564 messages starting Jul 01 06 and ending Jul 31 06 Date index | Thread index | Author index
NewsPHP 2006 PRO XSS SQL injection Vulnerability securityconnection News <= 5.2 XSS, SQL Injection, Full Path Disclosure gmdarkfig Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available? 3APA3A phpBB 2.0.21 Full Path Disclosure xzerox Re: PHP security (or the lack thereof) Kevin Waterson RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) Schmehl, Paul L Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter Re: Msie 7.0 beta Crash mike [security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access security-alert [security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert Buddy Zone Version 1.0.1 - XSS luny mAds v1.0 lunY phpMyAdmin : Cross-Site Scripting Vulnerability bug () securitynews ir DEF CON 14: Speakers Selected and more. The Dark Tangent OPERA Web Browser 9 Denial OF Service y3dips Internet Crna Gora SQL Injection Breeeeh SmS Script SQL Injection Breeeeh Sql injection in Diesel joke site script black code SturGeoN Upload v1 Remote Command Execution Exploit gmdarkfig
Whitepaper: IT (in)security implementation in a real world example Denis Jedig Php-Fusion (Xss) With Avatar Upload zeberus_ Glossaire<<--v1.7 Remote File Include CrAzY . CrAcKeR call for papers - IT Underground, Italy 2006 it_underground [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure admin WordPress 2.0.3 SQL Error and Full Path Disclosure xzerox plume-cms v1.0.4 Multiple Remote File include KARKOR23 Pearl Products Multiple Remote File Inclusion xzerox free QBoard v1.1 Multiple Remote File include KARKOR23 Re: [Full Disclosure] [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability mac68k Multiple vulnerabilities in TK8 Safe v.3.0.5 clappymonkey popup Vacation Rentals[calendar_year.php] SQL Injection BoNy-m QTOFileManager 1.0 securityconnection Invision Power Board v1.3 Final SQL Injection Breeeeh Contact for nhl.com C. Hamby Excel 2000/XP/2003 Style 0day POC nanika 5 php scripts remote database password disclosure gmdarkfig Call For Papers - No cON Name 2006 Edition Spain deese [ GLSA 200607-01 ] mpg123: Heap overflow Sune Kloppenborg Jeppesen ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability David Matousek imgsvr dos exploit by n00b co296 TBE 4.0 XSS securityconnection
Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection Marc Ruef galleria <= 1.0 Remote File Inclusion Vulnerability ineal Re: WordPress 2.0.3 SQL Error and Full Path Disclosure James Davis [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting Marc Ruef file include exploits in randshop v1.2 black code PhpWebGallery Cross Site Scripting Vulnerability iss4m . h Re: file include exploits in randshop v1.2 Rainer Duffner Re: WordPress 2.0.3 SQL Error and Full Path Disclosure Jaroslaw Sajko [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) . myke lyons
Invision Power Board "v1.X & 2.X" SQL Injection CrAzY . CrAcKeR Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo Shopping Cart V0.9 luny Windows Explorer URL File format overflow nanika Touch arbitrary file execute vulnerability Alex Park sNews 1.3 XSS SQL securityconnection BLOG:CMS 4.1.0 SQL injection File Include Vulnerability securityconnection Re: PHP security (or the lack thereof) Dan Falconer [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities security vBulletin 3.5.4 (install_path) Exploit CarcaBotx TigerTom Scripts luny
[SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution Martin Schulze Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues Moritz Naumann Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 [USN-308-1] shadow vulnerability Martin Pitt [USN-309-1] libmms vulnerability Martin Pitt [USN-310-1] ppp vulnerability Martin Pitt Re: vBulletin 3.5.4 (install_path) Exploit scott
Re: IBM AIX Security contact? Troy Bollinger Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) Luigi Auriemma McAfee VirusScan Enterprise 8.0.0 Buffer Overflow johndoe1529 Mico crashes when contected with wrong IOR / DoS tuergeist TSLSA-2006-0040 - kernel Trustix Security Advisor WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A BTO [ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities matdhule ATutor : Cross-Site Scripting Vulnerabilities bug () securitynews ir Possible code execution in Kaillera 0.86 Luigi Auriemma rPSA-2006-0122-1 kernel Justin M. Forbes PBL Guestbook <= 1.32 XSS & SQL Querys Vulnerabilities paisterist . nst Format string bug in Sparklet 0.9.4try3 Luigi Auriemma [ MDKSA-2006:117 ] - Updated libmms packages fix buffer overflow vulnerability security HostingController: An attacker can gain reseller privileges and after that can gain admin privileges Irsdl Sport-slo.net Guestbook v1.0 luny IBM AIX Security contact? Joxean Koret Pivot <=1.30rc2 privilege escalation / remote commands execution rgod
[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service Martin Schulze lintah_|adv|_01 () 2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability zdi-disclosures [ MDKSA-2006:118 ] - Updated OpenOffice.org packages fix various vulnerabilities security PAPOO <=3RC3 sql injection / admin credentials disclosure rgod Re: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7) flockoyd [KAPDA::#46] - AjaxPortal Authentication Bypass alireza hassani ATutor 1.5.3 Cross Site Scripting securityconnection RW::Download stats.php Remote File Inc. StorMBoY
[ GLSA 200607-03 ] libTIFF: Multiple buffer overflows Sune Kloppenborg Jeppesen Webvizyon Portal 2006 Version SQL Injection StorMBoY Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha Re: Invision Power Board "v1.X & 2.X" SQL Injection mattmecham Graffiti Forums v1.0 SQL Injection Vulnerabilities paisterist . nst [ GLSA 200607-04 ] PostgreSQL: SQL injection Sune Kloppenborg Jeppesen MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download StorMBoY LAMP vs Microsoft Darren Reed Re: RE: Invision Vulnerabilities, including remote code execution mattmecham Re: [KAPDA::#46] - AjaxPortal Authentication Bypass earthquake ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) mozilla Re: rPSA-2006-0122-1 kernel Paul Starzetz [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities matdhule [SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation Martin Schulze Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Paul Starzetz phpPolls 1.0.3 Administration ByPass alp_eren Re: galleria <= 1.0 Remote File Inclusion Vulnerability counterpoint Re: Invision Power Board v1.3 Final SQL Injection mattmecham [USN-312-1] gimp vulnerability Martin Pitt RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula CC announces new Rootkit help forum insync with Book Paul Laudanski MS Word Unchecked Boundary Condition Vulnerability naveed Re: Re: vBulletin 3.5.4 (install_path) Exploit mikathebest2003 RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Web Ex Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability info Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas Re: PHP security (or the lack thereof) Darren Reed Re: Mico crashes when contected with wrong IOR / DoS tuergeist Re: Mico crashes when contected with wrong IOR / DoS tuergeist Re: Windows Explorer URL File format overflow naveed Re: Mico crashes when contected with wrong IOR / DoS Karel Gardas Local file inclusion in Farsinews3.0BETA1 armin390 Old vulnerable sotwares collection Jerome Athias [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter [SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service Martin Schulze
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability Saudi . Unix Re: LAMP vs Microsoft Jarrod Frates Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability Darren Bounds Re: LAMP vs Microsoft Bob Beck Re: Securing PHP or finding PHP alternatives Crispin Cowan [ GLSA 200607-02 ] FreeType: Multiple integer overflows Sune Kloppenborg Jeppesen [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Sune Kloppenborg Jeppesen SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability research CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Tippingpoint Security Research Team ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability zdi-disclosures
Re: LAMP vs Microsoft Steven M. Christey [USN-313-1] OpenOffice.org vulnerabilities Martin Pitt [USN-316-1] installer vulnerability Martin Pitt [USN-315-1] libmms, xine-lib vulnerabilities Martin Pitt Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Cisco Systems Product Security Incident Response Team [ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability security Re: ATutor 1.5.3 Cross Site Scripting info SQuery <= 4.5(libpath) Remote File Inclusion Exploit SHiKaA- [USN-314-1] samba vulnerability Martin Pitt Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd Gerald (Jerry) Carter Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service Cisco Systems Product Security Incident Response Team rPSA-2006-0128-1 samba samba-swat Justin M. Forbes Fuzzing Microsoft Office naveed SMB Information Disclosure Vulnerability Avert [SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution Moritz Muehlenhoff Microsoft Excel Array Index Error Remote Code Execution Sowhat Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Roman Medina-Heigl Hernandez [ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability security NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability NSFOCUS Security Team TOPo v.2.2.178 Account Reset darkz . gsa S21Sec-032-en: Vulnerability in Fatwire Content Server labs Re: Browser bugs hit IE, Firefox today (SANS) 3CO RE: Old vulnerable sotwares collection John Rigali Lazarus Guestbook Cross Site Scripting Vulnerabilities simo64 [ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability security NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability NSFOCUS Security Team New CVE number states Excel Style handling as a separate issue Juha-Matti Laurio Re: WordPress 2.0.3 SQL Error and Full Path Disclosure zck zck Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. Amelie NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability NSFOCUS Security Team
FLV Players Multiple Input Validation Vulnerabilities xzerox [ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability security Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. amelie [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities matdhule RE: WordPress 2.0.3 SQL Error and Full Path Disclosure Aaron Newman SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution research [USN-317-1] zope2.8 vulnerability Martin Pitt Photocycle v1.0 - XSS luny ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability x0r0n Orbitmatrix PHP Script v1.0 luny Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability x0r0n [USN-318-1] libtunepimp vulnerability Martin Pitt [ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities security flatnuke <= 2.5.7 arbitrary php file upload rgod PHORUM 5 arbitrary local inclusion rgod phpbb 3.x sql injection (with global moderator rights) rgod Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities Joxean Koret [ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities security perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion endeneu [security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS) security-alert rPSA-2006-0122-2 kernel Justin M. Forbes
Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Rowe IE <= 6 DoS vulnerability jonasschaub Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion") Maurice Makaay Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities Benjamin Tobias Franz Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Caveo Internet BV - Security EEYE: McAfee ePolicy Orchestrator Remote Compromise eEye Advisories Re: Photocycle v1.0 - XSS securityfocus Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Hugo van der Kooij
Bybass HTTP ( extension files ) in ISA 2004 medozero MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC naveed MS Power Point Multiple Vulnerabilities - (mso.dll) POC naveed MS Power Point Multiple Vulnerabilities - (memory corruption) POC naveed Norton Insufficient protection of Norton service registry keys David Matousek Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability David Matousek Re: Securing PHP or finding PHP alternatives Michael Shigorin Re: Securing PHP or finding PHP alternatives SkyFlash Linux sys_prctl LKM based hotfix Abhisek Datta crashing firefox <= 1.5.0.4 reywen saphp "add.php" forumid Parameter SQL Injection Breeeeh RE: Re: vBulletin 3.5.4 (install_path) Exploit Robert Marquardt XSS phpBB 2.0.21 in administration renatrix MyGallery "Room.php" SQL Injection Breeeeh Rocks Clusters <=4.1 local root Xavier [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file finde_schwachstelle Re: WordPress 2.0.3 SQL Error and Full Path Disclosure jholguin Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella Phorum 5.1.14 XSS SQL injection Vulnerability securityconnection Re: WordPress 2.0.3 SQL Error and Full Path Disclosure nate MiniBB Forum <= 1.5a Remote File Include Vulnerabilities matdhule Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton) Mailinglists Re: LAMP vs Microsoft Darren Reed SubberZ[Lite] - Remote File Include ChironeX . FleckeriX RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula VBZooM <=V1.11 " reply.php" SQL Injection Breeeeh VBZooM <=V1.11 " ignore-pm.php" SQL Injection Breeeeh Microsoft PowerPoint 0-day Vulnerability FAQ document written Juha-Matti Laurio Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities Cyneox Re: Securing PHP or finding PHP alternatives Sheryl Coppenger Re: phpbb 3.x sql injection (with global moderator rights) bugtraq Crtical Shockwave Embeded XSS Execution spammeanddie VBZooM <=V1.11 "sub-join.php" SQL Injection Breeeeh Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz Re: LAMP vs Microsoft Bob Beck [OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt) OpenPKG Fantastic Guestbook v2.0.1 Advisory omnipresent VBZooM "sendmail.php" SQL Injection Breeeeh Re: LAMP vs Microsoft Darren Reed Re: LAMP vs Microsoft Bob Beck Re: Buddy Zone Version 1.0.1 - XSS support
Re: LAMP vs Microsoft Joel Maslak Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michael Shigorin Invision Power Board 2.1 <= 2.1.6 sql injection rst Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Lukasz Trabinski Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) Jon Hart Gracenote buffer overflow MNV MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection rgod
Mercury Messenger Hans Wolters Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs Juha-Matti Laurio PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion chris_hasibuan Calendar Module <= 1.5.7 Remote File Include Vulnerabilities matdhule Plesk Control Panel <= 8.0.0 XSS vulnerability vuln . invent Re: Phorum 5.1.14 XSS SQL injection Vulnerability Maurice Makaay Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities Secunia Research [SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation Moritz Muehlenhoff RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich rPSA-2006-0130-1 kernel Justin M. Forbes [EEYEB-20060227] D-Link Router UPNP Stack Overflow eEye Advisories
Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities Secunia Research [SECURITY] [DSA 1110-1] New samba packages fix denial of service Moritz Muehlenhoff Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability Secunia Research PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) Dragos Ruiu boastMachine <= 3.1 SQL Injection Exploit gmdarkfig ListMessenger v0.9.3 Remote File Inclusion Vulnerability x0r0n Multiple vulnerabilities in UFO2000 svn 1057 Luigi Auriemma [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff About the latest three Powerpoint vulnerabilities: exploitable? ewt [SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service Moritz Muehlenhoff Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul dansing ToorCon 2006 Call for Papers h1kari () toorcon org RUXCON 2006 Final Call For Papers cfp Re: Securing PHP or finding PHP alternatives Crispin Cowan Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround Michal Zalewski [USN-319-1] Linux kernel vulnerability Martin Pitt Re: LAMP vs Microsoft George Capehart Re: LAMP vs Microsoft Darren Reed New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities matdhule Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form pagvacito Re: Invision Power Board 2.1 <= 2.1.6 sql injection str0ke 23rd Chaos Communication Congress 2006: Call for Participation fukami Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities matdhule Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant Mark Litchfield Cross Site Scripting Vulnerability in Zoho Virtual Office ss_team [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability farhadkey Professional PHP Tools Guestbook Multiple Vulnerabilities tamriel [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability security ToendaCMS <= 1.0.0 arbitrary file upload rgod Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download x0r0n Outpost Firewall Pro secrately fixing security flaws? Bipin Gautam Re: Invision Power Board 2.1 <= 2.1.6 sql injection mattmecham DeluxeBB mutiple vulnerabilities Jessica Hope $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] ak Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] ak WebScarab <= 20060621-0003 cross site scripting security RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy [SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure Moritz Muehlenhoff Re: Bybass HTTP ( extension files ) in ISA 2004 medozero Re: Bybass HTTP ( extension files ) in ISA 2004 medozero PcAnywhere > 12 Local Privilege Escalation root Consumers of Broadband Providers (ISP) may be open to hijack attacks peter_philipp ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities saudi . unix Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] ak Invision Power Board v2.1 <= 2.1.6 sql injection exploit paul14075
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] ak [security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS) security-alert hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities tamriel ASP.DLL Include File Buffer Overflow Brett Moore Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection paul14075 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior mullware Re: LAMP vs Microsoft Bob Beck Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke Re: XSS phpBB 2.0.21 in administration Jessica Hope Re: LAMP vs Microsoft Hugo van der Kooij osDate 1.1.7 multiple vulnerabilities binary . loc Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl Alexander Hristov Re: crashing firefox <= 1.5.0.4 bugtraq New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio [USN-320-1] PHP vulnerabilities Martin Pitt [ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability. security [ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability. security [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities. security [ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities security Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) rPSA-2006-0132-1 tshark wireshark Justin M. Forbes Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Cisco Systems Product Security Incident Response Team VMSA-2006-0003 VMware possible incorrect permissions on SSL key files VMware Security Team [ GLSA 200607-06 ] libpng: Buffer overflow Thierry Carrez [USN-319-2] Linux kernel vulnerability Martin Pitt [USN-313-2] OpenOffice.org vulnerabilities Martin Pitt Re: imageVue16.1 upload vulnerability info AFCommerce Shopping Cart sledge Security point-of-contact for Ameritrade? James M. Blackburn Re: osDate 1.1.7 multiple vulnerabilities binary . loc rPSA-2006-0133-1 libpng Justin M. Forbes
Cisco MARS < 4.2.1 remote compromise Jon Hart [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion matdhule Advisory: Remote command execution in planetGallery RedTeam Pentesting [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability admin [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability admin [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin [ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability. security [security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert
rPSA-2006-0134-1 sendmail sendmail-cf Justin M. Forbes [USN-321-1] mysql-dfsg-4.1 vulnerability Martin Pitt [SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service Moritz Muehlenhoff [security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006 security-alert SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1 armin390 [ GLSA 200607-07 ] xine-lib: Buffer overflow Thierry Carrez [SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service Martin Schulze LoudBlog <=0.5 Sql injection rgod Unidomedia Chameleon LE/Pro Directory Traversal kicktd TSLSA-2006-0042 - multi Trustix Security Advisor Samba Internal Data Structures DOS Vulnerability Exploit Alexander Hristov [ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability. security [SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution Martin Schulze SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion chris_hasibuan [SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution Moritz Muehlenhoff
Re: Samba Internal Data Structures DOS Vulnerability Exploit Gerald (Jerry) Carter Re: Securing PHP or finding PHP alternatives Crispin Cowan MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) AG Spider iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability labs-no-reply Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow kala_z [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] botan RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey Re: LAMP vs Microsoft Darren Reed Re: Securing PHP or finding PHP alternatives Michael Cordover Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner RE: XSS phpBB 2.0.21 in administration David Thomson Microsoft Internet Explorer DOS Vulnerability SnoBmsn MicroGuestBook Remote XSS Attack omnipresent [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities admin RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow m [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting admin Low security hole affecting IPCalc's CGI wrapper Tim Brown [SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities Martin Schulze about bid 17404 crack [SECURITY] [DSA 1119-1] New hiki packages fix denial of service Martin Schulze Re: XSS phpBB 2.0.21 in administration Jessica Hope Re: SubberZ[Lite] - Remote File Include the . jalal RE: $100 plus several of my books if you can crack my Windows password hashes. Roger A. Grimes New CVE identifiers for separate PowerPoint 0-day issues assigned Juha-Matti Laurio RE: $100 plus several of my books if you can crack my Windows password hashes. Michael Scheidell Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow scott new shell bypass safe mode d3nger SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) mail Re: XSS phpBB 2.0.21 in administration Jessica Hope Re: AFCommerce Shopping Cart contact Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities matdhule Re: New PowerPoint Trojan installs itself as LSP Mike Healan MiniBB Forum <= 1.5a Remote File Include (news.php) AG Spider Com Multibanners Remote File Inclusion (mosConfig_absolute_path) mail [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure admin Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability harbl Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure admin Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP Juha-Matti Laurio Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales Map MS Security Bulletins to MS KB numbers Matthew Leeds DotClear : Multiples Full Path Disclosure Silitix
[SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] botan Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. mfoxhacker [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen [CYBSEC] TippingPoint detection bypass Andres Riancho Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 Luigi Auriemma [SECURITY] [DSA 1121-1] New postgrey packages fix denial of service Martin Schulze PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities saudi . unix Re: [ GLSA 200607-08 ] GIMP: Buffer overflow Michael Shigorin Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability Micheal Turner [USN-322-1] Konqueror vulnerability Martin Pitt Check Point R55W Directory Traversal Sec-Tec Lists MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection [SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data Moritz Muehlenhoff Windows XP/NT/SMB2003/2000 Denial of Service attack J. Oquendo ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow Sune Kloppenborg Jeppesen Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities admin SQuery v.x (devi.php) (armygame.php) Remote File Inclusion saudi . unix Heap overflow in the GT2 loader of libmikmod 3.2.2 Luigi Auriemma [SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution Moritz Muehlenhoff Opsware NAS 6.0 reveals MySQL 'root' password Freeman, Michael rPSA-2006-0135-1 gimp Justin M. Forbes Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability info SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced research
Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) Luigi Auriemma [SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service Martin Schulze Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) Luigi Auriemma [ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities Sune Kloppenborg Jeppesen [USN-296-2] Firefox vulnerabilities Martin Pitt Advisory: VMware Possible Incorrect Permissions On SSL Key Files Nick Breese [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities vulnpost-remove [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability vulnpost-remove [vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow vulnpost-remove LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties simo64 [ GLSA 200607-10 ] Samba: Denial of Service vulnerability Sune Kloppenborg Jeppesen [security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert
Re: Ashop Search Module SQL injection security curmudgeon [ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability security Full Path Disclosure xGuestBook v1.02 dicomdk MS06-034 lies? IIS 6 can still be owned? Cesar Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability Secunia Research [USN-297-3] Thunderbird vulnerabilities Martin Pitt [USN-320-2] php4 regression Martin Pitt EzUpload multi file vulnerabilities hack2prison Multiple vulnerabilities in OpenCMS Meder Kydyraliev [SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation Moritz Muehlenhoff Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) wwwThreads XSS l2odon Zyxel Prestige 660H-61 Cross-Site Scripting jose . palanco Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities tamriel PHP-Auction SQL injection l2odon ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability zdi-disclosures TP-Book <= 1.00 Cross Site Scripting Vulnerabilities tamriel ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability zdi-disclosures TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability TSRT TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities TSRT [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code Moritz Muehlenhoff Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills Etomite CMS <= 0.6.1 'rfiles.php' remote command execution rgod [USN-323-1] mozilla vulnerabilities Martin Pitt [ECHO_ADV_41$2006] BufferOverflow in Midirecord2 the_day [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability vulnpost-remove [OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela) OpenPKG Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow Secunia Research Phpprobid <= 5.24 XSS SQL injection Vulnerability securityconnection Re: new shell bypass safe mode cxib
Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" 3CO NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability NSFOCUS Security Team a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability Dr . Jr7 Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity) GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting securityconnection Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert [SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service Martin Schulze Cross-Site Scripting and Local File Inclusion in Phorum Meftun Buffer Overflow Vulnerability in Winlpd Meftun Re: Low security hole affecting IPCalc's CGI wrapper krischan [USN-324-1] freetype vulnerability Martin Pitt [USN-325-1] ruby1.8 vulnerability Martin Pitt [USN-326-1] heartbeat vulnerability Martin Pitt [SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages) Moritz Muehlenhoff Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption Secunia Research Bypassing Oracle dbms_assert ak ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability zdi-disclosures rPSA-2006-0137-1 firefox Justin M. Forbes Xss in MttKe-php v2.6 R0t-K33Y AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) c0rrupt Oracle 10g R2 and, probably, all previous versions putosoft softputo Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey
[USN-327-1] firefox vulnerabilities Martin Pitt Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team [USN-328-1] Apache vulnerability Martin Pitt [FLSA-2006:175040] Updated php packages fix security issues Marc Deslauriers Re: Bypassing Oracle dbms_assert David Litchfield [SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities Moritz Muehlenhoff [OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache) OpenPKG [SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service Martin Schulze Portail PHP v1.7 Remote File Include Meftun [OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby) OpenPKG [ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability security [OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype) OpenPKG Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1 R0t-K33Y RE: Bypassing Oracle dbms_assert Alexander Kornbrust Re: Bypassing Oracle dbms_assert David Litchfield [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr. Oracle 10g R2 and, probably, all previous versions Russell Lowenthal Apache mod_rewrite Buffer Overflow Vulnerability Avert [SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution Martin Schulze PHP-Nuke INP XSS l2odon Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities matdhule Re: Fusion Polls (xtrphome) Remote File Inclusion security curmudgeon Lan-Aces Office Logic Mike Re: Check Point R55W Directory Traversal dave_kwek cpanel login problem ali Hustle -- Tumbleweed Email Firewall Remote Vulnerability Ryan Smith PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability tr_zindan
rPSA-2006-0139-1 httpd mod_ssl Justin M. Forbes [USN-329-1] Thunderbird vulnerabilities Martin Pitt PHP ip2long() function circumvention rgod Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities A-S-T2006 XSS vulnerability on AWBS newbinaryfile RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability Desai, Deepen Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Eloy Paris Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities A-S-T2006 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php roozbeh_afrasiabi [ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability security mambatstaff Mambo Component <= Remote Include Vulnerability Dr . Jr7 [ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities Stefan Cornelius artlinks Mambo Component <= Remote Include Vulnerability Dr . Jr7 [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities security Re: cpanel login problem nate Gdiplus.dll division by 0 Mr . Niega [ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows Matthias Geerdsen [ GLSA 200607-11 ] TunePimp: Buffer overflow Stefan Cornelius
UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities Sune Kloppenborg Jeppesen Re: cpanel login problem Scott Gemma RE: cpanel login problem Bugs Re: Portail PHP v1.7 Remote File Include x0r0n Re: PHP ip2long() function circumvention darylf com_moskool (admin.moskool.php) Remote File Include Vulnerabilities saudi . unix Re: cpanel login problem usar_y_tirar ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure rgod PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI philipp . niedziela SQL injection Seir Anphin v666 Community Management System vulnerabilities Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Pavel Kankovsky Re: Gdiplus.dll division by 0 Early Warning Team Re: Check Point R55W Directory Traversal Hugo van der Kooij Oracle and Apache mod_rewrite Vulnerability tigerblue Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue advisories Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue advisories Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue advisories Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow solutions_PHP Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 Luigi Auriemma Re: Xss in MttKe-php v2.6 Steven M. Christey RE: cpanel login problem Alan MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability philipp . niedziela Re: Do world's famous companies take care of their security? Steven M. Christey
RSS Feed
About List
All Lists
Previous period