Home page logo
/

524 messages starting Oct 16 06 and ending Oct 19 06
Date index | Thread index | Author index

3APA3A

:ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities 3APA3A (Oct 16)

3cab7cc7

TorrentFlux action Script Insertion 3cab7cc7 (Oct 17)
TorrentFlux file Script Insertion 3cab7cc7 (Oct 17)
TorrentFlux user_id Script Insertion 3cab7cc7 (Oct 17)

566d9bfe

TorrentFlux startpop.php torrent Script Insertion 566d9bfe (Oct 13)

abel . andrade

Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability abel . andrade (Oct 20)

Adam Boileau

Security-Assessment.com Advisory: Asterisk remote heap overflow Adam Boileau (Oct 18)

Adam Laurie

RFID enabled e-passport skimming proof of concept code released (RFIDIOt) Adam Laurie (Oct 27)

admin

[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue admin (Oct 30)

advisories

LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories (Oct 07)
LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories (Oct 07)
LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories (Oct 07)

advisory

Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux advisory (Oct 16)
Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin advisory (Oct 17)

aeroxteam

Vulnerability in Btitracker aeroxteam (Oct 07)

ajannhwt

PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability ajannhwt (Oct 30)
PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability ajannhwt (Oct 30)

ak

SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES ak (Oct 23)
Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP ak (Oct 23)
http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html ak (Oct 23)
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports ak (Oct 23)
Modify Data via Inline Views ak (Oct 23)
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL ak (Oct 23)
SQL Injection in package XDB.DBMS_XDBZ0 ak (Oct 23)
SQL Injection in package SYS.DBMS_CDC_IMPDP ak (Oct 23)
SQL Injection in Oracle package MDSYS.SDO_LRS ak (Oct 23)

Alexander Hristov

Google Earth (kml & kmz files) buffer overflow Alexander Hristov (Oct 13)
Mcafee Network Agent (mcnasvc.exe) Remote DoS Alexander Hristov (Oct 13)

Alexander Sotirov

Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Alexander Sotirov (Oct 04)

alguidy

Advanced Poll v2.02 :) <= Remote File Inclusion alguidy (Oct 09)

alireza hassani

[KAPDA::#60] Mambo V4.6.x vulnerabilities alireza hassani (Oct 20)

almaster

SQL in WebWizForum by almaster hacker almaster (Oct 30)

arab_anaconda

PHPLibrary-1.5.3(Description.php) Remote File Include arab_anaconda (Oct 20)

Aras \"Russ\" Memisyazici

RE: Flaw in Firefox 2.0 RC2 Aras \"Russ\" Memisyazici (Oct 20)

Arian J. Evans

RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 07)

arny

Re: Flaw in Firefox 2.0 RC2 arny (Oct 18)

auto113922

who needs a server ... auto113922 (Oct 24)

Avert

MS06-060 Microsoft Word Memmove Code Execution Avert (Oct 12)

avivra

VoMM: Taking browser exploits to the next level avivra (Oct 16)

Bernhard Mueller

Re: PHP "exec", "system", "popen" (+small POC) Bernhard Mueller (Oct 20)

Bithedz

TextPattern <=1.19 Remote File Inclusion Vulnerability Bithedz (Oct 27)
ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability Bithedz (Oct 27)

boomboom999

Utimaco Safeguard Easy vulnerability boomboom999 (Oct 13)

B Potter

ShmooCon 2006 CFP Announcement B Potter (Oct 11)

Brian Eaton

Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Brian Eaton (Oct 02)

bugtraq

RE: Informing Companies about security vulnerabilities... bugtraq (Oct 07)

By_KorsaN_Son

Phpbb insert mod Remote file include By_KorsaN_Son (Oct 13)
Download-Engine Remote File &#304;nclude By_KorsaN_Son (Oct 13)
Bloq 0.5.4 Remote File &#304;nclude By_KorsaN_Son (Oct 13)
PHPht Topsites Remote File &#304;nclude By_KorsaN_Son (Oct 13)

CarcaBotx

PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit CarcaBotx (Oct 18)

C. Hamby

About.com contact C. Hamby (Oct 17)

Christian Kalkhoff

Re: Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability Christian Kalkhoff (Oct 27)

Christopher

Directory Traversal in TorrentFlux 2.1 Christopher (Oct 27)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Limitations in Cisco Secure Desktop Cisco Systems Product Security Incident Response Team (Oct 09)
Cisco Security Advisory: Default Password in Wireless Location Appliance Cisco Systems Product Security Incident Response Team (Oct 12)
Cisco Security Advisory: Cisco Security Agent for Linux Port Scan Denial of Service Cisco Systems Product Security Incident Response Team (Oct 25)

CORE FORCE Team

CORE FORCE R0.95 released! CORE FORCE Team (Oct 30)

corrado . liotta

{x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit corrado . liotta (Oct 18)

crackers_child

phpWebSite 0.10.2 Remote File Include Vulnerabilities crackers_child (Oct 10)
MysqlDumper Version 1.21 b6 Xss Vulnerability crackers_child (Oct 11)
WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability crackers_child (Oct 23)
Smarty-2.6.1 Remote File Include Vulnerabilities crackers_child (Oct 23)
INCA IM-204 Dsl several vulnerabilities crackers_child (Oct 23)
CSLH2.9.9 Remote File Include Vulnerabilities crackers_child (Oct 24)
adobe php sdk Remote File Include Vulnerabilities crackers_child (Oct 24)
Joomla extended_registration mod Remote File Include Vulnerabilities crackers_child (Oct 27)

CvIr . System

CMS contenido Remote File Inclusion CvIr . System (Oct 13)
CMS contenido Path Disclosure CvIr . System (Oct 13)

cw . cybersecurity

Simple Website Software v0.99 (common.php) Remote File Include cw . cybersecurity (Oct 30)

Daniel Veditz

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Daniel Veditz (Oct 31)

dansoftaus

Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities dansoftaus (Oct 14)

david

Re: net2ftp Remote File Inclusion - bogus report david (Oct 06)

David Litchfield

Analysis of the Oracle October 2006 Critical Patch Update David Litchfield (Oct 18)

David Matousek

Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability David Matousek (Oct 02)

Debasis Mohanty

Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT Debasis Mohanty (Oct 23)

dh

Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability dh (Oct 02)

disfigure

SQL injection - 4images disfigure (Oct 09)
SQL injection - moodle disfigure (Oct 09)
Comdev One Admin 4.1 Remote File Inclusion disfigure (Oct 18)
Boonex Dolphin 5.2 Remote File Inclusion disfigure (Oct 18)
Simplog 0.9.3.1 SQL Injection disfigure (Oct 18)

dj_remix_20

Dayfox Blog v2.0 Remote file include dj_remix_20 (Oct 02)
Yener Haber Script v2.0 SQL injection dj_remix_20 (Oct 04)
Hazir Site v2.0 Admin SQL Injection dj_remix_20 (Oct 06)
Emek Portal v2.1 SQL Injection dj_remix_20 (Oct 06)
Jax Newspage Remote File include dj_remix_20 (Oct 13)
Jax LinkLists Remote File include dj_remix_20 (Oct 13)

[dot]

vbulletin Exploit Tool Box [dot] (Oct 16)

Dragos Ruiu

PacSec 2006 Papers announcement and EUSecWest Call For Papers Dragos Ruiu (Oct 03)
pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+ Dragos Ruiu (Oct 10)
PacSec Hype Security Team: CGI.pm param injection Dragos Ruiu (Oct 13)

Dr . Ninux

Sorry....My Message With Out Live Site.... Dr . Ninux (Oct 07)

D-virus

gcards (languagefile) <= Remote File Include D-virus (Oct 11)

edubp2002

Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing edubp2002 (Oct 14)

Eiji James Yoshida

Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053] Eiji James Yoshida (Oct 02)

Eliah Kagan

Re: Flaw in Firefox 2.0 RC2 Eliah Kagan (Oct 18)

E Mintz

Security contact for Myspace/Fox? E Mintz (Oct 02)

emme0032

Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include emme0032 (Oct 28)

Enno Rey

Observations on Mandatory Integrity Control (MIC) in Windows Vista Enno Rey (Oct 07)

Enrico Scholz

[Fedora] libtool-ltdl uses relative paths to resolve and load libraries Enrico Scholz (Oct 10)

erdc

[ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc (Oct 09)
[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc (Oct 09)
[ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability erdc (Oct 09)
[ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability erdc (Oct 09)
[ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability erdc (Oct 09)
[ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability erdc (Oct 10)
[ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability erdc (Oct 17)
[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion erdc (Oct 18)
[ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability erdc (Oct 30)

erne

Jinzora 2.6 - Remote File Include Vulnerabilities erne (Oct 14)
maintain-3.0.0-RC2 - Remote File Include Vulnerabilities erne (Oct 16)
MOStlyCEV454 - Remote File Include Vulnerabilities erne (Oct 16)
WebYep-1.1.9 - Remote File Include Vulnerabilities erne (Oct 16)
patchlodel-0.7.3 - Remote File Include Vulnerabilities erne (Oct 16)

erreale

Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability erreale (Oct 25)

farhadkey

[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities farhadkey (Oct 25)

fireboy2006

UltraCMS 0.9 sql injection fireboy2006 (Oct 19)
KICS CMS sql injection fireboy2006 (Oct 19)
UNISOR CMS sql injection fireboy2006 (Oct 27)

firewall1954

CentiPaid <= 1.4.2 [$class_pwd] Remote File Include firewall1954 (Oct 30)
Nucleus Core v3.23 - Remote File Include firewall1954 (Oct 30)
Multiple Remote File Include firewall1954 (Oct 30)

Francesco Laurita

ackerTodo 4.2 SQL Injection Vulnerability Francesco Laurita (Oct 06)
Re: Ban v0.1 (bannieres.php) File Include Francesco Laurita (Oct 28)
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include Francesco Laurita (Oct 30)
Re: Nucleus Core v3.23 - Remote File Include Francesco Laurita (Oct 31)

FREAK_PR

RMSOFT Cross Site Scripting FREAK_PR (Oct 23)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-06:22.openssh FreeBSD Security Advisories (Oct 02)

Gadi Evron

ZERT patch for setSlice() Gadi Evron (Oct 02)
Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Gadi Evron (Oct 04)
Re: [funsec] Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] Gadi Evron (Oct 09)
ISOI II - a DA Workshop (announcement and CFP) Gadi Evron (Oct 13)
Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability Gadi Evron (Oct 25)
[funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) Gadi Evron (Oct 27)
unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products] Gadi Evron (Oct 30)

gene

Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2 gene (Oct 17)

Gianluca Varisco

Re: yet another OpenSSH timing leak? Gianluca Varisco (Oct 10)

gmdarkfig

7 php scripts File Inclusion / Source disclosure Vuln gmdarkfig (Oct 10)

Gouki

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Gouki (Oct 31)

h4ck3riran

bbsNew ( File Include Vulnerability Exploit ) h4ck3riran (Oct 16)
Back-end ( File Include Vulnerability Exploit ) h4ck3riran (Oct 16)
Exporia => 0.3.0 Remote File Include Vulnerability Exploit h4ck3riran (Oct 30)
bbsNew => 2.0.1 Remote File Include Vulnerability Exploit h4ck3riran (Oct 30)
Back-end => 0.4.5 Remote File Include Vulnerability Exploit h4ck3riran (Oct 30)

hack2prison

Iono all version fullpath disclosure hack2prison (Oct 12)

handrix

Sun java System Messenger Express XSS handrix (Oct 31)

HASEGAWA Yosuke

Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 HASEGAWA Yosuke (Oct 27)

H D Moore

Metasploit Framework 2.7 Released H D Moore (Oct 30)

iDefense Labs

iDefense Security Advisory 10.02.06: Novell GroupWise Messenger nmma.exe DoS Vulnerability iDefense Labs (Oct 03)
iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability iDefense Labs (Oct 06)
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability iDefense Labs (Oct 10)
iDefense Security Advisory 10.11.06: AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability iDefense Labs (Oct 12)
iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability iDefense Labs (Oct 12)
iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability iDefense Labs (Oct 14)
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability iDefense Labs (Oct 16)
iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability iDefense Labs (Oct 16)
iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability iDefense Labs (Oct 17)
iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability iDefense Labs (Oct 20)
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability iDefense Labs (Oct 23)
iDefense Security Advisory 10.21.06: Novell eDirectory NCP over IP length Heap Overflow Vulnerability iDefense Labs (Oct 23)
iDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability iDefense Labs (Oct 23)
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability iDefense Labs (Oct 25)
iDefense Security Advisory 10.25.06: AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability iDefense Labs (Oct 25)
iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability iDefense Labs (Oct 25)
iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox Lyrics3 v2.00 tags Heap Overflow Vulnerability iDefense Labs (Oct 26)
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability iDefense Labs (Oct 27)
iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability iDefense Labs (Oct 27)

info

new version of phplist fix XSS vulnerability info (Oct 12)

ip . 123 . 456 . 78 . 90

GestArt <= vbeta 1 Remote File Include Vulnerabilities ip . 123 . 456 . 78 . 90 (Oct 27)

jay.tomas

Re: vulnerability in Symantec products jay.tomas (Oct 30)

J. Carlos Nieto

Re: Smarty-2.6.1 Remote File Include Vulnerabilities J. Carlos Nieto (Oct 24)

Jeff Moss

Black Hat CFP, Registration, and Announcements for October Jeff Moss (Oct 13)

Jerome Athias

Re: Free Rainbow Tables.com Jerome Athias (Oct 31)

jm

Re: Flaw in Firefox 2.0 RC2 jm (Oct 18)

josecarlos . norte

Simple Machines Forum (SMF) XSS issue josecarlos . norte (Oct 20)
SMF fgets off-by-one issue and filter size evasion josecarlos . norte (Oct 27)

Jose Nazario

Re: Flaw in Firefox 2.0 RC2 Jose Nazario (Oct 17)

jose . palanco

D-Link DSL-G624T several vulnerabilities jose . palanco (Oct 23)

Josh Bressers

Re: Concurrency-related vulnerabilities in browsers - expect problems Josh Bressers (Oct 06)
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Josh Bressers (Oct 31)

Jouko Pynnonen

Details of Lotus Notes Java Applet vulnerabilities Jouko Pynnonen (Oct 06)

Joxean Koret

MS Windows DRM software Memory Corruption Joxean Koret (Oct 10)

Juha-Matti Laurio

Vulnerable function in newest PowerPoint case (MS Advisory #925984) Juha-Matti Laurio (Oct 06)
Re: Security contact for Myspace/Fox? Juha-Matti Laurio (Oct 07)
Re: Utimaco Safeguard Easy vulnerability Juha-Matti Laurio (Oct 18)

Jure Pečar

Re: Flaw in Firefox 2.0 RC2 Jure Pečar (Oct 20)

k1tk4t

PHPLibrary <= 1.5.3 Remote File Inclusion k1tk4t (Oct 10)
tagit2b -- Remote File Inclusion k1tk4t (Oct 10)
claroline <= 180rc1 Remote File Inclusion k1tk4t (Oct 10)
blueshoes <= 4.6_public Remote File Inclusion k1tk4t (Oct 10)
Jinzora <= 2.1 Remote File Inclusion k1tk4t (Oct 11)
AlberT-EasySite <= 1.0.a5 Remote File Inclusion k1tk4t (Oct 11)
ExtCalThai_Component <= 0.9.1 Remote File Inclusion k1tk4t (Oct 12)
Open Conference Systems <= 1.1.3 Remote File Inclusion k1tk4t (Oct 13)
phpMyConferences <= 8.0.2 Remote File Inclusion k1tk4t (Oct 13)
trawler <= 1.8.1 Remote File Inclusion k1tk4t (Oct 23)
speedberg <= 1.2beta1 Remote File Inclusion k1tk4t (Oct 23)
opendocman <= 1.2p3 Bypass admin/user Login k1tk4t (Oct 30)

KaBaRa . HaCk . eGy

osprey 1.0 (ListRecords.php) Remote File Include Vulnerability KaBaRa . HaCk . eGy (Oct 16)

Kees Cook

[USN-363-1] libmusicbrainz vulnerability Kees Cook (Oct 11)
[USN-364-1] Xsession vulnerability Kees Cook (Oct 16)
[USN-365-1] libksba vulnerability Kees Cook (Oct 17)
[USN-366-1] binutils vulnerability Kees Cook (Oct 19)
[USN-367-1] Pike vulnerability Kees Cook (Oct 19)

kevin

Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities kevin (Oct 11)

K F (lists)

hack.lu Bluetooth demo K F (lists) (Oct 23)

Larry Cashdollar

IBM Informix Dynamic Server V10.0 File Clobbering during Install Larry Cashdollar (Oct 02)

las_kid

EasyBannerFree (functions.php) Remote File Include Exploit las_kid (Oct 02)

Le . CoPrA

RamaCMS (adodb.inc.php) Remote File Inclue Vulnerability Le . CoPrA (Oct 13)
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability Le . CoPrA (Oct 13)
PHP Cards <= 1.3 Remote File Inclue Vulnerability Le . CoPrA (Oct 13)
MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability Le . CoPrA (Oct 13)
PHP Top webs (config.php) Remote File Inclue Vulnerability Le . CoPrA (Oct 14)
PHP Classifieds 7.1 - Remote File Include Vulnerability Le . CoPrA (Oct 20)

LegendaryZion

Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" LegendaryZion (Oct 31)
Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD" LegendaryZion (Oct 31)
Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD" LegendaryZion (Oct 31)

Lillian Røstad

Call for Papers - First International Workshop on Secure Software Engineering (SecSE 2007) Lillian Røstad (Oct 18)

LIUDIEYU dot COM

IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 LIUDIEYU dot COM (Oct 27)

L . M . H .

Month of Kernel Bugs and fsfuzzer release (0.6) L . M . H . (Oct 24)

loveha

Thepeak File Upload v1.3 : Read file vulneability loveha (Oct 27)

Lubomir Kundrak

Re: Flaw in Firefox 2.0 RC2 Lubomir Kundrak (Oct 19)

Ludwig Nussel

SUSE Security Announcement: php4,php5 (SUSE-SA:2006:059) Ludwig Nussel (Oct 09)

Luís Miguel Silva

Security flaw in IBM Client Security Password Manager Luís Miguel Silva (Oct 03)
TORQUE Spool Job Race condition (torque <= 2.0.0p8) Luís Miguel Silva (Oct 19)

mahmood ali

EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability mahmood ali (Oct 14)
PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability mahmood ali (Oct 17)
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability mahmood ali (Oct 18)
PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability mahmood ali (Oct 18)
DigitalHive 2.0 RC2 (base_include.php)File Include mahmood ali (Oct 19)
PHP Poll Creator 1.04 (poll_vote.php)File Include mahmood ali (Oct 20)
Ban v0.1 (bannieres.php) File Include mahmood ali (Oct 27)
PLS-Bannieres 1.21 (bannieres.php) File Include mahmood ali (Oct 27)
phpLedAds 2.0(dir) File Include mahmood ali (Oct 27)

Mailinglists Address

Re: zero-day flaws in Firefox: about 30 unpatched Firefox flaws Mailinglists Address (Oct 07)
Re: adobe php sdk Remote File Include Vulnerabilities Mailinglists Address (Oct 24)

Marco Ivaldi

yet another OpenSSH timing leak? Marco Ivaldi (Oct 09)
Re: yet another OpenSSH timing leak? Marco Ivaldi (Oct 10)
Re: iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability Marco Ivaldi (Oct 14)
Re: yet another OpenSSH timing leak? Marco Ivaldi (Oct 14)

Mark A Basil

Re: Flaw in Firefox 2.0 RC2 Mark A Basil (Oct 19)

Martin Pitt

[USN-355-1] openssh vulnerabilities Martin Pitt (Oct 02)
[USN-356-1] gdb vulnerability Martin Pitt (Oct 02)
[USN-354-1] Firefox vulnerabilities Martin Pitt (Oct 02)
[USN-358-1] ffmpeg, xine-lib vulnerabilities Martin Pitt (Oct 04)
[USN-353-2] OpenSSL vulnerability Martin Pitt (Oct 04)
[USN-357-1] Mono vulnerability Martin Pitt (Oct 04)
[USN-359-1] Python vulnerability Martin Pitt (Oct 06)
[USN-361-1] Mozilla vulnerabilities Martin Pitt (Oct 10)
[USN-360-1] awstats vulnerabilities Martin Pitt (Oct 10)
[USN-362-1] PHP vulnerabilities Martin Pitt (Oct 10)
[USN-368-1] Qt vulnerability Martin Pitt (Oct 23)

Martin Schulze

[SECURITY] [DSA 1188-1] New mailman packages fix several problems Martin Schulze (Oct 04)
[SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Oct 05)
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Oct 06)

Matousec - Transparent security Research

ISS BlackICE PC Protection Filelock protection bypass Vulnerability Matousec - Transparent security Research (Oct 16)

matteo

Re: phpAdsNew include bug! matteo (Oct 19)

Matteo Beccati

[PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability Matteo Beccati (Oct 23)

Matthias Geerdsen

[ GLSA 200610-01 ] Mozilla Thunderbird: Multiple vulnerabilities Matthias Geerdsen (Oct 04)
[ GLSA 200610-02 ] Adobe Flash Player: Arbitrary code execution Matthias Geerdsen (Oct 04)
[ GLSA 200610-09 ] libmusicbrainz: Multiple buffer overflows Matthias Geerdsen (Oct 23)

Matt Richard

Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability Matt Richard (Oct 30)

maxgipeh

ActiveX security leaks in the TV owned web game platform maxgipeh (Oct 31)

Max Moser

New tool release today - "wyd" - password profiling Max Moser (Oct 11)

Mayhemic Labs Security

MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues Mayhemic Labs Security (Oct 10)
MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues Mayhemic Labs Security (Oct 12)
MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues Mayhemic Labs Security (Oct 27)

MC Iglo

XSS in Zwahlen Online Shop MC Iglo (Oct 23)

meto5757

digishop v 4.0.0 Xss Vuln. meto5757 (Oct 02)

mfp . c

phpMyConferences <= 8.0.2 Remote File Inclusion mfp . c (Oct 31)

Mike

Re: Concurrency-related vulnerabilities in browsers - expect problems Mike (Oct 05)
Flaw in Firefox 2.0 RC2 Mike (Oct 17)
Flaw in Firefox 2.0 Final mike (Oct 23)

Mike Klingler

Advisory for Oneorzero helpdesk Mike Klingler (Oct 20)

mjau

Re: imageVue16.1 upload vulnerability mjau (Oct 30)

mkanat

Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 mkanat (Oct 16)

MoHaNdKo

zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit MoHaNdKo (Oct 18)
freenews---> fileinclude MoHaNdKo (Oct 30)

Moritz Muehlenhoff

[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code Moritz Muehlenhoff (Oct 04)
[SECURITY] [DSA 1190-1] New maxdb-7.5.00 packages fix execution of arbitrary code Moritz Muehlenhoff (Oct 04)
[SECURITY] [DSA 1194-1] New libwmf packages fix arbitrary code execution Moritz Muehlenhoff (Oct 09)
[SECURITY] [DSA 1196-1] New clamav packages fix arbitrary code execution Moritz Muehlenhoff (Oct 19)
[SECURITY] [DSA 1197-1] New python2.4 packages fix arbitrary code execution Moritz Muehlenhoff (Oct 23)
[SECURITY] [DSA 1198-1] New python2.3 packages fix arbitrary code execution Moritz Muehlenhoff (Oct 23)
[SECURITY] [DSA 1201-1] New ethereal packages fix denial of service Moritz Muehlenhoff (Oct 31)
[SECURITY] [DSA 1202-1] New screen packages fix arbitrary code execution Moritz Muehlenhoff (Oct 31)

Moritz Naumann

IE7 status: 8 days after release, 3 unfixed issues Moritz Naumann (Oct 27)

mozi2weed

phpMyProfiler remote file include mozi2weed (Oct 04)

mrapples

Re: Simple Machines Forum (SMF) XSS issue mrapples (Oct 21)

navairum

SQL Injection simplog navairum (Oct 19)
IPEER Remote file inclusion navairum (Oct 23)

neothermic

Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability neothermic (Oct 19)

Nick Boyce

Re: Concurrency-related vulnerabilities in browsers - expect problems Nick Boyce (Oct 06)

nicolascamino

Re: Application orders Linux in WebAPP v0.9.9.2.1 nicolascamino (Oct 24)

Nikolai Grigoriev

Hawking Technology wireless router WR254-CA DNS issue Nikolai Grigoriev (Oct 31)

nima . salehi

CommunityPortals <= 1.0 Remote File Include Vulnerability nima . salehi (Oct 11)
Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability nima . salehi (Oct 12)
Admin User Viewed Posts Tracker Remote File Include Vulnerability nima . salehi (Oct 12)
SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability nima . salehi (Oct 13)
phpBB Security <= 1.0.1 Remote File Include Vulnerability nima . salehi (Oct 13)
pbpbb archive for search engines Remote File Include Vulnerability nima . salehi (Oct 13)
phpBB Add Name Remote File Include Vulnerability nima . salehi (Oct 14)
SpamOborona PHPBB Plugin Remote File Include Vulnerability nima . salehi (Oct 14)
maluinfo version 206.2.38l Remote File Include Vulnerability nima . salehi (Oct 14)
AMAZONIA MOD Remote File Include Vulnerability nima . salehi (Oct 14)
phpBB PlusXL 2.x <= biuld 272 Remote File Include Vulnerability nima . salehi (Oct 14)
news defilante horizontale <= 4.1.1 Remote File Include Vulnerability nima . salehi (Oct 14)
phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability nima . salehi (Oct 14)
RPG Events 1.0.0 Remote File Include Vulnerability nima . salehi (Oct 14)
PhpBB Prillian French Remote File Include Vulnerability nima . salehi (Oct 14)
Buzlas <= v2006-1 Full Remote File Include Vulnerability nima . salehi (Oct 14)

Nms

Punbb <= 1.2.13 Multiple Vulnerabilities Nms (Oct 30)

nnp

Kmail <= 1.9.1 (table/frameset) DOS nnp (Oct 16)

nnposter

Insecure storage of passwords in Axalto Protiva nnposter (Oct 27)

Noah Meyerhans

[SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution Noah Meyerhans (Oct 03)
[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service Noah Meyerhans (Oct 10)
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems Noah Meyerhans (Oct 24)
[SECURITY] [DSA 1200-1] New Qt packages fix integer overflow Noah Meyerhans (Oct 30)

noislet . nospam

AROUNDMe 0.6.9 remonte file inclusion noislet . nospam (Oct 23)

noreply

Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface noreply (Oct 18)
Airmagnet management interfaces multiple vulnerabilities noreply (Oct 18)
Web-style Wireless IDS attacks noreply (Oct 26)

Ofer Shezaf

ModSecurity 2.0, A Core Rule Set and Console now available Ofer Shezaf (Oct 31)

OpenPKG

[OpenPKG-SA-2006.022] OpenPKG Security Advisory (openssh) OpenPKG (Oct 02)
[OpenPKG-SA-2006.023] OpenPKG Security Advisory (php) OpenPKG (Oct 17)
[OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk) OpenPKG (Oct 19)
[OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal) OpenPKG (Oct 20)
[OpenPKG-SA-2006.026] OpenPKG Security Advisory (screen) OpenPKG (Oct 26)
[OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress) OpenPKG (Oct 30)

Outlaw

phpMyConferences_8.0.2 Remote File Inclusion Outlaw (Oct 25)

paisterist . nst

PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability paisterist . nst (Oct 07)
PHP open_basedir with symlink() function Race Condition PoC exploit paisterist . nst (Oct 09)
-==PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities==- paisterist . nst (Oct 23)
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability paisterist . nst (Oct 27)
PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability paisterist . nst (Oct 31)

Paolo Perego

Pebble 2.0.0 RC[1,2] XSS vulnerability Paolo Perego (Oct 02)

Paul Schmehl

Re: Flaw in Firefox 2.0 RC2 Paul Schmehl (Oct 18)

Paul Szabo

IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo (Oct 02)
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo (Oct 03)
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Paul Szabo (Oct 03)

pdp (architect)

JavaScript Spider (code that can traverse the web) pdp (architect) (Oct 07)

playpacific . emulacaid

Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability playpacific . emulacaid (Oct 27)

pokley

Re: freenews---> fileinclude pokley (Oct 31)
Re: freenews---> fileinclude pokley (Oct 31)

poplix

easy notes manager sql injection and authentication bypass poplix (Oct 30)

Praburaajan

HITBSecConf2006 CTF Source code and daemons Praburaajan (Oct 09)

ptitgal

Re: @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit ptitgal (Oct 16)

ragan

zero-day flaws in Firefox: about 30 unpatched Firefox flaws ragan (Oct 02)

raphael . huck

Noah's Classifieds Cross Site Scripting Vulnerability raphael . huck (Oct 11)
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities raphael . huck (Oct 12)
WikiNi Multiple Cross Site Scripting Vulnerabilities raphael . huck (Oct 23)

Raphael Marichez

[ GLSA 200610-03 ] ncompress: Buffer Underflow Raphael Marichez (Oct 06)
[ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities Raphael Marichez (Oct 16)
[ GLSA 200610-05 ] CAPI4Hylafax fax receiver: Execution of arbitrary code Raphael Marichez (Oct 17)
[ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery Raphael Marichez (Oct 17)
[ GLSA 200610-07 ] Python: Buffer Overflow Raphael Marichez (Oct 17)
ERRATA: [ GLSA 200610-07 ] Python: Buffer Overflow Raphael Marichez (Oct 19)
[ GLSA 200610-08 ] Cscope: Multiple buffer overflows Raphael Marichez (Oct 20)
[ GLSA 200610-10 ] ClamAV: Multiple Vulnerabilities Raphael Marichez (Oct 24)
[ GLSA 200610-11 ] OpenSSL: Multiple vulnerabilities Raphael Marichez (Oct 24)
[ GLSA 200610-12 ] Apache mod_tcl: Format string vulnerability Raphael Marichez (Oct 24)
[ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow Raphael Marichez (Oct 27)
[ GLSA 200610-14 ] PHP: Integer overflow Raphael Marichez (Oct 30)
[ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities Raphael Marichez (Oct 30)

Rapigator

Invision Power Board Multiple Vulnerabilities Rapigator (Oct 04)
Re: Invision Power Board Multiple Vulnerabilities Rapigator (Oct 07)

RedTeam Pentesting

Authentication bypass in BytesFall Explorer RedTeam Pentesting (Oct 31)

ReeM_HaCk

Security Suite IP Logger Remote File Inclusion ReeM_HaCk (Oct 12)

Research

SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability Research (Oct 12)
SYMSA-2006-010: Directory Traversal in IronWebMail research (Oct 16)
PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting research (Oct 17)
Microsoft .NET request filtering bypass vulnerability research (Oct 27)

Reversemode

[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation Reversemode (Oct 06)
[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation Reversemode (Oct 20)
Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 Reversemode (Oct 27)

Roman Medina-Heigl Hernandez

Portable shell-exploit for buffer-overflow bugs Roman Medina-Heigl Hernandez (Oct 02)

root

Static fmat exploits with random va root (Oct 18)

rPath Update Announcements

rPSA-2006-0183-1 nss_ldap rPath Update Announcements (Oct 06)
rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements (Oct 06)
rPSA-2006-0182-1 php php-mysql php-pgsql rPath Update Announcements (Oct 06)
rPSA-2006-0187-1 idle python rPath Update Announcements (Oct 11)
rPSA-2006-0194-1 kernel rPath Update Announcements (Oct 17)
rPSA-2006-0195-1 kdelibs rPath Update Announcements (Oct 19)
rPSA-2006-0195-2 kdelibs qt-x11-free rPath Update Announcements (Oct 26)
rPSA-2006-0198-1 screen rPath Update Announcements (Oct 26)

RSnake

Re: Simple Machines Forum (SMF) XSS issue RSnake (Oct 23)

Ryan Smith

Hustle Labs & MNIN eDirectory Vulnerability Ryan Smith (Oct 21)

sami

Cahier de textes 2.0 Remote SQL injection Exploit sami (Oct 07)

scottREMOVE

Re: vbulletin Exploit Tool Box scottREMOVE (Oct 17)

scsantos () unigranrio com br

Re: [Full-disclosure] SQL injection - moodle scsantos () unigranrio com br (Oct 09)

Sean Warnock

RE: Flaw in Firefox 2.0 RC2 Sean Warnock (Oct 19)

sec

TorrentFlux User-Agent XSS Vulnerability sec (Oct 06)

Secunia Research

Secunia Research: Microsoft Windows Object Packager Dialog Spoofing Secunia Research (Oct 11)
Secunia Research: Joomla BSQ Sitestats Script Insertion and SQL Injection Secunia Research (Oct 18)
Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions Secunia Research (Oct 18)

secure

Symantec Product Security: Symantec Device Driver Elevation of Privileg secure (Oct 24)

securfrog

Re: net2ftp: a web based FTP client :) <= Remote File Inclusion securfrog (Oct 02)

security

[ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities security (Oct 03)
[ MDKSA-2006:177 ] - Updated MySQL packages rebuilt against updated openssl. security (Oct 03)
[ MDKSA-2006:178 ] - Updated ntp packages rebuilt against updated openssl. security (Oct 03)
[ MDKSA-2006:179 ] - Updated openssh packages fix DoS vulnerabilities security (Oct 04)
Directory Traversal Vulnerability in Goop Gallery 2.0.2 security (Oct 04)
[ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability security (Oct 06)
FreeWPS File Upload Command Execution security (Oct 06)
[ MDKSA-2006:181 ] - Updated python packages fix vulnerability security (Oct 10)
Directory Traversal Vulnerability in Goop Gallery 2.0.2 security (Oct 11)
[ MDKSA-2006:182 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Oct 11)
Multiple XSS Vulnerability in Gcontact security (Oct 14)
Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5 security (Oct 14)
[ MDKSA-2006:183 ] - Updated libksba packages correct DoS vulnerability security (Oct 18)
[ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities security (Oct 18)
[ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities security (Oct 18)
Multiple XSS Vulnerabilities in KnowledgeBank 1.01 security (Oct 19)
[ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability security (Oct 19)
ProgSys verion 0.151 XSS vulnerability security (Oct 24)
[ MDKSA-2006:187 ] - Updated Qt packages fix vulnerability security (Oct 25)
phpFaber CMS Cross Site Scripting security (Oct 27)
vulnerability in Symantec products security (Oct 27)
[ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability security (Oct 28)
[ MDKSA-2006:188 ] - Updated mono packages fix vulnerability security (Oct 28)
[ MDKSA-2006:190 ] - Updated mutt packages fix multiple vulnerabilities security (Oct 28)
[ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability security (Oct 28)
[ MDKSA-2006:191 ] - Updated screen packages fix vulnerability security (Oct 28)
[ MDKSA-2006:193 ] - Updated ImageMagick packages fix vulnerabilities security (Oct 31)
[ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities security (Oct 31)
SQL Injection Vulnerability in bfExplorer 0.0.6 security (Oct 31)

security-alert

[security bulletin] HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation security-alert (Oct 02)
[security bulletin] HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access security-alert (Oct 02)
[security bulletin] HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert (Oct 10)
[security bulletin] HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege security-alert (Oct 12)
[security bulletin] HPSBST02160 SSRT061254 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-055 security-alert (Oct 13)
[security bulletin] HPSBST02134 SSRT061187 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-052, MS06-053 and MS06-054 security-alert (Oct 13)
[security bulletin] HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges security-alert (Oct 17)
[security bulletin] HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065 security-alert (Oct 19)
HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code security-alert (Oct 20)
[security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code security-alert (Oct 20)
[security bulletin] HPSBMA02133 SSRT061201 rev.2 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert (Oct 26)
[security bulletin] HPSBMA02138 SSRT061184 rev.2 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution security-alert (Oct 30)
[security bulletin] HPSBMA02121 SSRT061157 rev.3 - HP OpenView Storage Data Protector Remote Unauthorized Arbitrary Command Execution security-alert (Oct 31)
[security bulletin] HPSBTU02168 SSRT061237 rev.1 - HP Tru64 UNIX Running gzip, gunzip, and gzcat, Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) security-alert (Oct 31)

securityproof

"POC 2006" by Korean hackers securityproof (Oct 02)

seejay . 11

Spoofing security dialog in object packager - 2 seejay . 11 (Oct 14)

Shane Lahey

Re: Flaw in Firefox 2.0 RC2 Shane Lahey (Oct 18)

simo

Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include simo (Oct 30)

Sowhat

Microsoft Office Malformed Record Memory Corruption Vulnerability Sowhat (Oct 11)

Stefan Esser

Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities Stefan Esser (Oct 02)
Advisory 08/2006: PHP open_basedir Race Condition Vulnerability Stefan Esser (Oct 04)
Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow Stefan Esser (Oct 09)
Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability Stefan Esser (Oct 17)
Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities Stefan Esser (Oct 19)

Steve Kemp

[SECURITY] [DSA 1166-2] New cheesetraceker packages fix buffer overflow Steve Kemp (Oct 13)

Steven M. Christey

Re: WebspotBlogging => 3.0 Remote File Include Vulnerabilities Steven M. Christey (Oct 03)
Vulnerability Type Distributions in CVE Steven M. Christey (Oct 05)
Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit Steven M. Christey (Oct 06)
Re: net2ftp: a web based FTP client :) <= Remote File Inclusion Steven M. Christey (Oct 09)
Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit Steven M. Christey (Oct 11)
Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability Steven M. Christey (Oct 21)

stormhacker

WDT:- osTicket File Include all V stormhacker (Oct 14)

str0ke

Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit str0ke (Oct 10)
Re: gcards (languagefile) <= Remote File Include str0ke (Oct 11)
Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit str0ke (Oct 18)

subzero . 0000

ATutor 1.5.3.2=> Remote File Include Vulnerability subzero . 0000 (Oct 19)

Tamriel

eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities Tamriel (Oct 10)
XeoPort <= 0.81 SQL Injection Vulnerability Tamriel (Oct 12)
Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities Tamriel (Oct 12)
Re: phpMyConferences_8.0.2 Remote File Inclusion Tamriel (Oct 25)
Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include Tamriel (Oct 31)
Re: freenews---> fileinclude Tamriel (Oct 31)

the_free_kernel

[Xss] IN SMF 1.1 RC2 the_free_kernel (Oct 19)
Application orders Linux in WebAPP v0.9.9.2.1 the_free_kernel (Oct 23)

the-free_kernel

[Xss] IN phplist v 2.10.2, the-free_kernel (Oct 17)

theif

Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit theif (Oct 19)

Thierry Zoller

Re: [Full-disclosure] hack.lu Bluetooth demo Thierry Zoller (Oct 23)

Thomas Biege

SUSE Security Summary Report SUSE-SR:2006:024 Thomas Biege (Oct 06)

Thor Larholm

0day in Firefox from ToorCon '06 Thor Larholm (Oct 02)

Trustix Security Advisor

TSLSA-2006-0055 - multi Trustix Security Advisor (Oct 06)
TSLSA-2006-0057 - multi Trustix Security Advisor (Oct 18)
TSLSA-2006-0059 - postgresql Trustix Security Advisor (Oct 27)

TSRT

TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability TSRT (Oct 06)
TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities TSRT (Oct 06)

Uwe Hermann

[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues Uwe Hermann (Oct 19)
[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue Uwe Hermann (Oct 19)
[DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue Uwe Hermann (Oct 19)

v1per-hacker

Download-Engine Remote File Include v1per-hacker (Oct 12)

Vidar Løkken

Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS Vidar Løkken (Oct 16)

vulnpost-remove

[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities vulnpost-remove (Oct 24)

wacky

phpAdsNew include bug! wacky (Oct 17)

webcalendar

Re: WebCalendar-1.0.3 reading of any files webcalendar (Oct 02)

Williams, James K

[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability Williams, James K (Oct 04)
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities Williams, James K (Oct 06)
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED) Williams, James K (Oct 20)

Wim Godden

Re: phpAdsNew include bug! Wim Godden (Oct 18)

Wolf Halton

RE: Informing Companies about security vulnerabilities... Wolf Halton (Oct 07)

x0r0n

phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability x0r0n (Oct 02)
phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability x0r0n (Oct 06)
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability x0r0n (Oct 07)
phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability x0r0n (Oct 07)

xorontr

PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability xorontr (Oct 09)
Freenews v1.1 <= (chemin) Remote File Include Vulnerability xorontr (Oct 09)
Re: Jax LinkLists Remote File include xorontr (Oct 14)
Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability xorontr (Oct 21)
Virtual Law Office (phpc_root_path) Remote File Include Vulnerability xorontr (Oct 21)
PHP Generator of Object SQL Database (path) Remote File Include Vulnerability xorontr (Oct 23)
InteliEditor (sys_path) Remote File Include Vulnerability xorontr (Oct 24)
MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability xorontr (Oct 27)

xp1o

WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit xp1o (Oct 05)
phponline <= (LangFile) Remote File Inclusion Exploit xp1o (Oct 06)
The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit xp1o (Oct 09)
news7 <= (news.php) Remote File Inclusion Exploit xp1o (Oct 13)
@lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit xp1o (Oct 14)

xx_hack_xx_2004

Full Path Disclosure in PHP-Wyana xx_hack_xx_2004 (Oct 16)
Full Path Disclosure in PHP-Wyana (2) xx_hack_xx_2004 (Oct 16)

xxxx

New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)
Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)

zarloule04

XSS IN paFileDB 3.1 zarloule04 (Oct 09)

zdi-disclosures

ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability zdi-disclosures (Oct 06)
ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability zdi-disclosures (Oct 06)
ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability zdi-disclosures (Oct 10)
ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability zdi-disclosures (Oct 10)
ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability zdi-disclosures (Oct 10)
ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability zdi-disclosures (Oct 27)

zooz_998

phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include zooz_998 (Oct 27)

Дмитрий Borgir

PHP "exec", "system", "popen" problem Дмитрий Borgir (Oct 19)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]