Mail Index
- [SECURITY] [DSA 983-1] New pdftohtml packages fix several vulnerabilities
- [FLSA-2006:157366] Updated PostgreSQL packages fix security issues
- WordPress 2.0.1 Multiple Vulnerabilities
- [FLSA-2006:175818] Updated udev packages fix a security issue
- Sourceforge XSS
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability
- Fedex Kinkos Smart Card Authentication Bypass
- [FLSA-2006:181014] Updated gnutls packages fix a security issue
- FarsiNews 2.5Pro Exploit
- EJ3 TOPo - Cross Site Scripting Vulnerability
- MyBB 1.3 NewSQL Injection
- QwikiWiki v1.4 XSS Vulnerability
- (PHP) imap functions bypass safemode and open_basedir restrictions
- (PHP) mb_send_mail security bypass
- Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability
- Virex on-access scanning unreliable
- [ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities
- PEHEPE Membership Management System Multiple Vulnerabilities
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- recursive DNS servers DDoS as a growing DDoS problem
- bttlxeForum 2.* XSS Vulnerability
- Re: Bypass Fortinet anti-virus using FTP
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-06:09.openssh
- From: FreeBSD Security Advisories
- Limbo CMS code execution
- Re: ArGoSoft FTP server remote heap overflow
- FreeBSD Security Advisory FreeBSD-SA-06:10.nfs
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED]
- From: FreeBSD Security Advisories
- Updated Noah Classifieds Component for Joomla!/Mambo
- [eVuln] Leif M. Wright's Blog Multiple Vulnerabilities
- Re: Fedex Kinkos Smart Card Authentication Bypass
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- Re: Knowledgebases Remote Command Exucetion
- From: security curmudgeon
- Secunia Research: Lighttpd Script Source Disclosure Vulnerability
- SAP Web Application Server http request url parsing vulnerability
- Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- Re: WordPress 2.0.1 Multiple Vulnerabilities
- Evolution Emailer DoS
- Re: ArGoSoft FTP server remote heap overflow
- Evil side of Firefox extensions
- Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability
- Re: Evil side of Firefox extensions
- 4images <=1.7.1 remote code execution
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: Evil side of Firefox extensions
- Re: Evil side of Firefox extensions
- Re: Evil side of Firefox extensions
- Re: Evil side of Firefox extensions
- Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- NCP VPN/PKI Client - various Bugs
- From: Ramon 'ports' Kukla
- Fwd: APPLE-SA-2006-03-01 Security Update 2006-001
- Re: (PHP) mb_send_mail security bypass
- SMBlog Remote Command Exucetion
- Re: [Full-disclosure] Quarantine your infected users spreading malware
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
- FW: WordPress 2.0.1 Multiple Vulnerabilities
- RE: Evil side of Firefox extensions
- Re: WordPress 2.0.1 Multiple Vulnerabilities
- Re: Evil side of Firefox extensions
- Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability
- Re: WordPress 2.0.1 Multiple Vulnerabilities
- From: ad@xxxxxxxxxxxxxxxx
- [USN-259-1] irssi vulnerability
- [FLSA-2006:178989] Updated perl-DBI package fixes security issue
- Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability
- [OSX]: /usr/bin/passwd local root exploit.
- Re: recursive DNS servers DDoS as a growing DDoS problem
- [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS
- [SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities
- JOOMLA CMS 1.0.7 DoS & path disclosing
- [SECURITY] [DSA 984-1] New xpdf packages fix several problems
- Re: FW: WordPress 2.0.1 Multiple Vulnerabilities
- PluggedOut Nexus SQL injection
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability
- Re: Fedex Kinkos Smart Card Authentication Bypass
- ProtoVer Sample IMAP testsuite release
- [eVuln] E-Blah Platinum 'Referer' XSS Vulnerability
- [SECURITY] [DSA 981-1] new bmv packages fix arbitrary code execution
- Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities.
- [ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability
- Re: recursive DNS servers DDoS as a growing DDoS problem
- iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack
- MyBB 1.0.4 New SQL Injection
- sql in Dawaween V 1.03
- RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification
- From: labs-no-reply@xxxxxxxxxxxx
- iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- MyBB 1.04 Perl Exploit
- Gallery 2 Multiple Vulnerabilities
- From: GulfTech Security Research
- Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities
- [eVuln] Skate Board Multimple Vulnerabilities
- AZTEK forums 4.0 multiple vulnerabilities (PoC)
- XST-Strikes-Back vulnerability in Netcache
- Re: Guestbox XSS/an admin bypass
- Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- Kaspersky Memory/CPU Usage Leak by design
- [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code
- phpArcadeScript XSS Injections
- AVG 7 granting Everyone Full Control to updated files... even its drivers
- Various router DoS
- [ GLSA 200603-01 ] WordPress: SQL injection vulnerability
- [eVuln] Easy Forum XSS Vulnerability
- PHP-Stats <= 0.1.9.1 remote commands execution
- phpBB <= 2.0.19 Multiple DoS vulnerabilities
- Pixel Post Multiple Vulnerabilities
- [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
- linksys router + irc DoS
- Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.
- Wbb 2.3. xss
- Visual Studio 6.0 Buffer Overflow Vulnerability
- Re: Kaspersky Memory/CPU Usage Leak by design
- Simplog <= 1.0.2 Vulnerabilities
- DSplit - Tiny AV signatures Detector
- From: ad@xxxxxxxxxxxxxxxx
- Critical Risk Vulnerability in L-Soft Listserv
- From: NGSSoftware Insight Security Research
- [ GLSA 200603-03 ] MPlayer: Multiple integer overflows
- [SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution
- [SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution
- [OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar)
- Re: Various router DoS
- Re: Wbb 2.3. xss
- vulnerability in the IE Java applet initialization engine
- [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability
- Game-Panel <= 2.1.6 XSS
- evoBlog Remote Name tag Script injection
- Re: linksys router + irc DoS
- [KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php
- FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability
- Announcement: WASC Threat Classification in German
- SyScan'06 Call For Papers
- From: organiser@xxxxxxxxxx
- Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit
- htpasswd bufferoverflow and command execution in thttpd-2.25b.
- [ GLSA 200603-04 ] IMAP Proxy: Format string vulnerabilities
- Multiple vulnerabilities in Liero Xtreme 0.62b
- Multiple vulnerabilities in Sauerbraten engine 2006_02_28
- [ GLSA 200603-05 ] zoo: Stack-based buffer overflow
- Out of memory crash in Freeciv 2.0.7
- Multiple vulnerabilities in Cube engine 2005_08_29
- Re: linksys router + irc DoS
- SQL injection & XSS IN vbzoom v1.11
- SQL injection in Invision Power Board v2.1.5
- [USN-260-1] flex vulnerability
- histhost v1.0.0 xss and possible rmdir
- RE: linksys router + irc DoS
- From: Daniel Ramirez Valdez
- link bank code execution and xss
- phpBannerExchange 2.0 Directory Traversal Vulnerability
- PHP-based CMS mass-exploitation
- [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution
- Re: SQL injection in Invision Power Board v2.1.5
- IM Lock 2006 - Insecure Registry Permission Vulnerability
- Re: Various router DoS
- Cpanel Path Disclosure Vulnerability
- Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
- Purple Paper: Exegesis Of Virtual Hosts Hacking
- From: unknown . pentester
- Loudblog 0.41 SQL Injection, Local file read/include
- Multiple vulnerabilities in Alien Arena 2006 GE 5.00
- [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities
- IE iFrame + Sun JVM + JS bug. Exploitable?
- Cisco PIX embryonic state machine 1b data DoS
- From: Konstantin V. Gavrilenko
- Cisco PIX embryonic state machine TTL(n-1) DoS
- From: Konstantin V. Gavrilenko
- Dropbear SSH server Denial of Service
- RE: Cisco PIX embryonic state machine 1b data DoS
- From: Randy Ivener (rivener)
- [FLSA-2006:168264-1] Updated XFree86 packages fix security issues
- [FLSA-2006:168264-2] Updated X.org packages fix security issue
- [FLSA-2006:168516] Updated pcre packages fix a security issue
- [FLSA-2006:176751] Updated gpdf package fixes security issues
- [ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities
- CanSecWest/core06 Vancouver April 3-7
- [security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS)
- [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities
- Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
- Re: AVG 7 granting Everyone Full Control to updated files... even its drivers
- textfileBB <= 1.0 Multiple XSS
- capi4hylafax insecure manipulation with tmp files
- Re: PHP-based CMS mass-exploitation
- [KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities
- [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities
- a worm for mediaWiki??
- Re: a worm for mediaWiki??
- H&R Block contact - SOLVED
- 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000
- [ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities
- Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000
- nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys
- nCipher Advisory #13: CBC-MAC IV misleading programming interface
- nCipher Advisory #14: Presence of flaws in firmware security
- [SECURITY] [DSA 989-1] New zoph packages fix SQL injection
- Remote access to NeuSecure/Netcool backend database via web interface credentials leakage
- Easy File Sharing Web Server Multiple Vulnerablilities
- HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
- INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow
- M-Phorum Cross Site Scripting
- ADP Forum 2.0,* script İnjection
- DCP Portal: Multiple XSS Vulnerabilities
- MyBloggie: Multiple XSS Vulnerabilities
- txtForum: Multiple XSS Vulnerabilities
- txtForum: Script Injection Vulnerability
- Re: a worm for mediaWiki??
- RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit
- Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
- Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000
- RE: [Full-disclosure] PHP-based CMS mass-exploitation
- Aluria/WhenU Troubled Past and Whitewashing History
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
- UnrealIRCd3.2.3 Server-Link Denial of Service
- DVguestbook 1.0 And 1.2.2 Cross Site Scripting
- PHP Upload Center Download users password hashes And phpshell Upload
- PHP Advanced Transfer Manager Download users password hashes
- n8cms 1.1 & 1.2 version Sql İnjection And XSS
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
- [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow
- [USN-261-1] PHP vulnerabilities
- announcement: reporting and mitigating malicious websites and phishing
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- [ MDKSA-2006:035-1 ] - Updated php packages fix vulnerability
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm
- From: Zone Labs Product Security
- [SECURITY] [DSA 990-1] New bluez-hcidump packages fix denial of service
- [SECURITY] [DSA 919-2] New curl packages fix potential security problem
- [SECURITY] [DSA 991-1] New zoo packages fix arbitrary code execution
- [SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution
- [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities
- GnuPG does not detect injection of unsigned data
- Re: Dropbear SSH server Denial of Service
- Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.
- [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability
- RE: Purple Paper: Exegesis Of Virtual Hosts Hacking
- Re: Thomson SpeedTouch 500 modems vulnerable to XSS
- [ GLSA 200603-06 ] GNU tar: Buffer overflow
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
- Re: Dropbear SSH server Denial of Service
- [SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check
- [ GLSA 200603-08 ] GnuPG: Incorrect signature verification
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- CoreNews 2.0.1 Remote Command Exucetion
- [ GLSA 200603-07 ] flex: Potential insecure code generation
- Re: Dropbear SSH server Denial of Service
- XSS in vCard
- SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit
- Jupiter CMS <= 1.1.5 multiple XSS attack vectors.
- Coppermine exploit used by a Chase Phish?
- Copy protection scheme SafeDisc allows privilege escalation
- AntiVir PersonalEdition Classic: Local Privilige Escalation
- From: Ramon 'ports' Kukla
- [ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection
- [ GLSA 200603-10 ] Cube: Multiple vulnerabilities
- [USN-262-1] Ubuntu 5.10 installer password disclosure
- [USN-263-1] Linux kernel vulnerabilities
- [USN-264-1] gnupg vulnerability
- directory traversal Fixed in DirectContact 0.3c
- Multiple vulnerabilities in ENet library (Jul 2005)
- [SECURITY] [DSA 994-1] New freeciv packages fix denial of service
- [SECURITY] [DSA 995-1] New metamail packages fix arbitrary code execution
- [eVuln] Vegas Forum SQL Injection Vulnerability
- Kerio MailServer bugfun
- [SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness
- [SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check
- Secunia Research: unalz Filename Handling Directory Traversal Vulnerability
- Secunia Research: Dwarf HTTP Server Source Disclosure and Cross-Site Scripting
- WMNews Cross Site Scripting
- Buffer Overflow and Installation Script Error in Firebird 1.5.3
- [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability
- Re: Coppermine exploit used by a Chase Phish?
- ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability
- [SECURITY] [DSA 997-1] New bomberclone packages fix arbitrary code execution
- [ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability
- [DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue
- [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue
- [DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue
- [SECURITY] [DSA 999-1] New lurker packages fix several vulnerabilities
- [SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities
- [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue
- DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow'
- [SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service
- [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution
- Linux zero IP ID vulnerability?
- [eVuln] CyBoards PHP Lite SQL Injection Vulnerability
- ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability
- High Risk Vulnerability in Microsoft Excel
- From: NGSSoftware Insight Security Research
- Re: histhost v1.0.0 xss and possible rmdir
- Fortinet Security Advisory: FSA-2006-09
- Fortinet Security Advisory: FSA-2006-08
- SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata
- From: CS_Advisories Mailbox
- [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
- From: XFOCUS Security Team
- Re: histhost v1.0.0 xss and possible rmdir
- [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution
- WLSI - Windows Local Shellcode Injection - Paper
- CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net
- [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
- CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior
- [eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities
- Secunia Research: Adobe Document/Graphics Server File URI Resource Access
- FW: call for speakers and thoughts on VoIP Security - there's a long way to go!
- Sasser variant that effects 2k3 SP1 completely updated?
- [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details
- [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login
- [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection
- Re: Purple Paper: Exegesis Of Virtual Hosts Hacking
- GnuPG weak as one guy with a spare laptop.
- From: Forrest J. Cavalier III
- Invision Power Board v2.1.4 - session hijacking
- Re: Linux zero IP ID vulnerability?
- WebVulnCrawl searching excluded directories for hackable web servers
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
- Latest MS patches kill wireless networking?
- Re: Latest MS patches kill wireless networking?
- Re: Sasser variant that effects 2k3 SP1 completely updated?
- Vulnerability in e-gold
- Vulnerability fixed in E-gold
- [ GLSA 200603-11 ] Freeciv: Denial of Service
- [ GLSA 200603-12 ] zoo: Buffer overflow
- [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file
- [SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution
- Re: Invision Power Board v2.1.4 - session hijacking
- Re: Invision Power Board v2.1.4 - session hijacking
- Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
- Milkeyway Multiple Vulnerabilities
- Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
- Re: [Full-disclosure] Re: [VulnWatch] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
- From: ad@xxxxxxxxxxxxxxxx
- Re: Linux zero IP ID vulnerability?
- From: Andrea Purificato - bunker
- Re: Invision Power Board v2.1.4 - session hijacking
- Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- [SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution
- [FLSA-2006:178606] Updated kdelibs packages fix security issues
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- [FLSA-2006:157459-3] Updated kernel packages fix security issues
- RE: Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: GnuPG weak as one guy with a spare laptop.
- [FLSA-2006:157459-4] Updated kernel packages fix security issues
- [ GLSA 200603-14 ] Heimdal: rshd privilege escalation
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- [ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- [FLSA-2006:175404] Updated xpdf package fixes security issues
- [ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem
- Re: GnuPG weak as one guy with a spare laptop.
- From: Forrest J. Cavalier III
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- XCon2006 Call For Paper
- From: XFOCUS Security Team
- XSS IN Invision Power Board
- Symantec Security Advisory SYM06-004
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Generically Determining the Prescence of Virtual Machines
- [ GLSA 200603-16 ] Metamail: Buffer overflow
- [FLSA-2006:157459-1] Updated kernel packages fix security issues
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Fedora Legacy Server Outage
- Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- [SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution
- Re: recursive DNS servers DDoS as a growing DDoS problem
- [SECURITY] [DSA 1008-1] New kpdf packages fix arbitrary code execution
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- [SECURITY] [DSA 1007-1] New drupal packages fix several vulnerabilities
- [FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Oxynews Sql İnjection
- [eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities
- Re: Linux zero IP ID vulnerability?
- [FLSA-2006:174479] Updated libungif packages fix security issues
- [FLSA-2006:157459-2] Updated kernel packages fix security issues
- Microsoft Commerce Server 2002: Logon as known user with a false password
- MyBB 1.10 Full Path Disclosure
- Contrexx CMS Xss Vuln
- Xss in Wbb 2.3.4
- Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities
- Re: Latest MS patches kill wireless networking?
- Re: WebVulnCrawl searching excluded directories for hackable web servers
- Re: Latest MS patches kill wireless networking?
- ExtCalendar v1.0 Multiple Xss Vuln
- [SECURITY] [DSA 960-3] New libmail-audit-perl packages fix insecure temporary file use
- [SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution
- [security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access
- [SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities
- [security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access
- [security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access
- phpWebsite <= SQL Injection (friend.php) & (article.php)
- Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities
- Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- From: Bram Matthys (Syzop)
- Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000
- Re: CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior
- Re: Remote overflow in MSIE script action handlers (mshtml.dll)
- IMF 2006 - 2nd Call for Papers
- Re: Generically Determining the Prescence of Virtual Machines
- Re: Latest MS patches kill wireless networking?
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
- Re: recursive DNS servers DDoS as a growing DDoS problem
- RE: Generically Determining the Prescence of Virtual Machines
- Re: Re: Invision Power Board v2.1.4 - session hijacking
- Re: Invision Power Board v2.1.4 - session hijacking
- Re: Invision Power Board v2.1.4 - session hijacking
- Symantec Security Advisory, SYM06-005
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
- RE: Generically Determining the Prescence of Virtual Machines
- From: Thomas Guyot-Sionnest
- Re: Invision Power Board v2.1.4 - session hijacking
- DNS Amplification Attacks
- [ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln
- Perverting Unix Processes
- Re: Invision Power Board v2.1.4 - session hijacking
- [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability
- CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script
- From: CORE Security Technologies Advisories
- [ GLSA 200603-18 ] Pngcrush: Buffer overflow
- From: Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit
- [SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
- [ GLSA 200603-17 ] PeerCast: Buffer overflow
- From: Sune Kloppenborg Jeppesen
- XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)
- Cisco Aironet 1300 DoS condition
- Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks.
- [ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs
- [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution
- From: Sune Kloppenborg Jeppesen
- Free Articles Directory Remote Command Exucetion
- ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities
- Mini-Nuke<=1.8.2 SQL injection (6)
- FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:12.opie
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec
- From: FreeBSD Security Advisories
- [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability
- DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'
- WinHKI 1.6x Archive Extraction Directory traversal
- cutenews 1.4.1 Arbitrary File Access
- [SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
- PHP Live! XSS status_image.php
- Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
- IE crash
- SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017)
- [OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail)
- [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities
- From: Sune Kloppenborg Jeppesen
- sendmail vuln advisories (CVE-2006-0058)
- [SECURITY] [DSA 1014-1] New firebird2 packages fix denial of service
- [ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability
- [USN-265-1] cairo/Evolution library vulnerability
- Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow
- [ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities
- [SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution
- [SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution
- Re: sendmail vuln advisories (CVE-2006-0058)
- [ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals
- From: Sune Kloppenborg Jeppesen
- [KAPDA::#37] - CoMoblog XSS
- PasswordSafe 3.0 weak random number generator allows key recovery attack
- Vulnerability Alert Services - Independent List
- [SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
- Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution
- iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability
- iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability
- [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
- From: Sune Kloppenborg Jeppesen
- Secunia Research: Microsoft Internet Explorer "createTextRange()" Code Execution
- Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities]
- Re: Linux zero IP ID vulnerability?
- ArabPortal 2.0 Stable [ Full Patch Disclosure ]
- Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
- Re: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Popup Blocker Bypass Script
- From: James C. Slora, Jr.
- Sudo tricks
- [HV-PAPER] Security Product Evaluation Tips
- Re: Linux zero IP ID vulnerability?
- Re: PHP-Stats <= 0.1.9.1 remote commands execution
- Digital Armaments April-2006 Hacking Challenge: Oracle Database
- Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses
- Vulnerabilitiy found in comodo hacker guardian free scan.
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
- Re: recursive DNS servers DDoS as a growing DDoS problem
- w3wp remote DoS
- [ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- [FLSA-2006:186277] Updated sendmail packages fix security issues
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- [SECURITY] [DSA 1019-1] New kpdf packages fix several vulnerabilities
- [eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities
- [SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities
- On product vulnerability history and vulnerability complexity
- Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities]
- [eVuln] DSPoll Multiple SQL Injection Vulnerabilities
- [eVuln] DSNewsletter SQL Injection Vulnerability
- [security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
- Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability
- HeffnerCMS Remote Command Exucetion And Cross Scripting Attack
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- VihorDesing Script Remote Command Exucetion And Cross Scripting Attack
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities]
- Re: Vulnerability Alert Services - Independent List
- Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: Sudo tricks
- RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- From: Michael A Fusaro II
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Systrace 1.6: Phoenix Release
- [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability
- [eVuln] DSDownload Multiple SQL Injection Vulnerabilities
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: recursive DNS servers DDoS as a growing DDoS problem
- UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection
- SQL Injection in SaphpLesson2.0
- HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution
- AkoComment SQL injection vulnerability
- SQL injection in VGM Forbin.
- nuked-klan<=1.7.5 SQL Injection
- [ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability
- [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities
- CanfTool v1.1 Cross Site Scripting Attack
- HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities
- HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS
- [eVuln] DSLogin Authentication Bypass Vulnerability
- [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities
- [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl
- Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection
- Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability
- Re: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Microsoft Windows XP SP2 Firewall issue
- [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro
- XSS & SQL Injection in Music Box v2.3
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: Sudo tricks
- Re: recursive DNS servers DDoS as a growing DDoS problem
- TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability
- ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow
- ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow
- [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
- SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons
- PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)
- EEYE: Temporary workaround for IE createTextRange vulnerability
- VWar <= 1.5.0 R11 Remote Code Execution Exploit
- Re: On classifying attacks
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- [eVuln] Maian Events SQL Injection Vulnerability
- XSS in AL-Caricatier
- [eVuln] Maian Support Authentication Bypass
- Genius VideoCAM NB Local Privilege Escalation
- Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability
- [SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons
- Re: Microsoft Windows XP SP2 Firewall issue
- From: Thor (Hammer of God)
- ArabPortal 2.0 Stable CrossSiteScripting
- Re: Sudo tricks
- Announcement: The Web Hacking Incidents Database
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
- Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)
- Cantv/Movilnet's Web SMS vulnerability.
- From: Bugtraq @ SNSecurity
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
- Re: PHP-Stats <= 0.1.9.1 remote commands execution
- Re: Sudo tricks
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
- Critical PHP bug - act ASAP if you are running web with sensitive data
- Re: Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data
- XSS in PHPKIT Version 1.6.03
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
- [HV-INFO] Enova hardware encryption: false sense of security
- [xfocus-SD-060329]MPlayer: Multiple integer overflows
- From: XFOCUS Security Team
- [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability
- [eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection
- Re: Sudo tricks
- Re: Re: phpBB 2.06 search.php SQL injection
- PhxContacts <= 0.93.1 beta Multiple SQL injection & xss
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
- From: Jasper Bryant-Greene
- Resource to Report and Stop Phishing Scams
- Re: Cantv/Movilnet's Web SMS vulnerability.
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
- Full path disclosure in Webcalendar 1.1.0-CVS
- [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd
- [ MDKSA-2006:061 ] - Updated mailman packages fix DoS from badly formed mime multipart messages.
- X-Changer <=v0.2 Demo SQL injection
- Buffer overflows in Dia XFig import
- McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
- Re: On classifying attacks
- Smurfable Linux Kernel
- [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files
- From: Gerald (Jerry) Carter
- strip_tags() but not only vulnerability
- [security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS)
- [security bulletin] HPSBUX02102 SSRT051078 rev.2 - HP-UX usermod(1M) Local Unauthorized Access.
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: recursive DNS servers DDoS as a growing DDoS problem
- Re: recursive DNS servers DDoS as a growing DDoS problem
- MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability
- Oxygen<=1.x.x SQL injection
- MonAlbum 0.8.7 SQL Injection
- Black Hat Call for Papers and Registration now open
Mail converted by MHonArc