Bugtraq: by thread

Bugtraq: by thread

598 messages starting Mar 01 06 and ending Mar 31 06
Date index | Thread index | Author index

FreeBSD Security Advisory FreeBSD-SA-06:09.openssh FreeBSD Security Advisories (Mar 01)
Limbo CMS code execution Alexander Hristov (Mar 01)
Re: ArGoSoft FTP server remote heap overflow Steven M. Christey (Mar 01)
- Re: ArGoSoft FTP server remote heap overflow Jerome Athias (Mar 01)
FreeBSD Security Advisory FreeBSD-SA-06:10.nfs FreeBSD Security Advisories (Mar 01)
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED] FreeBSD Security Advisories (Mar 01)
Updated Noah Classifieds Component for Joomla!/Mambo noahsec1 (Mar 01)
[eVuln] Leif M. Wright's Blog Multiple Vulnerabilities alex (Mar 01)
Re: Fedex Kinkos Smart Card Authentication Bypass Lance James (Mar 01)
- Re: Fedex Kinkos Smart Card Authentication Bypass Lance James (Mar 02)
Re: WordPress 2.0.1 Multiple Vulnerabilities Javor Ninov (Mar 01)
- Re: WordPress 2.0.1 Multiple Vulnerabilities Daniele Muscetta (Mar 02)
- Re: WordPress 2.0.1 Multiple Vulnerabilities ad () heapoverflow com (Mar 02)
- <Possible follow-ups>
- FW: WordPress 2.0.1 Multiple Vulnerabilities Michael.Wade (Mar 02)
  - Re: FW: WordPress 2.0.1 Multiple Vulnerabilities Chris Hajer (Mar 02)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz (Mar 01)
- <Possible follow-ups>
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Nick Boyce (Mar 01)
  - Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz (Mar 07)
- RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Jay Stapleton (Mar 03)
Secunia Research: Lighttpd Script Source Disclosure Vulnerability Secunia Research (Mar 01)
Re: Knowledgebases Remote Command Exucetion security curmudgeon (Mar 01)
SAP Web Application Server http request url parsing vulnerability arnold . grossmann (Mar 01)
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Steve Shockley (Mar 01)
- <Possible follow-ups>
- Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities David Rasch (Mar 03)
Evolution Emailer DoS Alan Cox (Mar 01)
Evil side of Firefox extensions azurIt (Mar 01)
- Re: Evil side of Firefox extensions Henri Cook (Mar 01)
- Re: Evil side of Firefox extensions Ben (Mar 01)
- Re: Evil side of Firefox extensions Mike Owen (Mar 01)
- Re: Evil side of Firefox extensions Dave Korn (Mar 01)
- <Possible follow-ups>
- Re: Evil side of Firefox extensions azurIt (Mar 01)
  - Re: Evil side of Firefox extensions Michael Ekstrand (Mar 02)
- RE: Evil side of Firefox extensions salexander (Mar 02)
Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability abuse (Mar 01)
4images <=1.7.1 remote code execution rgod (Mar 01)
Re: recursive DNS servers DDoS as a growing DDoS problem v9 (Mar 01)
- Message not available
  - Re: recursive DNS servers DDoS as a growing DDoS problem v9 (Mar 02)
- <Possible follow-ups>
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Mar 02)
- Re: recursive DNS servers DDoS as a growing DDoS problem Ventsislav Genchev (Mar 10)
  - Re: recursive DNS servers DDoS as a growing DDoS problem Robert Story (Mar 18)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Michael Sierchio (Mar 20)
- Re: recursive DNS servers DDoS as a growing DDoS problem Chris Thompson (Mar 24)
  - Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Mar 27)
- Re: recursive DNS servers DDoS as a growing DDoS problem MaddHatter (Mar 25)
  - Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Mar 25)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Mar 27)
    - Re: recursive DNS servers DDoS as a growing DDoS problem mike davis (Mar 30)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Mar 30)
    - Re: recursive DNS servers DDoS as a growing DDoS problem gboyce (Mar 30)
    - Re: recursive DNS servers DDoS as a growing DDoS problem Stephen Samuel (Mar 30)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Mar 31)
Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability Secunia Research (Mar 01)
NCP VPN/PKI Client - various Bugs Ramon 'ports' Kukla (Mar 01)
Fwd: APPLE-SA-2006-03-01 Security Update 2006-001 Dave McKinney (Mar 02)
Re: (PHP) mb_send_mail security bypass Yasuo Ohgaki (Mar 02)
SMBlog Remote Command Exucetion botan (Mar 02)
Re: [Full-disclosure] Quarantine your infected users spreading malware Dana Hudes (Mar 02)
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] L. Adrian Griffis (Mar 02)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros (Mar 02)
  - Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] L. Adrian Griffis (Mar 02)
    - Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros (Mar 02)
Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability nukedx (Mar 02)
[USN-259-1] irssi vulnerability Martin Pitt (Mar 02)
[FLSA-2006:178989] Updated perl-DBI package fixes security issue Marc Deslauriers (Mar 02)
Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability roozbeh_afrasiabi (Mar 02)
[OSX]: /usr/bin/passwd local root exploit. v9 (Mar 02)
[KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS addmimistrator (Mar 02)
[SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities Martin Schulze (Mar 02)
JOOMLA CMS 1.0.7 DoS & path disclosing ghc (Mar 02)
[SECURITY] [DSA 984-1] New xpdf packages fix several problems Martin Schulze (Mar 02)
PluggedOut Nexus SQL injection h e (Mar 02)
Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability Jimmy Latouche (Mar 02)
ProtoVer Sample IMAP testsuite release Evgeny Legerov (Mar 02)
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability alex (Mar 02)
[SECURITY] [DSA 981-1] new bmv packages fix arbitrary code execution Martin Schulze (Mar 02)
Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities. nukedx (Mar 02)
[ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability security (Mar 02)
iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability labs-no-reply () idefense com (Mar 02)
vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack addmimistrator (Mar 02)
MyBB 1.0.4 New SQL Injection o . y . 6 (Mar 03)
sql in Dawaween V 1.03 shereba_2007 (Mar 03)
iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification labs-no-reply () idefense com (Mar 03)
iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability labs-no-reply () idefense com (Mar 03)
MyBB 1.04 Perl Exploit o . y . 6 (Mar 03)
Gallery 2 Multiple Vulnerabilities GulfTech Security Research (Mar 03)
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities tzitaroth (Mar 03)
[eVuln] Skate Board Multimple Vulnerabilities alex (Mar 03)
XST-Strikes-Back vulnerability in Netcache Nite Sprite (Mar 03)
AZTEK forums 4.0 multiple vulnerabilities (PoC) billy (Mar 03)
Re: Guestbox XSS/an admin bypass micuel (Mar 03)
Kaspersky Memory/CPU Usage Leak by design Michael . Lang (Mar 03)
- Re: Kaspersky Memory/CPU Usage Leak by design Teodor Cimpoesu (Mar 04)
[ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code Thierry Carrez (Mar 04)
phpArcadeScript XSS Injections retard (Mar 04)
Various router DoS ryanmeyer14 (Mar 04)
- Re: Various router DoS znx (Mar 06)
- <Possible follow-ups>
- Re: Various router DoS bugtraq (Mar 07)
AVG 7 granting Everyone Full Control to updated files... even its drivers redxii1234 (Mar 04)
- Re: AVG 7 granting Everyone Full Control to updated files... even its drivers Matti Haack (Mar 08)
[ GLSA 200603-01 ] WordPress: SQL injection vulnerability Thierry Carrez (Mar 04)
[eVuln] Easy Forum XSS Vulnerability alex (Mar 04)
PHP-Stats <= 0.1.9.1 remote commands execution rgod (Mar 04)
- <Possible follow-ups>
- Re: PHP-Stats <= 0.1.9.1 remote commands execution freesitealessandro (Mar 24)
- Re: PHP-Stats <= 0.1.9.1 remote commands execution nomail (Mar 28)
phpBB <= 2.0.19 Multiple DoS vulnerabilities paisterist . nst (Mar 04)
- Cisco Aironet 1300 DoS condition Alex (Mar 21)
Pixel Post Multiple Vulnerabilities paisterist . nst (Mar 04)
[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability roozbeh_afrasiabi (Mar 04)
linksys router + irc DoS Cade Cairns (Mar 04)
- <Possible follow-ups>
- Re: linksys router + irc DoS bugtraq (Mar 06)
  - Re: linksys router + irc DoS Cade Cairns (Mar 06)
- RE: linksys router + irc DoS Daniel Ramirez Valdez (Mar 07)
Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability. nukedx (Mar 04)
- Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities nukedx (Mar 18)
Wbb 2.3. xss r57shell (Mar 04)
- Re: Wbb 2.3. xss Adrian (Mar 06)
Visual Studio 6.0 Buffer Overflow Vulnerability kozan (Mar 04)
Simplog <= 1.0.2 Vulnerabilities retard (Mar 04)
DSplit - Tiny AV signatures Detector ad () heapoverflow com (Mar 04)
Critical Risk Vulnerability in L-Soft Listserv NGSSoftware Insight Security Research (Mar 04)
[ GLSA 200603-03 ] MPlayer: Multiple integer overflows Thierry Carrez (Mar 04)
[SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution Martin Schulze (Mar 06)
[SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution Martin Schulze (Mar 06)
[OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar) OpenPKG (Mar 06)
vulnerability in the IE Java applet initialization engine porkythepig (Mar 06)
Game-Panel <= 2.1.6 XSS retard (Mar 06)
[eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability alex (Mar 06)
evoBlog Remote Name tag Script injection sikik (Mar 06)
[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php roozbeh_afrasiabi (Mar 06)
Announcement: WASC Threat Classification in German contact (Mar 06)
FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability sikik (Mar 06)
SyScan'06 Call For Papers organiser () syscan org (Mar 06)
htpasswd bufferoverflow and command execution in thttpd-2.25b. Larry Cashdollar (Mar 06)
Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit kozan (Mar 06)
[ GLSA 200603-04 ] IMAP Proxy: Format string vulnerabilities Thierry Carrez (Mar 06)
Multiple vulnerabilities in Liero Xtreme 0.62b Luigi Auriemma (Mar 06)
[ GLSA 200603-05 ] zoo: Stack-based buffer overflow Thierry Carrez (Mar 06)
Multiple vulnerabilities in Sauerbraten engine 2006_02_28 Luigi Auriemma (Mar 06)
Out of memory crash in Freeciv 2.0.7 Luigi Auriemma (Mar 06)
Multiple vulnerabilities in Cube engine 2005_08_29 Luigi Auriemma (Mar 06)
SQL injection & XSS IN vbzoom v1.11 ???? ???? (Mar 06)
SQL injection in Invision Power Board v2.1.5 ???? ???? (Mar 06)
- <Possible follow-ups>
- Re: SQL injection in Invision Power Board v2.1.5 mattmecham (Mar 07)
[USN-260-1] flex vulnerability Martin Pitt (Mar 07)
histhost v1.0.0 xss and possible rmdir retard (Mar 07)
- <Possible follow-ups>
- Re: histhost v1.0.0 xss and possible rmdir Steven M. Christey (Mar 14)
  - Re: histhost v1.0.0 xss and possible rmdir Chris Kuethe (Mar 15)
link bank code execution and xss retard (Mar 07)
phpBannerExchange 2.0 Directory Traversal Vulnerability h4cky0u . org (Mar 07)
PHP-based CMS mass-exploitation Daniel Bonekeeper (Mar 07)
- Re: PHP-based CMS mass-exploitation Paul Laudanski (Mar 08)
[SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution Moritz Muehlenhoff (Mar 07)
IM Lock 2006 - Insecure Registry Permission Vulnerability unsecure (Mar 07)
Cpanel Path Disclosure Vulnerability Silversmith (Mar 07)
Purple Paper: Exegesis Of Virtual Hosts Hacking unknown . pentester (Mar 07)
- Re: Purple Paper: Exegesis Of Virtual Hosts Hacking Anders Henke (Mar 15)
- <Possible follow-ups>
- RE: Purple Paper: Exegesis Of Virtual Hosts Hacking Craig Wright (Mar 10)
Loudblog 0.41 SQL Injection, Local file read/include tzitaroth (Mar 07)
Multiple vulnerabilities in Alien Arena 2006 GE 5.00 Luigi Auriemma (Mar 07)
[eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities alex (Mar 07)
IE iFrame + Sun JVM + JS bug. Exploitable? drguile (Mar 07)
Cisco PIX embryonic state machine 1b data DoS Konstantin V. Gavrilenko (Mar 07)
- <Possible follow-ups>
- RE: Cisco PIX embryonic state machine 1b data DoS Randy Ivener (rivener) (Mar 08)
Cisco PIX embryonic state machine TTL(n-1) DoS Konstantin V. Gavrilenko (Mar 07)
Dropbear SSH server Denial of Service Pablo Fernandez (Mar 07)
- Re: Dropbear SSH server Denial of Service Matt Johnston (Mar 10)
  - Re: Dropbear SSH server Denial of Service Damien Miller (Mar 11)
- <Possible follow-ups>
- Re: Dropbear SSH server Denial of Service il80r (Mar 10)
[FLSA-2006:168264-1] Updated XFree86 packages fix security issues Marc Deslauriers (Mar 08)
[FLSA-2006:168264-2] Updated X.org packages fix security issue Marc Deslauriers (Mar 08)
[FLSA-2006:168516] Updated pcre packages fix a security issue Marc Deslauriers (Mar 08)
[FLSA-2006:176751] Updated gpdf package fixes security issues Marc Deslauriers (Mar 08)
[ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities security (Mar 08)
CanSecWest/core06 Vancouver April 3-7 Dragos Ruiu (Mar 08)
[security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS) security-alert (Mar 08)
[eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities alex (Mar 08)
Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting no_reply (Mar 08)
- <Possible follow-ups>
- Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting no_reply (Mar 09)
textfileBB <= 1.0 Multiple XSS retard (Mar 08)
capi4hylafax insecure manipulation with tmp files Javor Ninov (Mar 08)
[KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities 3nitro (Mar 08)
[SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities Moritz Muehlenhoff (Mar 08)
a worm for mediaWiki?? \"vitamona\" (Mar 08)
- Re: a worm for mediaWiki?? Michael Rice (Mar 09)
- <Possible follow-ups>
- Re: a worm for mediaWiki?? jredmond (Mar 08)
H&R Block contact - SOLVED Fixer (Mar 08)
18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 Reed Arvin (Mar 08)
- Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 3APA3A (Mar 09)
- <Possible follow-ups>
- Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 reedarvin (Mar 09)
[ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities security (Mar 08)
nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys nCipher Support (Mar 09)
nCipher Advisory #13: CBC-MAC IV misleading programming interface nCipher Support (Mar 09)
nCipher Advisory #14: Presence of flaws in firmware security nCipher Support (Mar 09)
[SECURITY] [DSA 989-1] New zoph packages fix SQL injection Moritz Muehlenhoff (Mar 09)
Remote access to NeuSecure/Netcool backend database via web interface credentials leakage D . Snezhkov (Mar 09)
Easy File Sharing Web Server Multiple Vulnerablilities revnic (Mar 09)
HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit h4cky0u . org (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit Don Voita (Mar 10)
- <Possible follow-ups>
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 10)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit anonymous (Mar 15)
INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow infocus (Mar 09)
M-Phorum Cross Site Scripting codexploder (Mar 09)
ADP Forum 2.0,* script İnjection liz0 (Mar 09)
DCP Portal: Multiple XSS Vulnerabilities enji (Mar 09)
MyBloggie: Multiple XSS Vulnerabilities enji (Mar 09)
txtForum: Multiple XSS Vulnerabilities enji (Mar 09)
txtForum: Script Injection Vulnerability enji (Mar 09)
RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit securma (Mar 09)
RE: [Full-disclosure] PHP-based CMS mass-exploitation hchemin (Mar 09)
Aluria/WhenU Troubled Past and Whitewashing History Paul Laudanski (Mar 09)
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a (Mar 09)
- <Possible follow-ups>
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a (Mar 09)
UnrealIRCd3.2.3 Server-Link Denial of Service admin (Mar 09)
DVguestbook 1.0 And 1.2.2 Cross Site Scripting liz0 (Mar 09)
PHP Upload Center Download users password hashes And phpshell Upload liz0 (Mar 09)
PHP Advanced Transfer Manager Download users password hashes liz0 (Mar 09)
n8cms 1.1 & 1.2 version Sql İnjection And XSS liz0 (Mar 09)
[KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow Dirk Mueller (Mar 10)
[USN-261-1] PHP vulnerabilities Martin Pitt (Mar 10)
announcement: reporting and mitigating malicious websites and phishing Gadi Evron (Mar 10)
[ MDKSA-2006:035-1 ] - Updated php packages fix vulnerability security (Mar 10)
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 11)
  - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 11)
    - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior (Mar 10)
    - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Robert Story (Mar 17)
    - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Bram Matthys (Syzop) (Mar 20)
    - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Tim (Mar 24)
    - Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson (Mar 17)
Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm Zone Labs Product Security (Mar 10)
[SECURITY] [DSA 990-1] New bluez-hcidump packages fix denial of service Martin Schulze (Mar 10)
[SECURITY] [DSA 919-2] New curl packages fix potential security problem Martin Schulze (Mar 10)
[SECURITY] [DSA 991-1] New zoo packages fix arbitrary code execution Martin Schulze (Mar 10)
[SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution Moritz Muehlenhoff (Mar 10)
[eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities alex (Mar 10)
GnuPG does not detect injection of unsigned data Werner Koch (Mar 10)
Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. nukedx (Mar 10)
[KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability alireza hassani (Mar 10)
Re: Thomson SpeedTouch 500 modems vulnerable to XSS dford (Mar 10)
[ GLSA 200603-06 ] GNU tar: Buffer overflow Thierry Carrez (Mar 10)
[SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check Martin Schulze (Mar 10)
[ GLSA 200603-08 ] GnuPG: Incorrect signature verification Thierry Carrez (Mar 10)
CoreNews 2.0.1 Remote Command Exucetion botan (Mar 11)
[ GLSA 200603-07 ] flex: Potential insecure code generation Thierry Carrez (Mar 11)
XSS in vCard xx_hack_xx_2004 (Mar 11)
SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit rod hedor (Mar 11)
Coppermine exploit used by a Chase Phish? Paul Laudanski (Mar 11)
- Re: Coppermine exploit used by a Chase Phish? Nexus (Mar 13)
Jupiter CMS <= 1.1.5 multiple XSS attack vectors. zerogue (Mar 11)
Copy protection scheme SafeDisc allows privilege escalation yourname (Mar 11)
AntiVir PersonalEdition Classic: Local Privilige Escalation Ramon 'ports' Kukla (Mar 11)
[ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection Stefan Cornelius (Mar 13)
[ GLSA 200603-10 ] Cube: Multiple vulnerabilities Stefan Cornelius (Mar 13)
[USN-262-1] Ubuntu 5.10 installer password disclosure Martin Pitt (Mar 13)
[USN-263-1] Linux kernel vulnerabilities Martin Pitt (Mar 13)
[USN-264-1] gnupg vulnerability Martin Pitt (Mar 13)
directory traversal Fixed in DirectContact 0.3c lionel (Mar 13)
Multiple vulnerabilities in ENet library (Jul 2005) Luigi Auriemma (Mar 13)
[SECURITY] [DSA 994-1] New freeciv packages fix denial of service Martin Schulze (Mar 13)
[SECURITY] [DSA 995-1] New metamail packages fix arbitrary code execution Martin Schulze (Mar 13)
[eVuln] Vegas Forum SQL Injection Vulnerability alex (Mar 13)
Kerio MailServer bugfun Evgeny Legerov (Mar 13)
[SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness Martin Schulze (Mar 13)
[SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check Martin Schulze (Mar 13)
Secunia Research: unalz Filename Handling Directory Traversal Vulnerability Secunia Research (Mar 13)
Secunia Research: Dwarf HTTP Server Source Disclosure and Cross-Site Scripting Secunia Research (Mar 13)
WMNews Cross Site Scripting exalibur33 (Mar 13)
Buffer Overflow and Installation Script Error in Firebird 1.5.3 Joxean Koret (Mar 13)
[INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability dong-hun you (Mar 13)
ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability zdi-disclosures (Mar 13)
[SECURITY] [DSA 997-1] New bomberclone packages fix arbitrary code execution Martin Schulze (Mar 13)
[ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability security (Mar 13)
[DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue Uwe Hermann (Mar 14)
[DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue Uwe Hermann (Mar 14)
[DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue Uwe Hermann (Mar 14)
[SECURITY] [DSA 999-1] New lurker packages fix several vulnerabilities Martin Schulze (Mar 14)
[SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities Martin Schulze (Mar 14)
[DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue Uwe Hermann (Mar 14)
DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow' KF (lists) (Mar 14)
[SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service Martin Schulze (Mar 14)
[SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution Moritz Muehlenhoff (Mar 14)
Linux zero IP ID vulnerability? Marco Ivaldi (Mar 14)
- Message not available
  - Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 15)
- Re: Linux zero IP ID vulnerability? Andrea Purificato - bunker (Mar 16)
- <Possible follow-ups>
- Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 18)
- Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 24)
- Re: Linux zero IP ID vulnerability? GomoR (Mar 24)
[eVuln] CyBoards PHP Lite SQL Injection Vulnerability alex (Mar 14)
ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability zdi-disclosures (Mar 14)
High Risk Vulnerability in Microsoft Excel NGSSoftware Insight Security Research (Mar 14)
Fortinet Security Advisory: FSA-2006-09 Fortinet Research (Mar 14)
Fortinet Security Advisory: FSA-2006-08 Fortinet Research (Mar 14)
SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata CS_Advisories Mailbox (Mar 15)
[xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability XFOCUS Security Team (Mar 15)
- Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability Thierry Zoller (Mar 16)
  - Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability eyas (Mar 16)
  - Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability ad () heapoverflow com (Mar 16)
[HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution vuln (Mar 15)
WLSI - Windows Local Shellcode Injection - Paper Cesar (Mar 15)
CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net CodeScan Labs (Mar 15)
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities Martin Schulze (Mar 15)
CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior CodeScan Labs (Mar 15)
- Re: CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior Jan Schneider (Mar 20)
[eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities alex (Mar 15)
Secunia Research: Adobe Document/Graphics Server File URI Resource Access Secunia Research (Mar 15)
FW: call for speakers and thoughts on VoIP Security - there's a long way to go! Ken Kousky (Mar 15)
Sasser variant that effects 2k3 SP1 completely updated? Andrew Weaver (Mar 15)
- Re: Sasser variant that effects 2k3 SP1 completely updated? Robert J. Stull (Mar 15)
[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details addmimistrator (Mar 15)
[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login addmimistrator (Mar 15)
[KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection addmimistrator (Mar 15)
GnuPG weak as one guy with a spare laptop. Forrest J. Cavalier III (Mar 15)
- <Possible follow-ups>
- Re: GnuPG weak as one guy with a spare laptop. obnoxious (Mar 17)
  - Re: GnuPG weak as one guy with a spare laptop. Forrest J. Cavalier III (Mar 17)
Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 15)
- Re: Invision Power Board v2.1.4 - session hijacking Peter Conrad (Mar 16)
- <Possible follow-ups>
- Re: Invision Power Board v2.1.4 - session hijacking matt (Mar 16)
  - Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 16)
    - Re: Invision Power Board v2.1.4 - session hijacking exon (Mar 20)
    - Message not available
    - Re: Invision Power Board v2.1.4 - session hijacking exon (Mar 20)
  - Re: Invision Power Board v2.1.4 - session hijacking Bill Nash (Mar 20)
- Re: Re: Invision Power Board v2.1.4 - session hijacking matt (Mar 20)
  - Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 20)
WebVulnCrawl searching excluded directories for hackable web servers Michael Scheidell (Mar 15)
- Re: WebVulnCrawl searching excluded directories for hackable web servers Peter Conrad (Mar 18)
- <Possible follow-ups>
- RE: WebVulnCrawl searching excluded directories for hackable web servers Michael Scheidell (Mar 31)
Latest MS patches kill wireless networking? James Garrison (Mar 15)
- Re: Latest MS patches kill wireless networking? James Garrison (Mar 15)
- Re: Latest MS patches kill wireless networking? Matt Ostiguy (Mar 18)
  - Re: Latest MS patches kill wireless networking? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Mar 20)
- Re: Latest MS patches kill wireless networking? Phil Frederick (Mar 18)
Vulnerability in e-gold shurik . f (Mar 15)
Vulnerability fixed in E-gold 3APA3A (Mar 15)
[ GLSA 200603-11 ] Freeciv: Denial of Service Stefan Cornelius (Mar 16)
[ GLSA 200603-12 ] zoo: Buffer overflow Stefan Cornelius (Mar 16)
[SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file Martin Schulze (Mar 16)
[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution Moritz Muehlenhoff (Mar 16)
Milkeyway Multiple Vulnerabilities ascii (Mar 16)
Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski (Mar 16)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll) Daniel Bonekeeper (Mar 16)
  - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski (Mar 16)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Hariharan (Mar 17)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski (Mar 17)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Tomasz Onyszko (Mar 17)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Master Phoxpherus (Mar 18)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Michal Zalewski (Mar 18)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) c0redump (Mar 20)
    - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Jamie Riden (Mar 18)
- <Possible follow-ups>
- RE: Remote overflow in MSIE script action handlers (mshtml.dll) David Schenz (Mar 17)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll) c0redump (Mar 17)
- Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll) Nazca (Mar 17)
  - Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll) Phil Frederick (Mar 20)
  - Re: Remote overflow in MSIE script action handlers (mshtml.dll) Steve Shockley (Mar 20)
[SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff (Mar 17)
[FLSA-2006:178606] Updated kdelibs packages fix security issues Marc Deslauriers (Mar 17)
[FLSA-2006:157459-3] Updated kernel packages fix security issues Marc Deslauriers (Mar 17)
[FLSA-2006:157459-4] Updated kernel packages fix security issues Marc Deslauriers (Mar 17)
[ GLSA 200603-14 ] Heimdal: rshd privilege escalation Stefan Cornelius (Mar 17)
[FLSA-2006:175404] Updated xpdf package fixes security issues Marc Deslauriers (Mar 17)
[ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass Stefan Cornelius (Mar 17)
[ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector Stefan Cornelius (Mar 17)
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem Keith Morgan (Mar 17)
XCon2006 Call For Paper XFOCUS Security Team (Mar 17)
XSS IN Invision Power Board ???? ???? (Mar 17)
Symantec Security Advisory SYM06-004 secure (Mar 17)
[ GLSA 200603-16 ] Metamail: Buffer overflow Stefan Cornelius (Mar 17)
[FLSA-2006:157459-1] Updated kernel packages fix security issues Marc Deslauriers (Mar 17)
Generically Determining the Prescence of Virtual Machines valsmith (Mar 17)
- Re: Generically Determining the Prescence of Virtual Machines Jeff Epler (Mar 20)
- RE: Generically Determining the Prescence of Virtual Machines Burton Strauss (Mar 20)
- <Possible follow-ups>
- RE: Generically Determining the Prescence of Virtual Machines Thomas Guyot-Sionnest (Mar 20)
Fedora Legacy Server Outage Marc Deslauriers (Mar 17)
[SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution Moritz Muehlenhoff (Mar 18)
[SECURITY] [DSA 1008-1] New kpdf packages fix arbitrary code execution Martin Schulze (Mar 18)
[SECURITY] [DSA 1007-1] New drupal packages fix several vulnerabilities Martin Schulze (Mar 18)
[FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues Marc Deslauriers (Mar 18)
Oxynews Sql İnjection r00t3rr0r (Mar 18)
[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities alex (Mar 18)
[FLSA-2006:174479] Updated libungif packages fix security issues Marc Deslauriers (Mar 18)
[FLSA-2006:157459-2] Updated kernel packages fix security issues Marc Deslauriers (Mar 18)
MyBB 1.10 Full Path Disclosure o . y . 6 (Mar 18)
Microsoft Commerce Server 2002: Logon as known user with a false password Dimitri (Mar 18)
Contrexx CMS Xss Vuln Soothackers (Mar 18)
Xss in Wbb 2.3.4 r57shell (Mar 18)
ExtCalendar v1.0 Multiple Xss Vuln Soothackers (Mar 20)
[SECURITY] [DSA 960-3] New libmail-audit-perl packages fix insecure temporary file use Martin Schulze (Mar 20)
[SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution Martin Schulze (Mar 20)
[security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access security-alert (Mar 20)
[SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities Martin Schulze (Mar 20)
[security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access security-alert (Mar 20)
[security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert (Mar 20)
phpWebsite <= SQL Injection (friend.php) & (article.php) dabdoub_mosikar (Mar 20)
Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities raphael . huck (Mar 20)
Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 justint (Mar 20)
IMF 2006 - 2nd Call for Papers Oliver Goebel (Mar 20)
[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Daniel Stone (Mar 20)
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 H D Moore (Mar 20)
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Alan Coopersmith (Mar 22)
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 Kyle Sallee (Mar 24)
Symantec Security Advisory, SYM06-005 secure (Mar 20)
DNS Amplification Attacks Gadi Evron (Mar 20)
[ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln security (Mar 20)
Perverting Unix Processes Pluf (Mar 20)
[ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability security (Mar 21)
CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script CORE Security Technologies Advisories (Mar 21)
[ GLSA 200603-18 ] Pngcrush: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
[SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit Martin Schulze (Mar 21)
[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution Martin Schulze (Mar 21)
[ GLSA 200603-17 ] PeerCast: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) alfy (Mar 21)
Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks. Hugo Fortier (Mar 21)
[ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs Matthias Geerdsen (Mar 21)
[ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution Sune Kloppenborg Jeppesen (Mar 21)
Free Articles Directory Remote Command Exucetion botan (Mar 21)
ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities nukedx (Mar 21)
Mini-Nuke<=1.8.2 SQL injection (6) dabdoub_mosikar (Mar 21)
FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail FreeBSD Security Advisories (Mar 22)
FreeBSD Security Advisory FreeBSD-SA-06:12.opie FreeBSD Security Advisories (Mar 22)
FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec FreeBSD Security Advisories (Mar 22)
[eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability alex (Mar 22)
DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' KF (lists) (Mar 22)
WinHKI 1.6x Archive Extraction Directory traversal h e (Mar 22)
cutenews 1.4.1 Arbitrary File Access h e (Mar 22)
[SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file Martin Schulze (Mar 22)
PHP Live! XSS status_image.php kspecial (Mar 22)
Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail Jose Nazario (Mar 22)
IE crash Stelian Ene (Mar 22)
SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017) Thomas Biege (Mar 22)
[OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail) OpenPKG (Mar 22)
[ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities Sune Kloppenborg Jeppesen (Mar 23)
sendmail vuln advisories (CVE-2006-0058) Marc Bejarano (Mar 23)
- Re: sendmail vuln advisories (CVE-2006-0058) Michal Zalewski (Mar 23)
[SECURITY] [DSA 1014-1] New firebird2 packages fix denial of service Martin Schulze (Mar 23)
[ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability security (Mar 23)
[USN-265-1] cairo/Evolution library vulnerability Martin Pitt (Mar 23)
Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow Stefan Esser (Mar 23)
[ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities security (Mar 23)
[SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution Martin Schulze (Mar 23)
[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution Martin Schulze (Mar 23)
[ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals Sune Kloppenborg Jeppesen (Mar 23)
[KAPDA::#37] - CoMoblog XSS farhadkey (Mar 23)
PasswordSafe 3.0 weak random number generator allows key recovery attack info (Mar 23)
- Re: PasswordSafe 3.0 weak random number generator allows key recovery attack Dave Korn (Mar 24)
- <Possible follow-ups>
- Re: PasswordSafe 3.0 weak random number generator allows key recovery attack ronys (Mar 27)
Vulnerability Alert Services - Independent List Andy Cuff (Mar 23)
- <Possible follow-ups>
- Re: Vulnerability Alert Services - Independent List Juha-Matti Laurio (Mar 24)
[SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities Moritz Muehlenhoff (Mar 23)
Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution advisories (Mar 23)
iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability labs-no-reply (Mar 24)
iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability labs-no-reply (Mar 24)
[ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Sune Kloppenborg Jeppesen (Mar 24)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation neeko (Mar 24)
  - Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Chris Gianelloni (Mar 24)
  - Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Tavis Ormandy (Mar 24)
Secunia Research: Microsoft Internet Explorer "createTextRange()" Code Execution Secunia Research (Mar 24)
Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability Secunia Research (Mar 24)
SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 24)
  - Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
    - Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 24)
- Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 24)
  - Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Martin Schulze (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) D.F.Russell (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Kurt Seifried (Mar 27)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Geo. (Mar 28)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Pim van Riezen (Mar 27)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Florian Weimer (Mar 27)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 28)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
    - RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Claus Assmann (Mar 24)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Todd Burroughs (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman (Mar 24)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- <Possible follow-ups>
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman (Mar 25)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 28)
ArabPortal 2.0 Stable [ Full Patch Disclosure ] o . y . 6 (Mar 24)
Popup Blocker Bypass Script James C. Slora, Jr. (Mar 24)
Sudo tricks John Richard Moser (Mar 24)
- Re: Sudo tricks Dave Korn (Mar 25)
  - Re: Sudo tricks Kyle Wheeler (Mar 27)
  - Re: Sudo tricks Thomas M. Payerle (Mar 28)
- Re: Sudo tricks Krzysztof Halasa (Mar 29)
  - RE: Sudo tricks Burton Strauss (Mar 31)
- <Possible follow-ups>
- Re: Sudo tricks Steven M. Christey (Mar 28)
  - Re: Sudo tricks Javor Ninov (Mar 31)
[HV-PAPER] Security Product Evaluation Tips vuln (Mar 24)
Digital Armaments April-2006 Hacking Challenge: Oracle Database info (Mar 24)
Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses Suport Account (Mar 24)
Vulnerabilitiy found in comodo hacker guardian free scan. sk8boardkid (Mar 24)
w3wp remote DoS Debasis Mohanty (Mar 24)
[ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability security (Mar 24)
[FLSA-2006:186277] Updated sendmail packages fix security issues Jesse Keating (Mar 24)
[SECURITY] [DSA 1019-1] New kpdf packages fix several vulnerabilities Martin Schulze (Mar 24)
[eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities alex (Mar 24)
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities Moritz Muehlenhoff (Mar 24)
On product vulnerability history and vulnerability complexity Steven M. Christey (Mar 24)
[eVuln] DSPoll Multiple SQL Injection Vulnerabilities alex (Mar 24)
[eVuln] DSNewsletter SQL Injection Vulnerability alex (Mar 24)
[security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS) security-alert (Mar 24)
Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability Secunia Research (Mar 24)
HeffnerCMS Remote Command Exucetion And Cross Scripting Attack botan (Mar 24)
VihorDesing Script Remote Command Exucetion And Cross Scripting Attack botan (Mar 24)
Systrace 1.6: Phoenix Release Niels Provos (Mar 25)
[eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability alex (Mar 25)
[eVuln] DSDownload Multiple SQL Injection Vulnerabilities alex (Mar 25)
Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll) dgtlscrm (Mar 25)
Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities) bifta04 (Mar 25)
UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection dabdoub_mosikar (Mar 25)
SQL Injection in SaphpLesson2.0 xx_hack_xx_2004 (Mar 27)
HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution Security Alert (Mar 27)
AkoComment SQL injection vulnerability Stefan Keller (Mar 27)
SQL injection in VGM Forbin. mfoxhacker (Mar 27)
nuked-klan<=1.7.5 SQL Injection dabdoub_mosikar (Mar 27)
[ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability Matthias Geerdsen (Mar 27)
[PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities Matteo Beccati (Mar 27)
CanfTool v1.1 Cross Site Scripting Attack botan (Mar 27)
HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities h4cky0u . org (Mar 27)
HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS h4cky0u . org (Mar 27)
[eVuln] DSLogin Authentication Bypass Vulnerability alex (Mar 27)
[eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities alex (Mar 27)
[ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl Stefan Cornelius (Mar 27)
Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection dabdoub_mosikar (Mar 27)
Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability Renaud Lifchitz (Mar 27)
Microsoft Windows XP SP2 Firewall issue edubp2002 (Mar 27)
- Re: Microsoft Windows XP SP2 Firewall issue Thor (Hammer of God) (Mar 28)
[DDSi-SA] XSS in Raindance Communications Web Conferencing Pro D . Snezhkov (Mar 27)
XSS & SQL Injection in Music Box v2.3 xx_hack_xx_2004 (Mar 27)
TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability zdi-disclosures (Mar 27)
ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow zdi-disclosures (Mar 27)
[SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff (Mar 27)
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Matthew R. Dempsky (Mar 28)
  - Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff (Mar 29)
ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow zdi-disclosures (Mar 27)
SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons secure (Mar 28)
- <Possible follow-ups>
- Re: SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons secure (Mar 28)
PHPLiveHelper 1.8 remote command execution (include) Xploit (perl) stormhacker (Mar 28)
EEYE: Temporary workaround for IE createTextRange vulnerability Marc Maiffret (Mar 28)
VWar <= 1.5.0 R11 Remote Code Execution Exploit uid0 (Mar 28)
Re: On classifying attacks Gadi Evron (Mar 28)
- Re: On classifying attacks David M Chess (Mar 30)
  - Re: On classifying attacks Gadi Evron (Mar 31)
[eVuln] Maian Events SQL Injection Vulnerability alex (Mar 28)
XSS in AL-Caricatier xx_hack_xx_2004 (Mar 28)
[eVuln] Maian Support Authentication Bypass alex (Mar 28)
[SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution Moritz Muehlenhoff (Mar 28)
Genius VideoCAM NB Local Privilege Escalation beford (Mar 28)
Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability Secunia Research (Mar 28)
Announcement: The Web Hacking Incidents Database contact (Mar 28)
ArabPortal 2.0 Stable CrossSiteScripting o . y . 6 (Mar 28)
Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) Determina Secure (Mar 28)
Cantv/Movilnet's Web SMS vulnerability. Bugtraq @ SNSecurity (Mar 28)
- Re: Cantv/Movilnet's Web SMS vulnerability. raven (Mar 29)
- <Possible follow-ups>
- Re: Re: Cantv/Movilnet's Web SMS vulnerability. rrecabarren (Mar 31)
Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 29)
- Message not available
  - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser (Mar 28)
    - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data Tõnu Samuel (Mar 29)
    - Message not available
    - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 29)
    - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 29)
    - Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jeff Rosowski (Mar 31)
Re: Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution edubp2002 (Mar 29)
XSS in PHPKIT Version 1.6.03 badnet_xoopiter (Mar 29)
[HV-INFO] Enova hardware encryption: false sense of security vuln (Mar 29)
[xfocus-SD-060329]MPlayer: Multiple integer overflows XFOCUS Security Team (Mar 29)
[eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability alex (Mar 29)
[eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection alex (Mar 29)
Re: Re: phpBB 2.06 search.php SQL injection fritz-li (Mar 29)
PhxContacts <= 0.93.1 beta Multiple SQL injection & xss dabdoub-mosikar (Mar 29)
Resource to Report and Stop Phishing Scams Paul Laudanski (Mar 29)
Full path disclosure in Webcalendar 1.1.0-CVS crasher (Mar 29)
[ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd Stefan Cornelius (Mar 29)
[ MDKSA-2006:061 ] - Updated mailman packages fix DoS from badly formed mime multipart messages. security (Mar 30)
X-Changer <=v0.2 Demo SQL injection dabdoub-mosikar (Mar 30)
Buffer overflows in Dia XFig import lars (Mar 30)
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability Juha-Matti Laurio (Mar 30)
Smurfable Linux Kernel Tomasz Chomiuk (Mar 30)
[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files Gerald (Jerry) Carter (Mar 30)
strip_tags() but not only vulnerability Tõnu Samuel (Mar 30)
[security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS) security-alert (Mar 30)
[security bulletin] HPSBUX02102 SSRT051078 rev.2 - HP-UX usermod(1M) Local Unauthorized Access. security-alert (Mar 30)
MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability simo64 (Mar 30)
Oxygen<=1.x.x SQL injection dabdoub-mosikar (Mar 31)
MonAlbum 0.8.7 SQL Injection undefined1 (Mar 31)
Black Hat Call for Papers and Registration now open Jeff Moss (Mar 31)
[security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (Mar 31)
OSSTMM Security Analyst Training Live Stream on the Web Pete Herzog (Mar 31)
EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. Mustafa Can Bjorn IPEKCI (Mar 31)
DbbS<=2.0-alpha SQL injection dabdoub-mosikar (Mar 31)
Buffer-overflow and in-game crash in Zdaemon 1.08.01 Luigi Auriemma (Mar 31)
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking botan (Mar 31)

Previous period

Next period