.org
Tuesday, 17 January
- Re: MSN Messenger Password Decrypter for WinXP/2003 frank boldewin
Wednesday, 18 January
- [USN-244-1] Linux kernel vulnerabilities Martin Pitt
- MyBB Signature HTML Code Injection night_warrior771_at_securityfocus.com,
Sunday, 15 January
- Re: WMF vulnerability was a deliberate backdoor? Gadi Evron
Thursday, 19 January
- HITBSecConf2005 Videos Released Praburaajan
- IRM 015: File system path disclosure on TYPO3 Web Content Manager Advisories
Wednesday, 18 January
- Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability Fortinet Research
- Land Down Under Signature HTML Code Injection night_warrior771_at_securityfocus.com,
Thursday, 19 January
- [eVuln] WebspotBlogging Authentication Bypass Vulnerability alex_at_evuln.com
Wednesday, 18 January
- Cisco Security Advisory: Cisco Call Manager Privilege Escalation Cisco Systems Product Security Incident Response Team
- Re: Re: MSN Messenger Password Decrypter for WinXP/2003 null_at_msn-pwd-recovery.com
- CAID 33756 - DM Deployment Common Component Vulnerabilities Williams, James K
- -2- [XSS] in ar-blog v 5.2 s3ude_at_hotmail.com
- Google's Blogger.com classic HTTP response splitting vulnerability Meder Kydyraliev
Thursday, 19 January
- Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager Michael Shigorin
- [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS) security-alert_at_hp.com
Wednesday, 18 January
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability night_warrior771_at_securityfocus.com,
Thursday, 19 January
- Re: Directory traversal in phpXplorer Stan Bubrouski
- Critical security advisory #006 tftpd32 Format string admin_at_critical.lt
- MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability Mandriva Security Team
Wednesday, 18 January
- FreeBSD Security Advisory FreeBSD-SA-06:05.80211 FreeBSD Security Advisories
Thursday, 19 January
- Change passwd 3.1 (SquirrelMail plugin ) rod hedor
Tuesday, 17 January
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT ak_at_red-database-security.com
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT ak_at_red-database-security.com
- Re: Microsoft knew about the WMF flaw for years Steven M. Christey
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability labs-no-reply_at_idefense.com
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability labs-no-reply_at_idefense.com
- iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability labs-no-reply_at_idefense.com
- phpXplorer file inclusion biyosecurity.be liz0_at_bsdmail.com
Thursday, 19 January
- [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow Dirk Mueller
Friday, 20 January
- MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities Mandriva Security Team
- [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution Martin Schulze
- DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow' KF (lists)
- Claroline 1.7.2, sso identification vulnerability karmaguedon_at_hotmail.com
- BlogPHP config.php SQL injection login bypass addmimistrator_at_gmail.com
- BlogPHP config.php SQL injection login bypass addmimistrator_at_gmail.com
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Florian Weimer
- [SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow Michael Stone
- SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003) Ludwig Nussel
- MySQL 5.0 information leak? Bernd Wurst
- [SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow Michael Stone
- [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation Martin Schulze
- [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure alex_at_evuln.com
Wednesday, 18 January
- [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities alex_at_evuln.com
- [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities alex_at_evuln.com
- MyBB Signature HTML Code Injection n_at_securityfocus.com
Friday, 20 January
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability Stan Bubrouski
- MDKSA-2006:019 - Updated kdelibs packages fix vulnerability Mandriva Security Team
- Tumbleweed EMF 6.x Processing Issues jcary2543_at_yahoo.com
- RE: MySQL 5.0 information leak? Burton Strauss
- BlogPHP config.php SQL injection login bypassed addmimistrator_at_gmail.com
Saturday, 21 January
- CodeCon program announced, early registration deadline nearing Len Sassaman
Friday, 20 January
- Re: MySQL 5.0 information leak? Stephen Frost
- [USN-245-1] KDE library vulnerability Martin Pitt
Sunday, 22 January
- [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability Sune Kloppenborg Jeppesen
- High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server NGSSoftware Insight Security Research
Saturday, 21 January
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released Gadi Evron
Sunday, 22 January
- fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321) ma+bt_at_dt.e-technik.uni-dortmund.de
- [eVuln] e-moBLOG SQL Injection Vulnerability alex_at_evuln.com
- [eVuln] Note-A-Day Weblog Sensitive Information Disclosure alex_at_evuln.com
Tuesday, 24 January
- ANN: New release of CORE FORCE free endpoint security package Core FORCE team
- [USN-246-1] imagemagick vulnerabilities Martin Pitt
- [SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution Martin Schulze
- Call For Paper - SyScan'06 Singapore organiser_at_syscan.org
Wednesday, 25 January
- [SECURITY] [DSA 955-1] New mailman packages fix denial of service Michael Stone
- [eVuln] CheesyBlog XSS Vulnerability alex_at_evuln.com
- Workaround for unpatched Oracle PLSQL Gateway flaw David Litchfield
Tuesday, 24 January
- Technical Note by Amit Klein: "XST Strikes Back" Amit Klein (AKsecurity)
Wednesday, 25 January
- HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability h4cky0u.org_at_gmail.com
- [SECURITY] [DSA 947-2] New clamav packages fix heap overflow Michael Stone
- FreeBSD Security Advisory FreeBSD-SA-06:07.pf FreeBSD Security Advisories
- [eVuln] ExpressionEngine 'Referer' XSS Vulnerability alex_at_evuln.com
- Updated ipsec-tools packages fix vulnerability security_at_mandriva.com
- Rosiello Security - Eterm-LibAST Advisory angelo_at_rosiello.org
- FreeBSD Security Advisory FreeBSD-SA-06:06.kmem FreeBSD Security Advisories
Tuesday, 24 January
- Re: Tumbleweed EMF 6.x Processing Issues support_at_tumbleweed.com
- [security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege security-alert_at_hp.com
- [eVuln] miniBloggie Authentication Bypass alex_at_evuln.com
- [SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting Martin Schulze
- [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting roozbeh_afrasiabi_at_yahoo.com
Sunday, 22 January
- Newsphp Multiple SQL Injection Vulnerabilities at
Tuesday, 24 January
- [eVuln] Text Rider Sensitive Information Disclosure alex_at_evuln.com
Monday, 23 January
- Re: IndonesiaHack Advisory HTML injection in PHP Fusebox brian428_at_yahoo.com
Tuesday, 24 January
- What A Click! [Internet Explorer] mikx
Wednesday, 25 January
- MyBB 1.0.2 XSS attack in search.php redirection addmimistrator_at_gmail.com
- Updated mozilla-thunderbird packages fix vulnerability security_at_mandriva.com
- Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting iNETstore Support
Thursday, 26 January
- [SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities Martin Schulze
- [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability Stefan Cornelius
Tuesday, 24 January
- [security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006 security-alert_at_hp.com
Thursday, 26 January
- SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004) Ludwig Nussel
Wednesday, 25 January
- HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities h4cky0u.org_at_gmail.com
Thursday, 26 January
- SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) Marcus Meissner
Wednesday, 25 January
- BlackWorm: 2 million infected? ISP notifications. Gadi Evron
Tuesday, 24 January
- SamiFTPd buffer overflow admin_at_critical.lt
Thursday, 26 January
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Cisco Systems Product Security Incident Response Team
- [HSC] Multiple transversal bug in vis spher3_at_hackerscenter.com
- [eVuln] AndoNET Blog SQL Injection Vulnerability alex_at_evuln.com
Tuesday, 24 January
- [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat ISecAuditors Security Advisories
- Windows mem leakage endrazine_at_pulltheplug.org
Thursday, 26 January
- [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability alex_at_evuln.com
- [SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution Martin Schulze
- [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability Stefan Cornelius
Tuesday, 24 January
- Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Gadi Evron
Sunday, 22 January
- Re: MySQL 5.0 information leak? Lance James
Tuesday, 24 January
- Buffer Overflow /Font on mIRC Crowdat Kurobudetsu
Monday, 23 January
- [SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution Martin Schulze
Tuesday, 24 January
- Re: MySQL 5.0 information leak? Johan De Meersman
Thursday, 26 January
- [ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability security_at_mandriva.com
Monday, 23 January
- [ Rosiello Security ] Eterm-LibAST Advisory angelo_at_rosiello.org
- iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability labs-no-reply_at_idefense.com
Tuesday, 24 January
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included) Dude VanWinkle
Sunday, 22 January
- BitComet URI Proof of Concept nick58_at_gmail.com
- RE: MySQL 5.0 information leak? Burton Strauss
Monday, 23 January
- [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution Martin Schulze
Thursday, 26 January
- [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} Cesar
- [ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability security_at_mandriva.com
Friday, 27 January
- hello code.shell_at_yahoo.com
Thursday, 26 January
- [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities security_at_mandriva.com
Friday, 27 January
- [SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities Martin Schulze
Thursday, 26 January
- Re: [security] What A Click! [Internet Explorer] yossarian
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] Williams, James K
Friday, 27 January
- Shareaza P2P Remote Vulnerability Ryan Smith
Thursday, 26 January
- [ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities security_at_mandriva.com
Friday, 27 January
- Re: [security] What A Click! [Internet Explorer] Lance James
Sunday, 22 January
- Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi_at_yahoo.com
Monday, 23 January
- The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns) cvh_at_kapda.ir
Friday, 27 January
- [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi_at_yahoo.com
Saturday, 28 January
- Ege Internet Web Desing Remote Command Exucetion botan_at_linuxmail.org
Friday, 27 January
- Multiple vulnerabilities in CommuniGate Pro Server Evgeny Legerov
Monday, 23 January
- LibAST 0.7 Release Fixes Security Vulnerability Michael Jennings
Tuesday, 24 January
- BlackWorm naming confusing [CME entry now available] Gadi Evron
Monday, 23 January
- [eVuln] Pixelpost Photoblog XSS Vulnerability alex_at_evuln.com
Tuesday, 24 January
- [FLSA-2006:152845] Updated perl packages fix security issues Marc Deslauriers
- BlackWorm technical information Gadi Evron
Monday, 23 January
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability Williams, James K
- [SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting Martin Schulze
Saturday, 28 January
- zbattle.net c_lispfedora_at_yahoo.com
Friday, 27 January
- Re: MySQL 5.0 information leak? Duncan Simpson
Saturday, 28 January
- Cross Site Cooking Michal Zalewski
Sunday, 29 January
- Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox pr1nce_empire_at_yahoo.com
- [ GLSA 200601-14 ] LibAST: Privilege escalation Sune Kloppenborg Jeppesen
- UebiMiau Webmail System Security Vulnerability M.Neset KABAKLI
- Re: BlackWorm naming confusing [CME entry now available] Jose Nazario
- [ GLSA 200601-15 ] Paros: Default administrator password Sune Kloppenborg Jeppesen
Monday, 30 January
- TSLSA-2006-0004 - multi Trustix Security Advisor
Sunday, 29 January
- EasyCMS vulnerable to XSS injection. preben_at_watchcom.no
Monday, 30 January
- [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting Martin Schulze
Sunday, 29 January
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password Yvan Boily
- MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) o.y.6_at_hotmail.com
- [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl > hessam_at_kachal667.com
Monday, 30 January
- RE: Cross Site Cooking Michal Zalewski
- Arescom NetDSL-1000 DoS atack source framirez_at_akori.fr
- Winamp 5.12 - 0day exploit - code execution through playlist Process
Sunday, 29 January
- sPaiz-Nuke Cross-Site Scripting Vulnerability night_warrior771_at_securityfocus.com,
Monday, 30 January
- Nuked-klaN Cross-Site Scripting Vulnerability night_warrior771_at_securityfocus.com,
Friday, 27 January
- Re: [security] What A Click! [Internet Explorer] yossarian
- Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401) orambaldini_at_soti.net
Monday, 8 July
- gnome evolution mail client inline text file DoS issue Mike Davis
Thursday, 26 January
- BlackWorm: statistics and numbers Gadi Evron
Monday, 30 January
- XSS flaw in MG2 Image Gallery (v.0.5.1) preben_at_watchcom.no
- MyBB 1.2 Local File Incusion o.y.6_at_hotmail.com
- CME-24 (BlackWorm) Users' FAQ Gadi Evron
- Re: Arescom NetDSL-1000 DoS atack source Pim van Riezen
- [SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution Martin Schulze
Thursday, 26 January
- Etomite CMS "Backdoored" Luca_at_securityfocus.com, Ercoli@securityfocus.com,
Monday, 30 January
- [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities security_at_mandriva.com
- Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal
Thursday, 26 January
- Verified evasion in Snort at
Friday, 27 January
- New worm crawling trough blogs?! blog.worm_at_gmail.com
Monday, 30 January
- [ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities security_at_mandriva.com
- Re: CME-24 (BlackWorm) Users' FAQ Gadi Evron
- [ GLSA 200601-16 ] MyDNS: Denial of Service Sune Kloppenborg Jeppesen
- [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Sune Kloppenborg Jeppesen
- Etomite followup information security curmudgeon
- Daffodil CRM - vulnerable to SQL-injection. preben_at_watchcom.no
- BrowserCRM vulnerable for XSS preben_at_watchcom.no
- Cerberus Helpdesk vulnerable to XSS preben_at_watchcom.no
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio
Tuesday, 31 January
- Re: EasyCMS vulnerable to XSS injection. kim_at_easycms.no
Monday, 30 January
- Proof of concept for CommuniGate Pro Server vulnerability Evgeny Legerov
Tuesday, 31 January
- MyCO multiple vulnerabilities revnic_at_gmail.com
- [SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution Martin Schulze
- FarsiNews 2.1 PHP Remote File Inclusion h e
- [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze
- Nmap 4.00 Released Fyodor
- Xmame 0.102 local vulnerability proof-of-concept Rafael San Miguel Carrasco
- [SECURITY] [DSA 960-2] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze
- Windows Access Control Demystified sudhakar+bugtraq_at_cs.princeton.edu

Last message date: Jan 31 2006
Archived on: Aug 14 2008 PDT