Home page logo
/

369 messages starting Jun 11 07 and ending Jun 12 07
Date index | Thread index | Author index

3APA3A

Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service 3APA3A (Jun 11)
ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection 3APA3A (Jun 18)

accounting

Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability accounting (Jun 14)

Adam Laurie

Announce - Release RFIDIOt ver 0.1n (June 2007) Adam Laurie (Jun 06)

adblake

Cisco Trust Agent Vulnerability adblake (Jun 11)

Aditya K Sood

Project CERA Is Up Again : Secniche Initiative Aditya K Sood (Jun 11)
MLabs is Shifted Fully : SecNiche Initiative Aditya K Sood (Jun 11)
SECNICHE : Dwelling Security is On the Run Aditya K Sood (Jun 11)

admin

[MajorSecurity Advisory #50]chameleon cms - Session fixation Issue admin (Jun 01)
[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue admin (Jun 01)
Re: [MajorSecurity Advisory #50]chameleon cms - Session fixation Issue admin (Jun 07)
Re: PHP parse_str() arbitrary variable overwrite admin (Jun 12)

Airscanner Corp.

Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users) Airscanner Corp. (Jun 29)

Andreas Beck

Re: uTorrent overflow Andreas Beck (Jun 07)

Andres Riancho

[TOOL] w3af - Web Application Attack and Audit Framework Andres Riancho (Jun 11)

anonymous

Re: Re: BlackBoard Multiple Vulnerabilities (XSS) anonymous (Jun 14)

Anurag Agarwal

OWASP and WASC Cocktail party at Blackhat USA 2007 Anurag Agarwal (Jun 07)

azizov

Local Denial of Service in Safari azizov (Jun 16)
Safari Bookmarks Buffer Overflow Vulnerability azizov (Jun 25)

BlackHawk

RevokeBB Blind SQL Injection / Hash Extractor BlackHawk (Jun 01)

Blazej Miga

Apache Prefork MPM vulnerabilities - Report Blazej Miga (Jun 20)

Calyptix Security

Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe () Office Device Calyptix Security (Jun 26)

CarcaBot

Sitellite cms <= 4.2.12 RFI Vuln CarcaBot (Jun 16)

Charles Kim

Fusetalk SQL injection submission. Charles Kim (Jun 18)

chris

CfP: 5th ACM Workshop on Recurring Malware (WORM) - Deadline extension chris (Jun 19)

Chuck Swiger

Re: PHP parse_str() arbitrary variable overwrite Chuck Swiger (Jun 13)

corrado . liotta

PhpListPro Persistent XSS Vulnerability corrado . liotta (Jun 15)

crackers_child

W1L3D4 WEBmarket v0,1 SQL Injection Vuln crackers_child (Jun 19)

cxib

PHP 4/5 htaccess safemode and open_basedir Bypass cxib (Jun 27)

Daniel Cid

Remote log injection on DenyHosts, Fail2ban and BlockHosts Daniel Cid (Jun 06)

dann frazier

[SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 07)
Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 12)
[SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities dann frazier (Jun 16)

darkz . gsa

POWER PHLOGGER v.2.2.5 (username) SQL Injection darkz . gsa (Jun 25)

David Thiel

VLC 0.8.6b format string vulnerability & integer overflow David Thiel (Jun 21)
flac123 0.0.9 - Stack overflow in comment parsing David Thiel (Jun 29)

Dennis Rand

CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files Dennis Rand (Jun 07)
CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Dennis Rand (Jun 08)

Dj . r4iDeN

uTorrent overflow Dj . r4iDeN (Jun 04)
Re: uTorrent overflow Dj . r4iDeN (Jun 06)

Dj_ReMix_20

Hnkaray Duyuru Script Remote SQL &#304;njection Dj_ReMix_20 (Jun 07)
W1L3D4 WEBmarket Remote SQL &#304;njection Dj_ReMix_20 (Jun 07)

DoZ

CACTUSHOP 6 Default Installation Allows Remote Database Disclosure DoZ (Jun 04)
Comersus Shop Cart 7.07 SQL Injection & XSS DoZ (Jun 20)

dr . rezen

bugtraq submission dr . rezen (Jun 01)

eEye Advisories

EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows eEye Advisories (Jun 08)

Eitan Caspi

"run as" local denial-of-service enables administrative account processes to be killed Eitan Caspi (Jun 25)

esc6

Conti FTP Server v1.0 DoS esc6 (Jun 27)

Firewall1954

XEForum Cookie Modification Privilege Escalation Vulnerability Firewall1954 (Jun 28)

Foresight Linux Essential Advisory Service

FLEA-2007-0024-1: libexif Foresight Linux Essential Advisory Service (Jun 04)

Foresight Linux Essential Announcement Service

FLEA-2007-0021-2: madwifi Foresight Linux Essential Announcement Service (Jun 06)
FLEA-2007-0025-1: openoffice.org Foresight Linux Essential Announcement Service (Jun 13)
FLEA-2007-0026-1: evolution-data-server Foresight Linux Essential Announcement Service (Jun 19)
FLEA-2007-0027-1: thunderbird Foresight Linux Essential Announcement Service (Jun 20)
FLEA-2007-0028-1: libexif Foresight Linux Essential Announcement Service (Jun 22)
FLEA-2007-0029-1: krb5 krb5-workstation Foresight Linux Essential Announcement Service (Jun 28)
FLEA-2007-0030-1: avahi avahi-glib avahi-sharp Foresight Linux Essential Announcement Service (Jun 28)

Francisco Amato

[ISR] :: Infobyte Security Research :: release (ISR-sqlget.pl) v1.0.0 Francisco Amato (Jun 25)

Frank Berek

Re: Having Fun With PostgreSQL Frank Berek (Jun 19)

Gadi Evron

CFP: ISOI III (a DA workshop) Gadi Evron (Jun 26)

Gavin Hanover

Re: uTorrent overflow Gavin Hanover (Jun 07)

ge

Re: Windows Oday release ge (Jun 12)
Re: Windows Oday release ge (Jun 14)

Gerhard Wagner

SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow Gerhard Wagner (Jun 01)

glafkos

Evenzia CMS XSS glafkos (Jun 01)
WebStudio Multiple XSS Vulnerabilities glafkos (Jun 04)
WmsCMS < = 2.0 Multiple XSS Vulnerabilities glafkos (Jun 07)

gmdarkfig

PHP parse_str() arbitrary variable overwrite gmdarkfig (Jun 12)
Re: Re: PHP parse_str() arbitrary variable overwrite gmdarkfig (Jun 13)
Pluxml 0.3.1 Remote Code Execution Exploit gmdarkfig (Jun 25)

GOODFELLAS SRT

[GOODFELLAS - VULN] BarCodeAx.dll v. 4.9 ActiveX Control Remote Stack Buffer Overflow GOODFELLAS SRT (Jun 25)
[GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write GOODFELLAS SRT (Jun 26)
[GOODFELLAS - VULN] hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write. Goodfellas SRT (Jun 27)

h0tturk

Dansie Cart Script Exploit Reported h0tturk (Jun 04)
CERN &#304;mage Map Dispatcher h0tturk (Jun 04)

hack2prison

ASP Folder Gallery Vulnerabilities hack2prison (Jun 06)
Singapore Gallery fullpath disclosure hack2prison (Jun 14)

HASEGAWA Yosuke

MS07-034: Executing arbitrary script with mhtml: protocol handler HASEGAWA Yosuke (Jun 22)

H D Moore

Re: CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files H D Moore (Jun 07)

Henri Lindberg - Louhi Networks Oy

CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability Henri Lindberg - Louhi Networks Oy (Jun 27)

Hugo van der Kooij

Re: Windows Oday release Hugo van der Kooij (Jun 19)

iant

Re: Buffer overflow in BusinessMail email server system 4.60.00 iant (Jun 04)

iDefense Labs

iDefense Security Advisory 06.01.07: Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability iDefense Labs (Jun 02)
iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities iDefense Labs (Jun 06)
iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability iDefense Labs (Jun 08)
iDefense Security Advisory 06.12.07: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability iDefense Labs (Jun 12)
iDefense Security Advisory 06.13.07: Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability iDefense Labs (Jun 13)
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability iDefense Labs (Jun 14)
iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability iDefense Labs (Jun 18)
iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities iDefense Labs (Jun 21)
iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability iDefense Labs (Jun 26)
iDefense Security Advisory 06.26.07: RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability iDefense Labs (Jun 26)

ifx

iG Shop 1.4 eval Inclusion Vulnerability ifx (Jun 19)

imprili

HTTP SERVER (httpsv1.6.2) source code disclosure imprili (Jun 20)
MyServer-0.8.9 - source code disclosure imprili (Jun 21)
MyServer-0.8.9 - xss in sample cgi page imprili (Jun 21)
HTTP SERVER (httpsv1.6.2) 404 Denial of Service imprili (Jun 21)
SHTTPD V1.38 server source code disclosure imprili (Jun 25)
KF Web Server 3.1.0 admin console XSS imprili (Jun 25)
LiteWEB 2.7 404 Denial of Services imprili (Jun 25)

info

Re: LuckyBot v3 Remote File Include info (Jun 07)

Ivan Almuina

fusetalk SQL (autherror.cfm) Ivan Almuina (Jun 19)
fusetalk CSS (comfinish.cfm) Ivan Almuina (Jun 20)
fusetalk CSS (autherror.cfm) Ivan Almuina (Jun 20)

Ivan Buetler

SAP Web Dynpro Java (BC-WD-JAV) Vulnerability Ivan Buetler (Jun 27)
SAP Internet Communication Framework (BC-MID-ICF) Vulnerability Ivan Buetler (Jun 27)

James C. Slora Jr.

RE: "run as" local denial-of-service enables administrative account processes to be killed James C. Slora Jr. (Jun 26)

James Downs

Re: Sudo: local root compromise with krb5 enabled James Downs (Jun 07)

jantunes

MaraDNS denial of service vulnerabilities jantunes (Jun 19)

Jared DeMott

Re: [Full-disclosure] Windows Oday release Jared DeMott (Jun 14)

Jerome Athias

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow Jerome Athias (Jun 28)

Jim Geovedi

BCS'07 Call For Papers Jim Geovedi (Jun 04)

Joanna Rutkowska

Re: Windows Oday release Joanna Rutkowska (Jun 13)

john

Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration john (Jun 04)

john-lindsay

Contact request - nVidia john-lindsay (Jun 27)

John M. Martinelli

Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability John M. Martinelli (Jun 14)

johnnytalker

Comdev Web Blogger 4.1 RFI Vulnerability johnnytalker (Jun 04)
Comdev eCommerce 4.1 RFI Vulnerability johnnytalker (Jun 04)

John Smith

Wordpress default theme XSS (admin) and other problems John Smith (Jun 08)

Jon Ribbens

Re: uTorrent overflow Jon Ribbens (Jun 06)
Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability Jon Ribbens (Jun 19)

kaneda

Re: New Include Redirect Bug XSS All vBulletin v 3.x.x kaneda (Jun 21)

Kees Cook

[USN-468-1] Firefox vulnerabilities Kees Cook (Jun 01)
[USN-469-1] Thunderbird vulnerabilities Kees Cook (Jun 06)
[USN-470-1] Linux kernel vulnerabilities Kees Cook (Jun 09)
[USN-439-2] file vulnerability Kees Cook (Jun 11)
[USN-471-1] libexif vulnerability Kees Cook (Jun 11)
[USN-472-1] libpng vulnerability Kees Cook (Jun 12)
[USN-473-1] libgd2 vulnerabilities Kees Cook (Jun 12)
[USN-474-1] xscreensaver vulnerability Kees Cook (Jun 13)
[USN-475-1] evolution-data-server vulnerability Kees Cook (Jun 22)
[USN-476-1] redhat-cluster-suite vulnerability Kees Cook (Jun 22)
[USN-477-1] krb5 vulnerabilities Kees Cook (Jun 27)
[USN-478-1] libexif vulnerability Kees Cook (Jun 27)
[USN-479-1] MadWifi vulnerabilities Kees Cook (Jun 29)

Ken Raeburn

Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 12)
Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 15)

krasza

Local File Include Vulnerabilities in YaBB <= 2.1(all version) krasza (Jun 19)

Kyle Wheeler

Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)

Larry Seltzer

RE: [Full-disclosure] Safari for Windows,0day URL protocol handler command injection Larry Seltzer (Jun 12)
RE: [Full-disclosure] Apple Safari: idn urlbar spoofing Larry Seltzer (Jun 25)

laurent . gaffie

NetClassifieds [multiple vulnerabilities] laurent . gaffie (Jun 21)
eNdonesia 8.4 [multiple injection sql] laurent . gaffie (Jun 22)
phpTrafficA < 1.4.2 laurent . gaffie (Jun 25)

leo

Re: [PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability leo (Jun 04)

ls

My Datebook SQL Injection + XSS ls (Jun 04)
Light Blog 4.1 XSS Vulnerability ls (Jun 06)
Atom PhotoBlog v1.0.9 XSS vulnerability ls (Jun 07)
Maran Blog XSS vulnerability ls (Jun 11)

lux

Re: Sitellite cms <= 4.2.12 RFI Vuln lux (Jun 19)

maiosyet

Webif.cgi local file inclusion maiosyet (Jun 18)

Mark Senior

Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Mark Senior (Jun 15)

Mark Thomas

[CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager Mark Thomas (Jun 14)
[CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples Mark Thomas (Jun 14)
[CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing Mark Thomas (Jun 19)

Martin Schulze

[SECURITY] [DSA 1307-1] New OpenOffice.org packages fix arbitrary code execution Martin Schulze (Jun 12)

Matousec - Transparent security Research

Outpost Enforcing system reboot with 'outpost_ipc_hdr' mutex Vulnerability Matousec - Transparent security Research (Jun 01)
Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research (Jun 15)

Matteo Carli

Persistent cross-site scripting in wordpress.com dashboard Matteo Carli (Jun 19)

MC Iglo

static XSS / SQL-Injection in Omegasoft Insel MC Iglo (Jun 01)

Michal Zalewski

Assorted browser vulnerabilities Michal Zalewski (Jun 04)
Re: [Full-disclosure] Apple Safari: cookie stealing Michal Zalewski (Jun 13)
Re: [Full-disclosure] Apple Safari: idn urlbar spoofing Michal Zalewski (Jun 25)

Moritz Muehlenhoff

[SECURITY] [DSA 1291-4] New samba packages fix regression Moritz Muehlenhoff (Jun 04)
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff (Jun 07)
[SECURITY] [DSA 1306-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Jun 12)
[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities Moritz Muehlenhoff (Jun 13)
[SECURITY] [DSA 1308-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff (Jun 14)
[SECURITY] [DSA 1309-1] New PostgreSQL 8.1 packages fix privilege escalation Moritz Muehlenhoff (Jun 18)
[SECURITY] [DSA 1311-1] New PostgreSQL 7.4 packages fix privilege escalation Moritz Muehlenhoff (Jun 18)
[SECURITY] [DSA 1312-1] New libapache-mod-jk packages fix information disclosure Moritz Muehlenhoff (Jun 18)
[SECURITY] [DSA 1313-1] New MPlayer packages fix arbitrary code execution Moritz Muehlenhoff (Jun 19)
[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities Moritz Muehlenhoff (Jun 19)
[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution Moritz Muehlenhoff (Jun 19)
[SECURITY] [DSA 1322-1] New wireshark packages fix denial of service Moritz Muehlenhoff (Jun 28)
[SECURITY] [DSA 1323-1] New krb5 packages fix several vulnerabilities Moritz Muehlenhoff (Jun 28)
[SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution Moritz Muehlenhoff (Jun 29)

motokochan

Re: Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue motokochan (Jun 25)

mpeg

2007-06-03: PeerCast streaming server submits cleartext password mpeg (Jun 04)

NGSSoftware Insight Security Research

High risk vulnerability in OpenOffice RTF parser NGSSoftware Insight Security Research (Jun 13)
Ingres Unauthenticated Pointer Overwrite 2 NGSSoftware Insight Security Research (Jun 25)
Ingres verifydb local stack overflow NGSSoftware Insight Security Research (Jun 25)
Ingres Unauthenticated Pointer Overwrite 1 NGSSoftware Insight Security Research (Jun 25)
Ingres stack overflow in uuid_from_char function NGSSoftware Insight Security Research (Jun 25)
Ingres wakeup setuid(ingres) file truncation NGSSoftware Insight Security Research (Jun 25)

Nico Leidecker

Elxis CMS <= 2006.4 - banner module - sql injection Nico Leidecker (Jun 14)
Papoo CMS - Multiple Cross Site Scripting Nico Leidecker (Jun 15)
Having Fun With PostgreSQL Nico Leidecker (Jun 16)
Papoo CMS 3.6 - SQL Injection Nico Leidecker (Jun 25)
Papoo CMS 3.6 - Access Restriction Bypass Nico Leidecker (Jun 25)

Niels Provos

SpyBye 0.3 released Niels Provos (Jun 11)

nnposter

Packeteer PacketShaper Web Management Denial of Service nnposter (Jun 08)
WinPT User ID Spoofing Vulnerability nnposter (Jun 11)

Noah Meyerhans

[SECURITY] [DSA 1301-1] New Gimp packages fix arbitrary code execution Noah Meyerhans (Jun 09)

nobody

Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue nobody (Jun 14)

no-reply

IE 6/Microsoft Html Popup Window (mshtml.dll) DoS no-reply (Jun 06)
IE 6 / MS Office Outlook Express Address Book Activex DoS no-reply (Jun 06)

no-spam

Re: Re: PHPMyDesk Beta Release 1.0b ==> RFI no-spam (Jun 23)

Oliver Goebel

RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0 Oliver Goebel (Jun 07)

OpenPKG GmbH

[OpenPKG-SA-2007.020] OpenPKG Security Advisory (php) OpenPKG GmbH (Jun 01)
[OpenPKG-SA-2007.021] OpenPKG Security Advisory (wordpress) OpenPKG GmbH (Jun 08)

Paul Böhm

Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007 Paul Böhm (Jun 08)

Pavel Konov

Re: uTorrent overflow Pavel Konov (Jun 07)

Piotr Bania

Disinfectors for the calculator virus (ti89.Gaara) Piotr Bania (Jun 04)

pito pito

phpreactor <===1.2.7 remote file include pito pito (Jun 01)
PBSite - PHP Bulletin Site | CMS ====> RFI pito pito (Jun 01)
Prototype of an PHP application ===> RFI pito pito (Jun 01)
PBSite - PHP Bulletin Site | CMS ====> RFI pito pito (Jun 02)

pixy-noreply

Pixy - An Open-Source Vulnerability Scanner for PHP Applications pixy-noreply (Jun 20)

Raed

Z-Blog 1.7 Authentication Bypass Database Download Vulnerability Raed (Jun 01)
ByPass In PortalApp Raed (Jun 14)
RFI In Script SH-News 3.1 Raed (Jun 14)
SQL Injection In Script VBZooM V1.12 RaeD (Jun 29)

Raphael Marichez

[ GLSA 200706-01 ] libexif: Integer overflow vulnerability Raphael Marichez (Jun 05)
[ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code Raphael Marichez (Jun 06)
[ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code Raphael Marichez (Jun 06)
[ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities Raphael Marichez (Jun 11)
[ GLSA 200706-05 ] ClamAV: Multiple Denials of Service Raphael Marichez (Jun 15)
[ GLSA 200706-06 ] Mozilla products: Multiple vulnerabilities Raphael Marichez (Jun 19)
[ GLSA 200706-07 ] PHProjekt: Multiple vulnerabilities Raphael Marichez (Jun 19)
[ GLSA 200706-09 ] libexif: Buffer overflow Raphael Marichez (Jun 26)
[ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabilities Raphael Marichez (Jun 26)

Ray Stell

Re: Having Fun With PostgreSQL Ray Stell (Jun 18)

research

SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products research (Jun 26)

Richard Moore

Safari XMLHttpRequest HTTP header injection Richard Moore (Jun 25)

rm

PHP hosting Biller rm (Jun 18)
fuzzylime (forum) XSS rm (Jun 18)

Robert Swiecki

Apple Safari: cookie stealing Robert Swiecki (Jun 13)
Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Robert Swiecki (Jun 15)
Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 25)
Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 27)

rPath Update Announcements

rPSA-2007-0114-1 mutt rPath Update Announcements (Jun 04)
rPSA-2007-0115-1 libexif rPath Update Announcements (Jun 04)
rPSA-2007-0117-1 gd php php-mysql php-pgsql rPath Update Announcements (Jun 08)
rPSA-2007-0119-1 spamassassin rPath Update Announcements (Jun 14)
rPSA-2007-0123-1 squirrelmail rPath Update Announcements (Jun 15)
rPSA-2007-0124-1 kernel xen rPath Update Announcements (Jun 15)
rPSA-2007-0126-1 util-linux rPath Update Announcements (Jun 15)
rPSA-2007-0122-1 evolution-data-server rPath Update Announcements (Jun 15)
rPSA-2007-0127-1 fetchmail rPath Update Announcements (Jun 19)
rPSA-2007-0131-1 libexif rPath Update Announcements (Jun 25)
rPSA-2007-0133-1 emacs emacs-leim rPath Update Announcements (Jun 26)
rPSA-2007-0135-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Jun 27)
rPSA-2007-0136-1 httpd mod_ssl rPath Update Announcements (Jun 28)

Ryan's spam address

Recent OpenSSL exploits Ryan's spam address (Jun 04)

s0cratex

Comicsense SQL Injection Advisory/Exploit s0cratex (Jun 05)

S21sec Labs

S21Sec-035: F5 FirePass command execution vulnerability S21sec Labs (Jun 04)

scott-REMOTE-

Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOTE- (Jun 22)

scott-REMOVE-

Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOVE- (Jun 21)
Re: New post Topic Hijacking XSS All vBulletin v 3.x.x (2) scott-REMOVE- (Jun 21)
Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x scott-REMOVE- (Jun 22)

Secunia Research

Secunia Research: Symantec Mail Security for SMTP Boundary Errors Secunia Research (Jun 28)
Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability Secunia Research (Jun 28)

secure

SYM07-009,Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass and Potential Code Execution in Scheduler Service secure (Jun 04)
SYM07-012 Symantec Reporting Server elevation of privilege secure (Jun 05)
SYM07-011 Symantec Reporting Server password disclosure secure (Jun 05)

security

n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory security (Jun 01)
n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory security (Jun 04)
n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory security (Jun 04)
[ MDKSA-2007:110 ] - Updated php-pear packages fix directory traversal vulnerability security (Jun 04)
[ MDKSA-2007:113 ] - Updated mutt packages fix vulnerabilities security (Jun 05)
[ MDKSA-2007:115 ] - Updated clamav packages fix vulnerabilities security (Jun 05)
[ MDKSA-2007:111 ] - Updated util-linux packages address login access policies bypassing issue security (Jun 05)
[ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow vulnerability security (Jun 05)
[ MDKSA-2007:114 ] - Updated file packages fix vulnerabilities security (Jun 06)
[ MDKSA-2007:116 ] - Updated libpng packages fix vulnerability security (Jun 06)
[ MDKSA-2007:117 ] - Updated lha packages fix unsafe temporary files creation issue security (Jun 06)
[ MDKSA-2007:118 ] - Updated libexif packages fix crash and possible arbitrary code execution issue security (Jun 09)
[ MDKSA-2007:119 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Jun 12)
[ MDKSA-2007:120 ] - Updated Firefox packages fix multiple vulnerabilities security (Jun 12)
[ MDKSA-2007:121 ] - Updated freetype2 packages fix integer overflow vulnerability security (Jun 14)
[ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability security (Jun 14)
[ MDKSA-2007:122 ] - Updated gd packages fix vulnerability security (Jun 14)
[ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability security (Jun 14)
[ MDKSA-2007:125 ] - Updated spamassassin packages fix possible DoS condition security (Jun 14)
[ MDKSA-2007:126 ] - Updated Firefox packages fix multiple vulnerabilities security (Jun 16)
[ MDKSA-2007:126-1 ] - Updated Firefox packages fix multiple vulnerabilities security (Jun 18)
[ MDKSA-2007:127 ] - Updated apache packages fix mod_mem_cache issue security (Jun 20)
[ MDKSA-2007:129 ] - Updated jasper packages fix vulnerability security (Jun 20)
[ MDKSA-2007:128 ] - Updated libexif packages fix integer overflow flaw security (Jun 20)
[ MDKSA-2007:130 ] - Updated proftpd packages fix authentication bypass vulnerability security (Jun 21)
[ MDKSA-2007:131 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Jun 21)
[ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security (Jun 21)
[ MDKSA-2007:133 ] - Updated emacs packages fix DoS vulnerability security (Jun 22)
[ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue security (Jun 22)
[ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities security (Jun 27)
[ MDKSA-2007:136 ] - Updated evolution packages fix vulnerability security (Jun 27)

security-alert

[security bulletin] HPSBUX02217 SSRT071337 rev.2 - HP-UX running Kerberos, Remote Arbitrary Code Execution security-alert (Jun 05)
[security bulletin] HPSBUX02218 SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution security-alert (Jun 05)
[security bulletin] HPSBUX02219 SSRT061273 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Jun 12)
[security bulletin] HPSBMA02224 SSRT071334 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Privileged Access security-alert (Jun 18)
[security bulletin] HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access security-alert (Jun 20)
[security bulletin] HPSBTU02218 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation security-alert (Jun 20)
[security bulletin] HPSBGN02199 SSRT071312 rev.3 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Executio security-alert (Jun 21)
HPSBST02231 SSRT071438 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-030 to MS07-035 security-alert (Jun 21)
[security bulletin] HPSBUX02225 SSRT071295 rev.1 - HP-UX Running Xserver, Local Denial of Service (DoS) security-alert (Jun 25)
HPSBTU02207 SSRT061239 rev.2 - HP Tru64 UNIX OpenSSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS) security-alert (Jun 27)
[security bulletin] HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) security-alert (Jun 28)

securityresearch

WSPortal version 1.0 Path Disclosure Vulnerability securityresearch (Jun 18)
Utopia News Pro version 1.4.0 XSS Attack Vulnerability securityresearch (Jun 18)
WSPortal version 1.0 SQL Injection Vulnerability securityresearch (Jun 18)
Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities securityresearch (Jun 25)
Calendarix version 0.7. 20070307 Multiple XSS Attacks securityresearch (Jun 25)
Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities securityresearch (Jun 25)
MyNews version 0.10 SQL Injection Vulnerability securityresearch (Jun 25)
Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities securityresearch (Jun 25)
eTicket version 1.5.5 Path Disclosure Vulnerability securityresearch (Jun 28)
eTicket version 1.5.5 XSS Attack Vulnerability securityresearch (Jun 28)

sf

Re: eTicket version 1.5.5 XSS Attack Vulnerability sf (Jun 29)

spymaster

Webwiz vulnerable spymaster (Jun 11)

spymeta

All Of the Mambo & Joomla Script Remote File Inclussion Bugs.. spymeta (Jun 22)

Steve Kemp

[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow Steve Kemp (Jun 11)
[SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service Steve Kemp (Jun 11)
[SECURITY] [DSA 1309-1] New libexif packages fix integer overflow Steve Kemp (Jun 18)
[SECURITY] [DSA 1310-1] New libexif packages fix integer overflow Steve Kemp (Jun 18)
[SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service Steve Kemp (Jun 21)
[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising Steve Kemp (Jun 28)

Steven M. Christey

Re: Dansie Cart Script Exploit Reported Steven M. Christey (Jun 06)
Re: PHP parse_str() arbitrary variable overwrite Steven M. Christey (Jun 13)
Re: Windows Oday release Steven M. Christey (Jun 13)
Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x Steven M. Christey (Jun 21)

Steve Tornio

Re: Buffer overflow in BusinessMail email server system 4.60.00 Steve Tornio (Jun 04)

stormhacker

vSupport Integrated Ticket System 3.*.* SQL injection stormhacker (Jun 09)
New post Topic Hijacking XSS All vBulletin v 3.x.x (2) stormhacker (Jun 20)
New Include Redirect Bug XSS All vBulletin v 3.x.x stormhacker (Jun 20)

str0ke

Re: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability str0ke (Jun 02)

support

Re: KF Web Server 3.1.0 admin console XSS support (Jun 26)

suresync

Openedge _mprosrv buffer overflow suresync (Jun 27)
Re: Re: Progress Webspeed exploit for all releases suresync (Jun 30)

the . tiger100

Re: PHPMyDesk Beta Release 1.0b ==> RFI the . tiger100 (Jun 11)
Re: myBloggie 2.1.5 Remote File Include the . tiger100 (Jun 11)

Thomas Lim

Windows Oday release Thomas Lim (Jun 12)

Thor Lancelot Simon

Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
MIT krb5: makes sudo authentication issue MUCH worse. Thor Lancelot Simon (Jun 07)
Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)

Thor Larholm

Unpatched input validation flaw in Firefox 2.0.0.4 Thor Larholm (Jun 04)
PHPMailer command execution Thor Larholm (Jun 11)
Safari for Windows, 0day URL protocol handler command injection Thor Larholm (Jun 12)

Tim Brown

Serious holes affecting JFFNMS Tim Brown (Jun 11)

titanichacker titanichacker

phpWebThings ==>1.5.2 RFI titanichacker titanichacker (Jun 07)
Zen Help Desk ==> Version 2.1 Bypass/ titanichacker titanichacker (Jun 07)
PHPMyDesk Beta Release 1.0b ==> RFI titanichacker titanichacker (Jun 08)

Todd C. Miller

Re: Sudo: local root compromise with krb5 enabled Todd C. Miller (Jun 07)

Tom Yu

MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities Tom Yu (Jun 26)
MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow Tom Yu (Jun 26)

Trent Waddington

jumping sudo using ptrace on Linux/i386 Trent Waddington (Jun 02)

Trustix Security Advisor

TSLSA-2007-0020 - clamav Trustix Security Advisor (Jun 08)
TSLSA-2007-0021 - kerberos5 Trustix Security Advisor (Jun 29)

TSRT

TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability TSRT (Jun 05)
TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability TSRT (Jun 05)
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability TSRT (Jun 05)

underwater

WheatBlog 1.1 RFI/SQL Injection underwater (Jun 30)

USprotte

Juniper SBR V 6.0.1 CRL-Checking problem USprotte (Jun 27)

vagrant - e-hack.org

Linker index.php - Cross-Site Scripting Vulnerability vagrant - e-hack.org (Jun 02)

Warner Moore

RE: bugtraq submission Warner Moore (Jun 04)

web-app

Menu Manager Mod for WebAPP - No Input Filtering web-app (Jun 12)

webapp

Re: Menu Manager Mod for WebAPP - No Input Filtering webapp (Jun 18)

Williams, James K

[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities Williams, James K (Jun 07)
[CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities Williams, James K (Jun 22)

www

Re: Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy www (Jun 07)

xx_hack_xx_2004

Full Path Disclosure in SendCard xx_hack_xx_2004 (Jun 01)

yaser

MyEvent1.6 (template.php) Remote File Inclusion Vulnerability yaser (Jun 02)
myBloggie 2.1.5 Remote File Include yaser (Jun 09)

zdi-disclosures

ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability zdi-disclosures (Jun 05)
ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability zdi-disclosures (Jun 05)
ZDI-07-036: Arris Cadant C3 CMTS Remote DoS Vulnerability zdi-disclosures (Jun 12)
ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability zdi-disclosures (Jun 12)
ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability zdi-disclosures (Jun 12)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault