443 messages starting Jan 01 08 and ending Jan 31 08 Date index | Thread index | Author index
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search Audun Larsen
MODx CMS Source code disclosure, local file inclusion admin XSS Vulnerabilities in Common Shockwave Flash Files rich cannings Buffer-overflow and format string in White_Dune 0.29beta791 Luigi Auriemma phpBB2 2.0.22 Cross Site Scripting Vulnerability bugtraq Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 Luigi Auriemma AST-2008-001: Crash from transfer using BYE with Also header Asterisk Security Team
Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication Michal Zalewski Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra xss in w3-msql error page vivek_infosec [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities security Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic Re: Cryptome: NSA has real-time access to Hushmail servers John Simpson Re: Cryptome: NSA has real-time access to Hushmail servers Lee Dilkie RE: Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf RE: Re: Cryptome: NSA has real-time access to Hushmail servers M. Burnett RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras rPSA-2008-0001-1 dovecot rPath Update Announcements [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service Moritz Muehlenhoff Re: Latest round of web hacking incidents for 2007 & Project news Peter Watkins multiple CAPTCHA automation test bypass digest 3APA3A Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability admin Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff securityvulns.com russian vulnerabilities digest 3APA3A [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service Moritz Muehlenhoff [SECURITY] [DSA 1445-1] New maradns packages fix denial of service Moritz Muehlenhoff [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic rPSA-2008-0004-1 tshark wireshark rPath Update Announcements
FortiGuard: URL Filtering Application Bypass Vulnerability Danux Re: rPSA-2008-0001-1 dovecot Steven M. Christey Re: Latest round of web hacking incidents for 2007 & Project news s f AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability Aufmuth Andreas Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves Re: rPSA-2008-0001-1 dovecot Jonathan Smith Multiple vulnerabilities in yaSSL 1.7.5 Luigi Auriemma Some DoS in some telnet servers Luigi Auriemma Pre-auth buffer-overflow in mySQL through yaSSL Luigi Auriemma Re: FortiGuard: URL Filtering Application Bypass Vulnerability 3APA3A iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability iDefense Labs
rPSA-2008-0006-1 libexif rPath Update Announcements INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT underwater NetRisk 1.9.7 Remote File Inclusion Vulnerability erne [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error Steve Kemp [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service security rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements [SECURITY] [DSA 1450-1] New util-linux packages fix programming error Steve Kemp [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code Steve Kemp rPSA-2008-0008-1 cups rPath Update Announcements [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution Steve Kemp Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 Robbie Gill
vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn eTicket 1.5.5.2 Multiple Vulnerabilities L4teral [HSC] Snitz Forums Multiple Vulnerabilities DoZ netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 OneCMS Vulnerabilities admin [Reversemode Paper] Exploiting WDM Audio Drivers Reversemode New Web Hacking Incidents at WHID Ofer Shezaf [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa SocialURL Login Page Cross-Site Scripting morin . josh Re: vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn PostgreSQL 2007-01-07 Cumulative Security Release Josh Berkus [SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service Steve Kemp [SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities Moritz Muehlenhoff LayerOne 2008 - CFP Released Layer One Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. p4imi0 CORE-2007-1106: SynCE Remote Command Injection CORE Security Technologies Advisories [SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution Moritz Muehlenhoff Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes. Reed Arvin RE: [HSC] Snitz Forums Multiple Vulnerabilities Aaron Cake PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes Reed Arvin iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability iDefense Labs
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities security [USN-560-1] Tomboy vulnerability Jamie Strandboge sysHotel On Line Remote File Disclosure Vulnerability. p4imi0 Level-One WBR-3460A Grants Root Access anastasiosm VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 VMware Security team Corsaire Security Advisory: Sun J2RE DoS issue advisories HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert Joomla 1.0.13 CSRF J. Carlos Nieto Re: Joomla 1.0.13 CSRF J. Carlos Nieto [SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems Steve Kemp ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow Robert Buchholz
LFI in Tuned Studios Templates Digital Security Research Group [DSecRG] [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution security-alert First (Major) web hacking incidents for 2008. Sign of the year to come? Ofer Shezaf [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS infocus Re: First (Major) web hacking incidents for 2008. Sign of the year to come? Paul Schmehl [USN-562-1] opal vulnerability Kees Cook [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities security Privileg escalation in Omegasoft Insel 7 MC Iglo [ GLSA 200801-01 ] unp: Arbitrary command execution Robert Buchholz [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected infocus Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 Luigi Auriemma [USN-561-1] pwlib vulnerability Kees Cook [USN-564-1] Net-SNMP vulnerability Jamie Strandboge [USN-563-1] CUPS vulnerabilities Kees Cook [ GLSA 200801-02 ] R: Multiple vulnerabilities Pierre-Yves Rofes [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability iDefense Labs [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation Pierre-Yves Rofes [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service Thijs Kinkhorst [ GLSA 200801-05 ] Squid: Denial of Service Pierre-Yves Rofes [USN-565-1] Squid vulnerability Kees Cook [ GLSA 200801-04 ] OpenAFS: Denial of Service Pierre-Yves Rofes [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure Thijs Kinkhorst [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities security
uCon 2008 call for participation - Recife, Brazil ucon Simple Machines Forum Cross-Site Scripting Vulnerabilities DoZ PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ProCheckUp Research [USN-566-1] OpenSSH vulnerability Kees Cook Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit info [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities Robert Buchholz BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP Adrian P Word 2007 Email as PDF path disclosure flaw ebk_lists Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma MTCMS <=2.0 SQL Injection Vulnerbility hadihadi_zedehal_2006 [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability Noah Meyerhans [ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability security Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) [USN-567-1] Dovecot vulnerability Kees Cook
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 none re-resting of zzuf results Hanno Böck At long last -- Extra Outlooks! Thor (Hammer of God) [ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability sp3x Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability sp3x ImageAlbum Remote SQL Injection Vulnerabilities db Re: Buffer-overflow in Quicktime Player 7.3.1.70 str0ke CFP: EuroSec Workshop (March 31st, 2008) Stefano Zanero Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ship_nx Naymz multiple XSS morin . josh Re: At long last -- Extra Outlooks! Alexander Bochmann Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma
Cross site scripting (XSS) in Moodle 1.8.3 Hanno Böck [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability security [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities security Safari 2 Denial of Service S21sec labs [ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration security [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Garment Center (index.cgi) Local File Inclusion Smasher [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation Moritz Muehlenhoff what is this? crazy frog crazy frog Re: what is this? crazy frog crazy frog [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration security RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities Moritz Muehlenhoff Re: [Full-disclosure] what is this? 3APA3A Re: [Full-disclosure] what is this? Nick FitzGerald F5 BIG-IP Web Management List Search XSS nnposter Re: [Full-disclosure] what is this? crazy frog crazy frog SQID v0.3 - SQL Injection Digger. Metaeye SG Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma Re: At long last -- Extra Outlooks! Casper . Dik Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 snagg RE: At long last - Extra Outlooks! Thor (Hammer of God) Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma RE: At long last -- Extra Outlooks! Thor (Hammer of God) Re: At long last -- Extra Outlooks! Francois Labreque Re: what is this? Jose Nazario [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection Thijs Kinkhorst Re: what is this? Robert McArdle Re: what is this? crazy frog crazy frog Re: what is this? Robert McArdle Re: what is this? admin Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily sys-project Re: Garment Center (index.cgi) Local File Inclusion Smasher Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability zdi-disclosures RE: what is this? Mario Contestabile [SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities Moritz Muehlenhoff [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service Moritz Muehlenhoff Hacking The Interwebs pdp (architect) Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) Re[2]: [Full-disclosure] what is this? 3APA3A [USN-568-1] PostgreSQL vulnerabilities Jamie Strandboge Re: what is this? Gadi Evron
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code security-alert [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 security-alert [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities security [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module security FreeBSD Security Advisory FreeBSD-SA-08:01.pty FreeBSD Security Advisories FreeBSD Security Advisory FreeBSD-SA-08:02.libc FreeBSD Security Advisories [USN-569-1] libxml2 vulnerability Kees Cook Re: what is this? Denis Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp Defeating audio captcha systems José M. Palazón Romero Country by Country ISA Computer Sets Thor (Hammer of God) Exploiting the SpamBam plugin for wordpress José M. Palazón Romero Re: what is this? crazy frog crazy frog Re: [Full-disclosure] what is this? Nick FitzGerald Re: [Full-disclosure] what is this? crazy frog crazy frog Re[2]: what is this? Denis Re[2]: what is this? Denis SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) sp3x Article DashBoard all version SQL Injection Vulnerability xcross87 Max's File Uploader File Upload Vulnerability xcross87 RE: what is this? Memisyazici, Aras MicroNews Admin Direct Access vulnerability xcross87 Pipe to FOR Crashes CMD James C. Slora Jr. Re: what is this? Jamie Riden Re: [Full-disclosure] what is this? Gadi Evron Re: [Full-disclosure] what is this? crazy frog crazy frog Re[2]: what is this? none Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Labs iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Labs iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Labs iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Labs
Re: Defeating audio captcha systems 3APA3A Re: what is this? Yousef Syed [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service Moritz Muehlenhoff [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit sys-project rPSA-2008-0015-1 cairo rPath Update Announcements cPanel Hosting Manager (dohtaccess.html) no-reply rPSA-2008-0016-1 postgresql postgresql-server rPath Update Announcements rPSA-2008-0017-1 libxml2 rPath Update Announcements [DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG] TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability DVLabs 8e6 Technologies R3000 Internet Filter Bypass by Request Split nnposter [Aria-Security.Net] Real Estate Web SQL Injection no-reply iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Labs Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Cisco Systems Product Security Incident Response Team mcGuestbook v1.2 Remote File Inc. gokhankaya Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma Country by Country Computer Sets now available for ISA 2004 Thor (Hammer of God) TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability DVLabs [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 come2waraxe SQL scalar function to convert big int to dot notation Thor (Hammer of God) [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 come2waraxe Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit sys-project [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities security [USN-570-1] boost vulnerabilities Jamie Strandboge [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities security
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution Steve Kemp JoomlaFlash Component Multiple Remote File Inclusion Smasher PHPEchoCMS Multible remote vulnerabilitis security rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Update Announcements Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples linlei99 [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities security rPSA-2008-0021-1 kernel rPath Update Announcements [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution Steve Kemp Re: Utimaco Safeguard Easy vulnerability benleavett Clever Copy <=3.0 Multiple Remote Vulnerabilities hadihadi_zedehal_2006 [CSNC] OKI C5510MFP Printer Password Disclosure Adrian Leuenberger RE: Skype videomood XSS avivra CORE-2007-1119: CORE FORCE Kernel Buffer Overflow CORE Security Technologies Advisories iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities iDefense Labs iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability iDefense Labs iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities iDefense Labs iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability iDefense Labs
ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability zdi-disclosures IMF 2008 - Call for Papers Oliver Goebel [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) Robert Scheck [USN-571-1] X.org vulnerabilities Kees Cook Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities houssamix New search engine for exploits Security Basic common dns misconfiguration can lead to "same site" scripting Tavis Ormandy Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge SocksCap Stack Overflow (<= 2.40-051231) azizov Making big money... jmacaranas Re: Country by Country ISA Computer Sets The Fungi Re: Country by Country ISA Computer Sets GomoR SinFP fingerprinting tool online demo GomoR RE: Country by Country ISA Computer Sets Thor (Hammer of God) Re: mcGuestbook v1.2 Remote File Inc. the . tiger100 Re: Article DashBoard all version SQL Injection Vulnerability hey RE: Country by Country ISA Computer Sets Thor (Hammer of God) Re: Country by Country ISA Computer Sets Richard Powell RE: Country by Country ISA Computer Sets Thor (Hammer of God) Re: Re: Utimaco Safeguard Easy vulnerability joachim . schneider Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm michael . lambie MyBB 1.2.11 Multiple XSRF Vulnerabilities nbbn
[USN-572-1] apt-listchanges vulnerability Kees Cook [USN-571-2] X.org regression Kees Cook [SECURITY] [DSA 1466-2] New xorg-server packages fix regression Moritz Muehlenhoff [SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities Thijs Kinkhorst BitDefender Update Server - Unauthorized Remote File Access Vulnerability oliver karow Re: common dns misconfiguration can lead to "same site" scripting Kurt Grutzmacher
RE: Country by Country ISA Computer Sets Thor (Hammer of God) Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure admin [SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff Php Search Remote Inclusion effectiveness63 AXIGEN 5.0.x AXIMilter Format String Exploit hempel MegaBBS ASP Forum Cross-Site Scripting grossman Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer WifiZoo v1.3 released (minor release) Hernan Ochoa Flaw in Alice gate2 pluswifi adsl modem wargame89 boastMachine <=3.1 SQL Injection Vulnerbility hadihadi_zedehal_2006 [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Robert Buchholz Call Jacking: Phreaking the BT Home Hub Adrian P Pass-The-Hash Toolkit v1.2 released. Hernan Ochoa BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include رومانسي هكر [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code Robert Buchholz [SECURITY] [DSA 1470-1] New horde3 packages fix denial of service Moritz Muehlenhoff Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability gmdarkfig [SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution Moritz Muehlenhoff [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities Robert Buchholz [ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities security [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 come2waraxe [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11 come2waraxe [SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities Moritz Muehlenhoff [SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split mparker
PR07-38: XSS on sIFR ProCheckUp Research [ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability security Some hashes for the record Sergio 'shadown' Alvarez Re: common dns misconfiguration can lead to "same site" scripting David Malone Troopers 08 Security Conference, Call for Papers Enno Rey RE: Country by Country ISA Computer Sets Jim Harrison Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer [SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution Florian Weimer [ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities security PacerCMS Multiple Vulnerabilities (XSS/SQL) db Belong Site Builder 0.1b Bypass Admincp رومانسي هكر DeluxeBB 1.1 XSS Vulnerabilitie nbbn Re: PR07-38: XSS on sIFR bugs+securityfocus XSRF under Dean’s Permalinks Migration 1.0 g30rg3_x Apache mod_negotiation Xss and Http Response Splitting Minded Security Research Labs
SDL_Image 1.2.6 and prior GIF handling buffer overflow Gynvael Coldwind PHP 5.2.5 cURL safe_mode bypass cxib [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) security-alert UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team Web Wiz Forums Directory traversal admin Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server admin Web Wiz NewsPad Directory traversal admin [ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities security Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Default Passwords in the Application Velocity System Cisco Systems Product Security Incident Response Team Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities Felipe M. Aragon Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Felipe M. Aragon Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability Felipe M. Aragon RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Eric Davis Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability nbbn
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution Moritz Muehlenhoff [SECURITY] [DSA 1444-2] New php5 packages fix regression Moritz Muehlenhoff [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities Raphaël Marichez PIX Privilege Escalation Vulnerability tbbunn [ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities security ImageShack Toolbar FileUploader Class insecurities retrog [ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities security [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities security [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities security [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability security Re: PIX Privilege Escalation Vulnerability Eloy Paris Tiger PHP News System SQL Injection 0in . email iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability iDefense Labs rPSA-2008-0029-1 bind bind-utils rPath Update Announcements rPSA-2008-0030-1 CherryPy rPath Update Announcements iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability iDefense Labs phpBB 2.0.22 Remote PM Delete XSRF Vulnerability nbbn
Re: Re: PIX Privilege Escalation Vulnerability tbbunn Pre Hotel and Resorts reservation portal login bypass milad_sa2007 E-SMART CART bypass milad_sa2007 Pre Dynamic Institution bypass milad_sa2007 [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) Admin gdb bug digit2004 C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow Eyal Udassin C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution Eyal Udassin C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability Eyal Udassin Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma [ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities security Re: PIX Privilege Escalation Vulnerability Aaron Collins Two vulnerabilities for PatchLink Update Client for Unix. lcashdol
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability security [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting Thijs Kinkhorst Tool availability - browser DOM Checker Michal Zalewski F5 BIG-IP Web Management ASM Security Report XSS nnposter PhPress-0.3.0 Read All Sql Information For Config r2t
phpIP 4.3.2 - Numerous SQL Injection Vulnerablities Charles Hooper Metasploit Framework v3.1 Released H D Moore [SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation Moritz Muehlenhoff Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS admin [ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code Robert Buchholz [ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code Robert Buchholz [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability Robert Buchholz [ GLSA 200801-13 ] ngIRCd: Denial of Service Robert Buchholz Facebook security contact Alexander Sotirov ClanSphere 2007.4.4 Remote File Disclosure Vulnerability. p4imi0 [SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution Moritz Muehlenhoff eTicket 'index.php' Cross Site Scripting Path Vulnerability Alessandro Tanasi Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities dev Re: OneCMS Vulnerabilities webmaster ASPired2Protect bypass milad_sa2007 WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability nbbn CORE-2007-1219: Firebird Remote Memory Corruption Core Security Technologies Advisories VB Marketing "tseekdir.cgi" Local File Inclusion Sw33t . h4cK3r Uninformed Journal Release Announcement: Volume 9 Uninformed Journal [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff Exploit in IE6,7 r2t Re: Exploit in IE6,7 Nick FitzGerald
Advisory: Tripwire Enterprise/Server XSS Vulnerability Liquidmatrix Security Digest Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow pete . sage Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution pete . sage Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability pete . sage [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities Raphael Marichez CSRF/XSS in Sungard Banner banner Remote File Disclosure in phpCMS 1.2.2 Digital Security Research Group Nucleus 3.31 XSS in path Digital Security Research Group PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities nbbn [!!FIX Information ] Nucleus 3.31 XSS in path Digital Security Research Group Re: Remote File Disclosure in phpCMS 1.2.2 3APA3A AmpJuke-0.7.0 (index.php) Xss VuLn. g0rk3m-31 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340) Daniel Roethlisberger
Recent Web Hacks: WHID update for Janury 30th 2008 Ofer Shezaf tinyBB v0.2 Message Board Remote File Inc. g0rk3m-31 Webspell 4.01.02 2 Vulnerabilites nbbn [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 come2waraxe [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service Raphael Marichez [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service Raphael Marichez [ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities security Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj. g0rk3m-31 RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability Cisco Systems Product Security Incident Response Team PeteFinnigan.com Limited advisory for Oracle January 2008 CPU Pete Finnigan rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements [ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities Pierre-Yves Rofes [ GLSA 200801-20 ] libxml2: Denial of Service Pierre-Yves Rofes [ GLSA 200801-19 ] GOffice: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution Pierre-Yves Rofes [ GLSA 200801-22 ] PeerCast: Buffer overflow Pierre-Yves Rofes contactforms "cforms-css.php" Remote File Inclusion Sw33t . h4cK3r [ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack security [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 come2waraxe Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group Attackers can SkypeFind you avivra sflog! 0.96 remote file disclosure vulnerabilities muuratsalo experimental hack lab [USN-573-1] PulseAudio vulnerability Jamie Strandboge nilson's blogger 0.11 remote file disclosure vulnerabilities muuratsalo experimental hack lab
RSS Feed
About List
All Lists
Previous period
