Mail Thread Index
- [SECURITY] [DSA 983-1] New pdftohtml packages fix several vulnerabilities,
Martin Schulze
- [FLSA-2006:157366] Updated PostgreSQL packages fix security issues,
Marc Deslauriers
- WordPress 2.0.1 Multiple Vulnerabilities,
k4p0k4p0
- [FLSA-2006:175818] Updated udev packages fix a security issue,
Marc Deslauriers
- Sourceforge XSS,
liz0
- Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability,
James Garrison
- Fedex Kinkos Smart Card Authentication Bypass,
Lance James
- [FLSA-2006:181014] Updated gnutls packages fix a security issue,
Marc Deslauriers
- FarsiNews 2.5Pro Exploit,
hessamx
- EJ3 TOPo - Cross Site Scripting Vulnerability,
mail
- MyBB 1.3 NewSQL Injection,
o . y . 6
- QwikiWiki v1.4 XSS Vulnerability,
drdeath_2006
- (PHP) imap functions bypass safemode and open_basedir restrictions,
ced . clerget
- (PHP) mb_send_mail security bypass,
ced . clerget
- Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities,
Renaud Lifchitz
- [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access,
security-alert
- Virex on-access scanning unreliable,
hahn
- [ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities,
security
- PEHEPE Membership Management System Multiple Vulnerabilities,
mail
- recursive DNS servers DDoS as a growing DDoS problem,
Gadi Evron
- bttlxeForum 2.* XSS Vulnerability,
stormhacker
- Re: Bypass Fortinet anti-virus using FTP,
Mathieu Dessus
- FreeBSD Security Advisory FreeBSD-SA-06:09.openssh,
FreeBSD Security Advisories
- Limbo CMS code execution,
Alexander Hristov
- Re: ArGoSoft FTP server remote heap overflow,
Steven M. Christey
- FreeBSD Security Advisory FreeBSD-SA-06:10.nfs,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED],
FreeBSD Security Advisories
- Updated Noah Classifieds Component for Joomla!/Mambo,
noahsec1
- [eVuln] Leif M. Wright's Blog Multiple Vulnerabilities,
alex
- Re: Knowledgebases Remote Command Exucetion,
security curmudgeon
- Secunia Research: Lighttpd Script Source Disclosure Vulnerability,
Secunia Research
- SAP Web Application Server http request url parsing vulnerability,
arnold . grossmann
- Evolution Emailer DoS,
Alan Cox
- Evil side of Firefox extensions,
azurIt
- Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability,
abuse
- 4images <=1.7.1 remote code execution,
rgod
- Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability,
Secunia Research
- NCP VPN/PKI Client - various Bugs,
Ramon 'ports' Kukla
- Fwd: APPLE-SA-2006-03-01 Security Update 2006-001,
Dave McKinney
- SMBlog Remote Command Exucetion,
botan
- Re: [Full-disclosure] Quarantine your infected users spreading malware,
Dana Hudes
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
L. Adrian Griffis
- Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability,
nukedx
- [USN-259-1] irssi vulnerability,
Martin Pitt
- [FLSA-2006:178989] Updated perl-DBI package fixes security issue,
Marc Deslauriers
- Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability,
roozbeh_afrasiabi
- [OSX]: /usr/bin/passwd local root exploit.,
v9
- [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS,
addmimistrator
- [SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities,
Martin Schulze
- JOOMLA CMS 1.0.7 DoS & path disclosing,
ghc
- [SECURITY] [DSA 984-1] New xpdf packages fix several problems,
Martin Schulze
- PluggedOut Nexus SQL injection,
h e
- ProtoVer Sample IMAP testsuite release,
Evgeny Legerov
- [eVuln] E-Blah Platinum 'Referer' XSS Vulnerability,
alex
- [SECURITY] [DSA 981-1] new bmv packages fix arbitrary code execution,
Martin Schulze
- Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities.,
nukedx
- [ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability,
security
- iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability,
labs-no-reply@xxxxxxxxxxxx
- vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack,
addmimistrator
- MyBB 1.0.4 New SQL Injection,
o . y . 6
- sql in Dawaween V 1.03,
shereba_2007
- RE: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities,
Jay Stapleton
- iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification,
labs-no-reply@xxxxxxxxxxxx
- iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability,
labs-no-reply@xxxxxxxxxxxx
- MyBB 1.04 Perl Exploit,
o . y . 6
- Gallery 2 Multiple Vulnerabilities,
GulfTech Security Research
- Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities,
tzitaroth
- [eVuln] Skate Board Multimple Vulnerabilities,
alex
- AZTEK forums 4.0 multiple vulnerabilities (PoC),
billy
- XST-Strikes-Back vulnerability in Netcache,
Nite Sprite
- Re: Guestbox XSS/an admin bypass,
micuel
- Kaspersky Memory/CPU Usage Leak by design,
Michael . Lang
- [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code,
Thierry Carrez
- phpArcadeScript XSS Injections,
retard
- AVG 7 granting Everyone Full Control to updated files... even its drivers,
redxii1234
- Various router DoS,
ryanmeyer14
- [ GLSA 200603-01 ] WordPress: SQL injection vulnerability,
Thierry Carrez
- [eVuln] Easy Forum XSS Vulnerability,
alex
- PHP-Stats <= 0.1.9.1 remote commands execution,
rgod
- phpBB <= 2.0.19 Multiple DoS vulnerabilities,
paisterist . nst
- Pixel Post Multiple Vulnerabilities,
paisterist . nst
- [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability,
roozbeh_afrasiabi
- linksys router + irc DoS,
Cade Cairns
- Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.,
nukedx
- Wbb 2.3. xss,
r57shell
- Visual Studio 6.0 Buffer Overflow Vulnerability,
kozan
- Simplog <= 1.0.2 Vulnerabilities,
retard
- DSplit - Tiny AV signatures Detector,
ad@xxxxxxxxxxxxxxxx
- Critical Risk Vulnerability in L-Soft Listserv,
NGSSoftware Insight Security Research
- [ GLSA 200603-03 ] MPlayer: Multiple integer overflows,
Thierry Carrez
- [SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution,
Martin Schulze
- [OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar),
OpenPKG
- vulnerability in the IE Java applet initialization engine,
porkythepig
- [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability,
alex
- Game-Panel <= 2.1.6 XSS,
retard
- evoBlog Remote Name tag Script injection,
sikik
- [KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php,
roozbeh_afrasiabi
- FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability,
sikik
- Announcement: WASC Threat Classification in German,
contact
- SyScan'06 Call For Papers,
organiser@xxxxxxxxxx
- Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit,
kozan
- htpasswd bufferoverflow and command execution in thttpd-2.25b.,
Larry Cashdollar
- [ GLSA 200603-04 ] IMAP Proxy: Format string vulnerabilities,
Thierry Carrez
- Multiple vulnerabilities in Liero Xtreme 0.62b,
Luigi Auriemma
- Multiple vulnerabilities in Sauerbraten engine 2006_02_28,
Luigi Auriemma
- [ GLSA 200603-05 ] zoo: Stack-based buffer overflow,
Thierry Carrez
- Out of memory crash in Freeciv 2.0.7,
Luigi Auriemma
- Multiple vulnerabilities in Cube engine 2005_08_29,
Luigi Auriemma
- SQL injection & XSS IN vbzoom v1.11,
???? ????
- SQL injection in Invision Power Board v2.1.5,
???? ????
- [USN-260-1] flex vulnerability,
Martin Pitt
- histhost v1.0.0 xss and possible rmdir,
retard
- link bank code execution and xss,
retard
- phpBannerExchange 2.0 Directory Traversal Vulnerability,
h4cky0u . org
- PHP-based CMS mass-exploitation,
Daniel Bonekeeper
- [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution,
Moritz Muehlenhoff
- IM Lock 2006 - Insecure Registry Permission Vulnerability,
unsecure
- Cpanel Path Disclosure Vulnerability,
Silversmith
- Purple Paper: Exegesis Of Virtual Hosts Hacking,
unknown . pentester
- Loudblog 0.41 SQL Injection, Local file read/include,
tzitaroth
- Multiple vulnerabilities in Alien Arena 2006 GE 5.00,
Luigi Auriemma
- [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities,
alex
- IE iFrame + Sun JVM + JS bug. Exploitable?,
drguile
- Cisco PIX embryonic state machine 1b data DoS,
Konstantin V. Gavrilenko
- Cisco PIX embryonic state machine TTL(n-1) DoS,
Konstantin V. Gavrilenko
- Dropbear SSH server Denial of Service,
Pablo Fernandez
- [FLSA-2006:168264-1] Updated XFree86 packages fix security issues,
Marc Deslauriers
- [FLSA-2006:168264-2] Updated X.org packages fix security issue,
Marc Deslauriers
- [FLSA-2006:168516] Updated pcre packages fix a security issue,
Marc Deslauriers
- [FLSA-2006:176751] Updated gpdf package fixes security issues,
Marc Deslauriers
- [ MDKSA-2006:053 ] - Updated freeciv packages fix DoS vulnerabilities,
security
- CanSecWest/core06 Vancouver April 3-7,
Dragos Ruiu
- [security bulletin] HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS),
security-alert
- [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities,
alex
- Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting,
no_reply
- textfileBB <= 1.0 Multiple XSS,
retard
- capi4hylafax insecure manipulation with tmp files,
Javor Ninov
- [KAPDA::#32] - d2kBlog 1.0.3 Multiple Vulnerabilities,
3nitro
- [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities,
Moritz Muehlenhoff
- a worm for mediaWiki??,
\"vitamona\"
- H&R Block contact - SOLVED,
Fixer
- 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000,
Reed Arvin
- [ MDKSA-2006:054 ] - Updated kdegraphics packages fixes overflow vulnerabilities,
security
- nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys,
nCipher Support
- nCipher Advisory #13: CBC-MAC IV misleading programming interface,
nCipher Support
- nCipher Advisory #14: Presence of flaws in firmware security,
nCipher Support
- [SECURITY] [DSA 989-1] New zoph packages fix SQL injection,
Moritz Muehlenhoff
- Remote access to NeuSecure/Netcool backend database via web interface credentials leakage,
D.Snezhkov
- Easy File Sharing Web Server Multiple Vulnerablilities,
revnic
- HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit,
h4cky0u . org
- INFIGO-2006-03-01: PeerCast streaming server remote buffer overflow,
infocus
- M-Phorum Cross Site Scripting,
codexploder
- ADP Forum 2.0,* script İnjection,
liz0
- DCP Portal: Multiple XSS Vulnerabilities,
enji
- MyBloggie: Multiple XSS Vulnerabilities,
enji
- txtForum: Multiple XSS Vulnerabilities,
enji
- txtForum: Script Injection Vulnerability,
enji
- RevilloC MailServer 1.x "USER" Command Handling Remote Buffer Overflow Exploit,
securma
- RE: [Full-disclosure] PHP-based CMS mass-exploitation,
hchemin
- Aluria/WhenU Troubled Past and Whitewashing History,
Paul Laudanski
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8,
omega13a
- UnrealIRCd3.2.3 Server-Link Denial of Service,
admin
- DVguestbook 1.0 And 1.2.2 Cross Site Scripting,
liz0
- PHP Upload Center Download users password hashes And phpshell Upload,
liz0
- PHP Advanced Transfer Manager Download users password hashes,
liz0
- n8cms 1.1 & 1.2 version Sql İnjection And XSS,
liz0
- [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow,
Dirk Mueller
- [USN-261-1] PHP vulnerabilities,
Martin Pitt
- announcement: reporting and mitigating malicious websites and phishing,
Gadi Evron
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem,
Geo.
- [ MDKSA-2006:035-1 ] - Updated php packages fix vulnerability,
security
- Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm,
Zone Labs Product Security
- [SECURITY] [DSA 990-1] New bluez-hcidump packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 919-2] New curl packages fix potential security problem,
Martin Schulze
- [SECURITY] [DSA 991-1] New zoo packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution,
Moritz Muehlenhoff
- [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities,
alex
- GnuPG does not detect injection of unsigned data,
Werner Koch
- Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.,
nukedx
- [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability,
alireza hassani
- Re: Thomson SpeedTouch 500 modems vulnerable to XSS,
dford
- [ GLSA 200603-06 ] GNU tar: Buffer overflow,
Thierry Carrez
- [SECURITY] [DSA 993-1] New GnuPG packages fix broken signature check,
Martin Schulze
- [ GLSA 200603-08 ] GnuPG: Incorrect signature verification,
Thierry Carrez
- CoreNews 2.0.1 Remote Command Exucetion,
botan
- [ GLSA 200603-07 ] flex: Potential insecure code generation,
Thierry Carrez
- XSS in vCard,
xx_hack_xx_2004
- SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit,
rod hedor
- Jupiter CMS <= 1.1.5 multiple XSS attack vectors.,
zerogue
- Coppermine exploit used by a Chase Phish?,
Paul Laudanski
- Copy protection scheme SafeDisc allows privilege escalation,
yourname
- AntiVir PersonalEdition Classic: Local Privilige Escalation,
Ramon 'ports' Kukla
- [ GLSA 200603-09 ] SquirrelMail: Cross-site scripting and IMAP command injection,
Stefan Cornelius
- [ GLSA 200603-10 ] Cube: Multiple vulnerabilities,
Stefan Cornelius
- [USN-262-1] Ubuntu 5.10 installer password disclosure,
Martin Pitt
- [USN-263-1] Linux kernel vulnerabilities,
Martin Pitt
- [USN-264-1] gnupg vulnerability,
Martin Pitt
- directory traversal Fixed in DirectContact 0.3c,
lionel
- Multiple vulnerabilities in ENet library (Jul 2005),
Luigi Auriemma
- [SECURITY] [DSA 994-1] New freeciv packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 995-1] New metamail packages fix arbitrary code execution,
Martin Schulze
- [eVuln] Vegas Forum SQL Injection Vulnerability,
alex
- Kerio MailServer bugfun,
Evgeny Legerov
- [SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness,
Martin Schulze
- [SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check,
Martin Schulze
- Secunia Research: unalz Filename Handling Directory Traversal Vulnerability,
Secunia Research
- Secunia Research: Dwarf HTTP Server Source Disclosure and Cross-Site Scripting,
Secunia Research
- WMNews Cross Site Scripting,
exalibur33
- Buffer Overflow and Installation Script Error in Firebird 1.5.3,
Joxean Koret
- [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability,
dong-hun you
- ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability,
zdi-disclosures
- [SECURITY] [DSA 997-1] New bomberclone packages fix arbitrary code execution,
Martin Schulze
- [ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability,
security
- [DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue,
Uwe Hermann
- [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue,
Uwe Hermann
- [DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue,
Uwe Hermann
- [SECURITY] [DSA 999-1] New lurker packages fix several vulnerabilities,
Martin Schulze
- [SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities,
Martin Schulze
- [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue,
Uwe Hermann
- DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow',
KF (lists)
- [SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution,
Moritz Muehlenhoff
- Linux zero IP ID vulnerability?,
Marco Ivaldi
- [eVuln] CyBoards PHP Lite SQL Injection Vulnerability,
alex
- ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability,
zdi-disclosures
- High Risk Vulnerability in Microsoft Excel,
NGSSoftware Insight Security Research
- Fortinet Security Advisory: FSA-2006-09,
Fortinet Research
- Fortinet Security Advisory: FSA-2006-08,
Fortinet Research
- SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata,
CS_Advisories Mailbox
- [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability,
XFOCUS Security Team
- [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution,
vuln
- WLSI - Windows Local Shellcode Injection - Paper,
Cesar
- CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net,
CodeScan Labs
- [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities,
Martin Schulze
- CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior,
CodeScan Labs
- [eVuln] discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities,
alex
- Secunia Research: Adobe Document/Graphics Server File URI Resource Access,
Secunia Research
- FW: call for speakers and thoughts on VoIP Security - there's a long way to go!,
Ken Kousky
- Sasser variant that effects 2k3 SP1 completely updated?,
Andrew Weaver
- [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details,
addmimistrator
- [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login,
addmimistrator
- [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection,
addmimistrator
- GnuPG weak as one guy with a spare laptop.,
Forrest J. Cavalier III
- Invision Power Board v2.1.4 - session hijacking,
Hans Wolters
- WebVulnCrawl searching excluded directories for hackable web servers,
Michael Scheidell
- Latest MS patches kill wireless networking?,
James Garrison
- Vulnerability in e-gold,
shurik . f
- Vulnerability fixed in E-gold,
3APA3A
- [ GLSA 200603-11 ] Freeciv: Denial of Service,
Stefan Cornelius
- [ GLSA 200603-12 ] zoo: Buffer overflow,
Stefan Cornelius
- [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file,
Martin Schulze
- [SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution,
Moritz Muehlenhoff
- Milkeyway Multiple Vulnerabilities,
ascii
- Remote overflow in MSIE script action handlers (mshtml.dll),
Michal Zalewski
- [SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution,
Moritz Muehlenhoff
- [FLSA-2006:178606] Updated kdelibs packages fix security issues,
Marc Deslauriers
- [FLSA-2006:157459-3] Updated kernel packages fix security issues,
Marc Deslauriers
- [FLSA-2006:157459-4] Updated kernel packages fix security issues,
Marc Deslauriers
- [ GLSA 200603-14 ] Heimdal: rshd privilege escalation,
Stefan Cornelius
- [ GLSA 200603-13 ] PEAR-Auth: Potential authentication bypass,
Stefan Cornelius
- [FLSA-2006:175404] Updated xpdf package fixes security issues,
Marc Deslauriers
- [ GLSA 200603-15 ] Crypt::CBC: Insecure initialization vector,
Stefan Cornelius
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growingDDoSproblem,
Keith Morgan
- XCon2006 Call For Paper,
XFOCUS Security Team
- XSS IN Invision Power Board,
???? ????
- Symantec Security Advisory SYM06-004,
secure
- Generically Determining the Prescence of Virtual Machines,
valsmith
- [ GLSA 200603-16 ] Metamail: Buffer overflow,
Stefan Cornelius
- [FLSA-2006:157459-1] Updated kernel packages fix security issues,
Marc Deslauriers
- Fedora Legacy Server Outage,
Marc Deslauriers
- [SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution,
Moritz Muehlenhoff
- [SECURITY] [DSA 1008-1] New kpdf packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 1007-1] New drupal packages fix several vulnerabilities,
Martin Schulze
- [FLSA-2006:173274] Updated gdk-pixbuf packages fix security issues,
Marc Deslauriers
- Oxynews Sql İnjection,
r00t3rr0r
- [eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities,
alex
- [FLSA-2006:174479] Updated libungif packages fix security issues,
Marc Deslauriers
- [FLSA-2006:157459-2] Updated kernel packages fix security issues,
Marc Deslauriers
- Microsoft Commerce Server 2002: Logon as known user with a false password,
Dimitri
- MyBB 1.10 Full Path Disclosure,
o . y . 6
- Contrexx CMS Xss Vuln,
Soothackers
- Xss in Wbb 2.3.4,
r57shell
- ExtCalendar v1.0 Multiple Xss Vuln,
Soothackers
- [SECURITY] [DSA 960-3] New libmail-audit-perl packages fix insecure temporary file use,
Martin Schulze
- [SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution,
Martin Schulze
- [security bulletin] SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access,
security-alert
- [SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities,
Martin Schulze
- [security bulletin] SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access,
security-alert
- [security bulletin] SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access,
security-alert
- phpWebsite <= SQL Injection (friend.php) & (article.php),
dabdoub_mosikar
- Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities,
raphael . huck
- Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000,
justint
- IMF 2006 - 2nd Call for Papers,
Oliver Goebel
- [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0,
Daniel Stone
- Symantec Security Advisory, SYM06-005,
secure
- DNS Amplification Attacks,
Gadi Evron
- [ MDKSA-2006:056 ] - Updated xorg-x11 packages to address local root vuln,
security
- Perverting Unix Processes,
Pluf
- [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability,
security
- CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script,
CORE Security Technologies Advisories
- [ GLSA 200603-18 ] Pngcrush: Buffer overflow,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit,
Martin Schulze
- [SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200603-17 ] PeerCast: Buffer overflow,
Sune Kloppenborg Jeppesen
- XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others),
alfy
- Recon 2006: Guest speakers announcement. Call for paper and early registration ending in less than 2 weeks.,
Hugo Fortier
- [ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs,
Matthias Geerdsen
- [ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution,
Sune Kloppenborg Jeppesen
- Free Articles Directory Remote Command Exucetion,
botan
- ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities,
nukedx
- Mini-Nuke<=1.8.2 SQL injection (6),
dabdoub_mosikar
- FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:12.opie,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec,
FreeBSD Security Advisories
- [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability,
alex
- DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack',
KF (lists)
- WinHKI 1.6x Archive Extraction Directory traversal,
h e
- cutenews 1.4.1 Arbitrary File Access,
h e
- [SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file,
Martin Schulze
- PHP Live! XSS status_image.php,
kspecial
- Re; FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail,
Jose Nazario
- IE crash,
Stelian Ene
- SUSE Security Announcement: sendmail remote code execution (SUSE-SA:2006:017),
Thomas Biege
- [OpenPKG-SA-2006.007] OpenPKG Security Advisory (sendmail),
OpenPKG
- [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities,
Sune Kloppenborg Jeppesen
- sendmail vuln advisories (CVE-2006-0058),
Marc Bejarano
- [SECURITY] [DSA 1014-1] New firebird2 packages fix denial of service,
Martin Schulze
- [ MDKSA-2006:058 ] - Updated sendmail packages fix remote vulnerability,
security
- [USN-265-1] cairo/Evolution library vulnerability,
Martin Pitt
- Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow,
Stefan Esser
- [ MDKSA-2006:059 ] - Updated kernel packages fix multiple vulnerabilities,
security
- [SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200603-21 ] Sendmail: Race condition in the handling of asynchronous signals,
Sune Kloppenborg Jeppesen
- [KAPDA::#37] - CoMoblog XSS,
farhadkey
- PasswordSafe 3.0 weak random number generator allows key recovery attack,
info
- Vulnerability Alert Services - Independent List,
Andy Cuff
- [SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities,
Moritz Muehlenhoff
- Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution,
advisories
- iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability,
labs-no-reply
- iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability,
labs-no-reply
- [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation,
Sune Kloppenborg Jeppesen
- Secunia Research: Microsoft Internet Explorer "createTextRange()" Code Execution,
Secunia Research
- Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability,
Secunia Research
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Gadi Evron
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities],
Gadi Evron
- Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Dragos Ruiu
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Theo de Raadt
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Martin Schulze
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Theo de Raadt
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
D.F.Russell
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Gadi Evron
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Pim van Riezen
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Florian Weimer
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Gadi Evron
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Claus Assmann
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Eric Allman
- <Possible follow-ups>
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow),
Eric Allman
- ArabPortal 2.0 Stable [ Full Patch Disclosure ],
o . y . 6
- Popup Blocker Bypass Script,
James C. Slora, Jr.
- Sudo tricks,
John Richard Moser
- [HV-PAPER] Security Product Evaluation Tips,
vuln
- Digital Armaments April-2006 Hacking Challenge: Oracle Database,
info
- Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses,
Suport Account
- Vulnerabilitiy found in comodo hacker guardian free scan.,
sk8boardkid
- w3wp remote DoS,
Debasis Mohanty
- [ MDKSA-2006:060 ] - Updated FreeRADIUS packages fix EAP-MSCHAPv2 module vulnerability,
security
- [FLSA-2006:186277] Updated sendmail packages fix security issues,
Jesse Keating
- [SECURITY] [DSA 1019-1] New kpdf packages fix several vulnerabilities,
Martin Schulze
- [eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities,
alex
- [SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities,
Moritz Muehlenhoff
- On product vulnerability history and vulnerability complexity,
Steven M. Christey
- [eVuln] DSPoll Multiple SQL Injection Vulnerabilities,
alex
- [eVuln] DSNewsletter SQL Injection Vulnerability,
alex
- [security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS),
security-alert
- Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability,
Secunia Research
- HeffnerCMS Remote Command Exucetion And Cross Scripting Attack,
botan
- VihorDesing Script Remote Command Exucetion And Cross Scripting Attack,
botan
- Systrace 1.6: Phoenix Release,
Niels Provos
- [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability,
alex
- [eVuln] DSDownload Multiple SQL Injection Vulnerabilities,
alex
- Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll),
dgtlscrm
- Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities),
bifta04
- UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection,
dabdoub_mosikar
- SQL Injection in SaphpLesson2.0,
xx_hack_xx_2004
- HPSBUX02108 SSRT061133 rev.1 - HP-UX Sendmail, Remote Execution,
Security Alert
- AkoComment SQL injection vulnerability,
Stefan Keller
- SQL injection in VGM Forbin.,
mfoxhacker
- nuked-klan<=1.7.5 SQL Injection,
dabdoub_mosikar
- [ GLSA 200603-24 ] RealPlayer: Buffer overflow vulnerability,
Matthias Geerdsen
- [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities,
Matteo Beccati
- CanfTool v1.1 Cross Site Scripting Attack,
botan
- HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities,
h4cky0u . org
- HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS,
h4cky0u . org
- [eVuln] DSLogin Authentication Bypass Vulnerability,
alex
- [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities,
alex
- [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl,
Stefan Cornelius
- Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection,
dabdoub_mosikar
- Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability,
Renaud Lifchitz
- Microsoft Windows XP SP2 Firewall issue,
edubp2002
- [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro,
D.Snezhkov
- XSS & SQL Injection in Music Box v2.3,
xx_hack_xx_2004
- TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability,
zdi-disclosures
- ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow,
zdi-disclosures
- ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow,
zdi-disclosures
- [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation,
Moritz Muehlenhoff
- SYM06-006, Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons,
secure
- PHPLiveHelper 1.8 remote command execution (include) Xploit (perl),
stormhacker
- EEYE: Temporary workaround for IE createTextRange vulnerability,
Marc Maiffret
- VWar <= 1.5.0 R11 Remote Code Execution Exploit,
uid0
- Re: On classifying attacks,
Gadi Evron
- [eVuln] Maian Events SQL Injection Vulnerability,
alex
- XSS in AL-Caricatier,
xx_hack_xx_2004
- [eVuln] Maian Support Authentication Bypass,
alex
- Genius VideoCAM NB Local Privilege Escalation,
beford
- Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability,
Secunia Research
- [SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution,
Moritz Muehlenhoff
- ArabPortal 2.0 Stable CrossSiteScripting,
o . y . 6
- Announcement: The Web Hacking Incidents Database,
contact
- Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution),
Determina Secure
- Cantv/Movilnet's Web SMS vulnerability.,
Bugtraq @ SNSecurity
- Critical PHP bug - act ASAP if you are running web with sensitive data,
Tõnu Samuel
- Re: Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution,
edubp2002
- XSS in PHPKIT Version 1.6.03,
badnet_xoopiter
- [HV-INFO] Enova hardware encryption: false sense of security,
vuln
- [xfocus-SD-060329]MPlayer: Multiple integer overflows,
XFOCUS Security Team
- [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability,
alex
- [eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection,
alex
- Re: Re: phpBB 2.06 search.php SQL injection,
fritz-li
- PhxContacts <= 0.93.1 beta Multiple SQL injection & xss,
dabdoub-mosikar
- Resource to Report and Stop Phishing Scams,
Paul Laudanski
- Full path disclosure in Webcalendar 1.1.0-CVS,
crasher
- [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd,
Stefan Cornelius
- [ MDKSA-2006:061 ] - Updated mailman packages fix DoS from badly formed mime multipart messages.,
security
- X-Changer <=v0.2 Demo SQL injection,
dabdoub-mosikar
- Buffer overflows in Dia XFig import,
lars
- McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability,
Juha-Matti Laurio
- Smurfable Linux Kernel,
Tomasz Chomiuk
- [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files,
Gerald (Jerry) Carter
- strip_tags() but not only vulnerability,
Tõnu Samuel
- [security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02102 SSRT051078 rev.2 - HP-UX usermod(1M) Local Unauthorized Access.,
security-alert
- MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability,
simo64
- Oxygen<=1.x.x SQL injection,
dabdoub-mosikar
- MonAlbum 0.8.7 SQL Injection,
undefined1
- Black Hat Call for Papers and Registration now open,
Jeff Moss
Mail converted by MHonArc