Mail Thread Index

• Date Index

• MyBB XSS cross-site scripting, addmimistrator
  • SCO Openserver 5.0.x exploit, rod hedor
• MyBB 1.0 SQL injection in uploading file, addmimistrator
• [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities, XFOCUS Security Team
• [ GLSA 200601-01 ] pinentry: Local privilege escalation, Thierry Carrez
• [USN-234-1] cpio vulnerability, Martin Pitt
• Re: WMF Exploit, Justin Myers
  • <Possible follow-ups>
  • Re: RE: WMF Exploit, grasshopa
    • Re: WMF Exploit, Joshua
  • Re: WMF Exploit, Frank Knobbe
  • RE: WMF Exploit, Paul
  • WMF exploit, Andreas Marx
  • Re: WMF Exploit, Paul Laudanski
  • RE: WMF Exploit, Discussion Lists
• [KAPDA::#19] - Html Injection in vBulletin 3.5.2, alireza hassani
• [USN-233-1] fetchmail vulnerability, Martin Pitt
• [eVuln] PHPjournaler SQL Injection Vulnerability, alex
• [eVuln] Chipmunk Guestbook XSS Vulnerability, alex
• [ GLSA 200512-18 ] XnView: Privilege escalation, Thierry Carrez
• [eVuln] Chimera Web Portal System Multiple Vulnerabilities, alex
• NicoFTP Stack Overflow, k4p0k4p0
• [eVuln] inTouch Authentication Bypass, alex
• Drupal all versiyon xss cehennem.org, liz0
  • Re: Drupal all versiyon xss cehennem.org, RSnake
  • <Possible follow-ups>
  • Re: Drupal all versiyon xss cehennem.org, security
• [eVuln] B-net Software Multiple XSS Vulnerabilities, alex
• [eVuln] ScozBook "adminname" Authentication Bypass, alex
• [eVuln] oaBoard PHP Code Execution, alex
• RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau
• [eVuln] VEGO Web Forum SQL Injection Vulnerability, alex
• Winrar 3.30 Local Buffer Overflow, Alpha_Programmer
• WMF round-up, updates and de-mystification, Gadi Evron
  • Re: [Full-disclosure] WMF round-up, updates and de-mystification, Nancy Kramer
  • Re: [Full-disclosure] WMF round-up, updates and de-mystification, InfoSecBOFH
    • RE: [Full-disclosure] WMF round-up, updates and de-mystification, Larry Seltzer
  • Re: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne
    • Re: WMF round-up, updates and de-mystification, Gadi Evron
    • RE: [funsec] WMF round-up, updates and de-mystification, Larry Seltzer
      • Re[2]: [funsec] WMF round-up, updates and de-mystification, Pierre Vandevenne
  • Re: WMF round-up, updates and de-mystification, Adam Shostack
  • <Possible follow-ups>
  • RE: WMF round-up, updates and de-mystification, Krpata, Tyler
• WMF SETABORTPROC exploit, SanjayR
• [eVuln] VEGO Links Builder Authentication Bypass, alex
• Recruitment Software allows MySQL credentials disclosure, Rafael San Miguel Carrasco
• [eVuln] phpBook PHP Code Execution, alex
• WSJ: The new "metasploit" computer virus, Richard M. Smith
• [eVuln] PHPenpals SQL Injection Vulnerabilit, alex
• Another WMF exploit workaround, Ivan Arce
• Download Accelerator Plus can be tricked to download malicious file, visitbipin
  • RE: Download Accelerator Plus can be tricked to download malicious file, NaPa
  • <Possible follow-ups>
  • Re: Download Accelerator Plus can be tricked to download malicious file, visitbipin
    • Re: Download Accelerator Plus can be tricked to download malicious file, Dave Korn
• [eVuln] Lizard Cart CMS SQL Injection Vulnerability, alex
• New from the MS Advisory, Larry Seltzer
  • Re: New from the MS Advisory, Damaged Industries
• Dumb IE6/XP denial of service found on the web, 8ux1fpd02
  • RE: Dumb IE6/XP denial of service found on the web, Mario Contestabile
  • Re: Dumb IE6/XP denial of service found on the web, Kim Christensen
  • Re: Dumb IE6/XP denial of service found on the web, Francois Labreque
  • <Possible follow-ups>
  • Re: Dumb IE6/XP denial of service found on the web, rebornrebel
• Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, Eloy A. Paris
• MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability, Mandriva Security Team
• Re: WMF browser-ish exploit vectors, Nick FitzGerald
  • <Possible follow-ups>
  • Re: WMF browser-ish exploit vectors, Dave Korn
    • RE: WMF browser-ish exploit vectors, James C Slora Jr
• Re: WTF??, Nick FitzGerald
  • <Possible follow-ups>
  • Re: WTF??, anthony . aykut
• Mapping and Remote manipulation of databases, Gandalf The White
• WMF: New Metasploit Framework Module, H D Moore
• iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
• what we REALLY learned from WMF, Gadi Evron
  • Re: what we REALLY learned from WMF, Thor (Hammer of God)
    • industry standards - current status [was: what we REALLY learned from WMF], Gadi Evron
      • Re: industry standards - current status [was: what we REALLY learned from WMF], D. Hazelton
• Open Letter on the Interpretation of "Vulnerability Statistics", Steven M. Christey
• MD:Pro - Malware Distribution Project, anthony . aykut
  • Re: MD:Pro - Malware Distribution Project, Rembrandt
• [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1, eufrato
• CyberShop User Login Sql Injection, night_warrior771
• [eVuln] TinyPHPForum Multiple Vulnerabilities, alex
• What is sbininitd port 65534 ???, waltdnes
• HylaFAX Security advisory - fixed in HylaFAX 4.2.4, Aidan Van Dyk
• Contact information for Symantec Vulnerability Management, secure
• Uninformed Journal Release Announcement: Volume 3, Uninformed
• iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
• [USN-236-1] xpdf vulnerabilities, Martin Pitt
• [USN-235-1] sudo vulnerability, Martin Pitt
• Windows PHP 4.x "0-day" buffer overflow, mercenary
• Interview: Ilfak Guilfanov, Matthew Murphy
  • MD5s of Unofficial patches and other mistakes, Forrest J. Cavalier III
  • Re: Interview: Ilfak Guilfanov, Randal L. Schwartz
    • Re: Interview: Ilfak Guilfanov, Denis Jedig
• MS released a patch today - MS06-001, Duran, Jason IT0
  • Re: MS released a patch today - MS06-001, Anthony R. Nemmer
• [eVuln] ADNForum Multiple Vulnerabilities, alex
• iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
• APPLE-SA-2006-01-05 AirPort firmware update, noreply
• [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access, security-alert
• [eVuln] TheWebForum Script Insertion and Authentication Bypass, alex
• MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team
  • <Possible follow-ups>
  • MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities, Mandriva Security Team
• Did MS pull an Ilfak? (MS patch bindiff results), Gadi Evron
  • Re: Did MS pull an Ilfak? (MS patch bindiff results), Brett Glass
    • Re: Did MS pull an Ilfak? (MS patch bindiff results), Joe Polk
      • Re: Did MS pull an Ilfak? (MS patch bindiff results), Denis Jedig
  • <Possible follow-ups>
  • RE: Did MS pull an Ilfak? (MS patch bindiff results), Greg Wroblewski
• MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team
  • <Possible follow-ups>
  • MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities, Mandriva Security Team
• MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team
• [USN-238-1] Blender vulnerability, Martin Pitt
  • [USN-238-2] Blender vulnerability, Martin Pitt
• [USN-237-1] nbd vulnerability, Martin Pitt
  • Re: [USN-237-1] nbd vulnerability, Florian Weimer
• [eVuln] Proyecto Domus 'email' XSS Vulnerability, alex
• [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code, Sune Kloppenborg Jeppesen
• MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team
  • <Possible follow-ups>
  • MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities, Mandriva Security Team
• SysCP WebFTP local file inclusion vulnerability, Thomas Henlich
• [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
• MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team
  • <Possible follow-ups>
  • MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities, Mandriva Security Team
• [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking, Sune Kloppenborg Jeppesen
• [eVuln] NavBoard BBcode XSS Vulnerability, alex
• Survey on Vuln Disclosure: Request for Participation, Richard Forno
• Recon2006 - Call for papers, Hugo Fortier
• xorg server 6.8.2 and below on 64bit arch, serj
• Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities, frankruder
• [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities, frankruder
• [SECURITY] [DSA 929-1] New petris packages fix buffer overflow, Michael Stone
• [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability, Michael Stone
• NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure, NetBSD Security Officer
• NetBSD Security Advisory 2006-002: settimeofday() time wrap, NetBSD Security Officer
• [eVuln] Foxrum BBCode XSS Vulnerabilty, alex
• [SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution, Martin Schulze
• [eVuln] Venom Board SQL Injection Vulnerability, alex
• Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability, info
• [SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution, Martin Schulze
• AOL Multiple Cross Site Scripting Vulnerability, simo
• MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team
  • <Possible follow-ups>
  • MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities, Mandriva Security Team
• Html_Injection in vBulletin 3.5.2, the_bekir
  • <Possible follow-ups>
  • Re: Html_Injection in vBulletin 3.5.2, Steven M. Christey
  • Re: Html_Injection in vBulletin 3.5.2, info
• AIM Multiple Cross Site Scripting Vulnerability, simo
• Orjinweb E-commerce, serxwebun
• iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability, labs-no-reply@xxxxxxxxxxxx
• Php-Nuke Pool and News Module IMG Tag Cross Site, night_warrior771
• Xoops Pool Module IMG Tag Cross Site Scripting, night_warrior771
• [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS), alex
• MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities, Mandriva Security Team
• Research: Malware Action Detection and Protection, Arman Nayyeri
• [SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution, Michael Stone
• [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities, Michael Stone
• [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability, Michael Stone
• [SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution, Michael Stone
• Multiple Vulnerabilities in Hummingbird Collaboration, luca . carettoni
• iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
• [USN-239-1] libapache2-mod-auth-pgsql vulnerability, Martin Pitt
• [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert
• [USN-236-2] xpdf vulnerabilities in kword, kpdf, Martin Pitt
• [FLSA-2006:136323] Updated gettext package fixes security issues, Marc Deslauriers
• [FLSA-2006:152907] Updated htdig packages fix security issues, Marc Deslauriers
• Time modification flaw in BSD securelevels on NetBSD and Linux, RedTeam Pentesting
• [FLSA-2006:152922] Updated ethereal packages fix security issues, Marc Deslauriers
• Malware - future trends, Dancho Danchev
• [FLSA-2006:168375] Updated mozilla packages fix security issues, Marc Deslauriers
• New PEAR / Apache2Triad Exploit, jd2k2000
• Microsoft Exchange Critical Vulnerability, NGSSoftware Insight Security Research
• Microsoft Outlook Critical Vulnerability, NGSSoftware Insight Security Research
• Updated Advisories - Incorrect CVE Information, Advisories
• Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Systems Product Security Incident Response Team
• [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow, Advisories
• [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow, Advisories
• [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server, bugzilla
• [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow, Stefan Cornelius
• PostgreSQL security releases 8.0.6 and 8.1.2, PostgreSQL Security
• FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED], FreeBSD Security Advisories
• SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001), Ludwig Nussel
• eStara Softphone SIP stack Buffer Overflow Vulnerability, zwell
• Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp), nukedx
• [eVuln] MyPhPim Arbitrary File Upload, alex
• [USN-235-2] sudo vulnerability, Martin Pitt
• [FLSA-2006:167803] Updated mysql packages fix security issues, Marc Deslauriers
• FreeBSD Security Advisory FreeBSD-SA-06:01.texindex, FreeBSD Security Advisories
• [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow, Advisories
• MDKSA-2006:010 - Updated cups packages fix several vulnerabilities, Mandriva Security Team
• Advisory: XSS attack on Superonline.com email service., nukedx
• BSD Securelevels: Circumventing protection of files flagged immutable, RedTeam Pentesting
• H-Sphere Security Vulnerability, M.Neset KABAKLI
• Advisory 02/2006: PHP ext/mysqli Format String Vulnerability, Stefan Esser
• Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability, Stefan Esser
• Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution, Martin Schulze
• EUSecWest papers and CanSecWest CFP, Dragos Ruiu
• [USN-241-1] Apache vulnerabilities, Adam Conrad
• Session data pollution vulnerabilities in web applications, Alla Bezroutchko
  • Re: [Full-disclosure] Session data pollution vulnerabilities in web applications, Frank Knobbe
• Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx
  • <Possible follow-ups>
  • Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability, nukedx
    • Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit, nukedx
• FogBugz Cross Site Scripting Vulnerability, M.Neset KABAKLI
• Cisco, haven't we learned anything? (technician reset), Gadi Evron
• Multiple PHP Toolkit for PayPal Vulnerabilities, uinC Team
• Interspire TrackPoint NX XSS Vulnerability, M.Neset KABAKLI
• [SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification, Martin Schulze
• [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution, Martin Schulze
• ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability, zdi-disclosures
• [eVuln] TankLogger SQL Injection Vulnerability, alex
• [eVuln] ACal Authentication Bypass & PHP Code Insertion, alex
• [eVuln] Wordcircle Authentication Bypass, alex
• [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities, alex
• [USN-240-1] bogofilter vulnerability, Martin Pitt
• Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability, secresearch
• [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service, Martin Schulze
• [SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution, Martin Schulze
• [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen
• SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002), Marcus Meissner
• MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities, Mandriva Security Team
• [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
• [ GLSA 200601-08 ] Blender: Heap-based buffer overflow, Sune Kloppenborg Jeppesen
• Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access, secresearch
• iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow, labs-no-reply@xxxxxxxxxxxx
• Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability, secresearch
• mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation, xwings
• [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow, Advisories
• FreeBSD Security Advisory FreeBSD-SA-06:03.cpio, FreeBSD Security Advisories
• [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities, Stefan Cornelius
• [FLSA-2006:152803] Updated lesstif packages fix security issues, Marc Deslauriers
• MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities, Mandriva Security Team
• Serial Line Sniffer 0.4.4 Buffer Overflow, Sintigan
• FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw, FreeBSD Security Advisories
• PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski
• [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities, alex
• Helm XSS Vulnerability, M.Neset KABAKLI
• ezDatabase 2.0 and below, none
• FullPath disclosure in Xaraya 1.0.1, king_purba
• [KAPDA::#21] - HomeFtp v1.1 Denial of Service, [a]
• MyBB 1.0.2 SQL injection in usercp.php, addmimistrator
  • <Possible follow-ups>
  • Re: MyBB 1.0.2 SQL injection in usercp.php, o . y . 6
• Hacking With The Google Search Engine, Paul Laudanski
• [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops, Advisories
• FreeBSD Security Advisory FreeBSD-SA-06:02.ee, FreeBSD Security Advisories
• [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution, Martin Schulze
• [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability, Advisories
• WMF vulnerability was a deliberate backdoor?, Brooks, Shane
  • Re: WMF vulnerability was a deliberate backdoor?, Denis Jedig
  • Re: WMF vulnerability was a deliberate backdoor?, Steve Friedl
  • Re: WMF vulnerability was a deliberate backdoor?, Mike Ely
  • Re: WMF vulnerability was a deliberate backdoor?, Gadi Evron
  • <Possible follow-ups>
  • RE: WMF vulnerability was a deliberate backdoor?, Alex Eckelberry
• MyBB 1.0.2 SQL injection, addmimistrator
• DCP Portal Cross-Site Scripting Vulnerability, night_warrior771
• AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability, night_warrior771
• [eVuln] Light Weight Calendar PHP Code Execution, alex
• Re: MSN Messenger Password Decrypter for WinXP/2003, kuku
  • Re: MSN Messenger Password Decrypter for WinXP/2003, James_gmail-ij
  • <Possible follow-ups>
  • Re: MSN Messenger Password Decrypter for WinXP/2003, frank boldewin
  • Re: Re: MSN Messenger Password Decrypter for WinXP/2003, null
• Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
  • <Possible follow-ups>
  • Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
  • Re: Linksys VPN Router (BEFVP41) DoS Vulnerability, paul14075
• DIMVA 2006 Call for Papers, Thomas Biege
• TSLSA-2006-0002 - multi, Trustix Security Advisor
• TSL-2006-0001 - postgresql, Trustix Security Advisor
• DDSN CMS Admin Panel SQL Injection Vulnerability, khc
• [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server, ISecAuditors Security Advisories
• Visual Studio Remote Code Execution, priest
• MDKSA-2006:013 - Updated kolab packages fix vulnerability, Mandriva Security Team
• DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal', KF (lists)
• [SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution, Martin Schulze
• Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities, oliver karow
• Directory traversal in phpXplorer, Oriol Torrent
  • Re: Directory traversal in phpXplorer, Stan Bubrouski
    • Re: Directory traversal in phpXplorer, Stan Bubrouski
• [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation, Martin Schulze
• [eVuln] Bit 5 Blog JavaScript Insertion Vulnerability, alex
• CounterPath eyeBeam Handing SIP header Vulnerabilities, zwell
• WehnTrust - When you have to trust Wehntrust, Thierry Zoller
  • Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust, H D Moore
• Homeftp r1.0.7 Denial of Service, cvh
• [USN-242-1] mailman vulnerabilities, Martin Pitt
• iWar 0.07 PSTN auditing tool released..., Da Beave
• Reverse Proxy Cross Site Scripting, Shalom Carmel
  • Re: Reverse Proxy Cross Site Scripting, Amit Klein (AKsecurity)
• [eVuln] Benders Calendar SQL Injection, alex
• [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability, alex
• Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, patrickthomassen
  • Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit, Dave Korn
• Microsoft knew about the WMF flaw for years, Richard M. Smith
  • Re: Microsoft knew about the WMF flaw for years, Gadi Evron
  • <Possible follow-ups>
  • Re: Microsoft knew about the WMF flaw for years, Steven M. Christey
• EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability, Josh Zlatin
• PunBB BBCode URL Tag Script Injection Vulnerability, night_warrior771
  • Re: PunBB BBCode URL Tag Script Injection Vulnerability, Rickard Andersson
• Announcement: The Web Application Firewall Evaluation Criteria v1 Released, contact
  • Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released, Gadi Evron
• Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, info
  • Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Florian Weimer
    • Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability, Stan Bubrouski
• MDKSA-2006:014 - Updated wine packages fix WMF vulnerability, Mandriva Security Team
• MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities, Mandriva Security Team
• MDKSA-2006:016 - Updated clamav packages fix vulnerability, Mandriva Security Team
• IndonesiaHack Advisory HTML injection in PHP Fusebox, king_purba
  • <Possible follow-ups>
  • Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, brian428
  • Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire
• ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability, Sune Kloppenborg Jeppesen
• XSS in WBNews < = v1.1.0, dragonjar
• [eVuln] BlogPHP Authentication Bypass, alex
• [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution, Martin Schulze
• [eVuln] microBlog SQL Injection Vulnerability, alex
• [eVuln] microBlog BBCode XSS Vulnerability, alex
• Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability, Secunia Research
• PowerPortal Cross-Site Scripting Vulnerability, night_warrior771
• [SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities, Martin Schulze
• [USN-243-1] tuxpaint vulnerability, Martin Pitt
• [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation, Martin Schulze
• Re: Fullpath disclosure in roundcube webmail, roundcube
• Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements, inge . henriksen
• White Album Sql &#304;njection biyosecurity.be, liz0
• [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1, zinho
• [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities, alex
• Cerberus FTP Server 2.32 Denial of Service, cvh
• Attacking Automatic Wireless Network Selection, Dino A. Dai Zovi
• Oracle DBMS Access Control Bypass in Login, shulman
• Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext, ak
• Oracle Reports - Read parts of files via desname (fixed after 874 days), ak
• Oracle Reports - Overwrite any application server file via desname (fixed after 889 days), ak
• Oracle Critical Patch Update - January 2006, NGSSoftware Insight Security Research
• Oracle Reports - Read parts of files via customize(fixed after 875 days), ak
• Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA, ak
• [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess(), Thierry Zoller
• Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at]
  • <Possible follow-ups>
  • Phpclanwebsite BBCode IMG Tag XSS Vulnerability, [at]
• [eVuln] Flog Information Disclosure Vulnerability, alex
• [eVuln] aoblogger Multiple Vulnerabilities, alex
• Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS, Cisco Systems Product Security Incident Response Team
• WEP-Client-Communication-Dumbdown (WCCD) Vulnerability, Michael.Wade
• Cisco Security Advisory: Cisco Call Manager Denial of Service, Cisco Systems Product Security Incident Response Team
• [eVuln] geoBlog SQL Injection Vulnerability, alex
• XMB Forum HTML Code Injection, [at]
• ICQ Cross Site Scripting Vulnerability, simo
• [USN-244-1] Linux kernel vulnerabilities, Martin Pitt
• MyBB Signature HTML Code Injection, [at]
  • <Possible follow-ups>
  • MyBB Signature HTML Code Injection, n
• HITBSecConf2005 Videos Released, Praburaajan
• IRM 015: File system path disclosure on TYPO3 Web Content Manager, Advisories
  • Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager, Michael Shigorin
• Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability, Fortinet Research
• [eVuln] WebspotBlogging Authentication Bypass Vulnerability, alex
• Land Down Under Signature HTML Code Injection, [at]
• Cisco Security Advisory: Cisco Call Manager Privilege Escalation, Cisco Systems Product Security Incident Response Team
• CAID 33756 - DM Deployment Common Component Vulnerabilities, Williams, James K
• -2- [XSS] in ar-blog v 5.2, s3ude
• Google's Blogger.com classic HTTP response splitting vulnerability, Meder Kydyraliev
• [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS), security-alert
• MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability, Mandriva Security Team
• FreeBSD Security Advisory FreeBSD-SA-06:05.80211, FreeBSD Security Advisories
• Critical security advisory #006 tftpd32 Format string, admin
• Change passwd 3.1 (SquirrelMail plugin ), rod hedor
• Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, ak
• Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, ak
• iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
• iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
• iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability, labs-no-reply@xxxxxxxxxxxx
• phpXplorer file inclusion biyosecurity.be, liz0
• [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow, Dirk Mueller
• MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities, Mandriva Security Team
• DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow', KF (lists)
• Claroline 1.7.2, sso identification vulnerability, karmaguedon
• BlogPHP config.php SQL injection login bypass, addmimistrator
  • <Possible follow-ups>
  • BlogPHP config.php SQL injection login bypass, addmimistrator
• [SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow, Michael Stone
• SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003), Ludwig Nussel
• MySQL 5.0 information leak?, Bernd Wurst
  • RE: MySQL 5.0 information leak?, Burton Strauss
    • Re: MySQL 5.0 information leak?, Johan De Meersman
  • Re: MySQL 5.0 information leak?, Stephen Frost
  • <Possible follow-ups>
  • Re: MySQL 5.0 information leak?, Lance James
    • RE: MySQL 5.0 information leak?, Burton Strauss
  • Re: MySQL 5.0 information leak?, Duncan Simpson
• [SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow, Michael Stone
• [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation, Martin Schulze
• [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure, alex
• [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities, alex
• [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities, alex
• [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation, Thierry Carrez
• MyBB 1.0.2 Sniffing table perfix bug in search.php, addmimistrator
• MDKSA-2006:019 - Updated kdelibs packages fix vulnerability, Mandriva Security Team
• Tumbleweed EMF 6.x Processing Issues, jcary2543
  • <Possible follow-ups>
  • Re: Tumbleweed EMF 6.x Processing Issues, support
• BlogPHP config.php SQL injection login bypassed, addmimistrator
• [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution, Martin Schulze
• CodeCon program announced, early registration deadline nearing, Len Sassaman
• [USN-245-1] KDE library vulnerability, Martin Pitt
• High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server, NGSSoftware Insight Security Research
• fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321), ma+bt
• [eVuln] e-moBLOG SQL Injection Vulnerability, alex
• [eVuln] Note-A-Day Weblog Sensitive Information Disclosure, alex
• ANN: New release of CORE FORCE free endpoint security package, Core FORCE team
• [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability, Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution, Martin Schulze
• Call For Paper - SyScan'06 Singapore, organiser@xxxxxxxxxx
• [SECURITY] [DSA 955-1] New mailman packages fix denial of service, Michael Stone
• Workaround for unpatched Oracle PLSQL Gateway flaw, David Litchfield
• [eVuln] CheesyBlog XSS Vulnerability, alex
• HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability, h4cky0u . org
• Technical Note by Amit Klein: "XST Strikes Back", Amit Klein (AKsecurity)
• [SECURITY] [DSA 947-2] New clamav packages fix heap overflow, Michael Stone
• FreeBSD Security Advisory FreeBSD-SA-06:07.pf, FreeBSD Security Advisories
• Updated ipsec-tools packages fix vulnerability, security
• [eVuln] ExpressionEngine 'Referer' XSS Vulnerability, alex
• Rosiello Security - Eterm-LibAST Advisory, angelo
• FreeBSD Security Advisory FreeBSD-SA-06:06.kmem, FreeBSD Security Advisories
• [security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege, security-alert
• [eVuln] miniBloggie Authentication Bypass, alex
• [SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting, Martin Schulze
• [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting, roozbeh_afrasiabi
• Newsphp Multiple SQL Injection Vulnerabilities, at
• [eVuln] Text Rider Sensitive Information Disclosure, alex
• What A Click! [Internet Explorer], mikx
  • Re: [security] What A Click! [Internet Explorer], yossarian
    • Re: [security] What A Click! [Internet Explorer], Lance James
      • Re: [security] What A Click! [Internet Explorer], yossarian
• MyBB 1.0.2 XSS attack in search.php redirection, addmimistrator
• Updated mozilla-thunderbird packages fix vulnerability, security
• Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting, iNETstore Support
• [SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities, Martin Schulze
• [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability, Stefan Cornelius
• [security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006, security-alert
• SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004), Ludwig Nussel
• HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities, h4cky0u . org
• SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005), Marcus Meissner
• BlackWorm: 2 million infected? ISP notifications., Gadi Evron
• SamiFTPd buffer overflow, admin
• Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack, Cisco Systems Product Security Incident Response Team
• [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat, ISecAuditors Security Advisories
• [eVuln] AndoNET Blog SQL Injection Vulnerability, alex
• [HSC] Multiple transversal bug in vis, spher3
• Windows mem leakage, endrazine
• [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability, alex
• [SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution, Martin Schulze
• Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Gadi Evron
  • Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included), Dude VanWinkle
• Buffer Overflow /Font on mIRC, Crowdat Kurobudetsu
• [SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution, Martin Schulze
• [ Rosiello Security ] Eterm-LibAST Advisory, angelo
• iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
• [ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability, security
• BitComet URI Proof of Concept, nick58
• [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution, Martin Schulze
• hello, code . shell
• [ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability, security
• [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}, Cesar
• [SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities, Martin Schulze
• [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities, security
• CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1], Williams, James K
• Shareaza P2P Remote Vulnerability, Ryan Smith
• [ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities, security
• Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi
• The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns), cvh
• Ege Internet Web Desing Remote Command Exucetion, botan
• Multiple vulnerabilities in CommuniGate Pro Server, Evgeny Legerov
• [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting, roozbeh_afrasiabi
• LibAST 0.7 Release Fixes Security Vulnerability, Michael Jennings
• [USN-246-1] imagemagick vulnerabilities, Martin Pitt
• BlackWorm naming confusing [CME entry now available], Gadi Evron
  • Re: BlackWorm naming confusing [CME entry now available], Jose Nazario
• [eVuln] Pixelpost Photoblog XSS Vulnerability, alex
• [FLSA-2006:152845] Updated perl packages fix security issues, Marc Deslauriers
• BlackWorm technical information, Gadi Evron
• CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability, Williams, James K
• [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability, Stefan Cornelius
• [SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting, Martin Schulze
• zbattle.net, c_lispfedora
• Cross Site Cooking, Michal Zalewski
  • <Possible follow-ups>
  • RE: Cross Site Cooking, Michal Zalewski
• [ GLSA 200601-14 ] LibAST: Privilege escalation, Sune Kloppenborg Jeppesen
• UebiMiau Webmail System Security Vulnerability, M.Neset KABAKLI
• [ GLSA 200601-15 ] Paros: Default administrator password, Sune Kloppenborg Jeppesen
  • Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password, Yvan Boily
• TSLSA-2006-0004 - multi, Trustix Security Advisor
• EasyCMS vulnerable to XSS injection., preben
• [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting, Martin Schulze
• MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ),
• [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >, hessam
• Winamp 5.12 - 0day exploit - code execution through playlist, Process
  • Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal
• Arescom NetDSL-1000 DoS atack source, framirez
  • Re: Arescom NetDSL-1000 DoS atack source, Pim van Riezen
• sPaiz-Nuke Cross-Site Scripting Vulnerability, [at]
• Nuked-klaN Cross-Site Scripting Vulnerability, [at]
• Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), orambaldini
• gnome evolution mail client inline text file DoS issue, Mike Davis
• BlackWorm: statistics and numbers, Gadi Evron
• XSS flaw in MG2 Image Gallery (v.0.5.1), preben
• MyBB 1.2 Local File Incusion,
• CME-24 (BlackWorm) Users' FAQ, Gadi Evron
  • <Possible follow-ups>
  • Re: CME-24 (BlackWorm) Users' FAQ, Gadi Evron
• [SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution, Martin Schulze
• Etomite CMS "Backdoored", [at]
• [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities, security
• New worm crawling trough blogs?!, blog . worm
• [ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities, security
• [ GLSA 200601-16 ] MyDNS: Denial of Service, Sune Kloppenborg Jeppesen
• [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows, Sune Kloppenborg Jeppesen
• Etomite followup information, security curmudgeon