Home page logo
/

599 messages starting Nov 01 06 and ending Nov 29 06
Date index | Thread index | Author index

3APA3A

Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A (Nov 01)
Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A (Nov 03)
Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords 3APA3A (Nov 23)

admin

MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues admin (Nov 04)
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues admin (Nov 04)
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues admin (Nov 06)
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue admin (Nov 13)
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues admin (Nov 16)
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues admin (Nov 18)
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues admin (Nov 18)
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include admin (Nov 21)
Re: *BSD banner INT overflow vulnerability admin (Nov 23)

advisories

LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories (Nov 21)
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability advisories (Nov 23)

Advisory

CPanel Multiple Cross Site Scription Advisory (Nov 13)
DirectAdmin Multiple Cross Site Scription Advisory (Nov 14)
Real Estate Listing System SQL Injection Advisory (Nov 14)
ASPintranet SQL Injection Advisory (Nov 14)
SiteXpress SQL Injection Advisory (Nov 14)
WWWeb Cocepts SQL Injection Advisory (Nov 14)
Ustore SQL Injection Advisory (Nov 14)
eShopping SQL Injection Advisory (Nov 14)
ECommerce Store Shop Builder Advisory (Nov 14)
Engine Manager SQL Injection Advisory (Nov 14)
BPG Content Management System SQL Injection Advisory (Nov 14)
Helm Cross-Site Scripting (XSS) Advisory (Nov 16)
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection Advisory (Nov 16)
Helm Cross Site Scripting Advisory (Nov 17)
i-Gallery 3.4 Cross Site Scripting Advisory (Nov 17)
ASPintranet SQL Injection Advisory (Nov 17)
Image gallery with Access Database SQL Injection Advisory (Nov 17)
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory] Advisory (Nov 17)
A-Cart PRO SQL Injection Advisory (Nov 18)
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite Advisory (Nov 18)
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite Advisory (Nov 18)
A-Cart 2.0 SQL Injection Advisory (Nov 18)
gNews Publisher SQL Injection Vulnerabilites Advisory (Nov 20)
[Aria-Security Team] Ultimate Survey Pro SQL Injection Advisory (Nov 24)
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection Advisory (Nov 24)
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection Advisory (Nov 24)
[Aria-Security Team] ASP ListPics 5.0 SQL Injection Advisory (Nov 24)
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection Advisory (Nov 24)
[Aria-Security Team] iNews News Manager SQL Injection Advisory (Nov 24)
CPanel 11 Multiple Cross-Site Scription Advisory (Nov 24)
WebHost Manager (WHM) Multiple Cross-Site Scripting Advisory (Nov 24)
[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability Advisory (Nov 27)
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability Advisory (Nov 27)
Clickblog Sql Injection Advisory (Nov 27)
ClickGallery Sql Injection Advisory (Nov 27)
ClickContact SQL Injection Advisory (Nov 28)
uPhotoGallery (v 1.1) SQL Injection Advisory (Nov 28)
[Aria-Security Team] FipsSHOP SQL Injection Advisory (Nov 29)

AG- Spider

Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include AG- Spider (Nov 17)

ajannhwt

Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New) ajannhwt (Nov 06)
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities ajannhwt (Nov 08)
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability ajannhwt (Nov 08)
Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt (Nov 13)
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit ajannhwt (Nov 13)
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit ajannhwt (Nov 13)
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability ajannhwt (Nov 13)
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit ajannhwt (Nov 13)
NuRems 1.0 Remote XSS/SQL Injection Exploit ajannhwt (Nov 13)
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability ajannhwt (Nov 13)
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit ajannhwt (Nov 13)
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability ajannhwt (Nov 13)
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability ajannhwt (Nov 13)
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt (Nov 13)
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit ajannhwt (Nov 14)
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability ajannhwt (Nov 14)
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit ajannhwt (Nov 14)
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability ajannhwt (Nov 20)
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability ajannhwt (Nov 30)
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability ajannhwt (Dec 01)

alireza hassani

[KAPDA]::Security analysis of cutenews 1.4.5 alireza hassani (Nov 21)

Amit Klein

Educational write-up by Amit Klein: "A Refreshing Look at Redirection" Amit Klein (Nov 02)

Andrew Christensen

Lotus Notes pre-login User.ID key leak Andrew Christensen (Nov 08)

andrzej . targosz

CONFidence 2007 CFP andrzej . targosz (Nov 22)

applesoup

Hotmail and Windows Live Mail XSS Vulnerabilities applesoup (Nov 06)

astralbabz

Re: DoS in Microsoft Windows Live Messenger <= 8.0 astralbabz (Nov 25)

Avert

Vulnerabilities in Client Service for NetWare Avert (Nov 17)

avivra

Internet Explorer 7 - Still Spyware Writers' Heaven avivra (Nov 02)

Bart Seresia

RE: VBulletin DoS Exploit [ all Versions ] Bart Seresia (Nov 17)

benjilenoob

MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] benjilenoob (Nov 13)

beSIRT

Team Evil - Incident #2 beSIRT (Nov 16)

blueshisha

Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION blueshisha (Nov 30)

bluespy . ok

PhpBB Module Dimension Remote File Include bluespy . ok (Nov 18)
PhpBB Module Dimension Remote File Include bluespy . ok (Nov 20)

Blyth A J C (AT)

2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (AT) (Nov 28)

Bob Beck

Re: *BSD banner INT overflow vulnerability Bob Beck (Nov 22)

Bram Dumolin

Re: Firefox 1.5.0.7 Exploit Bram Dumolin (Nov 02)

broken-proxy

Advanced Guestbook 2.3.1 (Admin.php) Remote File Include broken-proxy (Nov 06)

bugtraq

Challenges faced by automated web application security assessment tools bugtraq (Nov 14)
Re: [WEB SECURITY] The state of JavaScript Hacking bugtraq (Nov 29)

c2report

Drone Armies C&C Report - 17 Nov 2006 c2report (Nov 18)

capt . nem0

contentserv 4.x capt . nem0 (Dec 01)

Casper . Dik

Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. Casper . Dik (Nov 23)

Cesar

The Week of Oracle Database Bugs Cesar (Nov 20)

Chris Gianelloni

Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Chris Gianelloni (Nov 22)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass Cisco Systems Product Security Incident Response Team (Nov 01)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop Cisco Systems Product Security Incident Response Team (Nov 08)

ckuan

Re: Airmagnet management interfaces multiple vulnerabilities ckuan (Nov 17)

clappymonkey

Potentially OT: AJAX article clappymonkey (Nov 29)

corrado . liotta

[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow corrado . liotta (Nov 10)
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit corrado . liotta (Nov 10)

crackers_child

shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit crackers_child (Nov 13)
MosReporter Joomla Component Remote File Inclusion Exploi crackers_child (Nov 17)
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit crackers_child (Nov 24)

darkz . gsa

Mail Drives Security Considerations darkz . gsa (Nov 06)

David Eisenstein

[FLSA-2006:211760] Updated gzip package fixes security issues David Eisenstein (Nov 14)

David Litchfield

Which is more secure? Oracle vs. Microsoft David Litchfield (Nov 21)
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 22)
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 27)
Cursor snarfing - a new class of vulnerability and attack in Oracle David Litchfield (Nov 28)
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 28)
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield (Nov 29)

dean

Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) dean (Nov 17)

dragonjar

DoS in Microsoft Windows Live Messenger <= 8.0 dragonjar (Nov 24)

Dragos Ruiu

EUSecWest/London CFP extended to Nov. 7 Dragos Ruiu (Nov 03)

drunken_chin

Re: tikiwiki 1.9.5 mysql password disclosure & xss drunken_chin (Nov 25)

Dude VanWinkle

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability Dude VanWinkle (Dec 01)

eEye Advisories

EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow eEye Advisories (Nov 15)

Eliah Kagan

Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan (Nov 04)
Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan (Nov 06)

emc3

Re: Wordpress File Inclusion emc3 (Nov 13)

erdc

[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability erdc (Nov 06)
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability erdc (Nov 06)
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability erdc (Nov 06)
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability erdc (Nov 06)
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion erdc (Nov 23)

Evgeny Legerov

VulnDisco Pack for Metasploit Evgeny Legerov (Nov 06)

evilrabbi

Re: Re: *BSD banner INT overflow vulnerability evilrabbi (Nov 22)

Expanders

Re: Wordpress File Inclusion Expanders (Nov 14)

fash1on

Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords fash1on (Nov 22)

FBI

Re: tikiwiki 1.9.5 mysql password disclosure & xss FBI (Nov 23)

fcollyer

Digipass Go3 Token Dumper (at least for 2006) fcollyer (Nov 13)
Re: Re: Digipass Go3 Token Dumper (at least for 2006) fcollyer (Nov 25)

firewall1954

encapscms 0.3.6 - Remote File Include by Firewall firewall1954 (Nov 13)
Exophpdesk V1.2 - Remote File Include firewall1954 (Nov 13)
Phpjobscheduler 3.0 - Multiple Remote File Include Firewall1954 (Nov 13)
Phpdebug 1.1.0 - Remote File Include by Firewall Firewall1954 (Nov 13)

Francesco Laurita

Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Francesco Laurita (Nov 27)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive FreeBSD Security Advisories (Nov 09)

fryxar fryxar

AIDE problem handling symlinks fryxar fryxar (Nov 28)

gamr-14

XSS in scriptat support InverseFlow Help Desk v2.31 gamr-14 (Nov 22)

Gary Golomb

Free tool for pattern identification (for researchers) Gary Golomb (Nov 25)

Ginsu Rabbit

linksys wrt54g v5 authentication bypass fixed Ginsu Rabbit (Nov 18)

Glynn Clements

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements (Nov 14)

gmdarkfig

Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection gmdarkfig (Nov 18)
Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite gmdarkfig (Nov 18)
Re: A-Cart PRO SQL Injection gmdarkfig (Nov 18)
Cahier de texte V2.0 SQL Code Execution Exploit gmdarkfig (Nov 24)

GomoR

SinFP 2.04 release, works under Windows GomoR (Nov 14)

Gruzicki Wlodek

*BSD banner INT overflow vulnerability Gruzicki Wlodek (Nov 22)

h4ck3riran

phpsatk => Remote File Include Vulnerability EXploit h4ck3riran (Nov 08)
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability h4ck3riran (Nov 08)

hack2prison

Web Directory Pro bypass Vulnerabilities hack2prison (Nov 04)
Hot Links download backup authorized vulnerabilities hack2prison (Nov 16)
Hot Links download backup authorized vulnerabilities (re-post with some edit) hack2prison (Nov 17)

hacker hackers

XSS in Kayako SupportSuite v3.00.32 hacker hackers (Nov 07)

harrisonholland

Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 harrisonholland (Nov 03)

HASEGAWA Yosuke

Re: Hotmail and Windows Live Mail XSS Vulnerabilities HASEGAWA Yosuke (Nov 08)

Heiko Wundram

Re: @cid stats v2.3 File Include Heiko Wundram (Nov 06)

Hugo van der Kooij

Re: Digipass Go3 Token Dumper (at least for 2006) Hugo van der Kooij (Nov 24)

iDefense Labs

iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability iDefense Labs (Nov 01)
iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability iDefense Labs (Nov 01)
iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability iDefense Labs (Nov 01)
iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability iDefense Labs (Nov 08)
iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Labs (Nov 14)
iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability iDefense Labs (Nov 27)
iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability iDefense Labs (Nov 27)
iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability iDefense Labs (Nov 29)
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability iDefense Labs (Dec 01)

iDefense Labs Security Advisories

iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Labs Security Advisories (Nov 08)

Iko Riyadi

Perl proxy checker using samair.ru Iko Riyadi (Nov 22)

In Cognito

Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito (Nov 22)
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito (Nov 22)

infection

Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability infection (Dec 01)

info

igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote info (Nov 17)
Digital Armaments November-Decemberr Hacking Challenge: KERNEL info (Nov 20)

inge_eivind . henriksen

IE7 website security certificate discrediting exploit inge_eivind . henriksen (Nov 07)
Re: IE7 website security certificate discrediting exploit inge_eivind . henriksen (Nov 07)

insanity

XSS vBulletin 3.6.X Admin Control Painel insanity (Nov 17)

Jan Heisterkamp

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jan Heisterkamp (Nov 06)

jbh_cg

Apple Safari "match" Buffer Overflow Vulnerability jbh_cg (Nov 14)

Jeimy Cano

CFP - VII National Computer and Information Security Conference Jeimy Cano (Nov 23)

Jeremy Epstein

RE: Cracking String Encryption in Java Obfuscated Bytecode Jeremy Epstein (Nov 28)

Jeroen Massar

Re: [Full-disclosure] New report on Teredo security Jeroen Massar (Nov 29)

Jerome Athias

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jerome Athias (Nov 06)

jesper . jurcenoks

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php jesper . jurcenoks (Nov 07)
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability jesper . jurcenoks (Nov 29)
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities jesper . jurcenoks (Nov 29)
LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities jesper . jurcenoks (Dec 01)

Jesper Jurcenoks

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Jesper Jurcenoks (Nov 08)

jim

Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability jim (Nov 22)

Jim Hoagland

New report on Teredo security Jim Hoagland (Nov 29)

Jim Manico

Re: Cracking String Encryption in Java Obfuscated Bytecode Jim Manico (Nov 24)

John GALLET

Re: Cracking String Encryption in Java Obfuscated Bytecode John GALLET (Nov 24)

John Heasman

Whitepaper: Implementing and Detecting a PCI Rootkit John Heasman (Nov 16)

John Morrissey

CVE-2006-5815: remote code execution in ProFTPD John Morrissey (Nov 28)

Jon Hart

Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal Jon Hart (Nov 28)

J. Oquendo

Re: Apple Safari "match" Buffer Overflow Vulnerability J. Oquendo (Nov 16)

Joxean Koret

WarFTPd 1.82.00-RC11 Remote Denial Of Service Joxean Koret (Nov 07)
WFTPD Pro Server 3.23 Buffer Overflow Joxean Koret (Nov 08)

Juha-Matti Laurio

Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Juha-Matti Laurio (Nov 23)

katatafish

BLOG:CMS <= 4.1.3 XSS katatafish (Nov 18)

Kees Cook

[USN-370-1] screen vulnerability Kees Cook (Nov 01)
[USN-371-1] Ruby vulnerability Kees Cook (Nov 01)
[USN-373-1] mutt vulnerabilities Kees Cook (Nov 01)
[USN-374-1] wvWare vulnerability Kees Cook (Nov 01)
[USN-376-1] imlib2 vulnerabilities Kees Cook (Nov 04)
[USN-378-1] RPM vulnerability Kees Cook (Nov 04)
[USN-377-1] NVIDIA vulnerability Kees Cook (Nov 04)
[USN-376-2] imlib2 regression fix Kees Cook (Nov 07)
[USN-379-1] texinfo vulnerability Kees Cook (Nov 09)
[USN-383-1] libpng vulnerability Kees Cook (Nov 17)
[USN-384-1] OpenLDAP vulnerability Kees Cook (Nov 21)
[USN-382-1] Thunderbird vulnerabilities Kees Cook (Nov 21)
[USN-381-1] Firefox vulnerabilities Kees Cook (Nov 22)
[USN-386-1] ImageMagick vulnerability Kees Cook (Nov 28)
[USN-385-1] tar vulnerability Kees Cook (Nov 28)
[USN-387-1] Dovecot vulnerability Kees Cook (Nov 28)
[USN-388-1] KOffice vulnerability Kees Cook (Nov 29)
[USN-389-1] GnuPG vulnerability Kees Cook (Nov 30)
[USN-390-1] evince vulnerability Kees Cook (Nov 30)

K F (lists)

[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'] K F (lists) (Nov 15)
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux] K F (lists) (Nov 15)
Kerio WebSTAR local privilege escalation K F (lists) (Nov 16)

koenig

Firefox 1.5.0.7 Exploit koenig (Nov 02)

kspecial

evince buffer overflow exploit (gv) kspecial (Nov 28)

LegendaryZion

Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" LegendaryZion (Nov 01)

liuqx

TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability liuqx (Nov 17)
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename) liuqx (Nov 27)
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) liuqx (Nov 27)

liz0

Article Script v1.*and v1.6.3 Sql injection liz0 (Nov 06)

Lubomir Kundrak

Re: Firefox 1.5.0.7 Exploit Lubomir Kundrak (Nov 06)

Lucas Holt

Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Lucas Holt (Nov 17)

m-0-t

XSS in script Mobile m-0-t (Nov 03)

mahmood ali

@cid stats v2.3 File Include mahmood ali (Nov 06)

Manchester 2600

UK Security Convention - Continuity 2006 Manchester 2600 (Nov 17)

Manh Tho

Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006 Manh Tho (Nov 08)

Marcello Barnaba

Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Marcello Barnaba (Nov 17)

Mark Wadham

Re: ProFTPD mod_tls pre-authentication buffer overflow Mark Wadham (Nov 29)

Martin Pitt

[USN-375-1] PHP vulnerability Martin Pitt (Nov 02)
Re: Firefox 1.5.0.7 Exploit Martin Pitt (Nov 03)

Martin Schulze

[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Nov 14)
[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution Martin Schulze (Nov 30)

Matousec - Transparent security Research

Outpost Insufficient validation of 'SandBox' driver input buffer Matousec - Transparent security Research (Nov 01)
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research (Nov 16)

Matthew Conover

"Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Matthew Conover (Nov 22)

Matthias Geerdsen

[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability Matthias Geerdsen (Nov 03)
[ GLSA 200611-02 ] Qt: Integer overflow Matthias Geerdsen (Nov 06)
[ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities Matthias Geerdsen (Nov 09)
[ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection Matthias Geerdsen (Nov 23)

Mayhemic Labs Security

MHL-2006-003 Public Advisory: "mboard" file creation issue Mayhemic Labs Security (Nov 27)

Mefisto

Re: Active PHP Bookmarks (apb.php) Remote file include Mefisto (Nov 24)
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity Mefisto (Nov 28)

Michael Scheidell

Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Michael Scheidell (Nov 23)

Micheal Turner

Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner (Nov 15)

Mike Prosser

SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability Mike Prosser (Nov 29)

miladkaleh

XSS in Email Signature Script miladkaleh (Nov 13)

Moritz Muehlenhoff

[SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass Moritz Muehlenhoff (Nov 02)
[SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution Moritz Muehlenhoff (Nov 06)
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities Moritz Muehlenhoff (Nov 06)
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery Moritz Muehlenhoff (Nov 13)
[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities Moritz Muehlenhoff (Nov 13)
[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery Moritz Muehlenhoff (Nov 14)
[SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution Moritz Muehlenhoff (Nov 15)
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities Moritz Muehlenhoff (Nov 20)
[SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution Moritz Muehlenhoff (Nov 20)
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass Moritz Muehlenhoff (Nov 20)
[SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 1218-1] New proftpd packages fix denial of service Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution Moritz Muehlenhoff (Nov 27)
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff (Nov 30)

mr_kaliman

@lex Guestbook 4.0.1 : Full Path Disclosure & XSS mr_kaliman (Nov 30)

Mustafa Can Bjorn IPEKCI

Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI (Nov 21)
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI (Nov 22)

nagazakig74

Siap Cms Sql Injection (login.asp) nagazakig74 (Nov 25)
Wisi Portal [Sql Injection By Jesus Tovar] nagazakig74 (Nov 25)

navairum

Stanford university SCARF user editing navairum (Nov 06)
News publication system remote File include navairum (Nov 07)
Y.A.N.S sql injection navairum (Nov 08)
Web Interface remote file inclusion navairum (Nov 13)
Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php) navairum (Nov 14)

Nick Boyce

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)

Nick FitzGerald

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald (Nov 14)

Nicob

Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00 Nicob (Nov 02)
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob (Nov 07)
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob (Nov 09)
Old SAP exploits Nicob (Nov 13)

Noah Meyerhans

[SECURITY] [DSA 1212-1] New openssh packages fix denial of service Noah Meyerhans (Nov 16)
[SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities Noah Meyerhans (Nov 27)

Noam Rathaus

Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow Noam Rathaus (Nov 13)
Re: GNU gv Stack Overflow Vulnerability Noam Rathaus (Nov 14)

no-reply

NVIDIA nView (keystone) local Denial Of service no-reply (Nov 23)

NormandiaN_MailID

VMware 5.5.1 Local Buffer Overflow (HTML Exploit) NormandiaN_MailID (Nov 27)

null_hack

PHP Rapid Kill All Version File Injection null_hack (Nov 06)

oldiesmann

Re: Re: Simple Machines Forum (SMF) XSS issue oldiesmann (Nov 01)

Omirjan Batyrbaev

Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 20)
Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 21)
Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 21)
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix Omirjan Batyrbaev (Nov 21)

OOZIE

Re: Firefox 1.5.0.7 Exploit OOZIE (Nov 06)

OpenPKG

[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby) OpenPKG (Nov 04)
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php) OpenPKG (Nov 04)
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind) OpenPKG (Nov 04)
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh) OpenPKG (Nov 08)
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap) OpenPKG (Nov 10)
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo) OpenPKG (Nov 15)
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) OpenPKG (Nov 17)
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png) OpenPKG (Nov 17)

OS2A BTO

ELOG Web Logbook Remote Denial of Service Vulnerability OS2A BTO (Nov 13)

packet

Re: GPhotos 1.5 Multiple vulnerabilities packet (Nov 21)

pagvac

Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING pagvac (Nov 18)

paisterist . nst

PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities paisterist . nst (Nov 24)

Paul Laudanski

Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Paul Laudanski (Nov 04)

Pavel Kankovsky

Re: Clarifying integer overflows vs. signedness errors Pavel Kankovsky (Nov 25)

pdp (architect)

AttackAPI 2.0 alpha pdp (architect) (Nov 25)

philip anselmo

New Bug MiniBB Forum <= 2 Remote File Include (index.php) philip anselmo (Nov 14)
Active PHP Bookmarks (apb.php) Remote file include philip anselmo (Nov 23)
CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo (Nov 27)
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability philip anselmo (Nov 29)

philipp . niedziela

PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit philipp . niedziela (Nov 13)

poplix

iodine client 0.3.2 buffer overflow poplix (Nov 02)

ProCheckUp Research

Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server ProCheckUp Research (Nov 06)
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie ProCheckUp Research (Nov 09)

Raphael Marichez

[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 07)
[ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation Raphael Marichez (Nov 10)
[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows Raphael Marichez (Nov 14)
[ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities Raphael Marichez (Nov 14)
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 14)
[ GLSA 200611-08 ] RPM: Buffer overflow Raphael Marichez (Nov 14)
[ GLSA 200611-23 ] Mono: Insecure temporary file creation Raphael Marichez (Nov 28)
[ GLSA 200611-24 ] LHa: Multiple vulnerabilities Raphael Marichez (Nov 28)
[ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability Raphael Marichez (Nov 28)
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code Raphael Marichez (Dec 01)

raven

Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability raven (Nov 29)

Reed Arvin

New Windows tool - NBTEnum 3.3 Reed Arvin (Nov 24)
New Windows tool - PWDumpX v1.0 Reed Arvin (Nov 29)

Renaud Lifchitz

GNU gv Stack Overflow Vulnerability Renaud Lifchitz (Nov 09)

research

Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities research (Nov 21)
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal research (Nov 28)
ProFTPD mod_tls pre-authentication buffer overflow research (Nov 28)

retrog

Wolflab Burning Board Lite 1.0.2 two sql injections retrog (Nov 24)

revenge

Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) revenge (Nov 16)
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities revenge (Nov 21)

Reversemode

[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Reversemode (Nov 17)

Richard Stanway

RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Richard Stanway (Nov 02)

riclem

Chetcpasswd 2.x: multiple vulnerabilities riclem (Nov 16)

Robert McGrew

Re: Firefox 1.5.0.7 Exploit Robert McGrew (Nov 02)

Rodrigo Rubira Branco (BSDaemon)

NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon) (Nov 15)
DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon) (Nov 15)
TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon) (Nov 16)
FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon) (Nov 16)

Roger A. Grimes

RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes (Nov 02)
RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes (Nov 06)

Rogier Mulhuijzen

RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rogier Mulhuijzen (Nov 20)

root

Joomla 1.0.11 Remote File Include root (Nov 06)
VBulletin DoS Exploit [ all Versions ] root (Nov 13)

rPath Update Announcements

rPSA-2006-0202-1 tshark wireshark rPath Update Announcements (Nov 01)
rPSA-2006-0204-1 kernel rPath Update Announcements (Nov 10)
rPSA-2006-0205-1 php php-mysql php-pgsql rPath Update Announcements (Nov 10)
rPSA-2006-0206-1 firefox thunderbird rPath Update Announcements (Nov 10)
rPSA-2006-0207-1 openssh openssh-client openssh-server rPath Update Announcements (Nov 10)
rPSA-2006-0211-1 libpng rPath Update Announcements (Nov 17)
rPSA-2006-0218-1 ImageMagick rPath Update Announcements (Nov 27)
rPSA-2006-0219-1 info install-info texinfo rPath Update Announcements (Nov 27)

rvirtue

Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" rvirtue (Nov 13)

sales

Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales (Nov 03)

saps . audit

SIMPLOG 0.9.3 injection sql & multiple xss saps . audit (Nov 03)
Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues saps . audit (Nov 04)
IF-CMS multiples XSS vunerabilities saps . audit (Nov 04)
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss] saps . audit (Nov 06)
Portix-PHP [login bypass & xss (post)] saps . audit (Nov 08)
Abarcar Realty Portal [injection sql] saps . audit (Nov 08)
Speedwiki 2.0 Arbitrary File Upload Vulnerability saps . audit (Nov 08)
FreeWebshop <=2.2.2 [local file include & xss] saps . audit (Nov 09)
omnistar article manager [multiples injection sql] saps . audit (Nov 09)
bitweaver <=1.3.1 [injection sql (post) & xss (post)] saps . audit (Nov 09)
LandShop Real Estate [multiple injection sql & xss] saps . audit (Nov 09)
Wheatblog [multiple xss (post) & full path disclosure] saps . audit (Nov 09)
Mega Mall [ multiples injection sql & full path disclosure ] saps . audit (Nov 13)
infinicart [ multiples injection sql & xss (post) ] saps . audit (Nov 13)
Evolve Merchant[ injection sql ] saps . audit (Nov 14)
Car Site Manager [injection sql & xss (get)] saps . audit (Nov 14)
FunkyASP Glossary v1.0 [injection sql] saps . audit (Nov 14)
Blogme v3 [admin login bypass & xss (post)] saps . audit (Nov 14)
Property Site Manager [login bypass ,multiples injection sql & xss (get)] saps . audit (Nov 14)
A+ Store E-Commerce[ injection sql & xss (post) ] saps . audit (Nov 15)
A-Cart pro[ injection sql (post&get)] saps . audit (Nov 15)
Inventory Manager [injection sql & xss (get)] saps . audit (Nov 15)
hpecs shopping cart[login bypass & injection sql (post)] saps . audit (Nov 15)
Dragon calendar [ login bypass & injection sql ] saps . audit (Nov 15)
MultiCalendars [ multiples injection sql ] saps . audit (Nov 15)
E-Calendar Pro 3.0 [ login bypass & injection sql (post)] saps . audit (Nov 16)
E-commerce Kit 1 PayPal Edition [ injection sql ] saps . audit (Nov 16)
MetaCart e-Shop [multiples injection sql (get & post)] saps . audit (Nov 16)
PhpMyAdmin all version [multiples vulnerability] saps . audit (Nov 16)
eShopping Cart [injection sql] saps . audit (Nov 16)
CandyPress Store[ multiples injection sql ] saps . audit (Nov 17)
BaalAsp forum [login bypass ,injections sql(post), xss(post)] saps . audit (Nov 17)
ASP Cart [multiples injection sql (post & get)] saps . audit (Nov 17)
Pilot Cart V.7.2 [ injection sql (post) ] saps . audit (Nov 17)
Active News Manager [ injection sql (post&get)] saps . audit (Nov 17)
20/20 auto gallery [ multiples injection sql ] saps . audit (Nov 17)
20/20 real estate [ multiples injection sql ] saps . audit (Nov 17)
Aspmforum [ multiples injection sql (get&post)] saps . audit (Nov 17)
Dating Site [ login bypass & xss] saps . audit (Nov 17)
20/20 datashed [ multiples injection sql ] saps . audit (Nov 17)
Infinitytechs Restaurants CM saps . audit (Nov 18)
Vikingboard (0.1.2) [ multiples vulnerability ] saps . audit (Nov 18)
Rapid Classified v3.1 [multiple xss (get) & injection sql] saps . audit (Nov 20)
ehomes [multiples injections sql] saps . audit (Nov 20)
eClassifieds [injection sql] saps . audit (Nov 20)
Rialto 1.6[admin login bypass & multiples injections sql] saps . audit (Nov 20)
klf-realty [injection sql] saps . audit (Nov 20)
Classified System [injection sql] saps . audit (Nov 21)
The Classified Ad System [multiple xss & injection sql] saps . audit (Nov 21)
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities saps . audit (Nov 21)
aBitWhizzy [local file include] saps . audit (Nov 21)
Link Exchange Lite [injection sql] saps . audit (Nov 21)
creadirectory [injection sql & xss] saps . audit (Nov 21)
JiRos Links Manager[injection sql & xss permanent] saps . audit (Nov 21)

saudi

Cross site scripting & fullpath disclosure saudi (Nov 24)
mmgallery Multiple vulnerabilities saudi (Nov 24)

Secunia Research

Secunia Research: MDaemon Insecure Default Directory Permissions Secunia Research (Nov 16)
Secunia Research: Panda ActiveScan Multiple Vulnerabilities Secunia Research (Nov 17)
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability Secunia Research (Nov 21)
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions Secunia Research (Nov 22)
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability Secunia Research (Nov 29)
Secunia Research: MailEnable IMAP Service Two Vulnerabilities Secunia Research (Nov 30)

securfrog

tikiwiki 1.9.5 mysql password disclosure & xss securfrog (Nov 01)
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] securfrog (Nov 02)

security

Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0 security (Nov 01)
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue security (Nov 03)
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities security (Nov 03)
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Nov 03)
XSS Vulnerability in Zend Framework Preview 0.2.0 security (Nov 06)
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability security (Nov 07)
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities security (Nov 07)
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability security (Nov 07)
[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error security (Nov 08)
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities security (Nov 08)
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability security (Nov 08)
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities security (Nov 08)
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability security (Nov 09)
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities security (Nov 10)
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Nov 10)
[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability security (Nov 16)
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability security (Nov 16)
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities security (Nov 17)
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities security (Nov 17)
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities security (Nov 17)
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities security (Nov 17)
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities security (Nov 17)
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability security (Nov 18)
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security (Nov 18)
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities security (Nov 20)
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability security (Nov 21)
[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability security (Nov 21)
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability security (Nov 22)
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability security (Nov 23)
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability security (Nov 29)
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities security (Nov 30)

security-alert

[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert (Nov 01)
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution security-alert (Nov 01)
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access security-alert (Nov 01)
[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege security-alert (Nov 01)
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS) security-alert (Nov 02)
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) security-alert (Nov 09)
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS) security-alert (Nov 17)
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert (Nov 30)

security-list

Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow security-list (Nov 18)

sehato

Windows Media ASX PlayList File Denial Of Service Vulnerability sehato (Nov 22)

sflist

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution sflist (Nov 28)

Shawn Fitzgerald

RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Shawn Fitzgerald (Nov 29)

-= SHELL =- -= SHELL =-

MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability -= SHELL =- -= SHELL =- (Nov 06)

sil

Asterisk Local and Remote Denial of Service vulnerability sil (Nov 01)

simo64

Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include simo64 (Nov 07)

skulmatic

GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability skulmatic (Nov 07)

sni-labs

Vulnerability in PostNuke sni-labs (Nov 21)

Solar Designer

safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Solar Designer (Dec 01)

srunschke

Antwort: Joomla 1.0.11 Remote File Include srunschke (Nov 09)

Stefan Esser

Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability Stefan Esser (Nov 02)
Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability Stefan Esser (Nov 03)
Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Stefan Esser (Nov 14)

Stefano Zanero

Re: phpLedAds 2.0(dir) File Include Stefano Zanero (Nov 01)
Re: PLS-Bannieres 1.21 (bannieres.php) File Include Stefano Zanero (Nov 01)
Re: blogcms => 4.0.0 Remote File Include Stefano Zanero (Nov 17)
Re: dev_wms => 1.5 Remote File Include Vulnerabilities Stefano Zanero (Nov 18)
Re: Phpjobscheduler 3.0 - Multiple Remote File Include Stefano Zanero (Nov 18)

Steve Friedl

Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Steve Friedl (Nov 21)
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steve Friedl (Nov 25)

Steve Kemp

[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation Steve Kemp (Nov 03)

Steven M. Christey

Re: phpMyConferences <= 8.0.2 Remote File Inclusion Steven M. Christey (Nov 03)
Minimizing error cascades in vulnerability information management Steven M. Christey (Nov 07)
Clarifying integer overflows vs. signedness errors Steven M. Christey (Nov 21)
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steven M. Christey (Nov 28)

Steve Shockley

Re: *BSD banner INT overflow vulnerability Steve Shockley (Nov 22)

stopmakingnoise

Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) stopmakingnoise (Nov 24)

stormhacker

TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability stormhacker (Nov 13)

str0ke

Re: Phpjobscheduler 3.0 - Multiple Remote File Include str0ke (Nov 18)
Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit) str0ke (Nov 27)

Stuart Moore

Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability Stuart Moore (Nov 29)

subere

Cracking String Encryption in Java Obfuscated Bytecode subere (Nov 23)
OWASP JBroFuzz 0.3 Fuzzer Released! subere (Nov 29)

Sune Kloppenborg Jeppesen

[ GLSA 200611-09 ] libpng: Denial of Service Sune Kloppenborg Jeppesen (Nov 17)
[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Nov 17)
[ GLSA 200611-13 ] Avahi: "netlink" message vulnerability Sune Kloppenborg Jeppesen (Nov 20)
[ GLSA 200611-12 ] Ruby: Denial of Service vulnerability Sune Kloppenborg Jeppesen (Nov 21)
[ GLSA 200611-14 ] TORQUE: Insecure temproary file creation Sune Kloppenborg Jeppesen (Nov 21)
[ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Nov 21)
[ GLSA 200611-15 ] qmailAdmin: Buffer overflow Sune Kloppenborg Jeppesen (Nov 21)
[ GLSA 200611-16 ] Texinfo: Buffer overflow Sune Kloppenborg Jeppesen (Nov 21)
[ GLSA 200611-18 ] TIN: Multiple buffer overflows Sune Kloppenborg Jeppesen (Nov 24)
[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows Sune Kloppenborg Jeppesen (Nov 24)
[ GLSA 200611-20 ] GNU gv: Stack overflow Sune Kloppenborg Jeppesen (Nov 24)
[ GLSA 200611-21 ] Kile: Incorrect backup file permission Sune Kloppenborg Jeppesen (Nov 27)
[ GLSA 200611-22 ] Ingo H3: Folder name shell command injection Sune Kloppenborg Jeppesen (Nov 28)

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Nov 25)

Taneli Leppä

Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä (Nov 02)
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä (Nov 02)

tarkus

b2evolution XSS Vulnerabilities tarkus (Nov 28)
b2evolution Remote File inclusion Vulnerability tarkus (Nov 29)

Teemu Salmela

Links smbclient command execution Teemu Salmela (Nov 17)

the_3dit0r

Bloo => 1.00 Cross Site Scripting the_3dit0r (Nov 16)
discloser => 0.0.4 Remote File Include Vulnerabilities the_3dit0r (Nov 16)
OdysseusBlog => 1.0.0 Cross Site Scripting the_3dit0r (Nov 16)
Bloo => 1.00 Remote File Include Vulnerability the_3dit0r (Nov 16)
dev_wms => 1.5 Remote File Include Vulnerabilities the_3dit0r (Nov 16)
discloser => 0.0.4 Remote File Include Vulnerability Exploit the_3dit0r (Nov 16)
Myphotos => Remote File Include Vulnerability Exploit the_3dit0r (Nov 17)
Sphpblog => 0.8 Cross Site Scripting the_3dit0r (Nov 17)
BlogTorrent-preview => 0.92 Cross Site Scripting the_3dit0r (Nov 17)
worksystem => Remote File Include Vulnerability Exploit the_3dit0r (Nov 17)
eggblog=> 3.1.0 Cross Site Scripting the_3dit0r (Nov 17)
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit the_3dit0r (Nov 17)
blogcms => 4.0.0 Remote File Include the_3dit0r (Nov 17)
RED Blog => Remote File Include Vulnerability Exploit the_3dit0r (Nov 17)
Storystream => 4.0 Remote File Include Vulnerability Exploit the_3dit0r (Nov 17)
Sphpblog => 0.8 Remote File Include Vulnerabilities the_3dit0r (Nov 17)
LoudMouth => 2.4 Remote File Include Vulnerabilities the_3dit0r (Nov 20)
Telaen <= 1.1.0 Remote File Include Exploit the_3dit0r (Nov 20)
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit the_3dit0r (Nov 20)
PHPOLL => 0.96 Cross Site Scripting the_3dit0r (Nov 20)
Shopping_Catalog Remote File Include exploit the_3dit0r (Nov 20)
dicshunary 0.1 alpha Remote File Inclusion Exploit the_3dit0r (Nov 20)
enomphp => 4.0 Remote Traversal Directory the_3dit0r (Nov 20)
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit the_3dit0r (Nov 20)
iPrimal Forums (index.php) Remote File Include Exploit the_3dit0r (Nov 20)
mg.applanix <= 1.3.1 Remote File Include Exploit the_3dit0r (Nov 20)
mxBB calsnails module 1.06 Remote File Inclusion Exploit the_3dit0r (Nov 20)
Telaen => 1.1.0 Remote File Include Vulnerability the_3dit0r (Nov 20)
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit the_3dit0r (Nov 20)
BirdBlog => v1.4.0 Cross Site Scripting the_3dit0r (Nov 21)
Wabbit PHP Gallery => 0.9 Remote Traversal Directory the_3dit0r (Nov 21)
my little weblog => Cross Site Scripting the_3dit0r (Nov 21)
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities the_3dit0r (Nov 21)

Thiago Zaninotti

Re: Clarifying integer overflows vs. signedness errors Thiago Zaninotti (Nov 22)

Thierry Zoller

Re: Internet Explorer 7 - Still Spyware Writers' Heaven Thierry Zoller (Nov 04)

Thor (Hammer of God)

Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God) (Nov 25)
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God) (Nov 25)

Tim Newsham

Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Tim Newsham (Nov 27)

Timo Sirainen

Dovecot IMAP/POP3 server: Off-by-one buffer overflow Timo Sirainen (Nov 20)

Trustix Security Advisor

TSLSA-2006-0061 - multi Trustix Security Advisor (Nov 06)
TSLSA-2006-0063 - multi Trustix Security Advisor (Nov 16)
TSLSA-2006-0065 - libpng Trustix Security Advisor (Nov 17)
TSLSA-2006-0066 - multi Trustix Security Advisor (Nov 28)

TSRT

TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability TSRT (Nov 08)

tux025

GPhotos 1.5 Multiple vulnerabilities tux025 (Nov 18)
mAlbum v0.3 Multiple vulnerabilitizzz tux025 (Nov 21)
mAlbum v0.3 local file inclusion tux025 (Nov 25)

vannovax

Wordpress File Inclusion vannovax (Nov 13)

Vincent A . Menard

Multiple Vulnerabilities in AlternC version 0.9.5 Vincent A . Menard (Nov 29)

vitux . manis

Ixprim CMS 1.2 Remote File Include Vulnerability vitux . manis (Nov 20)

VMware Security team

VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 VMware Security team (Nov 14)
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 VMware Security team (Nov 14)
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 VMware Security team (Nov 14)
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue VMware Security team (Nov 14)
VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 VMware Security team (Nov 14)
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients VMware Security team (Nov 21)

webmaster

Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include webmaster (Nov 23)

Werner Koch

GnuPG 1.4 and 2.0 buffer overflow Werner Koch (Nov 28)

Williams, James K

RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Williams, James K (Nov 22)
RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability Williams, James K (Nov 22)

wmodes

Re: feedsplitter considered harmful wmodes (Nov 13)

x___ . _

PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity x___ . _ (Nov 27)

yalnifj

Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity yalnifj (Nov 29)

zdi-disclosures

ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability zdi-disclosures (Nov 03)
ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability zdi-disclosures (Nov 06)
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability zdi-disclosures (Nov 10)
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow zdi-disclosures (Nov 13)
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability zdi-disclosures (Nov 15)
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability zdi-disclosures (Nov 15)
ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability zdi-disclosures (Nov 17)
ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures (Nov 29)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]