Home page logo
/

485 messages starting Mar 01 07 and ending Mar 31 07
Date index | Thread index | Author index

Thursday, 01 March

Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB Chris Travers
[ MDKSA-2007:051 ] - Updated snort packages fix DoS vulnerability security
[USN-416-2] nvidia-glx-config regression Martin Pitt
Comodo Bypassing settings protection using magic pipe Vulnerability Matousec - Transparent security Research
Angel LMS 7.1 - Remote SQL Injection Guns
Serendipity unauthenticated SQL-Injection SaMuschie
Re: Angel LMS 7.1 - Remote SQL Injection str0ke
Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting the_3dit0r
Re: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) sithlordstorm
aWebNews v 1.1=>RFI mostafa_ragab
Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit revenge
WB News Remote File Include in all versions mostafa_ragab
LayerOne 2007 - Call for Papers and Pre-Registration Layer One
aWebNews V 1.1 mostafa_ragab
Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability jrgong420

Friday, 02 March

[ GLSA 200703-01 ] Snort: Remote execution of arbitrary code Raphael Marichez
[ GLSA 200703-02 ] SpamAssassin: Long URI Denial of Service Raphael Marichez
SPAW Editor PHP Edition RaeD Hasadya
[USN-428-2] Firefox regression Kees Cook
[ GLSA 200703-03 ] ClamAV: Denial of Service Raphael Marichez
vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln. meto5757
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability zdi-disclosures
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day SaMuschie
Re: Re: WordPress Search Function SQL-Injection none
iDefense Security Advisory 03.02.07: Kaspersky AntiVirus UPX File Decompression DoS Vulnerability iDefense Labs
Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day MC Iglo
Remote File Include In DBImageGallery RaeD Hasadya
Limited format string in Netrek 2.12.0 Luigi Auriemma

Saturday, 03 March

[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities security
WordPress source code compromised to enable remote code execution ifsecure
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit gmdarkfig
[ GLSA 200703-04 ] Mozilla Firefox: Multiple vulnerabilities Raphael Marichez
rPSA-2007-0048-1 tcpdump rPath Update Announcements
Tyger Bug Tracking System Multiple Vulnerability corrado . liotta
BJ Webring XSS sn0oPy . team
Re: Evading the Norman SandBox Analyzer Arne Vidstrom
Re: Evading the Norman SandBox Analyzer John Smith
rPSA-2007-0040-3 firefox thunderbird rPath Update Announcements
[Fwd: Re: Angel LMS 7.1 - Remote SQL Injection] don bailey
Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities emptysands
Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability ron . kleinman
ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code Raphael Marichez
[ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities Raphael Marichez
Re: SPAW Editor PHP Edition Steve Watt

Monday, 05 March

[ GLSA 200703-06 ] AMD64 x86 emulation Qt library: Integer overflow Raphael Marichez
[SECURITY] [DSA 1262-1] New gnomemeeting packages fix arbitrary code execution Moritz Muehlenhoff
Show Password Admin In Script Uploadscript RaeD Hasadya
ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities Stefan Friedli
Konqueror DoS Via JavaScript Read Of FTP Iframe mark
Extending JavaScript Portscanning to Include Banner Grabbing mark
XXS in script Phorum RaeD Hasadya
Sava's GuestBook Multiple Vulnerabilities bugtraq
LI-Guestbook SQL Injection Vulnerability bugtraq
Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 Sebastian Wolfgarten
HITBSecConf2007 - Malaysia: Call for Papers now Open Praburaajan
XSS Remote In vCard 2.6 (c)2002 RaeD Hasadya
Wordpress <= v2.1.0 ciri
DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25 Chris Travers
CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability CORE Security Technologies Advisories
iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability iDefense Labs
RE: Wordpress <= v2.1.0 McCarty, Eric C.

Tuesday, 06 March

Apple QuickTime Player Remote Heap Overflow Piotr Bania
Re: Wordpress <= v2.1.0 vvitkov () intergenia de
Call for Participation Chaos Communication Camp 2007 fukami
Apple QuickTime udta ATOM Integer Overflow Sowhat
Re: XXS in script Phorum Maurice Makaay
[security bulletin] HPSBUX02153 SSRT061181 rev.3 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) security-alert
[Reversemode Advisory] Apple Quicktime Color ID remote heap corruption Reversemode
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass retrog
Re: Tinyportal Shoutbox ichbin
Re: Extending JavaScript Portscanning to Include Banner Grabbing Vincent Archer
rPSA-2007-0050-1 kernel rPath Update Announcements
[ GLSA 200703-07 ] STLport: Possible remote execution of arbitrary code Matthias Geerdsen
[USN-429-1] tcpdump vulnerability Kees Cook
[USN-430-1] mod_python vulnerability Kees Cook

Wednesday, 07 March

[SECURITY] [DSA 1263-1] New clamav packages fix denial of service Moritz Muehlenhoff
[USN-431-1] Thunderbird vulnerabilities Kees Cook
[ MDKSA-2007:052 ] - Updated Thunderbird packages fix multiple vulnerabilities security
[ MDKSA-2007:053 ] - Updated util-linux packages address umount crash issue security
Re: Drake CMS v0.3.2 < = RFi Vulnerabilities legolas558
iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities iDefense Labs
xss in phpmyadmin >=2.8.0 and < 2.10.0 alfa
Firekeeper - IDS for Firefox available Jan Wrobel
Re: Remote File Include In DBImageGallery tg
month of PHP bugs, secondary message? Gadi Evron
Re: [Full-disclosure] month of PHP bugs, secondary message? Marcus Meissner
RPS 6.2 SQL Injection Exploit s0cratex
Re: Re: Wordpress <= v2.1.0 ciri
ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability zdi-disclosures
ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability zdi-disclosures
[SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities Moritz Muehlenhoff
FLSA - foresight linux security announcements Jonathan Smith
Lazarus Guestbook (admin.php)Remote File Include Expliot c_r_ck
Buffer-overflow in Conquest client 8.2a (svn 691) Luigi Auriemma
rPSA-2007-0051-1 mod_python rPath Update Announcements
rPSA-2007-0052-1 kdelibs rPath Update Announcements

Thursday, 08 March

dynaliens v2.0/v2.1 bypass admin authentification + XSS sn0oPy . team
Black Hat USA CFP Now Open! Jeff Moss
Ann: Backtrack 2.0 released Thierry Zoller
[USN-424-2] PHP regression Kees Cook
[ MDKSA-2007:057 ] - Updated xine-lib packages to address buffer overflow vulnerability security
[ MDKSA-2007:056 ] - Updated tcpdump packages address off-by-one overflow security
PHP 4.4.6 crack_opendict() local buffer overflow poc exploit retrog
[ MDKSA-2007:055 ] - Updated mplayer packages to address buffer overflow vulnerability security
Word Press Sensitive Directory exposure (SQL) r00t2000
[ MDKSA-2007:054 ] - Updated kdelibs packages to address DoS issue in KDE Javascript security
[USN-432-1] GnuPG vulnerability Kees Cook
Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot - Mailinglists Address
Re: Word Press Sensitive Directory exposure (SQL) none
Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
PHP import_request_variables() arbitrary variable overwrite Stefano Di Paola

Friday, 09 March

[ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability erdc
[ MDKSA-2007:059 ] - Updated gnupg packages provide enhanced forgery detection security
Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) Daniel Roethlisberger
[USN-434-1] Ekiga vulnerability Kees Cook
TSLSA-2007-0009 - multi Trustix Security Advisor
MS07-016 FTP Response DOS PoC Mathew Rowley
XSS In Script deviantART RaeD Hasadya
Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability hugo
Php Nuke POST XSS on steroids ascii
SyScan'07 - Call for Paper - NEW UPDATES organiser () syscan org
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Tim
Sql injection in WordPress 2.1.2 Omid
Remote File Include In Script copyright (c) James Coyle; JCcorp RaeD Hasadya
[CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability Williams, James K
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues KJKHyperion
Remote File Include In Script Coppermine Photo Gallery RaeD Hasadya
SecurityFocus is turning seven. What's next? - OFFTOPIC - Please excuse the X-Post Alfred Huger
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
RE: Microsoft Windows Vista/2003/XP/2000 file management security issues M. Burnett
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Laundrup, Jens
Re: Word Press Sensitive Directory exposure (SQL) Francesco Laurita
RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues M. Burnett
SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service research
Re: Firekeeper - IDS for Firefox available Jex
HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection UniquE
[ MDKSA-2007:058 ] - Updated ekiga packages fix string vulnerabilities. security
RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
Re: Sql injection in WordPress 2.1.2 steven
[ MDKSA-2007:060 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God)
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Tim
WordPress XSS under function wp_title() g30rg3_x
Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today) Chris Travers
[ GLSA 200703-08 ] SeaMonkey: Multiple vulnerabilities Raphael Marichez

Saturday, 10 March

wwwpaintboar(newsfile) Remote File Inclusion Vulnerability saw_xyz
RE: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
[USN-433-1] Xine vulnerability Kees Cook
[ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities Raphael Marichez
[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper) Cesar
PHP-Nuke <= 8.0 Cookie Manipulation (lang) programmer
Remote File Include In Script Premod SubDog 2 RaeD Hasadya
Remote File Include In Script SoftNews Media Group RaeD Hasadya
F&#305;st&#305;q Duyuru Scripti Remote Sql &#304;njection Exploit crazy_king
WWWboard password disclosure r00t2000
Grayscale <= 0.8.0 Multiple Vulnerabilities omnipresent
Pre-open files attack agains locked file 3APA3A
[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability erdc
NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit gmdarkfig
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Stefan Esser
Re: PHP Classifieds 7.1 - Remote File Include Vulnerability support
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Stefano Di Paola
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite ascii
[ GLSA 200703-10 ] KHTML: Cross-site scripting (XSS) vulnerability Raphael Marichez
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God)
RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes
Re: Firekeeper - IDS for Firefox available Bob Beck
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Stefan Esser
[SECURITY] [DSA 1265-1] New Mozilla packages fix several vulnerabilities Martin Schulze

Monday, 12 March

Remote File Include In Script PHP Photo Album RaeD Hasadya
Re: Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God)
[security bulletin] HPSBUX02129 SSRT061149 rev.2 - HP-UX running SLP, Remote Unauthorized Access security-alert
Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
Remote File Include In Script moodle-1.7.1 RaeD Hasadya
Remote File Include In ClipShare.v1.5.3 RaeD Hasadya
Wiki Remote Authentication Bypass Vulnerability DoZ
Re: Php Nuke POST XSS on steroids ascii
Re: Php Nuke POST XSS on steroids Paul Laudanski
AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability BorN To K!LL BorN To K!LL
Re: Wiki Remote Authentication Bypass Vulnerability Matt D. Harris
Fantastico In all Version Cpanel 10.x <= local File Include z3r0 z3r0.2.z3r0
GuppY v4.0 remote del files/index sn0oPy . team
RIM BlackBerry Pearl 8100 Browser DoS clappymonkey
Re: PHP-Nuke <= 8.0 Cookie Manipulation (lang) Paul Laudanski
[security bulletin] HPSBUX02196 SSRT071318 rev.2 - HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code security-alert

Tuesday, 13 March

Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Steven M. Christey
Re: RIM BlackBerry Pearl 8100 Browser DoS anon
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Steven M. Christey
[USN-435-1] Xine vulnerability Kees Cook
Re: Firekeeper - IDS for Firefox available Jan Wrobel
[USN-436-1] KTorrent vulnerabilities Kees Cook
RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability Dr Joe
[ECHO_ADV_69$2007] OES (Open Educational System) 0.1beta Remote File Inclusion Vulnerability erdc
Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.. Thierry Zoller
Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007 Paul Böhm
Re: Re: Firekeeper - IDS for Firefox available irondell
Re: Remote File Include In Script moodle-1.7.1 martin
Re: Firekeeper - IDS for Firefox available Jan Wrobel
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln BorN To K!LL BorN To K!LL
[ECHO_ADV_73$2007] MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability erdc
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.. Gadi Evron
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Richard Huxton
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.. Reversemode
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Daniel Hazelton
[USN-432-2] GnuPG2, GPGME vulnerability Kees Cook
JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit UniquE
Re: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln Mailinglists Address
Re: Re: RIM BlackBerry Pearl 8100 Browser DoS clappymonkey
Re: Firekeeper - IDS for Firefox available Bob Beck
[ MDKSA-2007:061 ] - Updated mplayer packages to address buffer overflow vulnerability security
[ MDKSA-2007:062 ] - Updated xine-lib packages to address buffer overflow vulnerability security
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Paweł Goleń
Re: Php Nuke POST XSS on steroids Paul Laudanski
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow CORE Security Technologies Advisories

Wednesday, 14 March

[ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code Raphael Marichez
n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation security
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery security
[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery Moritz Muehlenhoff
n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion security
n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection security
[ GLSA 200703-12 ] SILC Server: Denial of Service Matthias Geerdsen
SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal David Matscheko
SymEvent Driver Local Access System Denial of Service Matousec - Transparent security Research
New report on Windows Vista network attack surface Jim Hoagland
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability starcadi starcadi
Re: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite retrog
iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability iDefense Labs
[ECHO_ADV_71$2007] AMP v3.2 (base_path) Remote File Inclusion Vulnerability erdc
[ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability erdc
[ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability erdc
Re: Remote File Include In Script PHP Photo Album Steven M. Christey
WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit UniquE
Phishing using IE7 local resource vulnerability avivra
[ GLSA 200703-13 ] SSH Communications Security's Secure Shell Server: SFTP privilege escalation Raphael Marichez
Woltab Burning Board SQL Injection usergroups.php x666

Thursday, 15 March

Horde 3.1.4 (RC1) fixes XSS issue Moritz Naumann
[ECHO_ADV_76$2007] Company WebSite Builder PRO (INCLUDE_PATH) Remote File Inclusion Vulnerability erdc
IBM Rational ClearQuest Web - Cross Site Scripting james
[ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability erdc
Orion-Blog v2.0 Version Remote Privilege Escalation Exploit UniquE
Norton Insufficient validation of 'SymTDI' driver input buffer Matousec - Transparent security Research
Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.. Nicolas RUFF
XSS vulnerability in the online help system of several Cisco products cassio
Remote File Inclusion in ViperWeb asamad
PHP <= 4.4.6 ibase_connect() local buffer overflow retrog
Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues Moritz Naumann
iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability iDefense Labs
Re: Phishing using IE7 local resource vulnerability robert
Re: XSS vulnerability in the online help system of several Cisco products Eloy Paris
RE: Phishing using IE7 local resource vulnerability avivra
QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow starcadi starcadi
- Call for chapters - Handbook of Research on Digital Anti-forensics and In-security Governance Jeimy Cano
LIBFtp 5.0 (sprintf(), strcpy()) Multiple local buffer overflow starcadi starcadi
WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include drackanz
Re: Firekeeper - IDS for Firefox available Gadi Evron
vbulletin admincp sql injection disfigure
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A
PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln BorN To K!LL BorN To K!LL
Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit UniquE

Friday, 16 March

Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php Bastian Ahrens
DirectAdmin Cross Site Scripting XSS Mandr4ke . root
[SECURITY] [DSA 1267-1] New webcalendar packages fix remote file inclusion Moritz Muehlenhoff
MS07-012 Not Fixed Greg Sinclair
[CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities Williams, James K
Rot 13 <= (enkrypt.php) Remote File Disclosure Vulnerability BorN To K!LL BorN To K!LL
Oracle Portal PORTAL.wwv_main.render_warning_screen XSS Sea Shark
RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability Topolski, Leo
Re: fx-APP Version 0.0.8.1 osdesk
Call For Papers - IT Underground Dublin Marcin Tkaczyk
April, 2007 is the "Month of Myspace Bugs" mondo_armando
iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities iDefense Labs
Your Opinion Mark Litchfield
Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit UniquE
rPSA-2007-0056-1 gnupg rPath Update Announcements
rPSA-2007-0057-1 libwpd rPath Update Announcements
Re: Your Opinion bugtraq
Re: Your Opinion Jonathan Glass (GM)
RE: Your Opinion Mario Contestabile
Re: Your Opinion Crispin Cowan
[ MDKSA-2007:063 ] - Updated libwpd packages to address heap overflow vulnerabilities security
[ MDKSA-2007:064 ] - Updated openoffice.org packages to address libwpd heap overflow vulnerabilities security
Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot Steven M. Christey
[NETRAGARD-20070316 SECURITY ADVISORY][FrontBase Database <= 4.2.7 ALL PLATFORMS][REMOTE BUFFER OVERFLOW CONDITION][LEVEL: EASY][RISK:MEDIUM] Netragard Security Advisories
Re: Your Opinion Neil Dickey
Re: Your Opinion William A. Rowe, Jr.
RE: Your Opinion Scott Blake

Saturday, 17 March

[ GLSA 200703-14 ] Asterisk: SIP Denial of Service Raphael Marichez
[ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities Raphael Marichez
[ GLSA 200703-16 ] Apache JK Tomcat Connector: Remote execution of arbitrary code Raphael Marichez
Bypassing Mcafee Entreprise Password Protection thesinoda
CLBOX <= (signup.php header) Remote File Include Vulnerability BorN To K!LL BorN To K!LL
Re: Your Opinion The Fungi
Your Opinion + Mark Litchfield
Re: Your Opinion Casper . Dik
RE: Your Opinion Jim Harrison
Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability starcadi
Re: Bypassing Mcafee Entreprise Password Protection 3APA3A
[SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution Martin Schulze

Monday, 19 March

Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB Chris Travers
Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day gmdarkfig
[SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file Martin Schulze
MetaForum <= 0.513 Beta - Remote file upload Vulnerability aeroxteam------nospam-----
[ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code Raphael Marichez
[ GLSA 200703-18 ] Mozilla Thunderbird: Multiple vulnerabilities Raphael Marichez
[ GLSA 200703-19 ] LTSP: Authentication bypass in included LibVNCServer code Raphael Marichez
[ GLSA 200703-20 ] LSAT: Insecure temporary file creation Raphael Marichez
RE: Bypassing Mcafee Entreprise Password Protection Rogheden Anders
Unclassified NewsBoard 1.6.3 multiples logs disclosure none
Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability dh
CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability snakeapollon
phpx 3.5.15 multiples vulnerabilities none
Re: Your Opinion Forrest J. Cavalier III
RE: Your Opinion Alex Eckelberry
Re: Your Opinion + Alex Belits
Conflict of Interest - My summary Mark Litchfield
[Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation Reversemode
w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities jesper . jurcenoks
w-agora version 4.2.1 Information Disclosure Vulnerability jesper . jurcenoks
Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability str0ke
[USN-437-1] libwpd vulnerability Kees Cook
ZynOS v3.40 One packet killer Joxean Koret

Tuesday, 20 March

Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy Sea Shark
Web Wiz Forums 8.05 (MySQL version) SQL Injection Ivan Fratric
Re: WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include craig
Advisory - Redirection Vulnerability in wp-login.php. Metaeye SG
w-agora [multiples file upload,xss,full path disclosure,error sql] none
Call For Papers - IT Underground Dublin marcin . tkaczyk
Microsoft coverup ? Stolen Xbox live accounts list of known victims - Please Help Kevin Finisterre (lists)
Re: Your Opinion Andrew Kramer
Re: Conflict of Interest - My summary crazy frog crazy frog
RE: Your Opinion Jim Harrison
RE: Your Opinion Jim Harrison
RE: Your Opinion jay.tomas
Re: Your Opinion Paul Stepowski
Re: Your Opinion Jack Lloyd
Re: Your Opinion + Thor (Hammer of God)
Helix Server heap overflow research
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug Noah Meyerhans
Linksys WAG200G - Information disclosure dniggebrugge
[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities Martin Schulze
[ GLSA 200703-22 ] Mozilla Network Security Service: Remote execution of arbitrary code Raphael Marichez
[ GLSA 200703-23 ] WordPress: Multiple vulnerabilities Raphael Marichez
Re: Linksys WAG200G - Information disclosure Shawn Merdinger
[ GLSA 200703-21 ] PHP: Multiple vulnerabilities Raphael Marichez

Wednesday, 21 March

[ MDKSA-2007:065 ] - Updated nas packages address multiple vulnerabilities security
[ MDKSA-2007:066 ] - Updated OpenAFS packages address vulnerability security
[USN-438-1] Inkscape vulnerability Kees Cook
Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow Secunia Research
Secunia Research: Evolution Shared Memo Categories Format String Vulnerability Secunia Research
Secunia Research: XMMS Integer Overflow and Underflow Vulnerabilities Secunia Research
[security bulletin] HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert
HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access security-alert
RE: Your Opinion Neale Green
Two new DoS Vulnerabilities in Asterisk Fixed Matt Riddell (NZ)

Thursday, 22 March

**SubHub v2.3.0** anon
[ECHO_ADV_77$2007] Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability erdc
CFP for RAID 2007: Extended due date for papers: April 8th jeffh
[USN-439-1] file vulnerability Kees Cook
[USN-440-1] MySQL vulnerability Kees Cook
FLEA-2007-0001-1: firefox Foresight Linux Essential Announcement Service
rPSA-2007-0059-1 file rPath Update Announcements
ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user yearsilent
Remote File Incl ude In copyrigh t © James Coyle; JCcorp RaeD Hasadya
Remote File Include In Coppermine Photo Gallery RaeD Hasadya
[ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability security
[NB07-22] Multiple vulnerabilities in NETxEIB OPC server Lluis Mora
[NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server Lluis Mora
[NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server Lluis Mora
[NB07-08] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server Lluis Mora
[SECURITY] [DSA 1272-1] New tcpdump packages fix denial of service Moritz Muehlenhoff
[NB07-09] Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server Lluis Mora
[NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server Lluis Mora
[ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability security

Friday, 23 March

CRLF injection in PHP ftp function fangxiaodun
[ MDKSA-2007:069 ] - Updated inkscape packages to format string vulnerability security
iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability iDefense Labs
iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability iDefense Labs
Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi Cold - Zero

Saturday, 24 March

File Upload System V1.0 (AD_BODY_TEMP) multiple file include ngevedBangetAsli
FLEA-2007-0002-1: inkscape Foresight Linux Essential Announcement Service
Remote File Include In phpBB-2.0.19 RaeD Hasadya

Monday, 26 March

BOGUS: Remote File Include In phpBB-2.0.19 Cornelius Riemenschneider
Re: Remote File Include In phpBB-2.0.19 neothermic
CcCounter 2.0 cross-site scripting vulnerability localexploit
Path Disclosure - Wordpress 2.1.2 lj
Horde Webmail Multiple HTML Injection vulnerability DoZ
Mephisto blog is vulnerable to XSS Sergey Tikhonov
Fizzle : Firefox Extension Vulnerability CrYpTiC MauleR
Satel Lite for PhpNuke (Satellite.php) <= Local File Inclusion stormhacker
Re: Linksys WAG200G - Information disclosure Bartłomiej Ochman
Re: [Full-disclosure] XSS at Aon.at, Austrian ISP Nikolay Kichukov
Multiple XSS in IronMail Javier Olascoaga
PHP 5.2.1 with PECL phpDOC local buffer overflow retrog
Re: **SubHub v2.3.0** webmaster
FLEA-2007-0003-1: cups Foresight Linux Essential Announcement Service
Playstation 3 "Remote Play" Remote DoS Exploit mak0b
Libero.it (italian ISP) XSS vulnerability rosario . valotta
[USN-441-1] Squid vulnerability Kees Cook
[USN-442-1] Evolution vulnerability Kees Cook
[ GLSA 200703-24 ] mgv: Stack overflow in included gv code Raphael Marichez

Tuesday, 27 March

Re: Horde Webmail Multiple HTML Injection vulnerability Jan Schneider
Re: Path Disclosure - Wordpress 2.1.2 jm
Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC UniquE
Metasploit Framework 3.0 RELEASED! H D Moore
[KAPDA::#64] - Flexbb Sql Injection alireza hassani
[ECHO_ADV_78$2007] C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability erdc
[KDE Security Advisory] KDE ioslave PASV port scanning vulnerability Dirk Mueller
Yahoo! Messenger Auth Bypass Vulnerability kishor . tech
Linux Kernel DCCP Memory Disclosure Vulnerability Robert Święcki
[ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability security
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 skillTube.com
[SECURITY] [DSA 1273-1] New nas packages fix multiple remote vulnerabilities Noah Meyerhans
[USN-443-1] Firefox vulnerability Kees Cook
Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability Robert Święcki
Re: RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability 5150sd

Wednesday, 28 March

Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC andy
[USN-444-1] OpenOffice.org vulnerabilities Kees Cook
[USN-445-1] XMMS vulnerabilities Kees Cook
Bypass phishing protection in Firefox / Opera zonafirefox
[USN-446-1] NAS vulnerabilities Kees Cook
[Full-Disclosure] Another XSS vulnerability in italian Libero.it Matteo G.P. Flora
iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability iDefense Labs
iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability iDefense Labs
ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability zdi-disclosures
Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000). William A. Rowe, Jr.
Re: Multiple Vulnerabilities In osTicket eticket
Re: [SECURITY ALERT] osTicket bugs eticket
Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue Moritz Naumann
Re: [viewvc-users] Update: ViewCVS and ViewVC 'checkout view' content type fixation issue C. Michael Pilato
Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) Tim Rees
Corel Wordperfect Office X3 Stack Overflow jonny
[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities Martin Schulze
Arbitrary Command Execution in DataDomain Administrator Interface Elliot Kendall

Thursday, 29 March

rPSA-2007-0061-1 inkscape rPath Update Announcements
Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability 3APA3A
Re: Bypass phishing protection in Firefox / Opera Anonymous
Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit ajannhwt
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user support
Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability bithedz
Widespread vulnerabilities in Libero.it/Infostrada.it web portals rosario . valotta
[Full-disclosure] [USN-447-1] KDE library vulnerabilities Kees Cook
Re: Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability acme
Windows Live Spaces logged user NetworkSetup.aspx cross site scripting paolo . difebbo
Re: Re: Bypass phishing protection in Firefox / Opera bob
AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability Justin Seitz
[ MDKSA-2007:071 ] - Updated xmms packages to address integer vulnerabilities security
iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability iDefense Labs
FLEA-2007-0004-1: openoffice.org Foresight Linux Essential Announcement Service
[ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror security
[ GLSA 200703-25 ] Ekiga: Format string vulnerability Raphael Marichez
[ MDKSA-2007:073 ] - Updated openoffice.org packages to address vulnerabilities security
FLEA-2007-0005-1: slocate Foresight Linux Essential Announcement Service
Re: Re: Bypass phishing protection in Firefox / Opera zonafirefox

Friday, 30 March

Mybb Change Password Vulnerability security
0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Alexander Sotirov
CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability M. Shirk
VMSA-2007-0002 VMware ESX security updates VMware Security team
DrakeCMS multiple vulerabilities security
AIX 4.3 lsmcode local root command execution pr1nce_empire
Re: Bypass phishing protection in Firefox / Opera Łukasz Pilorz
The Week Of Vista Bugs [TWOVB] TWOVB Team
[ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability erdc
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user support
ANI Zeroday, Third Party Patch Marc Maiffret
[ GLSA 200703-26 ] file: Integer underflow Raphael Marichez
Busting The Bluetooth Myth Max Moser
TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability TSRT

Saturday, 31 March

Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Jan Wrobel
Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Alexander Sotirov
RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) Eric Sites
CA BrightStor ARCserve Backup Mediasvr.exe vulnerability Williams, James K
On-going Internet Emergency and Domain Names Gadi Evron
Windows .ANI Stack Overflow Exploit devcode29
Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Alexander Sotirov
PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC UniquE
Remot File Include In SLAED_CMS_2 RaeD Hasadya
Remot File Include In Shop-SCRIPT FREE RaeD Hasadya
Remot File Include In Aardvark Topsites PHP 5 RaeD Hasadya
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]