564 messages starting Jul 01 06 and ending Jul 03 06 Date index | Thread index | Author index
Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available? 3APA3A
Re: Browser bugs hit IE, Firefox today (SANS) 3CO Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO
RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman
Linux sys_prctl LKM based hotfix Abhisek Datta
[MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure admin [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability admin [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability admin [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities admin [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting admin [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure admin Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities admin
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue advisories Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue advisories Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue advisories
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) AG Spider MiniBB Forum <= 1.5a Remote File Include (news.php) AG Spider
Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] ak Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] ak Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] ak Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] ak Bypassing Oracle dbms_assert ak
RE: cpanel login problem Alan
Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl Alexander Hristov Samba Internal Data Structures DOS Vulnerability Exploit Alexander Hristov
RE: Bypassing Oracle dbms_assert Alexander Kornbrust
Touch arbitrary file execute vulnerability Alex Park
Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter
cpanel login problem ali
[KAPDA::#46] - AjaxPortal Authentication Bypass alireza hassani
phpPolls 1.0.3 Administration ByPass alp_eren
Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. Amelie Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. amelie
Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
[CYBSEC] TippingPoint detection bypass Andres Riancho
Local file inclusion in Farsinews3.0BETA1 armin390 SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1 armin390
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities A-S-T2006 Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities A-S-T2006
SMB Information Disclosure Vulnerability Avert Apache mod_rewrite Buffer Overflow Vulnerability Avert
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities Benjamin Tobias Franz
osDate 1.1.7 multiple vulnerabilities binary . loc Re: osDate 1.1.7 multiple vulnerabilities binary . loc
Outpost Firewall Pro secrately fixing security flaws? Bipin Gautam
Sql injection in Diesel joke site script black code file include exploits in randshop v1.2 black code
Re: LAMP vs Microsoft Bob Beck Re: LAMP vs Microsoft Bob Beck Re: LAMP vs Microsoft Bob Beck Re: LAMP vs Microsoft Bob Beck
popup Vacation Rentals[calendar_year.php] SQL Injection BoNy-m
[Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] botan [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] botan
Internet Crna Gora SQL Injection Breeeeh SmS Script SQL Injection Breeeeh Invision Power Board v1.3 Final SQL Injection Breeeeh saphp "add.php" forumid Parameter SQL Injection Breeeeh MyGallery "Room.php" SQL Injection Breeeeh VBZooM <=V1.11 " reply.php" SQL Injection Breeeeh VBZooM <=V1.11 " ignore-pm.php" SQL Injection Breeeeh VBZooM <=V1.11 "sub-join.php" SQL Injection Breeeeh VBZooM "sendmail.php" SQL Injection Breeeeh
ASP.DLL Include File Buffer Overflow Brett Moore
RE: cpanel login problem Bugs
phpMyAdmin : Cross-Site Scripting Vulnerability bug () securitynews ir ATutor : Cross-Site Scripting Vulnerabilities bug () securitynews ir
Re: phpbb 3.x sql injection (with global moderator rights) bugtraq Re: crashing firefox <= 1.5.0.4 bugtraq
AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) c0rrupt
vBulletin 3.5.4 (install_path) Exploit CarcaBotx
Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Caveo Internet BV - Security
MS06-034 lies? IIS 6 can still be owned? Cesar
RUXCON 2006 Final Call For Papers cfp
Contact for nhl.com C. Hamby
SubberZ[Lite] - Remote File Include ChironeX . FleckeriX
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion chris_hasibuan SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion chris_hasibuan
Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
Multiple vulnerabilities in TK8 Safe v.3.0.5 clappymonkey
imgsvr dos exploit by n00b co296
Re: AFCommerce Shopping Cart contact
Re: galleria <= 1.0 Remote File Inclusion Vulnerability counterpoint
about bid 17404 crack
Glossaire<<--v1.7 Remote File Include CrAzY . CrAcKeR Invision Power Board "v1.X & 2.X" SQL Injection CrAzY . CrAcKeR
Re: Securing PHP or finding PHP alternatives Crispin Cowan Re: Securing PHP or finding PHP alternatives Crispin Cowan Re: Securing PHP or finding PHP alternatives Crispin Cowan
RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy
Re: new shell bypass safe mode cxib
Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Cyneox
new shell bypass safe mode d3nger
Re: PHP security (or the lack thereof) Dan Falconer
TOPo v.2.2.178 Account Reset darkz . gsa
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability Darren Bounds
LAMP vs Microsoft Darren Reed Re: PHP security (or the lack thereof) Darren Reed Re: LAMP vs Microsoft Darren Reed Re: LAMP vs Microsoft Darren Reed Re: LAMP vs Microsoft Darren Reed Re: LAMP vs Microsoft Darren Reed
Re: PHP ip2long() function circumvention darylf
Re: Check Point R55W Directory Traversal dave_kwek
Re: Bypassing Oracle dbms_assert David Litchfield Re: Bypassing Oracle dbms_assert David Litchfield
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability David Matousek Norton Insufficient protection of Norton service registry keys David Matousek Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability David Matousek
RE: XSS phpBB 2.0.21 in administration David Thomson
Call For Papers - No cON Name 2006 Edition Spain deese
Whitepaper: IT (in)security implementation in a real world example Denis Jedig
RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability Desai, Deepen
Full Path Disclosure xGuestBook v1.02 dicomdk
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) Dragos Ruiu
a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability Dr . Jr7 mambatstaff Mambo Component <= Remote Include Vulnerability Dr . Jr7 artlinks Mambo Component <= Remote Include Vulnerability Dr . Jr7
Re: Gdiplus.dll division by 0 Early Warning Team
Re: [KAPDA::#46] - AjaxPortal Authentication Bypass earthquake
RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich
EEYE: McAfee ePolicy Orchestrator Remote Compromise eEye Advisories [EEYEB-20060227] D-Link Router UPNP Stack Overflow eEye Advisories
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris
perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion endeneu
RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula
About the latest three Powerpoint vulnerabilities: exploitable? ewt
[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability farhadkey
[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file finde_schwachstelle
Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) flockoyd
Opsware NAS 6.0 reveals MySQL 'root' password Freeman, Michael
23rd Chaos Communication Congress 2006: Call for Participation fukami
Re: LAMP vs Microsoft George Capehart
[ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter Re: Samba Internal Data Structures DOS Vulnerability Exploit Gerald (Jerry) Carter
Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha
News <= 5.2 XSS, SQL Injection, Full Path Disclosure gmdarkfig SturGeoN Upload v1 Remote Command Execution Exploit gmdarkfig 5 php scripts remote database password disclosure gmdarkfig boastMachine <= 3.1 SQL Injection Exploit gmdarkfig
ToorCon 2006 Call for Papers h1kari () toorcon org
EzUpload multi file vulnerabilities hack2prison
Mercury Messenger Hans Wolters
Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability harbl
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Hugo van der Kooij Re: LAMP vs Microsoft Hugo van der Kooij Re: Check Point R55W Directory Traversal Hugo van der Kooij
galleria <= 1.0 Remote File Inclusion Vulnerability ineal
Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability info Re: ATutor 1.5.3 Cross Site Scripting info Re: imageVue16.1 upload vulnerability info Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability info
HostingController: An attacker can gain reseller privileges and after that can gain admin privileges Irsdl
PhpWebGallery Cross Site Scripting Vulnerability iss4m . h
call for papers - IT Underground, Italy 2006 it_underground
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure James Davis
Security point-of-contact for Ameritrade? James M. Blackburn
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure Jaroslaw Sajko
Re: LAMP vs Microsoft Jarrod Frates
Old vulnerable sotwares collection Jerome Athias
DeluxeBB mutiple vulnerabilities Jessica Hope Re: XSS phpBB 2.0.21 in administration Jessica Hope Re: XSS phpBB 2.0.21 in administration Jessica Hope Re: XSS phpBB 2.0.21 in administration Jessica Hope
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure jholguin
Re: LAMP vs Microsoft Joel Maslak
McAfee VirusScan Enterprise 8.0.0 Buffer Overflow johndoe1529
RE: Old vulnerable sotwares collection John Rigali
IE <= 6 DoS vulnerability jonasschaub
Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Jon Hart Cisco MARS < 4.2.1 remote compromise Jon Hart
Windows XP/NT/SMB2003/2000 Denial of Service attack J. Oquendo
Zyxel Prestige 660H-61 Cross-Site Scripting jose . palanco
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella
IBM AIX Security contact? Joxean Koret Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities Joxean Koret
Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio New CVE number states Excel Style handling as a separate issue Juha-Matti Laurio Microsoft PowerPoint 0-day Vulnerability FAQ document written Juha-Matti Laurio Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio New CVE identifiers for separate PowerPoint 0-day issues assigned Juha-Matti Laurio Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio
rPSA-2006-0122-1 kernel Justin M. Forbes rPSA-2006-0128-1 samba samba-swat Justin M. Forbes rPSA-2006-0122-2 kernel Justin M. Forbes rPSA-2006-0130-1 kernel Justin M. Forbes rPSA-2006-0132-1 tshark wireshark Justin M. Forbes rPSA-2006-0133-1 libpng Justin M. Forbes rPSA-2006-0134-1 sendmail sendmail-cf Justin M. Forbes rPSA-2006-0135-1 gimp Justin M. Forbes rPSA-2006-0137-1 firefox Justin M. Forbes rPSA-2006-0139-1 httpd mod_ssl Justin M. Forbes
lintah_|adv|_01 () 2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow kala_z
Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas
plume-cms v1.0.4 Multiple Remote File include KARKOR23 free QBoard v1.1 Multiple Remote File include KARKOR23
Re: PHP security (or the lack thereof) Kevin Waterson
Unidomedia Chameleon LE/Pro Directory Traversal kicktd
Re: Low security hole affecting IPCalc's CGI wrapper krischan
wwwThreads XSS l2odon PHP-Auction SQL injection l2odon PHP-Nuke INP XSS l2odon
S21Sec-032-en: Vulnerability in Fatwire Content Server labs
iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability labs-no-reply
Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) Luigi Auriemma Possible code execution in Kaillera 0.86 Luigi Auriemma Format string bug in Sparklet 0.9.4try3 Luigi Auriemma Multiple vulnerabilities in UFO2000 svn 1057 Luigi Auriemma Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 Luigi Auriemma Heap overflow in the GT2 loader of libmikmod 3.2.2 Luigi Auriemma Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) Luigi Auriemma Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) Luigi Auriemma Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 Luigi Auriemma
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Lukasz Trabinski
Buddy Zone Version 1.0.1 - XSS luny mAds v1.0 lunY Shopping Cart V0.9 luny TigerTom Scripts luny Sport-slo.net Guestbook v1.0 luny Photocycle v1.0 - XSS luny Orbitmatrix PHP Script v1.0 luny
RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow m
Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability mac68k
SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) mail Com Multibanners Remote File Inclusion (mosConfig_absolute_path) mail
Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) Mailinglists
[FLSA-2006:175040] Updated php packages fix security issues Marc Deslauriers
[scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection Marc Ruef [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting Marc Ruef
CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce
WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield
Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe
[USN-308-1] shadow vulnerability Martin Pitt [USN-309-1] libmms vulnerability Martin Pitt [USN-310-1] ppp vulnerability Martin Pitt [USN-312-1] gimp vulnerability Martin Pitt [USN-313-1] OpenOffice.org vulnerabilities Martin Pitt [USN-316-1] installer vulnerability Martin Pitt [USN-315-1] libmms, xine-lib vulnerabilities Martin Pitt [USN-314-1] samba vulnerability Martin Pitt [USN-317-1] zope2.8 vulnerability Martin Pitt [USN-318-1] libtunepimp vulnerability Martin Pitt [USN-319-1] Linux kernel vulnerability Martin Pitt [USN-320-1] PHP vulnerabilities Martin Pitt [USN-319-2] Linux kernel vulnerability Martin Pitt [USN-313-2] OpenOffice.org vulnerabilities Martin Pitt [USN-321-1] mysql-dfsg-4.1 vulnerability Martin Pitt [USN-322-1] Konqueror vulnerability Martin Pitt [USN-296-2] Firefox vulnerabilities Martin Pitt [USN-297-3] Thunderbird vulnerabilities Martin Pitt [USN-320-2] php4 regression Martin Pitt [USN-323-1] mozilla vulnerabilities Martin Pitt [USN-324-1] freetype vulnerability Martin Pitt [USN-325-1] ruby1.8 vulnerability Martin Pitt [USN-326-1] heartbeat vulnerability Martin Pitt [USN-327-1] firefox vulnerabilities Martin Pitt [USN-328-1] Apache vulnerability Martin Pitt [USN-329-1] Thunderbird vulnerabilities Martin Pitt
[SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution Martin Schulze [SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service Martin Schulze [SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation Martin Schulze [SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service Martin Schulze [SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service Martin Schulze [SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution Martin Schulze [SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities Martin Schulze [SECURITY] [DSA 1119-1] New hiki packages fix denial of service Martin Schulze [SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service Martin Schulze [SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service Martin Schulze [SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service Martin Schulze [SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service Martin Schulze [SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution Martin Schulze
[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities matdhule [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities matdhule [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities matdhule MiniBB Forum <= 1.5a Remote File Include Vulnerabilities matdhule Calendar Module <= 1.5.7 Remote File Include Vulnerabilities matdhule New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities matdhule Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities matdhule [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion matdhule Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities matdhule Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities matdhule
Map MS Security Bulletins to MS KB numbers Matthew Leeds
[ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows Matthias Geerdsen
Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz
Re: Invision Power Board "v1.X & 2.X" SQL Injection mattmecham Re: RE: Invision Vulnerabilities, including remote code execution mattmecham Re: Invision Power Board v1.3 Final SQL Injection mattmecham Re: Invision Power Board 2.1 <= 2.1.6 sql injection mattmecham
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion") Maurice Makaay Re: Phorum 5.1.14 XSS SQL injection Vulnerability Maurice Makaay
Multiple vulnerabilities in OpenCMS Meder Kydyraliev
Bybass HTTP ( extension files ) in ISA 2004 medozero Re: Bybass HTTP ( extension files ) in ISA 2004 medozero Re: Bybass HTTP ( extension files ) in ISA 2004 medozero
Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet
Cross-Site Scripting and Local File Inclusion in Phorum Meftun Buffer Overflow Vulnerability in Winlpd Meftun Portail PHP v1.7 Remote File Include Meftun
Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. mfoxhacker
Re: Securing PHP or finding PHP alternatives Michael Cordover
RE: $100 plus several of my books if you can crack my Windows password hashes. Michael Scheidell
Re: Securing PHP or finding PHP alternatives Michael Shigorin Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michael Shigorin Re: [ GLSA 200607-08 ] GIMP: Buffer overflow Michael Shigorin
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michal Zalewski
Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner
Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 Re: Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003
Re: Msie 7.0 beta Crash mike Lan-Aces Office Logic Mike
Re: New PowerPoint Trojan installs itself as LSP Mike Healan
Gracenote buffer overflow MNV
[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution Moritz Muehlenhoff [SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation Moritz Muehlenhoff [SECURITY] [DSA 1110-1] New samba packages fix denial of service Moritz Muehlenhoff [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff [SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service Moritz Muehlenhoff [SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure Moritz Muehlenhoff [SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service Moritz Muehlenhoff [SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution Moritz Muehlenhoff [SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data Moritz Muehlenhoff [SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution Moritz Muehlenhoff [SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code Moritz Muehlenhoff [SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages) Moritz Muehlenhoff [SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities Moritz Muehlenhoff
Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues Moritz Naumann
ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) mozilla
Gdiplus.dll division by 0 Mr . Niega
Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior mullware
[Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) . myke lyons
Excel 2000/XP/2003 Style 0day POC nanika Windows Explorer URL File format overflow nanika
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure nate Re: cpanel login problem nate
MS Word Unchecked Boundary Condition Vulnerability naveed Re: Windows Explorer URL File format overflow naveed Fuzzing Microsoft Office naveed MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC naveed MS Power Point Multiple Vulnerabilities - (mso.dll) POC naveed MS Power Point Multiple Vulnerabilities - (memory corruption) POC naveed
XSS vulnerability on AWBS newbinaryfile
Advisory: VMware Possible Incorrect Permissions On SSL Key Files Nick Breese
NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability NSFOCUS Security Team NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability NSFOCUS Security Team NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability NSFOCUS Security Team NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability NSFOCUS Security Team
Fantastic Guestbook v2.0.1 Advisory omnipresent MicroGuestBook Remote XSS Attack omnipresent
[OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt) OpenPKG [OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela) OpenPKG [OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache) OpenPKG [OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby) OpenPKG [OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype) OpenPKG
PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A BTO
Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form pagvacito
PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities paisterist . nst Graffiti Forums v1.0 SQL Injection Vulnerabilities paisterist . nst
Invision Power Board v2.1 <= 2.1.6 sql injection exploit paul14075 Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul14075
Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul dansing
CC announces new Rootkit help forum insync with Book Paul Laudanski
Re: rPSA-2006-0122-1 kernel Paul Starzetz Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Paul Starzetz
Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky
Consumers of Broadband Providers (ISP) may be open to hijack attacks peter_philipp
PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI philipp . niedziela MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability philipp . niedziela
Oracle 10g R2 and, probably, all previous versions putosoft softputo
Xss in MttKe-php v2.6 R0t-K33Y Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1 R0t-K33Y
Re: file include exploits in randshop v1.2 Rainer Duffner
Advisory: Remote command execution in planetGallery RedTeam Pentesting
XSS phpBB 2.0.21 in administration renatrix
SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability research SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution research SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced research
crashing firefox <= 1.5.0.4 reywen
Pivot <=1.30rc2 privilege escalation / remote commands execution rgod PAPOO <=3RC3 sql injection / admin credentials disclosure rgod flatnuke <= 2.5.7 arbitrary php file upload rgod PHORUM 5 arbitrary local inclusion rgod phpbb 3.x sql injection (with global moderator rights) rgod MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection rgod ToendaCMS <= 1.0.0 arbitrary file upload rgod LoudBlog <=0.5 Sql injection rgod Etomite CMS <= 0.6.1 'rfiles.php' remote command execution rgod PHP ip2long() function circumvention rgod ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure rgod
RE: Re: vBulletin 3.5.4 (install_path) Exploit Robert Marquardt
$100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes
Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Roman Medina-Heigl Hernandez
PcAnywhere > 12 Local Privilege Escalation root
[KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php roozbeh_afrasiabi
Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills
Invision Power Board 2.1 <= 2.1.6 sql injection rst
Oracle 10g R2 and, probably, all previous versions Russell Lowenthal
Hustle -- Tumbleweed Email Firewall Remote Vulnerability Ryan Smith
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability Saudi . Unix ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities saudi . unix PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities saudi . unix SQuery v.x (devi.php) (armygame.php) Remote File Inclusion saudi . unix com_moskool (admin.moskool.php) Remote File Include Vulnerabilities saudi . unix
RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Schmehl, Paul L
Re: vBulletin 3.5.4 (install_path) Exploit scott Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow scott
Re: cpanel login problem Scott Gemma
Check Point R55W Directory Traversal Sec-Tec Lists
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities Secunia Research Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities Secunia Research Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability Secunia Research Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability Secunia Research Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow Secunia Research Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption Secunia Research
[ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities security [ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability security [ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities security [ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability security [ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability security [ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability security [ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability security [ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities security [ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities security [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability security WebScarab <= 20060621-0003 cross site scripting security [ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability. security [ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability. security [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities. security [ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities security [ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability. security [ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability. security [ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability security [ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability security [ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability security [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities security
[security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access security-alert [security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert [security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS) security-alert [security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS) security-alert [security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert [security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006 security-alert [security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert
NewsPHP 2006 PRO XSS SQL injection Vulnerability securityconnection QTOFileManager 1.0 securityconnection TBE 4.0 XSS securityconnection sNews 1.3 XSS SQL securityconnection BLOG:CMS 4.1.0 SQL injection File Include Vulnerability securityconnection ATutor 1.5.3 Cross Site Scripting securityconnection Phorum 5.1.14 XSS SQL injection Vulnerability securityconnection MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection Phpprobid <= 5.24 XSS SQL injection Vulnerability securityconnection GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting securityconnection
Re: Ashop Search Module SQL injection security curmudgeon Re: Fusion Polls (xtrphome) Remote File Inclusion security curmudgeon
Re: Photocycle v1.0 - XSS securityfocus
Re: Securing PHP or finding PHP alternatives Sheryl Coppenger
SQuery <= 4.5(libpath) Remote File Inclusion Exploit SHiKaA-
DotClear : Multiples Full Path Disclosure Silitix
Lazarus Guestbook Cross Site Scripting Vulnerabilities simo64 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties simo64
Re: Securing PHP or finding PHP alternatives SkyFlash
AFCommerce Shopping Cart sledge
Microsoft Internet Explorer DOS Vulnerability SnoBmsn
Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow solutions_PHP
Microsoft Excel Array Index Error Remote Code Execution Sowhat
Crtical Shockwave Embeded XSS Execution spammeanddie
Cross Site Scripting Vulnerability in Zoho Virtual Office ss_team
[ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities Stefan Cornelius [ GLSA 200607-11 ] TunePimp: Buffer overflow Stefan Cornelius
Re: LAMP vs Microsoft Steven M. Christey Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey Re: Xss in MttKe-php v2.6 Steven M. Christey Re: Do world's famous companies take care of their security? Steven M. Christey
RW::Download stats.php Remote File Inc. StorMBoY Webvizyon Portal 2006 Version SQL Injection StorMBoY MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download StorMBoY
Re: Invision Power Board 2.1 <= 2.1.6 sql injection str0ke Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke
[ GLSA 200607-01 ] mpg123: Heap overflow Sune Kloppenborg Jeppesen [ GLSA 200607-03 ] libTIFF: Multiple buffer overflows Sune Kloppenborg Jeppesen [ GLSA 200607-04 ] PostgreSQL: SQL injection Sune Kloppenborg Jeppesen [ GLSA 200607-02 ] FreeType: Multiple integer overflows Sune Kloppenborg Jeppesen [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Sune Kloppenborg Jeppesen [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen [ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities Sune Kloppenborg Jeppesen [ GLSA 200607-10 ] Samba: Denial of Service vulnerability Sune Kloppenborg Jeppesen UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: Buddy Zone Version 1.0.1 - XSS support
Professional PHP Tools Guestbook Multiple Vulnerabilities tamriel hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities tamriel Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities tamriel TP-Book <= 1.00 Cross Site Scripting Vulnerabilities tamriel
DEF CON 14: Speakers Selected and more. The Dark Tangent
[ECHO_ADV_41$2006] BufferOverflow in Midirecord2 the_day
Re: SubberZ[Lite] - Remote File Include the . jalal
[ GLSA 200607-06 ] libpng: Buffer overflow Thierry Carrez [ GLSA 200607-07 ] xine-lib: Buffer overflow Thierry Carrez
Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God)
Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm
Oracle and Apache mod_rewrite Vulnerability tigerblue
Low security hole affecting IPCalc's CGI wrapper Tim Brown
TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Tippingpoint Security Research Team
Re: IBM AIX Security contact? Troy Bollinger
TSLSA-2006-0040 - kernel Trustix Security Advisor TSLSA-2006-0042 - multi Trustix Security Advisor
PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability tr_zindan
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability TSRT TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities TSRT
Mico crashes when contected with wrong IOR / DoS tuergeist Re: Mico crashes when contected with wrong IOR / DoS tuergeist Re: Mico crashes when contected with wrong IOR / DoS tuergeist
Re: cpanel login problem usar_y_tirar
VMSA-2006-0003 VMware possible incorrect permissions on SSL key files VMware Security Team
SQL injection Seir Anphin v666 Community Management System vulnerabilities
Plesk Control Panel <= 8.0.0 XSS vulnerability vuln . invent
[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities vulnpost-remove [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability vulnpost-remove [vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow vulnpost-remove [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability vulnpost-remove
RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Web Ex
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr.
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability x0r0n Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability x0r0n ListMessenger v0.9.3 Remote File Inclusion Vulnerability x0r0n Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download x0r0n Re: Portail PHP v1.7 Remote File Include x0r0n
Rocks Clusters <=4.1 local root Xavier
phpBB 2.0.21 Full Path Disclosure xzerox WordPress 2.0.3 SQL Error and Full Path Disclosure xzerox Pearl Products Multiple Remote File Inclusion xzerox FLV Players Multiple Input Validation Vulnerabilities xzerox
OPERA Web Browser 9 Denial OF Service y3dips
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure zck zck
ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability zdi-disclosures ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability zdi-disclosures ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability zdi-disclosures ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability zdi-disclosures ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability zdi-disclosures
Php-Fusion (Xss) With Avatar Upload zeberus_
RSS Feed
About List
All Lists
Previous period