• Tuesday, 1 January
  • Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search Audun Larsen 
  • MODx CMS Source code disclosure, local file inclusion admin_at_bugreport.ir 
• Wednesday, 2 January
  • XSS Vulnerabilities in Common Shockwave Flash Files rich cannings 
  • Buffer-overflow and format string in White_Dune 0.29beta791 Luigi Auriemma 
  • phpBB2 2.0.22 Cross Site Scripting Vulnerability bugtraq_at_opencosmo.com 
  • Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 Luigi Auriemma 
  • AST-2008-001: Crash from transfer using BYE with Also header Asterisk Security Team 
  • Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra 
• Thursday, 3 January
  • [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert_at_hp.com 
  • Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication Michal Zalewski 
  • Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra 
  • xss in w3-msql error page vivek_infosec_at_yahoo.com 
• Wednesday, 2 January
  • [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities security_at_mandriva.com 
• Thursday, 3 January
  • Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic_at_phpbb.com 
• Tuesday, 1 January
  • Re: Cryptome: NSA has real-time access to Hushmail servers John Simpson 
  • Re: Cryptome: NSA has real-time access to Hushmail servers Lee Dilkie 
  • RE: Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf 
• Monday, 31 December
  • RE: Re: Cryptome: NSA has real-time access to Hushmail servers M. Burnett 
• Sunday, 30 December
  • RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras 
• Thursday, 3 January
  • rPSA-2008-0001-1 dovecot rPath Update Announcements 
  • [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service Moritz Muehlenhoff 
  • Re: Latest round of web hacking incidents for 2007 & Project news Peter Watkins 
  • multiple CAPTCHA automation test bypass digest 3APA3A 
  • Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability admin_at_batznet.com 
  • Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves 
  • [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff 
  • securityvulns.com russian vulnerabilities digest 3APA3A 
  • [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service Moritz Muehlenhoff 
  • [SECURITY] [DSA 1445-1] New maradns packages fix denial of service Moritz Muehlenhoff 
  • [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff 
  • Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic_at_phpbb.com 
  • rPSA-2008-0004-1 tshark wireshark rPath Update Announcements 
  • FortiGuard: URL Filtering Application Bypass Vulnerability Danux 
  • Re: rPSA-2008-0001-1 dovecot Steven M. Christey 
  • Re: Latest round of web hacking incidents for 2007 & Project news s f 
  • AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability Aufmuth Andreas 
• Friday, 4 January
  • Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves 
• Thursday, 3 January
  • Re: rPSA-2008-0001-1 dovecot Jonathan Smith 
• Friday, 4 January
  • Multiple vulnerabilities in yaSSL 1.7.5 Luigi Auriemma 
  • Some DoS in some telnet servers Luigi Auriemma 
  • Pre-auth buffer-overflow in mySQL through yaSSL Luigi Auriemma 
  • Re: FortiGuard: URL Filtering Application Bypass Vulnerability 3APA3A 
  • iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability iDefense Labs 
  • rPSA-2008-0006-1 libexif rPath Update Announcements 
• Saturday, 5 January
  • INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT underwater_at_itdefence.ru 
• Friday, 4 January
  • NetRisk 1.9.7 Remote File Inclusion Vulnerability erne_at_ernealizm.us 
• Saturday, 5 January
  • [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error Steve Kemp 
• Friday, 4 January
  • [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service security_at_mandriva.com 
  • rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements 
• Saturday, 5 January
  • [SECURITY] [DSA 1450-1] New util-linux packages fix programming error Steve Kemp 
  • [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code Steve Kemp 
  • rPSA-2008-0008-1 cups rPath Update Announcements 
  • [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution Steve Kemp 
• Friday, 4 January
  • Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 Robbie Gill 
• Saturday, 5 January
  • vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn_at_gmx.net 
• Sunday, 6 January
  • eTicket 1.5.5.2 Multiple Vulnerabilities L4teral 
  • [HSC] Snitz Forums Multiple Vulnerabilities DoZ_at_HackersCenter.com 
  • netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006_at_yahoo.com 
• Monday, 7 January
  • OneCMS Vulnerabilities admin_at_bugreport.ir 
  • [Reversemode Paper] Exploiting WDM Audio Drivers Reversemode 
  • New Web Hacking Incidents at WHID Ofer Shezaf 
• Sunday, 6 January
  • [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff 
• Monday, 7 January
  • Linksys WRT54 GL - Session riding (CSRF) tomaz.bratusa_at_teamintell.com 
  • SocialURL Login Page Cross-Site Scripting morin.josh_at_gmail.com 
  • Re: vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn_at_gmx.net 
  • PostgreSQL 2007-01-07 Cumulative Security Release Josh Berkus 
• Sunday, 6 January
  • [SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service Steve Kemp 
• Monday, 7 January
  • [SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities Moritz Muehlenhoff 
  • LayerOne 2008 - CFP Released Layer One 
  • Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. p4imi0 
  • CORE-2007-1106: SynCE Remote Command Injection CORE Security Technologies Advisories 
  • [SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution Moritz Muehlenhoff 
  • Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp 
  • Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp 
  • PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes. Reed Arvin 
  • RE: [HSC] Snitz Forums Multiple Vulnerabilities Aaron Cake 
  • PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes Reed Arvin 
  • iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability iDefense Labs 
  • VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team 
  • [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities security_at_mandriva.com 
  • [USN-560-1] Tomboy vulnerability Jamie Strandboge 
• Tuesday, 8 January
  • sysHotel On Line Remote File Disclosure Vulnerability. p4imi0 
• Monday, 7 January
  • Level-One WBR-3460A Grants Root Access anastasiosm_at_gmail.com 
  • VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 VMware Security team 
• Tuesday, 8 January
  • Corsaire Security Advisory: Sun J2RE DoS issue advisories 
  • HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert_at_hp.com 
  • HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert_at_hp.com 
  • Joomla 1.0.13 CSRF J. Carlos Nieto 
  • Re: Joomla 1.0.13 CSRF J. Carlos Nieto 
  • [SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems Steve Kemp 
  • ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow Robert Buchholz 
• Wednesday, 9 January
  • LFI in Tuned Studios Templates Digital Security Research Group [DSecRG] 
  • [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution security-alert_at_hp.com 
  • First (Major) web hacking incidents for 2008. Sign of the year to come? Ofer Shezaf 
  • [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS infocus 
  • Re: First (Major) web hacking incidents for 2008. Sign of the year to come? Paul Schmehl 
• Tuesday, 8 January
  • [USN-562-1] opal vulnerability Kees Cook 
• Wednesday, 9 January
  • [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security_at_mandriva.com 
• Tuesday, 8 January
  • [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities security_at_mandriva.com 
• Wednesday, 9 January
  • Privileg escalation in Omegasoft Insel 7 MC Iglo 
• Tuesday, 8 January
  • [ GLSA 200801-01 ] unp: Arbitrary command execution Robert Buchholz 
• Wednesday, 9 January
  • [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected infocus 
  • Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 Luigi Auriemma 
• Tuesday, 8 January
  • [USN-561-1] pwlib vulnerability Kees Cook 
• Wednesday, 9 January
  • [USN-564-1] Net-SNMP vulnerability Jamie Strandboge 
• Tuesday, 8 January
  • [USN-563-1] CUPS vulnerabilities Kees Cook 
• Wednesday, 9 January
  • [ GLSA 200801-02 ] R: Multiple vulnerabilities Pierre-Yves Rofes 
• Tuesday, 8 January
  • [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security_at_mandriva.com 
• Wednesday, 9 January
  • iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability iDefense Labs 
  • [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation Pierre-Yves Rofes 
  • [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service Thijs Kinkhorst 
  • [ GLSA 200801-05 ] Squid: Denial of Service Pierre-Yves Rofes 
  • [USN-565-1] Squid vulnerability Kees Cook 
  • [ GLSA 200801-04 ] OpenAFS: Denial of Service Pierre-Yves Rofes 
  • [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure Thijs Kinkhorst 
  • [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities security_at_mandriva.com 
• Thursday, 10 January
  • uCon 2008 call for participation - Recife, Brazil ucon_at_thebugmagazine.org 
• Wednesday, 9 January
  • Simple Machines Forum Cross-Site Scripting Vulnerabilities DoZ_at_HackersCenter.com 
• Thursday, 10 January
  • PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ProCheckUp Research 
• Wednesday, 9 January
  • [USN-566-1] OpenSSH vulnerability Kees Cook 
• Thursday, 10 January
  • Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit info_at_digitalarmaments.com 
• Wednesday, 9 January
  • [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities Robert Buchholz 
• Thursday, 10 January
  • BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP Adrian P 
  • Word 2007 Email as PDF path disclosure flaw ebk_lists_at_hotmail.com 
  • Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma 
  • MTCMS <=2.0 SQL Injection Vulnerbility hadihadi_zedehal_2006_at_yahoo.com 
  • [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability Noah Meyerhans 
  • [ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability security_at_mandriva.com 
  • Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) 
  • [USN-567-1] Dovecot vulnerability Kees Cook 
  • Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 none_at_void.gov 
  • re-resting of zzuf results Hanno Böck 
  • At long last -- Extra Outlooks! Thor (Hammer of God) 
  • [ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security_at_mandriva.com 
  • SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability sp3x_at_securityreason.com 
• Friday, 11 January
  • Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer 
• Thursday, 10 January
  • SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability sp3x_at_securityreason.com 
  • ImageAlbum Remote SQL Injection Vulnerabilities db_at_rawsecurity.org 
• Friday, 11 January
  • Re: Buffer-overflow in Quicktime Player 7.3.1.70 str0ke 
  • CFP: EuroSec Workshop (March 31st, 2008) Stefano Zanero 
  • Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ship_nx_at_yahoo.com 
  • Naymz multiple XSS morin.josh_at_gmail.com 
  • Re: At long last -- Extra Outlooks! Alexander Bochmann 
  • Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma 
  • Cross site scripting (XSS) in Moodle 1.8.3 Hanno Böck 
  • [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability security_at_mandriva.com 
  • [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities security_at_mandriva.com 
• Saturday, 12 January
  • Safari 2 Denial of Service S21sec labs 
• Friday, 11 January
  • [ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration security_at_mandriva.com 
  • [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs security_at_mandriva.com 
• Saturday, 12 January
  • Garment Center (index.cgi) Local File Inclusion Smasher_at_ciucciamiilcalzino.it 
• Sunday, 13 January
  • [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation Moritz Muehlenhoff 
  • what is this? crazy frog crazy frog 
  • Re: what is this? crazy frog crazy frog 
• Saturday, 12 January
  • [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration security_at_mandriva.com 
• Sunday, 13 January
  • RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz 
  • [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities Moritz Muehlenhoff 
• Monday, 14 January
  • Re: [Full-disclosure] what is this? 3APA3A 
  • Re: [Full-disclosure] what is this? Nick FitzGerald 
  • F5 BIG-IP Web Management List Search XSS nnposter_at_disclosed.not 
  • Re: [Full-disclosure] what is this? crazy frog crazy frog 
  • SQID v0.3 - SQL Injection Digger. Metaeye SG 
  • Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma 
• Friday, 11 January
  • Re: At long last -- Extra Outlooks! Casper.Dik_at_Sun.COM 
• Saturday, 12 January
  • Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 snagg_at_openssl.it 
• Friday, 11 January
  • RE: At long last - Extra Outlooks! Thor (Hammer of God) 
• Saturday, 12 January
  • Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma 
• Friday, 11 January
  • RE: At long last -- Extra Outlooks! Thor (Hammer of God) 
  • Re: At long last -- Extra Outlooks! Francois Labreque 
• Monday, 14 January
  • Re: what is this? Jose Nazario 
• Sunday, 13 January
  • [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection Thijs Kinkhorst 
• Monday, 14 January
  • Re: what is this? Robert McArdle 
  • Re: what is this? crazy frog crazy frog 
  • Re: what is this? Robert McArdle 
  • Re: what is this? admin_at_tkroupa.net 
  • Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily sys-project_at_hotmail.com 
  • Re: Garment Center (index.cgi) Local File Inclusion Smasher_at_ciucciamiilcalzino.it 
  • Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo 
  • ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability zdi-disclosures_at_3com.com 
  • RE: what is this? Mario Contestabile 
  • [SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities Moritz Muehlenhoff 
• Sunday, 13 January
  • [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service Moritz Muehlenhoff 
  • Hacking The Interwebs pdp (architect) 
• Saturday, 12 January
  • Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) 
• Monday, 14 January
  • Re[2]: [Full-disclosure] what is this? 3APA3A 
  • [USN-568-1] PostgreSQL vulnerabilities Jamie Strandboge 
  • Re: what is this? Gadi Evron 
• Tuesday, 15 January
  • [security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code security-alert_at_hp.com 
  • [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 security-alert_at_hp.com 
• Monday, 14 January
  • [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities security_at_mandriva.com 
  • [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module security_at_mandriva.com 
  • FreeBSD Security Advisory FreeBSD-SA-08:01.pty FreeBSD Security Advisories 
  • FreeBSD Security Advisory FreeBSD-SA-08:02.libc FreeBSD Security Advisories 
  • [USN-569-1] libxml2 vulnerability Kees Cook 
  • Re: what is this? Denis 
  • Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp 
  • Defeating audio captcha systems JosŽé M. Palazón Romero 
  • Country by Country ISA Computer Sets Thor (Hammer of God) 
  • Exploiting the SpamBam plugin for wordpress JosŽé M. Palazón Romero 
  • Re: what is this? crazy frog crazy frog 
  • Re: [Full-disclosure] what is this? Nick FitzGerald 
• Tuesday, 15 January
  • Re: [Full-disclosure] what is this? crazy frog crazy frog 
  • Re[2]: what is this? Denis 
  • Re[2]: what is this? Denis 
  • SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) sp3x_at_securityreason.com 
  • Article DashBoard all version SQL Injection Vulnerability xcross87_at_gmail.com 
  • Max's File Uploader File Upload Vulnerability xcross87_at_gmail.com 
  • RE: what is this? Memisyazici, Aras 
  • MicroNews Admin Direct Access vulnerability xcross87_at_gmail.com 
  • Pipe to FOR Crashes CMD James C. Slora Jr. 
  • Re: what is this? Jamie Riden 
  • Re: [Full-disclosure] what is this? Gadi Evron 
  • Re: [Full-disclosure] what is this? crazy frog crazy frog 
  • Re[2]: what is this? none 
  • Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber 
  • Re: Linksys WRT54 GL - Session riding (CSRF) Valdis.Kletnieks_at_vt.edu 
  • iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Labs 
  • iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Labs 
  • iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Labs 
  • iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Labs 
  • Re: Defeating audio captcha systems 3APA3A 
• Wednesday, 16 January
  • Re: what is this? Yousef Syed 
• Tuesday, 15 January
  • [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service Moritz Muehlenhoff 
• Wednesday, 16 January
  • [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] 
  • RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit sys-project_at_hotmail.com 
• Tuesday, 15 January
  • rPSA-2008-0015-1 cairo rPath Update Announcements 
  • cPanel Hosting Manager (dohtaccess.html) no-reply_at_aria-security.net 
  • rPSA-2008-0016-1 postgresql postgresql-server rPath Update Announcements 
  • rPSA-2008-0017-1 libxml2 rPath Update Announcements 
• Wednesday, 16 January
  • [DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG] 
• Tuesday, 15 January
  • TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability DVLabs 
  • 8e6 Technologies R3000 Internet Filter Bypass by Request Split nnposter_at_disclosed.not 
  • [Aria-Security.Net] Real Estate Web SQL Injection no-reply_at_aria-security.net 
  • iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Labs 
• Wednesday, 16 January
  • Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Cisco Systems Product Security Incident Response Team 
  • mcGuestbook v1.2 Remote File Inc. gokhankaya_at_hotmail.com 
  • Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma 
  • Country by Country Computer Sets now available for ISA 2004 Thor (Hammer of God) 
  • TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability DVLabs 
  • [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 come2waraxe_at_yahoo.com 
  • SQL scalar function to convert big int to dot notation Thor (Hammer of God) 
  • [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 come2waraxe_at_yahoo.com 
  • Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit sys-project_at_hotmail.com 
  • [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities security_at_mandriva.com 
  • [USN-570-1] boost vulnerabilities Jamie Strandboge 
  • [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities security_at_mandriva.com 
• Thursday, 17 January
  • [security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert_at_hp.com 
  • [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution Steve Kemp 
• Wednesday, 16 January
  • JoomlaFlash Component Multiple Remote File Inclusion Smasher_at_ciucciamiilcalzino.it 
  • PHPEchoCMS Multible remote vulnerabilitis security_at_soqor.net 
• Thursday, 17 January
  • rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Update Announcements 
• Wednesday, 16 January
  • Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples linlei99_at_hotmail.com 
  • [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities security_at_mandriva.com 
• Thursday, 17 January
  • rPSA-2008-0021-1 kernel rPath Update Announcements 
  • [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution Steve Kemp 
  • Re: Utimaco Safeguard Easy vulnerability benleavett_at_googlemail.com 
  • Clever Copy <=3.0 Multiple Remote Vulnerabilities hadihadi_zedehal_2006_at_yahoo.com 
  • [CSNC] OKI C5510MFP Printer Password Disclosure Adrian Leuenberger 
  • RE: Skype videomood XSS avivra 
  • CORE-2007-1119: CORE FORCE Kernel Buffer Overflow CORE Security Technologies Advisories 
  • iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities iDefense Labs 
  • iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability iDefense Labs 
  • iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities iDefense Labs 
  • iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability iDefense Labs 
  • ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability zdi-disclosures_at_3com.com 
  • IMF 2008 - Call for Papers Oliver Goebel 
• Friday, 18 January
  • [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) Robert Scheck 
• Thursday, 17 January
  • [USN-571-1] X.org vulnerabilities Kees Cook 
• Friday, 18 January
  • Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities houssamix_at_hotmail.fr 
• Thursday, 17 January
  • New search engine for exploits Security Basic 
• Friday, 18 January
  • common dns misconfiguration can lead to "same site" scripting Tavis Ormandy 
  • Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge_at_yahoo.com 
  • SocksCap Stack Overflow (<= 2.40-051231) azizov_at_itdefence.ru 
• Thursday, 17 January
  • Making big money... jmacaranas_at_fxdd.com 
  • Re: Country by Country ISA Computer Sets The Fungi 
• Wednesday, 16 January
  • Re: Country by Country ISA Computer Sets GomoR 
  • SinFP fingerprinting tool online demo GomoR 
  • RE: Country by Country ISA Computer Sets Thor (Hammer of God) 
• Thursday, 17 January
  • Re: mcGuestbook v1.2 Remote File Inc. the.tiger100_at_gmail.com 
• Wednesday, 16 January
  • Re: Article DashBoard all version SQL Injection Vulnerability hey_at_me.com 
• Friday, 18 January
  • RE: Country by Country ISA Computer Sets Thor (Hammer of God) 
  • Re: Country by Country ISA Computer Sets Richard Powell 
• Wednesday, 16 January
  • RE: Country by Country ISA Computer Sets Thor (Hammer of God) 
• Friday, 18 January
  • Re: Re: Utimaco Safeguard Easy vulnerability joachim.schneider_at_utimaco.de 
• Wednesday, 16 January
  • Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm michael.lambie_at_gmail.com 
• Friday, 18 January
  • MyBB 1.2.11 Multiple XSRF Vulnerabilities nbbn_at_gmx.net 
  • [USN-572-1] apt-listchanges vulnerability Kees Cook 
  • [USN-571-2] X.org regression Kees Cook 
• Saturday, 19 January
  • [SECURITY] [DSA 1466-2] New xorg-server packages fix regression Moritz Muehlenhoff 
  • [SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities Thijs Kinkhorst 
  • BitDefender Update Server - Unauthorized Remote File Access Vulnerability oliver karow 
• Friday, 18 January
  • Re: common dns misconfiguration can lead to "same site" scripting Kurt Grutzmacher 
• Saturday, 19 January
  • RE: Country by Country ISA Computer Sets Thor (Hammer of God) 
  • Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure admin_at_bugreport.ir 
• Sunday, 20 January
  • [SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff 
  • Php Search Remote Inclusion effectiveness63_at_gmail.com 
  • AXIGEN 5.0.x AXIMilter Format String Exploit hempel 
  • MegaBBS ASP Forum Cross-Site Scripting grossman_at_yahoo.com 
• Monday, 21 January
  • Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer 
  • WifiZoo v1.3 released (minor release) Hernan Ochoa 
  • Flaw in Alice gate2 pluswifi adsl modem wargame89_at_yahoo.it 
  • boastMachine <=3.1 SQL Injection Vulnerbility hadihadi_zedehal_2006_at_yahoo.com 
• Sunday, 20 January
  • [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Robert Buchholz 
• Monday, 21 January
  • Call Jacking: Phreaking the BT Home Hub Adrian P 
  • Pass-The-Hash Toolkit v1.2 released. Hernan Ochoa 
• Sunday, 20 January
  • BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include ÑæãÇäÓí åßÑ 
• Saturday, 19 January
  • [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code Robert Buchholz 
• Sunday, 20 January
  • [SECURITY] [DSA 1470-1] New horde3 packages fix denial of service Moritz Muehlenhoff 
• Saturday, 19 January
  • Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability gmdarkfig_at_gmail.com 
• Sunday, 20 January
  • [SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution Moritz Muehlenhoff 
• Saturday, 19 January
  • [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities Robert Buchholz 
  • [ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities security_at_mandriva.com 
• Monday, 21 January
  • [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 come2waraxe_at_yahoo.com 
  • [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11 come2waraxe_at_yahoo.com 
  • [SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities Moritz Muehlenhoff 
  • [SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff 
  • Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split mparker_at_8e6.com 
• Tuesday, 22 January
  • PR07-38: XSS on sIFR ProCheckUp Research 
• Monday, 21 January
  • [ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability security_at_mandriva.com 
• Tuesday, 22 January
  • Some hashes for the record Sergio 'shadown' Alvarez 
• Monday, 21 January
  • Re: common dns misconfiguration can lead to "same site" scripting David Malone 
  • Troopers 08 Security Conference, Call for Papers Enno Rey 
  • RE: Country by Country ISA Computer Sets Jim Harrison 
  • Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer 
  • [SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution Florian Weimer 
  • [ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities security_at_mandriva.com 
• Tuesday, 22 January
  • PacerCMS Multiple Vulnerabilities (XSS/SQL) db_at_rawsecurity.org 
  • Belong Site Builder 0.1b Bypass Admincp ÑèåÇæÓê çãÑ 
  • DeluxeBB 1.1 XSS Vulnerabilitie nbbn_at_gmx.net 
  • Re: PR07-38: XSS on sIFR bugs+securityfocus_at_novemberborn.net 
  • XSRF under Dean’s Permalinks Migration 1.0 g30rg3_x 
  • Apache mod_negotiation Xss and Http Response Splitting Minded Security Research Labs 
• Wednesday, 23 January
  • SDL_Image 1.2.6 and prior GIF handling buffer overflow Gynvael Coldwind 
• Tuesday, 22 January
  • PHP 5.2.5 cURL safe_mode bypass cxib_at_securityreason.com 
• Wednesday, 23 January
  • [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) security-alert_at_hp.com 
• Tuesday, 22 January
  • UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team 
  • Web Wiz Forums Directory traversal admin_at_bugreport.ir 
  • Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server admin_at_bugreport.ir 
  • Web Wiz NewsPad Directory traversal admin_at_bugreport.ir 
  • [ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities security_at_mandriva.com 
• Wednesday, 23 January
  • Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Cisco Systems Product Security Incident Response Team 
  • Cisco Security Advisory: Default Passwords in the Application Velocity System Cisco Systems Product Security Incident Response Team 
  • Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities Felipe M. Aragon 
  • Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Felipe M. Aragon 
  • Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability Felipe M. Aragon 
  • RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Eric Davis 
  • Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability nbbn_at_gmx.net 
  • [SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution Moritz Muehlenhoff 
  • [SECURITY] [DSA 1444-2] New php5 packages fix regression Moritz Muehlenhoff 
  • [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities Raphaël Marichez 
  • PIX Privilege Escalation Vulnerability tbbunn_at_ctc.net 
  • [ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities security_at_mandriva.com 
• Thursday, 24 January
  • ImageShack Toolbar FileUploader Class insecurities retrog_at_alice.it 
  • [ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities security_at_mandriva.com 
  • [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities security_at_mandriva.com 
  • [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities security_at_mandriva.com 
  • [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability security_at_mandriva.com 
  • Re: PIX Privilege Escalation Vulnerability Eloy Paris 
  • Tiger PHP News System SQL Injection 0in.email_at_gmail.com 
  • iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability iDefense Labs 
  • rPSA-2008-0029-1 bind bind-utils rPath Update Announcements 
  • rPSA-2008-0030-1 CherryPy rPath Update Announcements 
  • iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability iDefense Labs 
• Wednesday, 23 January
  • phpBB 2.0.22 Remote PM Delete XSRF Vulnerability nbbn_at_gmx.net 
• Thursday, 24 January
  • Re: Re: PIX Privilege Escalation Vulnerability tbbunn_at_ctc.net 
  • Pre Hotel and Resorts reservation portal login bypass milad_sa2007_at_yahoo.com 
  • E-SMART CART bypass milad_sa2007_at_yahoo.com 
  • Pre Dynamic Institution bypass milad_sa2007_at_yahoo.com 
• Friday, 25 January
  • [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) Admin_at_BugReport.IR 
• Thursday, 24 January
  • gdb bug digit2004_at_optonline.net 
• Friday, 25 January
  • C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow Eyal Udassin 
  • C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution Eyal Udassin 
  • C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability Eyal Udassin 
  • Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma 
  • [ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities security_at_mandriva.com 
• Monday, 25 February
  • Re: PIX Privilege Escalation Vulnerability Aaron Collins 
• Friday, 25 January
  • Two vulnerabilities for PatchLink Update Client for Unix. lcashdol_at_gmail.com 
  • [ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability security_at_mandriva.com 
• Saturday, 26 January
  • [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting Thijs Kinkhorst 
• Friday, 25 January
  • Tool availability - browser DOM Checker Michal Zalewski 
  • F5 BIG-IP Web Management ASM Security Report XSS nnposter_at_disclosed.not 
• Saturday, 26 January
  • PhPress-0.3.0 Read All Sql Information For Config r2t_at_hotmail.it 
  • phpIP 4.3.2 - Numerous SQL Injection Vulnerablities Charles Hooper 
• Sunday, 27 January
  • Metasploit Framework v3.1 Released H D Moore 
  • [SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation Moritz Muehlenhoff 
• Monday, 28 January
  • Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS admin_at_bugreport.ir 
• Sunday, 27 January
  • [ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code Robert Buchholz 
  • [ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code Robert Buchholz 
  • [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability Robert Buchholz 
  • [ GLSA 200801-13 ] ngIRCd: Denial of Service Robert Buchholz 
• Monday, 28 January
  • Facebook security contact Alexander Sotirov 
• Sunday, 27 January
  • ClanSphere 2007.4.4 Remote File Disclosure Vulnerability. p4imi0 
  • [SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution Moritz Muehlenhoff 
  • eTicket 'index.php' Cross Site Scripting Path Vulnerability Alessandro Tanasi 
• Saturday, 26 January
  • Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities dev_at_null.org 
  • Re: OneCMS Vulnerabilities webmaster_at_insanevisions.com 
  • ASPired2Protect bypass milad_sa2007_at_yahoo.com 
  • WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability nbbn_at_gmx.net 
• Monday, 28 January
  • CORE-2007-1219: Firebird Remote Memory Corruption Core Security Technologies Advisories 
  • VB Marketing "tseekdir.cgi" Local File Inclusion Sw33t.h4cK3r_at_hotmail.securityfocus.com 
  • Uninformed Journal Release Announcement: Volume 9 Uninformed Journal 
  • [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff 
  • Exploit in IE6,7 r2t_at_hotmail.it 
  • Re: Exploit in IE6,7 Nick FitzGerald 
• Tuesday, 29 January
  • Advisory: Tripwire Enterprise/Server XSS Vulnerability Liquidmatrix Security Digest 
  • Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow pete.sage_at_ge.com 
  • Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution pete.sage_at_ge.com 
  • Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability pete.sage_at_ge.com 
  • [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities Raphael Marichez 
  • CSRF/XSS in Sungard Banner banner_at_ch4n.org 
  • Remote File Disclosure in phpCMS 1.2.2 Digital Security Research Group 
  • Nucleus 3.31 XSS in path Digital Security Research Group 
  • PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities nbbn_at_gmx.net 
  • [!!FIX Information ] Nucleus 3.31 XSS in path Digital Security Research Group 
  • Re: Remote File Disclosure in phpCMS 1.2.2 3APA3A 
  • AmpJuke-0.7.0 (index.php) Xss VuLn. g0rk3m-31_at_hotmail.com 
  • Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340) Daniel Roethlisberger 
• Wednesday, 30 January
  • Recent Web Hacks: WHID update for Janury 30th 2008 Ofer Shezaf 
  • tinyBB v0.2 Message Board Remote File Inc. g0rk3m-31_at_hotmail.com 
  • Webspell 4.01.02 2 Vulnerabilites nbbn_at_gmx.net 
  • [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 come2waraxe_at_yahoo.com 
• Tuesday, 29 January
  • [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service Raphael Marichez 
  • [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service Raphael Marichez 
  • [ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities security_at_mandriva.com 
• Wednesday, 30 January
  • Ye&#351;il Koridor Ziyareti Defteri (index.php) SqL. inj. g0rk3m-31_at_hotmail.com 
  • RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik 
  • Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability Cisco Systems Product Security Incident Response Team 
  • PeteFinnigan.com Limited advisory for Oracle January 2008 CPU Pete Finnigan 
  • rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements 
  • [ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities Pierre-Yves Rofes 
  • [ GLSA 200801-20 ] libxml2: Denial of Service Pierre-Yves Rofes 
  • [ GLSA 200801-19 ] GOffice: Multiple vulnerabilities Pierre-Yves Rofes 
  • [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution Pierre-Yves Rofes 
  • [ GLSA 200801-22 ] PeerCast: Buffer overflow Pierre-Yves Rofes 
  • contactforms "cforms-css.php" Remote File Inclusion Sw33t.h4cK3r_at_hotmail.securityfocus.com 
  • [ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack security_at_mandriva.com 
• Thursday, 31 January
  • [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group 
  • [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 come2waraxe_at_yahoo.com 
  • Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group 
  • Attackers can SkypeFind you avivra 
  • sflog! 0.96 remote file disclosure vulnerabilities muuratsalo experimental hack lab 
  • [USN-573-1] PulseAudio vulnerability Jamie Strandboge 
  • nilson's blogger 0.11 remote file disclosure vulnerabilities muuratsalo experimental hack lab 

• Last message date: Jan 31 2008
• Archived on: Apr 21 2008 PDT