Bugtraq: by author

`ClubHack `
- ClubHack2007: Presentation are online now (Dec 15 2007)
Abel Cheung
- Re: Wordpress - Broken Access Control (Dec 19 2007)
- WordPress Charset SQL injection vulnerability (re-resend) (Dec 10 2007)
admin_at_bugreport.ir
- Bitweaver source code disclosure, arbitrary file upload (Dec 30 2007)
- Jupiter Cms Multiple Vulnerabilities (Dec 24 2007)
- PHP <= 5.2.5 Safe Mode Bypass (Dec 24 2007)
- Hosting Controller - Multiple Security Bugs (Extremely Critical) (Dec 13 2007)
- Snitz2000 SQL Injection: A user can gain admin level (Dec 03 2007)
Adrian Chadd
- SQUID-2007:2, Dec 4, 2007 (Dec 06 2007)
advisory_at_rapid7.com
- R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities (Dec 06 2007)
ahcrew_at_gmail.com
- iSupport v1.8 Local file include vulnerability (Dec 19 2007)
AKS aka (0kn0ck)
- [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps (Dec 03 2007)
alan_at_verselogic.net
- Re: Sql Injection in wordpress 2.3.1 (Dec 05 2007)
Alireza Hassani
- Re: Re: PHP <= 5.2.5 Safe Mode Bypass (Dec 25 2007)
Amit Klein
- Re: RE: TCP Port randomization paper (Dec 17 2007)
- RE: TCP Port randomization paper (Dec 11 2007)
announcements_at_webappsec.org
- WASC Announcement: The Script Mapping Project Results and Call for Participation (Dec 10 2007)
antonio_at_antoniocortes.com
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability (Dec 20 2007)
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability (Dec 20 2007)
arsalan1991_at_gmail.com
- Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug (Dec 17 2007)
- PHP MySQL Banner Exchange 2.2.1 remote mysql database bug (Dec 14 2007)
atc08_at_atilf.no
- (Re-post) ATC-08 CFP (Dec 04 2007)
avivra
- Google Toolbar Dialog Spoofing Vulnerability (Dec 18 2007)
azizov_at_itdefence.ru
- Firefox 2.0.0.11 INPUT Denial Of Service (Dec 05 2007)
Balazs Scheidler
- Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service (Dec 17 2007)
- ZSA-2007-029: syslog-ng Denial of Service (Dec 17 2007)
balrog_at_gmail.com
- Bid 24744 ? (Dec 22 2007)
bar_at_foo.com
- Re: Re: Moodle SQL Injection (Dec 22 2007)
bebe_at_gmail.com
- SQL injection - GestDownV1.00Beta (Dec 08 2007)
beenudel1986_at_gmail.com
- My Blog Rfi (Dec 22 2007)
- Multiple xss in mambo 4.6.2 (Dec 18 2007)
- Sql Injection in wordpress 2.3.1 (Dec 05 2007)
- Blind Sql-Injection in Joomla 1.5 RC3 (Dec 04 2007)
- RFI and Multiple XSS in PhpMyChat (Dec 04 2007)
Bernhard Mueller
- SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability (Dec 04 2007)
blackredyellow_at_hushmail.com
- Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm (Dec 26 2007)
- Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm (Dec 18 2007)
bob_at_hotmail.com
- Re: Powerschool 404 Admin Exposure (Dec 04 2007)
brainheadbrainhead_at_gmx.de
- webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability (Dec 08 2007)
brancohat_at_gmail.com
- PHP -> set_time_limit (Dec 26 2007)
bugtraq_at_darkprotocols.net
- [XSS] OpenNewsletter v2.5 Multipe XSS Attacks (Dec 06 2007)
carlo.feller_at_gmail.com
- Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. (Dec 18 2007)
Charles Hardin
- Re: Cpanel Vulnerability? (Dec 12 2007)
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module (Dec 19 2007)
- Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability (Dec 05 2007)
cocoruder
- [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (Dec 05 2007)
come2waraxe_at_yahoo.com
- [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 (Dec 23 2007)
CORE Security Technologies Advisories
- CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability (Dec 04 2007)
Craig Wright
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
dann frazier
- [SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities (Dec 20 2007)
- [SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities (Dec 11 2007)
- [SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities (Dec 10 2007)
david130490_at_hotmail.com
- Re: Re: Re: TotalPlayer 3.0 .m3u crash (Dec 27 2007)
- Re: Re: TotalPlayer 3.0 .m3u crash (Dec 27 2007)
- TotalPlayer 3.0 .m3u crash (Dec 24 2007)
Digital Security Research Group
- Multiple vulnerabilities in RUNCMS 1.6 by DSecRG (Dec 25 2007)
Digital Security Research Group [DSecRG]
- 2z-project 0.9.6.1 Multiple Security Vulnerabilities (Dec 28 2007)
DoZ_at_HackersCenter.com
- LiveCart Multiple Cross-Site Scripting Vulnerabilities (Dec 30 2007)
- IPortalX Forums Cross-Site Scripting Vulnerability (Dec 26 2007)
- [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities (Dec 22 2007)
- Bitweaver XSS & SQL Injection Vulnerability (Dec 09 2007)
- McAfee SecurityCenter Privacy Service HTML Execution Vulnerability (Dec 03 2007)
erdc_at_echo.or.id
- [ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability (Dec 05 2007)
erne_at_ernealizm.us
- Confixx Professional RFİ (Dec 25 2007)
evanchik_at_gmail.com
- America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution (Dec 21 2007)
fagian_at_gmail.com
- Re: Microsoft Office Publisher (Dec 23 2007)
Fernando Gont
- Re: TCP Port randomization paper (Dec 11 2007)
- TCP Port randomization paper (Dec 06 2007)
Florian Weimer
- [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities (Dec 28 2007)
foo_at_bar.com
- Re: Moodle SQL Injection (Dec 21 2007)
Francisco Pecorella
- Cpanel Vulnerability? (Dec 12 2007)
fukami
- Re: Design flaw in AS3 socket handling allows port probing (Dec 20 2007)
Gadi Evron
- Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd) (Dec 03 2007)
gb_at_gb.hates.the.constitution.gov
- Re: Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 28 2007)
gdfuego_at_gmail.com
- Re: Re: Cpanel Vulnerability? (Dec 12 2007)
Gerald (Jerry) Carter
- [SECURITY] Buffer overrun in send_mailslot() (Dec 10 2007)
gforce_at_operamail.com
- jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow (Dec 17 2007)
- Media Player Classic 6.4.9 MP4 Stack Overflow 0-day (Dec 07 2007)
- Windows media player 6.4 MP4 Stack Overflow 0-day (Dec 07 2007)
- Nullsoft Winamp MP4 tags Stack Overflow (Dec 07 2007)
gmdarkfig_at_gmail.com
- PHP Security Framework: Vuln and Security Bypass (Dec 16 2007)
guiness.stout
- Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability (Dec 03 2007)
gynvael_at_vexillium.org
- Opera 9.50 beta and prior remote DoS (freeze) (Dec 04 2007)
hadihadi_zedehal_2006_at_yahoo.com
- neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) (Dec 16 2007)
Hanno Böck
- Re: Multiple xss in mambo 4.6.2 (Dec 26 2007)
- CVE-2007-6205 (Dec 10 2007)
Henrich C. Poehls
- Re: MS Office 2007: Digital Signature does not protect Meta-Data (Dec 19 2007)
- Re: MS Office 2007: Digital Signature does not protect Meta-Data (Dec 14 2007)
Hernan Ochoa
- release uhooker v1.3 (Dec 17 2007)
hjan
- CFP CISIS '08 (Dec 21 2007)
Hubbard, Dan
- RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass (Dec 13 2007)
iDefense Labs
- iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability (Dec 18 2007)
- iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability (Dec 18 2007)
- iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability (Dec 12 2007)
- iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability (Dec 12 2007)
imei Addmimistrator
- SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS (Dec 11 2007)
imipak
- Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability (Dec 03 2007)
IRM Research
- PGMfuzz - a tool for testing Pragmatic General Multicast protocol implementations (Dec 11 2007)
- TIBCO Rendezvous Exploitation Video (Dec 04 2007)
ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack (Dec 23 2007)
- [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS (Dec 07 2007)
ISR-noreply
- [ISR] - Novell Groupwise client remote stack overflow silently patched. (Dec 14 2007)
J. Oquendo
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
jaakkoNOSPAM_at_NOSPAMritke.fi
- Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability (Dec 07 2007)
Jamie Strandboge
- [USN-559-1] MySQL vulnerabilities (Dec 20 2007)
- [USN-557-1] GD library vulnerability (Dec 18 2007)
- [USN-554-1] teTeX and TeX Live vulnerabilities (Dec 06 2007)
- [USN-551-1] OpenLDAP vulnerabilities (Dec 03 2007)
Jay Hennigan
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
Jim Harrison
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 21 2007)
jmoss
- Black Hat Briefings Call for Papers and Happy Happy Joy Joy (Dec 19 2007)
- Black Hat Briefings Call for Papers (Dec 11 2007)
Jon Angliss
- ANNOUNCE: SquirrelMail 1.4.13 Released (Dec 14 2007)
- SECURITY: 1.4.12 Package Compromise (Dec 13 2007)
jplopezy_at_gmail.com
- Microsoft Office Publisher (Dec 21 2007)
- Word 2003 denial of service (Dec 21 2007)
- Rosoft Media Player 4.1.7 crash (Dec 17 2007)
- QK SMTP Server 3 - Denial of service (Dec 12 2007)
Juan Galiana
- FAQMasterFlexPlus multiple vulnerabilities (Dec 27 2007)
- OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities (Dec 27 2007)
Juha-Matti Laurio
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 30 2007)
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 22 2007)
- Cryptome: NSA has real-time access to Hushmail servers (Dec 21 2007)
- Re: Dell / Dell Financial Services - Contact (Dec 10 2007)
- The recent number of unpatched QuickTime flaws is: two (Dec 04 2007)
Justin_at_InfoTek
- Dell / Dell Financial Services - Contact (Dec 10 2007)
Kees Cook
- [USN-556-1] Samba vulnerability (Dec 18 2007)
- [USN-550-3] Cairo regression (Dec 12 2007)
- [USN-550-2] Cairo regression (Dec 10 2007)
- [USN-555-1] e2fsprogs vulnerability (Dec 07 2007)
- [USN-552-1] Perl vulnerability (Dec 04 2007)
- [USN-553-1] Mono vulnerability (Dec 04 2007)
- [USN-546-2] Firefox regression (Dec 04 2007)
- [USN-549-2] PHP regression (Dec 03 2007)
- [USN-550-1] Cairo vulnerability (Dec 03 2007)
Kevin Reiter
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
kingoftheworld92_at_fastwebnet.it
- Flat PHP Board <= 1.2 Multiple Vulnerabilities (Dec 09 2007)
- SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. (Dec 05 2007)
Kurt Buff
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
Liquidmatrix Security Digest
- Advisory: Websense XSS Vulnerability (Dec 10 2007)
- Advisory: Cross Site Scripting in CiscoWorks (Dec 05 2007)
Lolek of TK53
- TK53 Advisory #2: Multiple vulnerabilities in ClamAV (Dec 29 2007)
lolo lolo
- SiteScape Forum TCL injection (Dec 20 2007)
Luigi Auriemma
- Buffer-overflow in CoolPlayer 217 (Dec 28 2007)
- Buffer-overflow in Extended Module Player 2.5.1 (Dec 27 2007)
- Multiple vulnerabilities in libnemesi 0.6.4-rc1 (Dec 27 2007)
- Multiple vulnerabilities in Feng 0.1.15 (Dec 27 2007)
- Re: TotalPlayer 3.0 .m3u crash (Dec 27 2007)
- Re: TotalPlayer 3.0 .m3u crash (Dec 27 2007)
- Unicode buffer-overflow in Zoom Player 6.00b2 (Dec 24 2007)
- Update: Clients buffer-overflow in Live for Speed 0.5X10 (Dec 24 2007)
- Double directory traversal in ImgSvr 0.6.21 (Dec 24 2007)
- Buffer-overflow and format string in VideoLAN VLC 0.8.6d (Dec 24 2007)
- Buffer-overflow in WinUAE 1.4.4 (Dec 21 2007)
- Array overflow in id3lib (devel CVS) (Dec 19 2007)
- Heap overflow in PeerCast 0.1217 (Dec 17 2007)
- Filesystem access in DOSBox 0.72 (Dec 10 2007)
- Multiple vulnerabilities in BadBlue 2.72b (Dec 10 2007)
- Multiple vulnerabilities in BarracudaDrive 3.7.2 (Dec 10 2007)
- Upload directory traversal in Easy File Sharing 4.5 (Dec 07 2007)
- Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 (Dec 07 2007)
- Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) (Dec 07 2007)
- Two vulnerabilities in Simple HTTPD 1.38 (Dec 07 2007)
M. Burnett
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 22 2007)
Maciej G�siorowski
- smbfs and apache+php source code disclosure (Dec 19 2007)
Major Malfunction
- DC4420 - London DEFCON chapter Christmas Party - 11th December (Dec 01 2007)
malibu.r_at_hotmail.com
- Logaholic Web Analytics Software (Dec 22 2007)
mark seiden-via mac
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
Mark Thomas
- [CVE-2007-5342] Apache Tomcat's default security policy is too open (Dec 23 2007)
Martin Huter
- squids ICAP implementation lacks a defer check when reading from ICAP server (Dec 10 2007)
Martin Schulze
- [SECURITY] [DSA 1421-1] New wesnoth packages fix arbitrary file disclosure (Dec 06 2007)
- [SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution (Dec 05 2007)
Matthew Leeds
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day (Dec 12 2007)
Matthias Bethke
- Potential SQL injection vulnerability in Apache::AuthCAS (Dec 06 2007)
Mesut Timur
- Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability (Dec 24 2007)
- Falt4 CMS Security Report/Advisory (Dec 10 2007)
Michal Bucko
- [ELEYTT] Public Advisory 05-12-2007 (Dec 04 2007)
- Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" (Dec 04 2007)
michele dallachiesa
- The Cookie Tools v0.3 -- first public release (Dec 10 2007)
Milen Rangelov
- sing (debian) vunlerability? (Dec 03 2007)
mj_at_gayrockies.net
- Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability (Dec 20 2007)
morin.josh_at_gmail.com
- Fingerprints in Astaro Security Gateway v7.1 (Dec 27 2007)
Moritz Jodeit
- Apple OS X Software Update Remote Command Execution (Dec 17 2007)
Moritz Muehlenhoff
- [SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution (Dec 28 2007)
- [SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution (Dec 28 2007)
- [SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities (Dec 26 2007)
- [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities (Dec 19 2007)
- [SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution (Dec 10 2007)
- [SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities (Dec 08 2007)
- [SECURITY] [DSA 1425-1] New xulrunner packages fix several vulnerabilities (Dec 08 2007)
- Re: sing (debian) vunlerability? (Dec 04 2007)
- [SECURITY] [DSA 1417-1] New asterisk packages fix SQL injection (Dec 02 2007)
Naujoks, Hans-Dietmar
- AW: MS Office 2007: Digital Signature does not protect Meta-Data (Dec 14 2007)
- AW: MS Office 2007: Digital Signature does not protect Meta-Data (Dec 13 2007)
nbbn_at_gmx.net
- Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability (Dec 20 2007)
NetAuctionHelp Support
- Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection (Dec 06 2007)
no-reply_at_Aria-Security.net
- Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection (Dec 08 2007)
- Aria-Security.Net: PenPals Login and search page SQL Injection (Dec 05 2007)
noreply_at_aria-security.net
- bttlxeForum Multiple SQL Injection And Cross Site Scripting (Dec 08 2007)
- Lotfian Brochure and cataloge Script XSS And SQL Injection (Dec 02 2007)
NSFOCUS Security Team
- NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability (Dec 05 2007)
Ofer Shezaf
- Latest round of web hacking incidents for 2007 & Project news (Dec 27 2007)
office_at_rstzone.org
- XZero Community Classifieds <= v4.95.11 LFI & SQL Injection (Dec 26 2007)
oldguy_at_oldguy.us
- Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities (Dec 27 2007)
organiser_at_syscan.org
- SyScan'08 Call For Paper/Training (Dec 17 2007)
Ork
- Security and hacking papers (Dec 10 2007)
otto_at_ottodestruct.com
- Re: Wordpress - Broken Access Control (Dec 19 2007)
- Re: Wordpress - Broken Access Control (Dec 16 2007)
p4imi0
- xeCMS 1.x.x Remote File Disclosure Vulnerability. (Dec 19 2007)
- ezContents Version 1.4.5 Remote File Disclosure Vulnerability. (Dec 05 2007)
pawel2827_at_gmail.com
- CCMS v3.1 Demo <= SQL Injection Vulnerability 0day (Dec 29 2007)
- CuteNews Arbitrary File Download AllVersion (Dec 29 2007)
Pierre-Yves Rofes
- [ GLSA 200712-22 ] Opera: Multiple vulnerabilities (Dec 30 2007)
- [ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution (Dec 30 2007)
- [ GLSA 200712-17 ] exiftags: Multiple vulnerabilities (Dec 29 2007)
- [ GLSA 200712-16 ] Exiv2: Integer overflow (Dec 29 2007)
- [ GLSA 200712-15 ] libexif: Multiple vulnerabilities (Dec 29 2007)
- [ GLSA 200712-12 ] IRC Services: Denial of Service (Dec 13 2007)
- [ GLSA 200712-11 ] Portage: Information disclosure (Dec 13 2007)
- [ GLSA 200712-10 ] Samba: Execution of arbitrary code (Dec 10 2007)
- [ GLSA 200712-07 ] Lookup: Insecure temporary file creation (Dec 09 2007)
- [ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities (Dec 09 2007)
- [ GLSA 200712-05 ] PEAR::MDB2: Information disclosure (Dec 09 2007)
- [ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code (Dec 09 2007)
- [ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities (Dec 09 2007)
- [ GLSA 200712-06 ] Firebird: Multiple buffer overflows (Dec 09 2007)
- [ GLSA 200712-09 ] Ruby-GNOME2: Format string error (Dec 09 2007)
- UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code (Dec 05 2007)
- [ GLSA 200712-01 ] Hugin: Insecure temporary file creation (Dec 05 2007)
- [ GLSA 200712-02 ] Cacti: SQL injection (Dec 05 2007)
poehls_at_informatik.uni-hamburg.de
- MS Office 2007: Target of Hyperlinks not covered by Digital Signatures (Dec 13 2007)
- OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents (Dec 13 2007)
- MS Office 2007: Digital Signature does not protect Meta-Data (Dec 12 2007)
poplix
- pdflib long filename multiple bufferoverflows (Dec 22 2007)
porkythepig_at_anspi.pl
- HP laptops Software Update tool vulnerability (Dec 19 2007)
- HP notebooks remote code execution vulnerability (multiple series) (Dec 11 2007)
Praburaajan
- HITBSecConf2007 Malaysia Videos Now Available (Dec 05 2007)
Prolog Error
- Meridian Prolog Manager Username and Plain Text Password Disclosure (Dec 11 2007)
recklessb_at_users.sourceforge.net
- Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability (Dec 18 2007)
research_at_procheckup.com
- PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection (Dec 04 2007)
- PR06-09: BEA Plumtree portal full version disclosure vulnerability (Dec 01 2007)
- PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users (Dec 01 2007)
- PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability (Dec 01 2007)
research_at_symantec.com
- SYMSA-2007-015 (Dec 18 2007)
- SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software (Dec 03 2007)
retrog_at_alice.donotspam.it
- SurgeMail v.38k4 webmail Host header crash (Dec 17 2007)
- RaidenHTTPD 2.0.19 ulang cmd exec poc exploit (Dec 17 2007)
retrog_at_alice.it
- iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit (Dec 18 2007)
Rob Thompson
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day (Dec 10 2007)
Robert Buchholz
- [ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code (Dec 30 2007)
- [ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities (Dec 30 2007)
- [ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities (Dec 29 2007)
- [ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities (Dec 29 2007)
- [ GLSA 200712-19 ] Syslog-ng: Denial of Service (Dec 29 2007)
- [ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities (Dec 29 2007)
- [ GLSA 200712-14 ] CUPS: Multiple vulnerabilities (Dec 18 2007)
- [ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows (Dec 18 2007)
root_at_hanicker.it
- Moodle SQL Injection (Dec 21 2007)
rPath Update Announcements
- rPSA-2007-0269-1 kernel (Dec 18 2007)
- rPSA-2007-0268-1 kdebase (Dec 17 2007)
- rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi (Dec 17 2007)
- rPSA-2007-0264-1 mod_dav_svn subversion (Dec 12 2007)
- rPSA-2007-0262-1 e2fsprogs (Dec 11 2007)
- rPSA-2007-0261-1 samba samba-swat (Dec 10 2007)
- rPSA-2007-0260-1 firefox (Dec 06 2007)
- rPSA-2007-0257-1 rsync (Dec 04 2007)
- rPSA-2007-0255-1 nss_ldap (Nov 30 2007)
Sarasa
- [Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks (Dec 06 2007)
Secunia Research
- Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability (Dec 10 2007)
security curmudgeon
- Re: Phorm v3.0 Remote File Upload Vulnerability (Dec 06 2007)
- Re: BellaBiblio Admin Login Bypass (Dec 06 2007)
- Re: Friend Script 2.5 - 2.4 Remote File İnclude (Dec 06 2007)
- Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability (Dec 06 2007)
- Re: SQL Injection in SaphpLesson2.0 "show.php" (Dec 01 2007)
- Re: SQL Injection in saphp "showcat.php" (Dec 01 2007)
Security Officer
- AST-2007-027 - Database matching order permits host-based authentication to be ignored (Dec 18 2007)
security-alert_at_hp.com
- [security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (Dec 27 2007)
- HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (Dec 21 2007)
- [security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access (Dec 20 2007)
- [security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos) (Dec 20 2007)
- [security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS) (Dec 20 2007)
- [security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069 (Dec 18 2007)
- [security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (Dec 15 2007)
- HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code (Dec 14 2007)
- [security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) (Dec 13 2007)
- [security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code (Dec 13 2007)
- [security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code (Dec 06 2007)
- [security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access (Dec 04 2007)
security_at_mandriva.com
- [ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities (Dec 13 2007)
- [ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service (Dec 13 2007)
- [ MDKSA-2007:244 ] - Updated samba packages fix vulnerability (Dec 11 2007)
- [ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities (Dec 10 2007)
- [ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities (Dec 10 2007)
- [ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability (Dec 10 2007)
- [ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw (Dec 07 2007)
- [ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability (Dec 06 2007)
- [ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow (Dec 06 2007)
- [ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability (Dec 04 2007)
- [ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability (Dec 04 2007)
- [ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities (Dec 03 2007)
- [ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability (Dec 03 2007)
Seth
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
shino_at_jenux.homelinux.org
- Re: Sql Injection in wordpress 2.3.1 (Dec 05 2007)
shpcs08_at_atilf.no
- Call for Papers - Security and High Performance Computing System 2008 (Dec 10 2007)
shsuff_at_hotmail.com
- Re: PHP <= 5.2.5 Safe Mode Bypass (Dec 24 2007)
Sowhat
- Avast! AntiVirus TAR Processing Remote Heap Corruption (Dec 05 2007)
Stefan Kanthak
- Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953) (Dec 10 2007)
Stefano Di Paola
- The first release of SWFIntruder is out ! (Dec 04 2007)
Steve Kemp
- [SECURITY] [DSA 1433-1] New centericq packages fix execution of code (Dec 16 2007)
- [SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code (Dec 16 2007)
- [SECURITY] [DSA 1431-1] New ruby-gnome2 packages fix execution of arbitrary code (Dec 11 2007)
- [SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service (Dec 11 2007)
- [SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting (Dec 11 2007)
- [SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities (Dec 07 2007)
- [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution (Dec 07 2007)
Steve Shockley
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
Sw33t.h4cK3r_at_hotmail.com
- SQL MKPortal M1.1 Rc1 (Dec 12 2007)
swhite_at_securestate.com
- + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 (Dec 13 2007)
sys-project_at_hotmail.com
- milliscripts (dir.php) Cross-Site Scripting Vulnerability (Dec 30 2007)
- Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection (Dec 26 2007)
- SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability (Dec 24 2007)
- PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability (Dec 20 2007)
- Uber Uploader <= 5.3.6 Remote File Upload Vulnerability (Dec 17 2007)
th3.r00k.nospam_at_pork.gmail.com
- Re: Wordpress - Broken Access Control (Dec 17 2007)
- Wordpress - Broken Access Control (Dec 14 2007)
- PHP RPG - Sql Injection and Session Information Disclosure. (Dec 14 2007)
- Oreon/Centreon - Multiple Remote File Inclusion (Dec 14 2007)
- Anon Proxy Server - Remote Code Execution (Dec 14 2007)
- Phpay - Local File Inclusion (Dec 14 2007)
The Security Community
- Fwd: Websense 6.3.1 Filtering Bypass (Dec 12 2007)
The-0utl4w-noreply_at_aria-security.net
- Instant Softwares DatingSite SQL Injection (Dec 29 2007)
- [Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection (Dec 19 2007)
theredc0ders_at_gmail.com
- Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug (Dec 16 2007)
thesinoda_at_hotmail.com
- Realplayer 11 DOS attack when processing a malformed AU file on MS Vista and XP (Dec 01 2007)
Thijs Kinkhorst
- [SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution (Dec 28 2007)
- [SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection (Dec 28 2007)
- [SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression (Dec 27 2007)
- [SECURITY] [DSA 1434-1] New mydns packages fix denial of service (Dec 16 2007)
- [SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation (Dec 05 2007)
- [SECURITY] [DSA 1418-1] New cacti packages fix SQL injection (Dec 02 2007)
Thomas Roessler
- Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets) (Dec 04 2007)
- [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets (Dec 03 2007)
Thor (Hammer of God)
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 27 2007)
- RE: Cryptome: NSA has real-time access to Hushmail servers (Dec 21 2007)
Tomas Kuliavas
- Unsanitized scripting in RoundCube webmail (Dec 09 2007)
- Two vulnerabilities in SquirrelMail GPG plugin (Dec 09 2007)
Valdis.Kletnieks_at_vt.edu
- Re: Cryptome: NSA has real-time access to Hushmail servers (Dec 26 2007)
webmaster_at_networkdefense.biz
- Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data (Dec 13 2007)
Williams, James K
- [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability (Dec 21 2007)
- [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (Dec 06 2007)
x 86
- POC for samba send_mailslot() (Dec 14 2007)
yannick.warnier_at_dokeos.com
- Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities (Dec 24 2007)
zdi-disclosures_at_3com.com
- ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability (Dec 17 2007)
- ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability (Dec 17 2007)
- ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability (Dec 17 2007)
- ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability (Dec 11 2007)
- ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability (Dec 11 2007)
- ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption (Dec 11 2007)
- ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (Dec 11 2007)
- ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities (Dec 10 2007)
- ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability (Dec 06 2007)
- ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows (Dec 06 2007)
zinho_at_hackerscenter.com
- [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise (Dec 27 2007)