Bugtraq: by date

Tuesday, 31 October
- iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability iDefense Labs
- iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability iDefense Labs
- iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability iDefense Labs
- Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0 security_at_armorize.com
Wednesday, 1 November
- Re: Re: Simple Machines Forum (SMF) XSS issue oldiesmann_at_simplemachines.org
- Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A
- [USN-370-1] screen vulnerability Kees Cook
- [USN-371-1] Ruby vulnerability Kees Cook
- Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" LegendaryZion
- Re: phpLedAds 2.0(dir) File Include Stefano Zanero
- Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass Cisco Systems Product Security Incident Response Team
- [USN-373-1] mutt vulnerabilities Kees Cook
- Asterisk Local and Remote Denial of Service vulnerability sil_at_infiltrated.net
- tikiwiki 1.9.5 mysql password disclosure & xss securfrog_at_gmail.com
- rPSA-2006-0202-1 tshark wireshark rPath Update Announcements
- [security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert_at_hp.com
- Re: PLS-Bannieres 1.21 (bannieres.php) File Include Stefano Zanero
- [security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution security-alert_at_hp.com
- [security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access security-alert_at_hp.com
- Outpost Insufficient validation of 'SandBox' driver input buffer Matousec - Transparent security Research
- [USN-374-1] wvWare vulnerability Kees Cook
- [security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege security-alert_at_hp.com
- Internet Explorer 7 - Still Spyware Writers' Heaven avivra
- Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00 Nicob
- how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] securfrog_at_gmail.com
Thursday, 2 November
- Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability Stefan Esser
- Firefox 1.5.0.7 Exploit koenig_at_d-e-k-a-d-e-n-t.de
- iodine client 0.3.2 buffer overflow poplix_at_papuasia.org
- [SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass Moritz Muehlenhoff
- [security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS) security-alert_at_hp.com
- [USN-375-1] PHP vulnerability Martin Pitt
- Educational write-up by Amit Klein: "A Refreshing Look at Redirection" Amit Klein
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä
- Re: Firefox 1.5.0.7 Exploit Robert McGrew
- RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Richard Stanway
- Re: Firefox 1.5.0.7 Exploit Bram Dumolin
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes
- Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability Stefan Esser
- EUSecWest/London CFP extended to Nov. 7 Dragos Ruiu
- Re: phpMyConferences <= 8.0.2 Remote File Inclusion Steven M. Christey
- [ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue security_at_mandriva.com
- [ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities security_at_mandriva.com
- Re: Firefox 1.5.0.7 Exploit Martin Pitt
Friday, 3 November
- Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A
- Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales_at_flexwatch.com
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 harrisonholland_at_gmail.com
- [ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability Matthias Geerdsen
- [SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation Steve Kemp
- SIMPLOG 0.9.3 injection sql & multiple xss saps.audit_at_gmail.com
- [ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs security_at_mandriva.com
- XSS in script Mobile m-0-t_at_hotmail.com
- ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability zdi-disclosures_at_3com.com
- [USN-376-1] imlib2 vulnerabilities Kees Cook
Saturday, 4 November
- [OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby) OpenPKG
Friday, 3 November
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan
Saturday, 4 November
- MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues admin_at_majorsecurity.de
Friday, 3 November
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Paul Laudanski
- [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php) OpenPKG
- Web Directory Pro bypass Vulnerabilities hack2prison_at_yahoo.com
Saturday, 4 November
- [OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind) OpenPKG
Friday, 3 November
- [USN-378-1] RPM vulnerability Kees Cook
Saturday, 4 November
- [MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues admin_at_majorsecurity.de
Friday, 3 November
- [USN-377-1] NVIDIA vulnerability Kees Cook
Saturday, 4 November
- Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues saps.audit_at_gmail.com
- IF-CMS multiples XSS vunerabilities saps.audit_at_gmail.com
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven Thierry Zoller
Sunday, 5 November
- @cid stats v2.3 File Include mahmood ali
- Article Script v1.*and v1.6.3 Sql injection liz0_at_bsdmail.org
Saturday, 4 November
- Stanford university SCARF user editing navairum_at_gmail.com
Sunday, 5 November
- PHP Rapid Kill All Version File Injection null_hack_at_yahoo.com
Friday, 3 November
- Mail Drives Security Considerations darkz.gsa_at_gmail.com
Wednesday, 1 November
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jan Heisterkamp
Sunday, 5 November
- [ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability erdc_at_echo.or.id
- [ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability erdc_at_echo.or.id
Monday, 6 November
- Re: @cid stats v2.3 File Include Heiko Wundram
Sunday, 5 November
- [ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability erdc_at_echo.or.id
- [ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability erdc_at_echo.or.id
Thursday, 2 November
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jerome Athias
Sunday, 5 November
- AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss] saps.audit_at_gmail.com
Monday, 6 November
- Joomla 1.0.11 Remote File Include root_at_arab4services.com
Friday, 3 November
- MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability -= SHELL =- -= SHELL =-
Monday, 6 November
- Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server ProCheckUp Research
Friday, 3 November
- TSLSA-2006-0061 - multi Trustix Security Advisor
Monday, 6 November
- [ GLSA 200611-02 ] Qt: Integer overflow Matthias Geerdsen
- Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New) ajannhwt_at_hotmail.com
- MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues admin_at_majorsecurity.de
Saturday, 4 November
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan
Sunday, 5 November
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes
Thursday, 2 November
- [SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution Moritz Muehlenhoff
Friday, 3 November
- XSS Vulnerability in Zend Framework Preview 0.2.0 security_at_armorize.com
Monday, 6 November
- [SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities Moritz Muehlenhoff
Friday, 3 November
- Hotmail and Windows Live Mail XSS Vulnerabilities applesoup_at_gmail.com
- Advanced Guestbook 2.3.1 (Admin.php) Remote File Include broken-proxy_at_Linuxmail.org
Monday, 6 November
- VulnDisco Pack for Metasploit Evgeny Legerov
- Re: Firefox 1.5.0.7 Exploit Lubomir Kundrak
Thursday, 2 November
- Re: Firefox 1.5.0.7 Exploit OOZIE
Monday, 6 November
- ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability zdi-disclosures_at_3Com.com
Friday, 3 November
- IE7 website security certificate discrediting exploit inge_eivind.henriksen_at_chello.no
Monday, 6 November
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob
- Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include simo64_at_morx.org
Tuesday, 7 November
- GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability skulmatic_at_gmail.com
Monday, 6 November
- [USN-376-2] imlib2 regression fix Kees Cook
- [ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability security_at_mandriva.com
- [ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities security_at_mandriva.com
Tuesday, 7 November
- News publication system remote File include navairum_at_gmail.com
- Re: IE7 website security certificate discrediting exploit inge_eivind.henriksen_at_chello.no
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php jesper.jurcenoks_at_netvigilance.com
- [ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability security_at_mandriva.com
- Minimizing error cascades in vulnerability information management Steven M. Christey
- WarFTPd 1.82.00-RC11 Remote Denial Of Service Joxean Koret
- XSS in Kayako SupportSuite v3.00.32 hacker hackers
- [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez
Monday, 6 November
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Jesper Jurcenoks
Tuesday, 7 November
- WFTPD Pro Server 3.23 Buffer Overflow Joxean Koret
- [ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error security_at_mandriva.com
Wednesday, 8 November
- [OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh) OpenPKG
Tuesday, 7 November
- Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006 Manh Tho
- [ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities security_at_mandriva.com
Wednesday, 8 November
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop Cisco Systems Product Security Incident Response Team
- Y.A.N.S sql injection navairum_at_gmail.com
- PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities ajannhwt_at_hotmail.com
- PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability ajannhwt_at_hotmail.com
- [ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability security_at_mandriva.com
Thursday, 8 November
- Lotus Notes pre-login User.ID key leak Andrew Christensen
Wednesday, 8 November
- iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Labs Security Advisories
- Portix-PHP [login bypass & xss (post)] saps.audit_at_gmail.com
Tuesday, 7 November
- phpsatk => Remote File Include Vulnerability EXploit h4ck3riran_at_yahoo.com
Wednesday, 8 November
- TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability TSRT_at_3Com.com
Tuesday, 7 November
- Re: Hotmail and Windows Live Mail XSS Vulnerabilities HASEGAWA Yosuke
Wednesday, 8 November
- Abarcar Realty Portal [injection sql] saps.audit_at_gmail.com
- iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability iDefense Labs
Tuesday, 7 November
- knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability h4ck3riran_at_yahoo.com
Wednesday, 8 November
- Speedwiki 2.0 Arbitrary File Upload Vulnerability saps.audit_at_gmail.com
Tuesday, 7 November
- [ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities security_at_mandriva.com
Wednesday, 8 November
- Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie ProCheckUp Research
- FreeWebshop <=2.2.2 [local file include & xss] saps.audit_at_gmail.com
- FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive FreeBSD Security Advisories
- Antwort: Joomla 1.0.11 Remote File Include srunschke_at_abit.de
- omnistar article manager [multiples injection sql] saps.audit_at_gmail.com
- [ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability security_at_mandriva.com
Thursday, 9 November
- bitweaver <=1.3.1 [injection sql (post) & xss (post)] saps.audit_at_gmail.com
- GNU gv Stack Overflow Vulnerability Renaud Lifchitz
- [SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities Moritz Muehlenhoff
- LandShop Real Estate [multiple injection sql & xss] saps.audit_at_gmail.com
- [USN-379-1] texinfo vulnerability Kees Cook
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob
- Wheatblog [multiple xss (post) & full path disclosure] saps.audit_at_gmail.com
- [security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) security-alert_at_hp.com
- [ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities Matthias Geerdsen
- rPSA-2006-0204-1 kernel rPath Update Announcements
- rPSA-2006-0205-1 php php-mysql php-pgsql rPath Update Announcements
- rPSA-2006-0206-1 firefox thunderbird rPath Update Announcements
- rPSA-2006-0207-1 openssh openssh-client openssh-server rPath Update Announcements
- [ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities security_at_mandriva.com
- [ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security_at_mandriva.com
Friday, 10 November
- [OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap) OpenPKG
- [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation Raphael Marichez
- [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow corrado.liotta_at_alice.it
- [x0n3-h4ck]Drake CMS v 0.2 XSS exploit corrado.liotta_at_alice.it
- ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability zdi-disclosures_at_3com.com
- encapscms 0.3.6 - Remote File Include by Firewall firewall1954_at_hotmail.com
Sunday, 12 November
- Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt_at_hotmail.com
- Mega Mall [ multiples injection sql & full path disclosure ] saps.audit_at_gmail.com
- MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] benjilenoob_at_hotmail.com
Friday, 10 November
- PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit philipp.niedziela_at_gmx.de
Sunday, 12 November
- TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability stormhacker_at_hotmail.com
- [SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery Moritz Muehlenhoff
Friday, 10 November
- Exophpdesk V1.2 - Remote File Include firewall1954_at_hotmail.com
- Wordpress File Inclusion vannovax_at_gmail.com
Saturday, 11 November
- [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue admin_at_majorsecurity.de
- phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit ajannhwt_at_hotmail.com
- AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit ajannhwt_at_hotmail.com
Sunday, 12 November
- UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
Saturday, 11 November
- NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit ajannhwt_at_hotmail.com
Monday, 13 November
- Re: feedsplitter considered harmful wmodes_at_ucsc.edu
Saturday, 11 November
- NuRems 1.0 Remote XSS/SQL Injection Exploit ajannhwt_at_hotmail.com
Monday, 13 November
- Re: Wordpress File Inclusion emc3_at_mentalcollective.com
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce
Saturday, 11 November
- NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
- NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit ajannhwt_at_hotmail.com
- [SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities Moritz Muehlenhoff
- XSS in Email Signature Script miladkaleh_at_gmail.com
Sunday, 12 November
- infinicart [ multiples injection sql & xss (post) ] saps.audit_at_gmail.com
Saturday, 11 November
- shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit crackers_child_at_sibersavascilar.com
Thursday, 9 November
- ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow zdi-disclosures_at_3com.com
Saturday, 11 November
- Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" rvirtue_at_virtech.org
- Web Interface remote file inclusion navairum_at_gmail.com
Friday, 10 November
- VBulletin DoS Exploit [ all Versions ] root_at_h4x0r.ir
Saturday, 11 November
- Digipass Go3 Token Dumper (at least for 2006) fcollyer_at_gmail.com
- Phpjobscheduler 3.0 - Multiple Remote File Include Firewall1954_at_hotmail.com
- Phpdebug 1.1.0 - Remote File Include by Firewall Firewall1954_at_hotmail.com
Sunday, 12 November
- ELOG Web Logbook Remote Denial of Service Vulnerability OS2A BTO
- UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
- Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability ajannhwt_at_hotmail.com
- CPanel Multiple Cross Site Scription Advisory_at_Aria-security.net
- Old SAP exploits Nicob
- Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt_at_hotmail.com
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow Noam Rathaus
- ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit ajannhwt_at_hotmail.com
- UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
- [FLSA-2006:211760] Updated gzip package fixes security issues David Eisenstein
Monday, 13 November
- [SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery Moritz Muehlenhoff
Friday, 10 November
- SinFP 2.04 release, works under Windows GomoR
Monday, 13 November
- Challenges faced by automated web application security assessment tools bugtraq_at_cgisecurity.net
Sunday, 12 November
- DirectAdmin Multiple Cross Site Scription Advisory_at_Aria-security.net
Monday, 13 November
- [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows Raphael Marichez
- VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 VMware Security team
- [ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities Raphael Marichez
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez
Thursday, 9 November
- iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Labs
Monday, 13 November
- [ GLSA 200611-08 ] RPM: Buffer overflow Raphael Marichez
- VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 VMware Security team
- New Bug MiniBB Forum <= 2 Remote File Include (index.php) philip anselmo
- VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 VMware Security team
Sunday, 12 November
- Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit ajannhwt_at_hotmail.com
Monday, 13 November
- VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue VMware Security team
- VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 VMware Security team
- Re: Wordpress File Inclusion Expanders
Sunday, 12 November
- Re: GNU gv Stack Overflow Vulnerability Noam Rathaus
Tuesday, 14 November
- [SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
Monday, 13 November
- Real Estate Listing System SQL Injection Advisory_at_Aria-security.net
- ASPintranet SQL Injection Advisory_at_Aria-security.net
- SiteXpress SQL Injection Advisory_at_Aria-security.net
- WWWeb Cocepts SQL Injection Advisory_at_Aria-security.net
- Ustore SQL Injection Advisory_at_Aria-security.net
- eShopping SQL Injection Advisory_at_Aria-security.net
Tuesday, 14 November
- Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Stefan Esser
Monday, 13 November
- ECommerce Store Shop Builder Advisory_at_Aria-security.net
- Engine Manager SQL Injection Advisory_at_Aria-security.net
- BPG Content Management System SQL Injection Advisory_at_Aria-security.net
- Apple Safari "match" Buffer Overflow Vulnerability jbh_cg_at_yahoo.fr
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald
Tuesday, 14 November
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements
- Evolve Merchant[ injection sql ] saps.audit_at_gmail.com
- Car Site Manager [injection sql & xss (get)] saps.audit_at_gmail.com
- Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php) navairum_at_gmail.com
- FunkyASP Glossary v1.0 [injection sql] saps.audit_at_gmail.com
- Blogme v3 [admin login bypass & xss (post)] saps.audit_at_gmail.com
- Property Site Manager [login bypass ,multiples injection sql & xss (get)] saps.audit_at_gmail.com
- [Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'] K F (lists)
- Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner
- [Fwd: OpenBase SQL multiple vulnerabilities Part Deux] K F (lists)
- EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow eEye Advisories
- ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability zdi-disclosures_at_3com.com
- ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability zdi-disclosures_at_3com.com
- A+ Store E-Commerce[ injection sql & xss (post) ] saps.audit_at_gmail.com
- A-Cart pro[ injection sql (post&get)] saps.audit_at_gmail.com
- Inventory Manager [injection sql & xss (get)] saps.audit_at_gmail.com
- hpecs shopping cart[login bypass & injection sql (post)] saps.audit_at_gmail.com
Wednesday, 15 November
- Dragon calendar [ login bypass & injection sql ] saps.audit_at_gmail.com
Tuesday, 14 November
- [SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution Moritz Muehlenhoff
Wednesday, 15 November
- NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
- MultiCalendars [ multiples injection sql ] saps.audit_at_gmail.com
- [OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo) OpenPKG
- DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
- TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
- TSLSA-2006-0063 - multi Trustix Security Advisor
Tuesday, 14 November
- [ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability security_at_mandriva.com
Wednesday, 15 November
- [SECURITY] [DSA 1212-1] New openssh packages fix denial of service Noah Meyerhans
- Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research
- E-Calendar Pro 3.0 [ login bypass & injection sql (post)] saps.audit_at_gmail.com
Tuesday, 14 November
- Helm Cross-Site Scripting (XSS) Advisory_at_Aria-security.net
Wednesday, 15 November
- FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
Tuesday, 14 November
- [ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability security_at_mandriva.com
Thursday, 16 November
- Bloo => 1.00 Cross Site Scripting the_3dit0r_at_yahoo.com
Tuesday, 14 November
- E-commerce Kit 1 PayPal Edition [ injection sql ] saps.audit_at_gmail.com
- MetaCart e-Shop [multiples injection sql (get & post)] saps.audit_at_gmail.com
Wednesday, 15 November
- Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection Advisory_at_Aria-security.net
Thursday, 16 November
- discloser => 0.0.4 Remote File Include Vulnerabilities the_3dit0r_at_yahoo.com
Tuesday, 14 November
- Hot Links download backup authorized vulnerabilities hack2prison_at_yahoo.com
Thursday, 16 November
- PhpMyAdmin all version [multiples vulnerability] saps.audit_at_gmail.com
Wednesday, 15 November
- [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues admin_at_majorsecurity.de
Thursday, 16 November
- OdysseusBlog => 1.0.0 Cross Site Scripting the_3dit0r_at_yahoo.com
- Bloo => 1.00 Remote File Include Vulnerability the_3dit0r_at_yahoo.com
Monday, 13 November
- Team Evil - Incident #2 beSIRT
- Chetcpasswd 2.x: multiple vulnerabilities riclem_at_yahoo.com
Thursday, 16 November
- Secunia Research: MDaemon Insecure Default Directory Permissions Secunia Research
Tuesday, 14 November
- Re: Apple Safari "match" Buffer Overflow Vulnerability J. Oquendo
Thursday, 16 November
- Kerio WebSTAR local privilege escalation K F (lists)
- dev_wms => 1.5 Remote File Include Vulnerabilities the_3dit0r_at_yahoo.com
- discloser => 0.0.4 Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
- Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) revenge
Tuesday, 14 November
- eShopping Cart [injection sql] saps.audit_at_gmail.com
Thursday, 16 November
- Whitepaper: Implementing and Detecting a PCI Rootkit John Heasman
- Vulnerabilities in Client Service for NetWare Avert_at_avertlabs.com
Tuesday, 14 November
- CandyPress Store[ multiples injection sql ] saps.audit_at_gmail.com
Wednesday, 15 November
- BaalAsp forum [login bypass ,injections sql(post), xss(post)] saps.audit_at_gmail.com
- ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability zdi-disclosures_at_3com.com
- Helm Cross Site Scripting Advisory_at_Aria-security.net
Thursday, 16 November
- Myphotos => Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
Wednesday, 15 November
- i-Gallery 3.4 Cross Site Scripting Advisory_at_Aria-security.net
Thursday, 16 November
- Sphpblog => 0.8 Cross Site Scripting the_3dit0r_at_yahoo.com
- BlogTorrent-preview => 0.92 Cross Site Scripting the_3dit0r_at_yahoo.com
Wednesday, 15 November
- Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include AG- Spider
Tuesday, 14 November
- ASP Cart [multiples injection sql (post & get)] saps.audit_at_gmail.com
Thursday, 16 November
- worksystem => Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
- Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Lucas Holt
Tuesday, 14 November
- Hot Links download backup authorized vulnerabilities (re-post with some edit) hack2prison_at_yahoo.com
Thursday, 16 November
- eggblog=> 3.1.0 Cross Site Scripting the_3dit0r_at_yahoo.com
- Secunia Research: Panda ActiveScan Multiple Vulnerabilities Secunia Research
Monday, 13 November
- RE: VBulletin DoS Exploit [ all Versions ] Bart Seresia
Tuesday, 14 November
- UK Security Convention - Continuity 2006 Manchester 2600
- Links smbclient command execution Teemu Salmela
Wednesday, 15 November
- rPSA-2006-0211-1 libpng rPath Update Announcements
Thursday, 16 November
- My-BIC => 0.6.5 Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
Tuesday, 14 November
- ASPintranet SQL Injection Advisory_at_Aria-security.net
Thursday, 16 November
- blogcms => 4.0.0 Remote File Include the_3dit0r_at_yahoo.com
- RED Blog => Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
- Storystream => 4.0 Remote File Include Vulnerability Exploit the_3dit0r_at_yahoo.com
Tuesday, 14 November
- Pilot Cart V.7.2 [ injection sql (post) ] saps.audit_at_gmail.com
Thursday, 16 November
- [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities security_at_mandriva.com
- [ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities security_at_mandriva.com
- [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities security_at_mandriva.com
Tuesday, 14 November
- Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Marcello Barnaba
Thursday, 16 November
- [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) OpenPKG
- [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities security_at_mandriva.com
Tuesday, 14 November
- Active News Manager [ injection sql (post&get)] saps.audit_at_gmail.com
Wednesday, 15 November
- Image gallery with Access Database SQL Injection Advisory_at_Aria-security.net
Thursday, 16 November
- [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities security_at_mandriva.com
Friday, 17 November
- [OpenPKG-SA-2006.036] OpenPKG Security Advisory (png) OpenPKG
- [USN-383-1] libpng vulnerability Kees Cook
- [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS) security-alert_at_hp.com
- [ GLSA 200611-09 ] libpng: Denial of Service Sune Kloppenborg Jeppesen
- TSLSA-2006-0065 - libpng Trustix Security Advisor
- [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities Sune Kloppenborg Jeppesen
- Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) dean_at_etomite.org
Thursday, 16 November
- [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory] Advisory_at_Aria-security.net
Friday, 17 November
- 20/20 auto gallery [ multiples injection sql ] saps.audit_at_gmail.com
- 20/20 real estate [ multiples injection sql ] saps.audit_at_gmail.com
Thursday, 16 November
- TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability liuqx_at_nipc.org.cn
- [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Reversemode
- Sphpblog => 0.8 Remote File Include Vulnerabilities the_3dit0r_at_yahoo.com
Wednesday, 15 November
- Aspmforum [ multiples injection sql (get&post)] saps.audit_at_gmail.com
Thursday, 16 November
- igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote info_at_digitalarmaments.com
Friday, 17 November
- Dating Site [ login bypass & xss] saps.audit_at_gmail.com
- XSS vBulletin 3.6.X Admin Control Painel insanity_at_darkers.com.br
- MosReporter Joomla Component Remote File Inclusion Exploi crackers_child_at_sibersavascilar.com
- 20/20 datashed [ multiples injection sql ] saps.audit_at_gmail.com
- Re: blogcms => 4.0.0 Remote File Include Stefano Zanero
- Re: Airmagnet management interfaces multiple vulnerabilities ckuan_at_airmagnet.com
- Infinitytechs Restaurants CM saps.audit_at_gmail.com
- [ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability security_at_mandriva.com
- Re: dev_wms => 1.5 Remote File Include Vulnerabilities Stefano Zanero
- A-Cart PRO SQL Injection Advisory_at_Aria-security.net
Saturday, 18 November
- [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues admin_at_majorsecurity.de
- Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING pagvac
- PhpBB Module Dimension Remote File Include bluespy.ok_at_gmail.com
- Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection gmdarkfig_at_gmail.com
Friday, 17 November
- [ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security_at_mandriva.com
- [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite Advisory_at_Aria-security.net
- Drone Armies C&C Report - 17 Nov 2006 c2report_at_isotf.org
Saturday, 18 November
- Vikingboard (0.1.2) [ multiples vulnerability ] saps.audit_at_gmail.com
- BLOG:CMS <= 4.1.3 XSS katatafish_at_hush.com
Friday, 17 November
- [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite Advisory_at_Aria-security.net
Saturday, 18 November
- [MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues admin_at_majorsecurity.de
Friday, 17 November
- linksys wrt54g v5 authentication bypass fixed Ginsu Rabbit
- A-Cart 2.0 SQL Injection Advisory_at_Aria-security.net
Saturday, 18 November
- Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite gmdarkfig_at_gmail.com
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include Stefano Zanero
- Re: A-Cart PRO SQL Injection gmdarkfig_at_gmail.com
- GPhotos 1.5 Multiple vulnerabilities tux025_at_gmail.com
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include str0ke
- Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow security-list_at_hacktrack.com
- Dovecot IMAP/POP3 server: Off-by-one buffer overflow Timo Sirainen
Sunday, 19 November
- LoudMouth => 2.4 Remote File Include Vulnerabilities the_3dit0r_at_yahoo.com
- Ixprim CMS 1.2 Remote File Include Vulnerability vitux.manis_at_gmail.com
- Telaen <= 1.1.0 Remote File Include Exploit the_3dit0r_at_yahoo.com
- Rapid Classified v3.1 [multiple xss (get) & injection sql] saps.audit_at_gmail.com
- Digital Armaments November-Decemberr Hacking Challenge: KERNEL info_at_digitalarmaments.com
- [SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities Moritz Muehlenhoff
- PhpBB Module Dimension Remote File Include bluespy.ok_at_gmail.com
- ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
Monday, 20 November
- PhpQuickGallery <= 1.9 Remote File Inclusion Exploit the_3dit0r_at_yahoo.com
Sunday, 19 November
- ehomes [multiples injections sql] saps.audit_at_gmail.com
- PHPOLL => 0.96 Cross Site Scripting the_3dit0r_at_yahoo.com
- Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
- eClassifieds [injection sql] saps.audit_at_gmail.com
- Rialto 1.6[admin login bypass & multiples injections sql] saps.audit_at_gmail.com
- gNews Publisher SQL Injection Vulnerabilites Advisory_at_aria-security.net
Monday, 20 November
- Shopping_Catalog Remote File Include exploit the_3dit0r_at_yahoo.com
- RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rogier Mulhuijzen
- dicshunary 0.1 alpha Remote File Inclusion Exploit the_3dit0r_at_yahoo.com
Sunday, 19 November
- klf-realty [injection sql] saps.audit_at_gmail.com
- enomphp => 4.0 Remote Traversal Directory the_3dit0r_at_yahoo.com
Monday, 20 November
- DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit the_3dit0r_at_yahoo.com
- iPrimal Forums (index.php) Remote File Include Exploit the_3dit0r_at_yahoo.com
- mg.applanix <= 1.3.1 Remote File Include Exploit the_3dit0r_at_yahoo.com
- mxBB calsnails module 1.06 Remote File Inclusion Exploit the_3dit0r_at_yahoo.com
Sunday, 19 November
- Telaen => 1.1.0 Remote File Include Vulnerability the_3dit0r_at_yahoo.com
Monday, 20 November
- [SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution Moritz Muehlenhoff
- [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities security_at_mandriva.com
- The Week of Oracle Database Bugs Cesar
- [ GLSA 200611-13 ] Avahi: "netlink" message vulnerability Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass Moritz Muehlenhoff
- MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit the_3dit0r_at_yahoo.com
- [ GLSA 200611-12 ] Ruby: Denial of Service vulnerability Sune Kloppenborg Jeppesen
- Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
- [ GLSA 200611-14 ] TORQUE: Insecure temproary file creation Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service Moritz Muehlenhoff
- [ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability security_at_mandriva.com
Sunday, 19 November
- BirdBlog => v1.4.0 Cross Site Scripting the_3dit0r_at_yahoo.com
- Wabbit PHP Gallery => 0.9 Remote Traversal Directory the_3dit0r_at_yahoo.com
Monday, 20 November
- [SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code Moritz Muehlenhoff
- mAlbum v0.3 Multiple vulnerabilitizzz tux025_at_gmail.com
Sunday, 19 November
- Classified System [injection sql] saps.audit_at_gmail.com
- my little weblog => Cross Site Scripting the_3dit0r_at_yahoo.com
Monday, 20 November
- [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Sune Kloppenborg Jeppesen
- Re: GPhotos 1.5 Multiple vulnerabilities packet_at_packetstormsecurity.org
- Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
Sunday, 19 November
- [SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression Moritz Muehlenhoff
- ltwCalendar => 4.2.1 Remote File Include Vulnerabilities the_3dit0r_at_yahoo.com
Monday, 20 November
- [ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability security_at_mandriva.com
Sunday, 19 November
- The Classified Ad System [multiple xss & injection sql] saps.audit_at_gmail.com
Monday, 20 November
- [USN-384-1] OpenLDAP vulnerability Kees Cook
- Which is more secure? Oracle vs. Microsoft David Litchfield
- Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Steve Friedl
Tuesday, 21 November
- LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories_at_lssec.com
- [KAPDA]::Security analysis of cutenews 1.4.5 alireza hassani
- New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix Omirjan Batyrbaev
- [ GLSA 200611-15 ] qmailAdmin: Buffer overflow Sune Kloppenborg Jeppesen
- Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities research_at_gleg.net
- [ GLSA 200611-16 ] Texinfo: Buffer overflow Sune Kloppenborg Jeppesen
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities saps.audit_at_gmail.com
- Secunia Research: My Firewall Plus Privilege Escalation Vulnerability Secunia Research
- [SECURITY] [DSA 1218-1] New proftpd packages fix denial of service Moritz Muehlenhoff
- aBitWhizzy [local file include] saps.audit_at_gmail.com
- ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities revenge
- [USN-382-1] Thunderbird vulnerabilities Kees Cook
- Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include admin_at_dwalker.co.uk
- Link Exchange Lite [injection sql] saps.audit_at_gmail.com
- creadirectory [injection sql & xss] saps.audit_at_gmail.com
- JiRos Links Manager[injection sql & xss permanent] saps.audit_at_gmail.com
- Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI
- Clarifying integer overflows vs. signedness errors Steven M. Christey
- VMSA-2006-0010 - SSL sessions not authenticated by VC Clients VMware Security team
- Vulnerability in PostNuke sni-labs_at_sni-labs.com
- Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Williams, James K
- [USN-381-1] Firefox vulnerabilities Kees Cook
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Chris Gianelloni
- RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability Williams, James K
Wednesday, 22 November
- *BSD banner INT overflow vulnerability Gruzicki Wlodek
- Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions Secunia Research
- Re: *BSD banner INT overflow vulnerability Steve Shockley
Tuesday, 21 November
- Re: Clarifying integer overflows vs. signedness errors Thiago Zaninotti
Wednesday, 22 November
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
Tuesday, 21 November
- "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Matthew Conover
- Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability jim_at_qnecms.co.uk
Wednesday, 22 November
- Windows Media ASX PlayList File Denial Of Service Vulnerability sehato_at_yandex.ru
Tuesday, 21 November
- [ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability security_at_mandriva.com
Wednesday, 22 November
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito
- Re: Re: *BSD banner INT overflow vulnerability evilrabbi_at_gmail.com
- Re: *BSD banner INT overflow vulnerability Bob Beck
Tuesday, 21 November
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito
Wednesday, 22 November
- Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords fash1on_at_gmail.com
- CONFidence 2007 CFP andrzej.targosz_at_proidea.org.pl
- Perl proxy checker using samair.ru Iko Riyadi
- XSS in scriptat support InverseFlow Help Desk v2.31 gamr-14_at_hotmail.com
Thursday, 23 November
- Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. Casper.Dik_at_Sun.COM
Wednesday, 22 November
- [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion erdc_at_echo.or.id
Thursday, 23 November
- NVIDIA nView (keystone) local Denial Of service no-reply_at_hessamx.net
- CFP - VII National Computer and Information Security Conference Jeimy Cano
- Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Michael Scheidell
Wednesday, 22 November
- Re: tikiwiki 1.9.5 mysql password disclosure & xss FBI_at_Hotmail.com
Thursday, 23 November
- Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords 3APA3A
- Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Juha-Matti Laurio
- [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability security_at_mandriva.com
- Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include webmaster_at_phpbb-es.com
Wednesday, 22 November
- Re: *BSD banner INT overflow vulnerability admin
Thursday, 23 November
- LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability advisories_at_lssec.com
- [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection Matthias Geerdsen
- Active PHP Bookmarks (apb.php) Remote file include philip anselmo
- Cracking String Encryption in Java Obfuscated Bytecode subere_at_uncon.org
- Re: Cracking String Encryption in Java Obfuscated Bytecode Jim Manico
- Cross site scripting & fullpath disclosure saudi_at_hotmail.fr
Friday, 24 November
- [Aria-Security Team] Ultimate Survey Pro SQL Injection Advisory_at_Aria-security.net
- [ GLSA 200611-18 ] TIN: Multiple buffer overflows Sune Kloppenborg Jeppesen
- [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection Advisory_at_Aria-security.net
Thursday, 23 November
- mmgallery Multiple vulnerabilities saudi_at_hotmail.fr
Friday, 24 November
- PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities paisterist.nst_at_gmail.com
- Re: Active PHP Bookmarks (apb.php) Remote file include Mefisto_at_Hackermail.Com
Thursday, 23 November
- Wolflab Burning Board Lite 1.0.2 two sql injections retrog_at_alice.it
Friday, 24 November
- Re: Cracking String Encryption in Java Obfuscated Bytecode John GALLET
- [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection Advisory_at_Aria-security.net
- [Aria-Security Team] ASP ListPics 5.0 SQL Injection Advisory_at_Aria-security.net
- [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection Advisory_at_Aria-security.net
- [Aria-Security Team] iNews News Manager SQL Injection Advisory_at_Aria-security.net
- Re: Digipass Go3 Token Dumper (at least for 2006) Hugo van der Kooij
- [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows Sune Kloppenborg Jeppesen
- Cahier de texte V2.0 SQL Code Execution Exploit gmdarkfig_at_gmail.com
- PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit crackers_child_at_sibersavascilar.com
- CPanel 11 Multiple Cross-Site Scription Advisory_at_Aria-security.net
- [ GLSA 200611-20 ] GNU gv: Stack overflow Sune Kloppenborg Jeppesen
- WebHost Manager (WHM) Multiple Cross-Site Scripting Advisory_at_Aria-security.net
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) stopmakingnoise_at_gmail.com
- DoS in Microsoft Windows Live Messenger <= 8.0 dragonjar_at_gmail.com
- New Windows tool - NBTEnum 3.3 Reed Arvin
- Re: tikiwiki 1.9.5 mysql password disclosure & xss drunken_chin_at_yahoo.com
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God)
- Siap Cms Sql Injection (login.asp) nagazakig74_at_hotmail.com
- Wisi Portal [Sql Injection By Jesus Tovar] nagazakig74_at_hotmail.com
Saturday, 25 November
- AttackAPI 2.0 alpha pdp (architect)
- Re: DoS in Microsoft Windows Live Messenger <= 8.0 astralbabz_at_bluebottle.com
- Free tool for pattern identification (for researchers) Gary Golomb
- Re: Re: Digipass Go3 Token Dumper (at least for 2006) fcollyer_at_gmail.com
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steve Friedl
- Re: Clarifying integer overflows vs. signedness errors Pavel Kankovsky
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God)
- mAlbum v0.3 local file inclusion tux025_at_gmail.com
- [Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability Advisory_at_Aria-security.net
- [Aria-Security Team] General Shopping Cart SQL Injection Vulnerability Advisory_at_Aria-security.net
Sunday, 26 November
- [SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution Moritz Muehlenhoff
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Tim Newsham
- Clickblog Sql Injection Advisory_at_Aria-Security.Net
- ClickGallery Sql Injection Advisory_at_Aria-Security.Net
- TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename) liuqx_at_nipc.org.cn
- iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability iDefense Labs
Saturday, 25 November
- VMware 5.5.1 Local Buffer Overflow (HTML Exploit) NormandiaN_MailID_at_Yahoo.com
Monday, 27 November
- [SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities Noah Meyerhans
Sunday, 26 November
- CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo
Monday, 27 November
- rPSA-2006-0218-1 ImageMagick rPath Update Announcements
Sunday, 26 November
- TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) liuqx_at_nipc.org.cn
Monday, 27 November
- Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit) str0ke
- rPSA-2006-0219-1 info install-info texinfo rPath Update Announcements
- PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity x___.__at_hotmail.com
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Francesco Laurita
Sunday, 26 November
- MHL-2006-003 Public Advisory: "mboard" file creation issue Mayhemic Labs Security
Monday, 27 November
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
Sunday, 26 November
- iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability iDefense Labs
- [ GLSA 200611-21 ] Kile: Incorrect backup file permission Sune Kloppenborg Jeppesen
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution sflist_at_gmx.de
Monday, 27 November
- RE: Cracking String Encryption in Java Obfuscated Bytecode Jeremy Epstein
- 2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (AT)
- Cursor snarfing - a new class of vulnerability and attack in Oracle David Litchfield
- AIDE problem handling symlinks fryxar fryxar
Sunday, 26 November
- ClickContact SQL Injection Advisory_at_Aria-Security.Net
Monday, 27 November
- CVE-2006-5815: remote code execution in ProFTPD John Morrissey
- SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal research_at_symantec.com
- GnuPG 1.4 and 2.0 buffer overflow Werner Koch
- [ GLSA 200611-22 ] Ingo H3: Folder name shell command injection Sune Kloppenborg Jeppesen
Sunday, 26 November
- uPhotoGallery (v 1.1) SQL Injection Advisory_at_Aria-Security.Net
Monday, 27 November
- Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal Jon Hart
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steven M. Christey
- [USN-386-1] ImageMagick vulnerability Kees Cook
- evince buffer overflow exploit (gv) kspecial
Tuesday, 28 November
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
Monday, 27 November
- TSLSA-2006-0066 - multi Trustix Security Advisor
Tuesday, 28 November
- ProFTPD mod_tls pre-authentication buffer overflow research_at_gleg.net
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity Mefisto_at_Hackermail.Com
Monday, 27 November
- [USN-385-1] tar vulnerability Kees Cook
Tuesday, 28 November
- b2evolution XSS Vulnerabilities tarkus_at_tiifp.org
- [USN-387-1] Dovecot vulnerability Kees Cook
- [ GLSA 200611-23 ] Mono: Insecure temporary file creation Raphael Marichez
- [ GLSA 200611-24 ] LHa: Multiple vulnerabilities Raphael Marichez
- [ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability Raphael Marichez
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity yalnifj_at_users.sourceforge.net
- New report on Teredo security Jim Hoagland
- Multiple Vulnerabilities in AlternC version 0.9.5 Vincent A.Menard
- Re: [Full-disclosure] New report on Teredo security Jeroen Massar
- b2evolution Remote File inclusion Vulnerability tarkus_at_tiifp.org
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability raven
Monday, 27 November
- Re: [WEB SECURITY] The state of JavaScript Hacking bugtraq_at_cgisecurity.net
- PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability philip anselmo
Wednesday, 29 November
- Re: ProFTPD mod_tls pre-authentication buffer overflow Mark Wadham
- ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures_at_3com.com
- iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability iDefense Labs
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
Monday, 27 November
- REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability jesper.jurcenoks_at_netvigilance.com
Tuesday, 28 November
- [ MDKSA-2006:219 ] - Updated tar packages fix vulnerability security_at_mandriva.com
Wednesday, 29 November
- Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability Secunia Research
- SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability Mike Prosser
Tuesday, 28 November
- OWASP JBroFuzz 0.3 Fuzzer Released! subere_at_uncon.org
- RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Shawn Fitzgerald
Wednesday, 29 November
- New Windows tool - PWDumpX v1.0 Reed Arvin
Tuesday, 28 November
- Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities jesper.jurcenoks_at_netvigilance.com
Saturday, 25 November
- [Aria-Security Team] FipsSHOP SQL Injection Advisory_at_Aria-Security.Net
Monday, 27 November
- Potentially OT: AJAX article clappymonkey_at_gmail.com
Wednesday, 29 November
- Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability Stuart Moore
- [USN-388-1] KOffice vulnerability Kees Cook
- [USN-389-1] GnuPG vulnerability Kees Cook
Thursday, 30 November
- [SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution Martin Schulze
- [SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff
- [ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities security_at_mandriva.com
- Secunia Research: MailEnable IMAP Service Two Vulnerabilities Secunia Research
- [security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert_at_hp.com
- [USN-390-1] evince vulnerability Kees Cook
- Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION blueshisha_at_safe-mail.net
- @lex Guestbook 4.0.1 : Full Path Disclosure & XSS mr_kaliman_at_msn.com
- Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
- Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability infection_at_mail.kz
- [ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code Raphael Marichez
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability Dude VanWinkle
Wednesday, 29 November
- safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Solar Designer
Thursday, 30 November
- contentserv 4.x capt.nem0_at_gmx.de
- LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability ajannhwt_at_hotmail.com
- iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability iDefense Labs
- LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities jesper.jurcenoks_at_netvigilance.com

Last message date: Nov 30 2006
Archived on: Oct 05 2008 PDT