Mail Index

• Thread Index

• [security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• RE: WebVulnCrawl searching excluded directories for hackable web servers
  • From: Michael Scheidell
• OSSTMM Security Analyst Training Live Stream on the Web
  • From: Pete Herzog
• Re: Sudo tricks
  • From: Javor Ninov
• Re: On classifying attacks
  • From: Gadi Evron
• EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.
  • From: Mustafa Can Bjorn IPEKCI
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: Jeff Rosowski
• RE: Sudo tricks
  • From: Burton Strauss
• Re: Re: Cantv/Movilnet's Web SMS vulnerability.
  • From: rrecabarren
• DbbS<=2.0-alpha SQL injection
  • From: dabdoub-mosikar
• Buffer-overflow and in-game crash in Zdaemon 1.08.01
  • From: Luigi Auriemma
• Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
  • From: botan
• Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
  • From: Steven M. Christey
• linksubmit <= All version Html Tag Injector in index.php
  • From: ali
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Gadi Evron
• SQuery <= 4.5 Remote File Inclusion Exploit
  • From: uid0
• Re: [Full-disclosure] Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
  • From: Siegfried
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: gboyce
• FleXiBle Development Script Remote Command Exucetion And XSS Attacking
  • From: botan
• Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
  • From: Siegfried
• Re: Re: Re: phpBB 2.06 search.php SQL injection
  • From: theguywhocouldwipeyourphpBB
• DoS-ing sysklogd?
  • From: Milen Rangelov
• PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
  • From: uid0
• GeSWall 2.2 – Free Intrusion Prevention System for Windows
  • From: GentleSecurity Team
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Paul Stepowski
• SiteMan <= All version SQL injection in admin_login.asp
  • From: ali
• Phpwebgallery <= 1.4.1 SQL injection Vulnerability
  • From: t4h4
• Secunia Research: AN HTTPD Script Source Disclosure Vulnerability
  • From: Secunia Research
• Re: On product vulnerability history and vulnerability complexity
  • From: Crispin Cowan
• [USN-266-1] dia vulnerabilities
  • From: Martin Pitt
• [SECURITY] [DSA 1000-2] New Apache2::Request packages fix denial of service
  • From: Martin Schulze
• Another Internet Explorer Address Bar Spoofing Vulnerability
  • From: hainamluke
• Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)
  • From: paolo . difebbo
• Flaw in commonly used bash random seed method
  • From: coderpunk
• Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
  • From: cxib
• RE: DoS-ing sysklogd?
  • From: Justin Shore
• VWar <= 1.5.0 R12 Remote File Inclusion Exploit
  • From: uid0
• Multiple Vulnerabilities in LucidCMS
  • From: crasher
• MyBB 1.10 New CrossSiteScripting
  • From: o . y . 6
• Re: Flaw in commonly used bash random seed method
  • From: Matthijs
• Re: On product vulnerability history and vulnerability complexity
  • From: Gadi Evron
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• Re: On product vulnerability history and vulnerability complexity
  • From: Steven M. Christey
• Re: On product vulnerability history and vulnerability complexity
  • From: ArkanoiD
• SQL Injection in Softbiz Image Gallery
  • From: xx_hack_xx_2004
• Re: WebVulnCrawl searching excluded directories for hackable web servers
  • From: Dennis Brown
• Re: Cantv/Movilnet's Web SMS vulnerability.
  • From: raven
• Re: On classifying attacks
  • From: john mullee
• Re: On product vulnerability history and vulnerability complexity
  • From: Forrest J. Cavalier III
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• [ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability
  • From: security
• [ MDKSA-2006:062 ] - Updated dia packages fix buffer overflow vulnerabilities
  • From: security
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Anton Ivanov
• ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution
  • From: rgod
• SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability
  • From: CS_Advisories Mailbox
• Bypassing ISA Server 2004 with IPv6
  • From: Romain . Le . Guen
• Re: Flaw in commonly used bash random seed method
  • From: Dave English
• Re: Bypassing ISA Server 2004 with IPv6
  • From: 3APA3A
• RUXCON 2006 Call for Papers
  • From: cfp
• SMART Technologies SynchronEyes Remote Denial of Services
  • From: dennis
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Anton Ivanov
• Re: On product vulnerability history and vulnerability complexity
  • From: Gadi Evron
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Anton Ivanov
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• Format string in Doomsday 1.8.6
  • From: Luigi Auriemma
• Re: On product vulnerability history and vulnerability complexity
  • From: Steven M. Christey
• [USN-267-1] mailman vulnerability
  • From: Martin Pitt
• Re: On product vulnerability history and vulnerability complexity
  • From: Javor Ninov
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Måns Nilsson
• [ GLSA 200604-01 ] MediaWiki: Cross-site scripting vulnerability
  • From: Stefan Cornelius
• Barracuda LHA archiver security bug leads to remote compromise
  • From: Jean-Sébastien Guay-Leroux
• Re: DoS-ing sysklogd?
  • From: Bernhard Fischer
• Re: DoS-ing sysklogd?
  • From: Christophe Garault
• Barracuda ZOO archiver security bug leads to remote compromise
  • From: Jean-Sébastien Guay-Leroux
• [security bulletin] HPSBPI2109 SSRT061141 rev.1 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information
  • From: security-alert
• [ GLSA 200604-02 ] Horde Application Framework: Remote code execution
  • From: Stefan Cornelius
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Tim
• [ GLSA 200604-03 ] FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module
  • From: Matthias Geerdsen
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Thomas Guyot-Sionnest
• Buffer-overflow in Ultr@VNC 1.0.1 viewer and server
  • From: Luigi Auriemma
• Re: Flaw in commonly used bash random seed method
  • From: Matthijs
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: Moriyoshi Koizumi
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• Re: Another Internet Explorer Address Bar Spoofing Vulnerability
  • From: franz
• ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz
  • From: o . y . 6
• Re: Flaw in commonly used bash random seed method
  • From: Matthijs
• NOD32 local privilege escalation vulnerability
  • From: visitbipin
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: Jasper Bryant-Greene
• Another way to spoof Internet Explorer Address Bar
  • From: hainamluke
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sen
  • From: mailinglist mailinglist
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Marco Ivaldi
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: John Bond
• Re: Limbo CMS code execution
  • From: gergero
• Black Hat Call for Papers and Registration now open
  • From: Jeff Moss
• [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security
  • From: Jean-Sébastien Guay-Leroux
• [SECURITY] [DSA 1022-1] New storebackup packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Jim Pingle
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Tim
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Simon Boulet
• [ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion
  • From: eufrato
• [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability
  • From: Richard Horsman
• [ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion
  • From: eufrato
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: Jasper Bryant-Greene
• Re: Flaw in commonly used bash random seed method
  • From: Dave Korn
• Linux Kernel Local DoS vulnerability.
  • From: fingerout
• Re: Re: Bypassing ISA Server 2004 with IPv6
  • From: Romain . Le-Guen
• [FLSA-2006:152873] Updated xine package fixes security issues
  • From: Marc Deslauriers
• Re: Bypassing ISA Server 2004 with IPv6
  • From: Christine Kronberg
• [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Cisco Security Advisory: Cisco 11500 Content Services Switch HTTP Request Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server
  • From: Luigi Auriemma
• [FLSA-2006:152896] Updated mod_python package fixes a security issue
  • From: Marc Deslauriers
• Autonomous LAN party File iNclusion
  • From: codexploder
• [ MDKSA-2006:066 ] - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty
  • From: security
• Xss In SaphpLesson3.0
  • From: w3 . _
• [FLSA-2006:156139] Updated tcpdump packages fix security issues
  • From: Marc Deslauriers
• [FLSA-2006:156290] Updated cyrus-imapd packages fix security issues
  • From: Marc Deslauriers
• [FLSA-2006:170411] Updated imap packages fix security issue
  • From: Marc Deslauriers
• [FLSA-2006:183571-1] Updated tar package fixes security issue
  • From: Marc Deslauriers
• [FLSA-2006:183571-2] Updated tar package fixes security issue
  • From: Marc Deslauriers
• [FLSA-2006:180159] Updated unzip package fixes security issue
  • From: Marc Deslauriers
• [eVuln] Null news SQL Injection Vulnerability
  • From: alex
• [FLSA-2006:184074] Updated pine package fixes security issue
  • From: Marc Deslauriers
• [FLSA-2006:184098] Updated libc-client packages fixes security issue
  • From: Marc Deslauriers
• [Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue
  • From: Marc Deslauriers
• SQL Injection in Chipmunk Guestbook
  • From: dr . jr7
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Jim Pingle
• Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload
  • From: simo64
• [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()
  • From: Dirk Mueller
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Gadi Evron
• Black Hat Call for Papers and Registration now open
  • From: Jeff Moss
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Ross Wheeler
• Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
  • From: Steven M. Christey
• [eVuln] phpNewsManager Multiple SQL Injections
  • From: alex
• Re: Bypassing ISA Server 2004 with IPv6
  • From: offtopic
• Welcome to XCon2006 in China!
  • From: xcon
• [SECURITY] [DSA 1031-1] New cacti packages fix several vulnerabilities
  • From: Martin Schulze
• [SECURITY] [DSA 946-2] New sudo packages fix privilege escalation
  • From: Martin Schulze
• google xss
  • From: almfnod
• [security bulletin] HPSBUX02108 SSRT061133 rev.3 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• RE: Another way to spoof Internet Explorer Address Bar
  • From: Memisyazici, Aras
• [ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities
  • From: security
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Erwan David
• Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability
  • From: pc . tech2
• [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack
  • From: addmimistrator
• [eVuln] VSNS Lemon Multiple Vulnerabilities
  • From: alex
• PHPMyChat 0.15.0dev "SYS enter" remote commands xctn (not properly patched from previous versions)
  • From: rgod
• [ MDKSA-2006:065 ] - Updated kaffeine packages fix remote buffer overflow vulnerability
  • From: security
• Matt Wright Guestbook Xss Script &#304;njection
  • From: liz0
• [eVuln] vCounter - sourceworkshop SQL Injection Vulnerability
  • From: alex
• [USN-268-1] Kaffeine vulnerability
  • From: Martin Pitt
• LayerOne 2006 - Finalized Speaker Line-Up Announced
  • From: Layer One
• PHPMyChat <= 0.14.5 remote commands execution
  • From: rgod
• Re: SQL injection in Invision Power Board v2.1.5
  • From: optix_prorat100
• [SECURITY] [DSA 1028-1] New libimager-perl packages fix denial of service
  • From: Martin Schulze
• [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure
  • From: eufrato
• [ MDKSA-2006:067 ] - Updated clamav packages fix vulnerabilities
  • From: security
• [ GLSA 200604-05 ] Doomsday: Format string vulnerability
  • From: Stefan Cornelius
• MAXDEV CMS Multiple vulnerabilities
  • From: king_purba
• [SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: recursive DNS servers DDoS as a growing DDoS problem
  • From: Anton Ivanov
• [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability
  • From: alex
• [ GLSA 200604-04 ] Kaffeine: Buffer overflow
  • From: Sune Kloppenborg Jeppesen
• Shadowed Portal Cross Site Scripting
  • From: liz0
• Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  • From: Moriyoshi Koizumi
• [SECURITY] [DSA 1027-1] New mailman packages fix denial of service
  • From: Martin Schulze
• Re: Another Internet Explorer Address Bar Spoofing Vulnerability
  • From: sh0rtie
• Re: Flaw in commonly used bash random seed method
  • From: Steve VanDevender
• XSS Bug in Cherokee Webserver
  • From: rubengarrote
• [SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities
  • From: Martin Schulze
• Google Reader "preview" and "lens" script improper feed validation
  • From: Debasis Mohanty
• Virtual War File &#304;nclusion
  • From: liz0
• Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Re: Format string in Doomsday 1.8.6
  • From: Alexey Dobriyan
• [SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities
  • From: Martin Schulze
• Multiple vulnerability in jupiter CMS
  • From: king_purba
• [SECURITY] [DSA 1026-1] New sash packages fix potential arbitrary code execution
  • From: Moritz Muehlenhoff
• [ GLSA 200604-06 ] ClamAV: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server
  • From: jalvare7
• [SECURITY] [DSA 1023-1] New kaffeine packages fix arbitrary code execution
  • From: Martin Schulze
• Re: Bios Information Leakage
  • From: darmawan_salihun
• [security bulletin] HPSBUX02110 SSRT061110 rev.1 - HP-UX Running wu-ftpd Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBUX02111 SSRT061132 rev.1 - HP-UX su(1) Local Unauthorized Access
  • From: security-alert
• [SECURITY] [DSA 1025-1] New dia packages fix arbitrary code execution
  • From: Martin Schulze
• RE: recursive DNS servers DDoS as a growing DDoS problem
  • From: Geo.
• IE6 Crash
  • From: tel
• [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)
  • From: Damian Put
• Re: IE6 Crash
  • From: H D Moore
• XMB Forum 1.9.5-Final XSS
  • From: r0xes . ratm
• Oracle read-only user can insert/update/delete data via specially crafted views
  • From: ak
• Re[2]: Bypassing ISA Server 2004 with IPv6
  • From: 3APA3A
• TUGZip Archive Extraction Directory traversal
  • From: h e
• Vulnerabilities in SPIP
  • From: crasher
• PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
  • From: rgod
• phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2
  • From: cxib
• function *() php/apache Crash PHP 4.4.2 and 5.1.2
  • From: cxib
• tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2
  • From: cxib
• copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2
  • From: cxib
• MyBB 1.10 'newthread.php' < CrossSiteScripting >
  • From: o . y . 6
• Myspace.com - Intricate Script Injection
  • From: silentproducts
• Re: Bypassing ISA Server 2004 with IPv6
  • From: Thor (Hammer of God)
• RE: google xss
  • From: Andy Meyers
• Re: Bypassing ISA Server 2004 with IPv6
  • From: Thor (Hammer of God)
• Vegadns blind sql injection and cross site scripting
  • From: king_purba
• PHPList <= 2.10.2 remote commands execution
  • From: rgod
• [eVuln] phpNewsManager Multiple SQL Injections
  • From: alex
• Jbook Cross Site Scripting
  • From: root__
• phpMyForum Cross Site Scripting & CRLF injection
  • From: root__
• PHPWebGallery Multiple Cross Site Scripting Vulnerabilities
  • From: root__
• [USN-269-1] xscreensaver vulnerability
  • From: Martin Pitt
• Re: PHPList <= 2.10.2 remote commands execution
  • From: secfoc
• Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
  • From: Michal Zalewski
• Confixx 3.1.2 <= Cross Site Scripting Vuln
  • From: sn4k3 . 23
• INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit
  • From: selfar2002
• [ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability
  • From: security
• Multiple vulnerabilities in Blur6ex
  • From: crasher
• phpListPro <= 2.0 - Remote File Include Vulnerability
  • From: admin
• Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities
  • From: Sowhat
• [eVuln] [V]Book Multiple Vulnerabilities
  • From: alex
• ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
  • From: zdi-disclosures
• Manila <= 9.5 - XSS Vulnerabilities
  • From: d4igoro
• Confixx 3.1.2 <= SQL Injection
  • From: sn4k3 . 23
• IBM
  • From: ptt
• Tritanium Bulletin Board 1.2.3 - XSS
  • From: d4igoro
• [eVuln] VNews Multiple Vulnerabilities
  • From: alex
• Re: google xss
  • From: Jim Ley
• Re: Re: PHPList <= 2.10.2 remote commands execution
  • From: rg . viza
• [SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access
  • From: SRC Telindus
• AzDGVote File inclusion
  • From: selfar2002
• Re: Bypassing ISA Server 2004 with IPv6
  • From: noreply
• [ MDKSA-2006:071 ] - Updated xscreensaver packages fix clear-text password vulnerability
  • From: security
• [ MDKSA-2006:070 ] - Updated openvpn packages fix vulnerability
  • From: security
• IMF 2006 - Submission Deadline Extension
  • From: Oliver Goebel
• IT Underground, London 2006 - call for papers
  • From: it_underground
• Re: google xss
  • From: pagvac
• SAXoPRESS - directory traversal
  • From: securiteam
• 2nd European Conference on Computer Network Defense (EC2ND)
  • From: Blyth A J C (Comp)
• Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
  • From: Sowhat
• Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC
  • From: phaas
• [SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation
  • From: Moritz Muehlenhoff
• [eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities
  • From: alex
• Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
  • From: Steven M. Christey
• Simplog <=0.9.2 multiple vulnerabilities
  • From: rgod
• [SECURITY] [DSA 1033-1] New horde3 packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2]
  • From: 86400s
• Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
  • From: Esteban Martinez Fayo
• [security bulletin] HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• [USN-270-1] xpdf vulnerabilities
  • From: Martin Pitt
• Clansys Multiple Xss Vulnerabilities
  • From: Soothackers
• Re: phpWebsite <= SQL Injection (friend.php) & (article.php)
  • From: shaun
• PatroNet CMS Xss Vuln
  • From: Soothackers
• Windows Help Heap Overflow
  • From: c0ntexb
• SimpleBBS v1.1(posts.php) remote command execution
  • From: stormhacker
• [BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1
  • From: bugtraq
• [eVuln] qliteNews SQL Injection Vulnerability
  • From: alex
• [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4
  • From: bugtraq
• [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2
  • From: bugtraq
• Remote File Inclusion in VBulletin ImpEx
  • From: dr . jr7
• [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2
  • From: bugtraq
• phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit
  • From: selfar2002
• Re: Multiple vulnerabilities in Blur6ex
  • From: Steven M. Christey
• RevoBoard [email] tag XSS
  • From: r0xes . ratm
• Re: google xss
  • From: Vladimir Levijev
• Recon 2006: speaker lineup announcement
  • From: Recon
• MyBB 1.10 New XSS ' member.php '
  • From: o . y . 6
• Re: Confixx 3.1.2 <= SQL Injection
  • From: iovdin
• Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
  • From: Michal Zalewski
• QuickBlogger v1.4 Cross-Site Scripting
  • From: botan
• RE: IBM
  • From: Michael Scheidell
• phpMyAdmin 2.7.0-pl1
  • From: kr4ch
• Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors.
  • From: anonss
• MyBB 1.10 New CrossSiteScripting ' member.php '
  • From: o . y . 6
• SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit
  • From: selfar2002
• Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities
  • From: Secunia Research
• SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
  • From: Bernhard Mueller
• ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow
  • From: zdi-disclosures
• Re: IBM
  • From: stend
• TalentSoft Web+Shop Path Disclosure
  • From: revnic
• Re: RE: IBM
  • From: Juha-Matti Laurio
• [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities
  • From: alex
• Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability
  • From: izimask
• PowerClan 1.14 - SQL Injection
  • From: d4igoro
• Re: Simplog <=0.9.2 multiple vulnerabilities
  • From: Jeremy Ashcraft
• [eVuln] aWebNews Multiple XSS and SQL Injection Vulnerabilities
  • From: alex
• Vulnerabilities in lifetype
  • From: crasher
• Vulnerabilities in Papoo
  • From: crasher
• Vulnerabilities in MODx
  • From: crasher
• Farsinews Cross-Site Scripting & Path disclosure vulnerability
  • From: aminrayden
• osCommerce "extras/" information/source code disclosure
  • From: rgod
• Re: phpMyAdmin 2.7.0-pl1
  • From: Kevin Waterson
• Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
  • From: n0m3rcy
• phpBB Admin command execution
  • From: noch22
• Serendipity Blog vuln
  • From: moep
• [SECURITY] [DSA 1034-1] New horde2 packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• phpBB template file code execution
  • From: noch22
• Re: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
  • From: sp3x
• Avast Linux Home Edition (vulnerability on a temporary folder creation)
  • From: Julien L.
• [ GLSA 200604-07 ] Cacti: Multiple vulnerabilities in included ADOdb
  • From: Thierry Carrez
• Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure
  • From: franz
• Re: [Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
  • From: Thierry Zoller
• Re: phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit
  • From: Kevin Wilcox
• Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability
  • From: tranceformer
• [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Dave Korn
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Brandon S. Allbery KF8NH
• PAJAX Remote Code Injection and File Inclusion Vulnerability
  • From: RedTeam Pentesting
• Xss In ar-blog v 5.2
  • From: W3 . _
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Stan Bubrouski
• RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Derek Soeder
• planetSearch+ - XSS Vulnerabilities
  • From: d4igoro
• Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
  • From: robert
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: A . L . M . Buxey
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: dumdidumdideldey
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Joachim Schipper
• Re: SAXoPRESS - directory traversal aka Saxotech Online
  • From: securiteam
• Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?
  • From: iovdin
• a Yahoo Vulnerability
  • From: r57shell
• Re[2]: Bypassing ISA Server 2004 with IPv6
  • From: Christine Kronberg
• Dokeos 1.6.4 SQL Injection Vulnerability
  • From: Alvaro Olavarria
• manila.userland cross site scriptable
  • From: Aaron Kaplan
• Re: QuickBlogger v1.4 Cross-Site Scripting
  • From: Steven M. Christey
• ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
  • From: zdi-disclosures
• [KAPDA]MyBB1.1.0~global.php~ParameterExtracting
  • From: addmimistrator
• [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack
  • From: addmimistrator
• Re: Firefox 1.5.0.1 Password Manager Arbtirary User Browsing History Disclosure
  • From: Eliah Kagan
• [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities
  • From: alex
• [SECURITY] [DSA 1035-1] New fcheck packages fix insecure temporary file creation
  • From: Moritz Muehlenhoff
• Re[3]: Bypassing ISA Server 2004 with IPv6
  • From: 3APA3A
• PHP Album <= 0.3.2.3 remote commnads execution
  • From: rgod
• RE: osCommerce "extras/" information/source code disclosure
  • From: Michael Scheidell
• Tiny Web Gallery <= 1.4 XSS
  • From: qex
• PhpGuestbook <= 1.0 XSS
  • From: qex
• FlexBB <= 0.5.7 BETA XSS
  • From: qex
• Boardsolution <= 1.12 XSS
  • From: qex
• phpFaber TopSites Script Cross-Site Scripting
  • From: botan
• Snipe Gallery <= 3.1.4 Multiple XSS
  • From: qex
• Re: Vulnerabilities in MOD
  • From: Victor Brilon
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• DbbS<=2.0-alpha Multiple Vulnerabilities
  • From: yamcho
• Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack
  • From: Dariusz Kolasinski
• Xss In bMachine 2&#1643;7
  • From: W3 . _
• FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass]
  • From: kr4ch
• Calendarix "yearcal.php" XSS Attacking
  • From: botan
• Re: Snipe Gallery <= 3.1.4 Multiple XSS
  • From: nobody
• MyEvent Remote File Execution And XSS Attacking
  • From: botan
• BetaBoard Cross Site Scripting vulnerability
  • From: easy . mask
• PhpWebFTP 3.2 Login Script
  • From: arko . dhar
• [SECURITY] [DSA 1036-1] New bsdgames packages fix local privilege escalation
  • From: Moritz Muehlenhoff
• - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -
  • From: rgod
• ShoutBOOK <= 1.1 XSS
  • From: qex
• Neuron Blog <= 1.1 XSS
  • From: qex
• [eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities
  • From: alex
• Tiny PHP forum - vulns
  • From: hessam
• AnimeGenesis <= XSS
  • From: qex
• ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability
  • From: zdi-disclosures
• [ GLSA 200604-08 ] libapreq2: Denial of Service vulnerability
  • From: Thierry Carrez
• FlexBB 0.5.5 Bypass Exploit
  • From: o . y . 6
• Neon Responder (Dos,Exploit)
  • From: Stefan Lochbihler
• [Argeniss] Alert - Yahoo! Webmail XSS
  • From: Cesar
• gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Felix von Leitner
• [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability
  • From: alex
• [SA-03] Example of Grsecurity protection avoid.
  • From: adam
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Michael Chamberlain
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Forrest J. Cavalier III
• RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Michael Wojcik
• Linpha 1.1.0 - XSS Vulnerabilities
  • From: d4igoro
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Alexander Klimov
• Remote Xine Format String Vulnerability
  • From: c0ntexb
• Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
  • From: Morning Wood
• Another flaw in Firefox 1.5.0.2: to open files from remote
  • From: miky
• Re: - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting -
  • From: JiM / aEGIS
• axoverzicht.cgi <= XSS
  • From: qex
• blur6ex Local File Inclusion and SQL injection .
  • From: h e
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: jat-public01
• Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
  • From: Morning Wood
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Ansgar -59cobalt- Wiechers
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Florian Weimer
• phpLister v. 0.4.1 XSS Attacking
  • From: botan
• [ MDKSA-2006:072 ] - Updated kernel packages fix multiple vulnerabilities
  • From: security
• [KAPDA::#41] - Mambo/Joomla rss component vulnerability
  • From: alireza hassani
• Multiple critical and high risk issues in Oracle's database server
  • From: NGSSoftware Insight Security Research
• [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation
  • From: Secure
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Gabor Gombas
• CuteNews 1.4.1 <= Cross Site Scripting
  • From: sn4k3 . 23
• SQL Injection in package SYS.DBMS_LOGMNR_SESSION
  • From: ak
• FreeBSD Security Advisory FreeBSD-SA-06:14.fpu
  • From: FreeBSD Security Advisories
• Oracle 10g 10.2.0.2.0 DBA exploit
  • From: putosoft softputo
• [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability
  • From: admin
• XSS Vulnerability in Guest-book script powered by Community Architect
  • From: susam . pal
• Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Re: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000
  • From: office
• Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability
  • From: rey . gigataras
• [security bulletin] HPSBUX02108 SSRT061133 rev.7 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• Re: Multiple vulnerabilities in Linux based Cisco products
  • From: Ilker Temir
• Multiple vulnerabilities in Linux based Cisco products
  • From: assurance.com.au
• RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities
  • From: info
• ThWboard <= 3 Beta 2.84 SQL Injection
  • From: Qex
• Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance
  • From: Cisco Systems Product Security Incident Response Team
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Paul Wouters
• Re: phpBB Admin command execution
  • From: dave . de
• redirection vuln crawlers breed & security through obscurity
  • From: Ivan Sergio Borgonovo
• Shbablek Mail Vulnerablitiy - Cross-Site Scripting
  • From: n0m3rcy
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: robsekeris
• WWWThread RC 3 MultBugs
  • From: o . y . 6
• Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: john
• ContentBoxx Login.php Cross-Site Scripting
  • From: botan
• Fortinet28 box does not resist has small synflood!
  • From: testx444
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: no . spam
• Re: Multiple Vulnerabilities in LucidCMS
  • From: zachofalltrades
• Tlen.PL e-mail XSS vulnerability.
  • From: koper
• RE: redirection vuln crawlers breed & security through obscurity
  • From: Evans, Arian
• Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: somebody
• Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
  • From: Nate Eldredge
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Geo.
• Re: Re[2]: Bypassing ISA Server 2004 with IPv6
  • From: Thor (Hammer of God)
• Confixx SQL Injection exploit (confixx_exploit.pl)
  • From: defa
• EasyGallery Cross-Site Scripting
  • From: botan
• Re[3]: Bypassing ISA Server 2004 with IPv6
  • From: Christine Kronberg
• [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities
  • From: alex
• Re: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: somerandomaddress99
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Jamie Riden
• Re: Re[2]: Bypassing ISA Server 2004 with IPv6
  • From: Christine Kronberg
• SQL Injection in incredibleindia.org
  • From: susam_pal
• [eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities
  • From: alex
• PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn
  • From: rgod
• [USN-271-1] Firefox vulnerabilities
  • From: Martin Pitt
• Strengthen OpenSSH security?
  • From: Brett Glass
• ASPSitem <= 1.83 Remote SQL Injection Vulnerability
  • From: Mustafa Can Bjorn IPEKCI
• [eVuln] MWGuest XSS Vulnerability
  • From: alex
• PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn
  • From: rgod
• ThWboard 3 Beta 2.84 Cross Site Scripting
  • From: CrAzY . CrAcKeR
• axoverzicht.cgi<==Remote File Inclusion
  • From: CrAzY . CrAcKeR
• Re: CuteNews 1.4.1 <= Cross Site Scripting
  • From: Steven M. Christey
• [security bulletin] HPSBTU02095 SSRT051007 rev.3 - HP Tru64 UNIX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access
  • From: security-alert
• [security bulletin] HPSBST02112 SSRT061129 rev.1 - HP StorageWorks Secure Path for Windows Remote Denial of Service (DoS)
  • From: security-alert
• Ad-Aware Revisited
  • From: Roy . Batty
• New site about security conferences : www.security-briefings.com
  • From: newslist@xxxxxxxxxxxxxxxxxxxxxx
• Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability
  • From: kim
• RE: (addendum) redirection vuln crawlers breed & security through obscurity
  • From: Evans, Arian
• [Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure
  • From: Cesar
• Re: Strengthen OpenSSH security?
  • From: Mike Hoskins
• Re: Strengthen OpenSSH security?
  • From: Carson Gaspar
• Re: Strengthen OpenSSH security?
  • From: Kd
• Re: Re[3]: Bypassing ISA Server 2004 with IPv6
  • From: Thor (Hammer of God)
• Re: Strengthen OpenSSH security?
  • From: MaddHatter
• Re: Strengthen OpenSSH security?
  • From: Damien Miller
• Re: Re[3]: Bypassing ISA Server 2004 with IPv6
  • From: offtopic
• RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Mario Contestabile
• RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Nick FitzGerald
• 4images <= 1.7 XSS
  • From: qex
• Websense Filter Bypass
  • From: qex
• Re: Strengthen OpenSSH security?
  • From: c0redump
• Mini-NUKE v2.3<<--- SQL Injection
  • From: CrAzY . CrAcKeR
• [ GLSA 200604-09 ] Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200604-10 ] zgv, xzgv: Heap overflow
  • From: Sune Kloppenborg Jeppesen
• [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI
  • From: François Harvey
• BK Forum <<--V.4.0 SQL Injection
  • From: CrAzY . CrAcKeR
• Re: Strengthen OpenSSH security?
  • From: Theo de Raadt
• [eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities
  • From: alex
• r57shell.php <= 1.3 XSS
  • From: qex
• bloggage Remote SQL Injection
  • From: omnipresent
• [SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution
  • From: Martin Schulze
• RE: [BULK] - Websense Filter Bypass
  • From: Hubbard, Dan
• Re: Mini-NUKE v2.3<<--- SQL Injection
  • From: nukedx
• Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites
  • From: simo64
• Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
  • From: advisory
• Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key
  • From: advisory
• Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
  • From: advisory
• Rapid7 Advisory R7-0019: Directory traversal vulnerability in SolarWinds TFTP Server for Windows
  • From: advisory
• [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
  • From: secure
• [SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution
  • From: Martin Schulze
• VWar <= ver 1.21 Remote Code Execution Exploit
  • From: ali
• dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.
  • From: Mustafa Can Bjorn IPEKCI
• vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability.
  • From: Mustafa Can Bjorn IPEKCI
• Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities.
  • From: Mustafa Can Bjorn IPEKCI
• Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.
  • From: Mustafa Can Bjorn IPEKCI
• [ GLSA 200604-11 ] Crossfire server: Denial of Service and potential arbitrary code execution
  • From: Thierry Carrez
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: John Biederstedt
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Geo.
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: John Biederstedt
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Re: Strengthen OpenSSH security?
  • From: Bob Goodman
• FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection
  • From: o . y . 6
• Re: redirection vuln crawlers breed & security through obscurity
  • From: Thomas Hochstein
• Yahoo! Mail XSS Vulnerability
  • From: Cheng Peng Su
• MSIE (mshtml.dll) OBJECT tag vulnerability
  • From: Michal Zalewski
• [USN-272-1] cyrus-sasl2 vulnerability
  • From: Martin Pitt
• NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability
  • From: NSFOCUS Security Team
• NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability
  • From: NSFOCUS Security Team
• [SECURITY] [DSA 1040-1] New gdm packages fix local root exploit
  • From: Martin Schulze
• [SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities
  • From: Martin Schulze
• Scry Gallery XSS Vulnerability
  • From: arko . dhar
• [ GLSA 200604-14 ] Dia: Arbitrary code execution through XFig import
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200604-13 ] fbida: Insecure temporary file creation
  • From: Sune Kloppenborg Jeppesen
• [eVuln] RateIt SQL Injection Vulnerability
  • From: alex
• [ GLSA 200604-12 ] Mozilla Firefox: Multiple vulnerabilities
  • From: Thierry Carrez
• FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility
  • From: n0m3rcy
• XSS Bug in OpenGear Server Website
  • From: Aditya
• BK Forum <= 4.0 Remote SQL Injection
  • From: n0m3rcy
• [MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability
  • From: admin
• [USN-273-1] Ruby vulnerability
  • From: Martin Pitt
• RIblog Remote SQL Injection Exploit
  • From: omnipresent
• Re: evoBlog Remote Name tag Script injection
  • From: daniel
• Buffer-overflow and crash in Fenice OMS 1.10
  • From: Luigi Auriemma
• Denial of service bugs in OpenTTD 0.4.7
  • From: Luigi Auriemma
• Multiple PHP4/PHP5 vulnerabilities
  • From: infocus
• Format string bug in Skulltag 0.96f
  • From: Luigi Auriemma
• Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.
  • From: Mustafa Can Bjorn IPEKCI
• Apple Mac OS X Safari 2.0.3 Vulnerability
  • From:
• Firefox Remote Code Execution and DoS 1.5.0.2
  • From: chris
• [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability
  • From: admin
• VWar Path Disclosure
  • From: arko . dhar
• vbulletin<--3.0.x SQL Injection
  • From: CrAzY . CrAcKeR
• Advisory: My Gaming Ladder Combo System <= 7.0 Remote File Inclusion Vulnerability.
  • From: Mustafa Can Bjorn IPEKCI
• ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
  • From: ntwak0
• RE: [BULK] - Websense Filter Bypass
  • From: John E. Fleming
• Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow
  • From: Kaveh Razavi
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: Colin Keigher
• Re: vbulletin<--3.0.x SQL Injection
  • From: scott
• [ MDKSA-2006:074 ] - Updated php packages address multiple vulnerabilities.
  • From: security
• [ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability
  • From: security
• photokorn 1.53 , 1.542 << Sql
  • From: Dr-Jr7
• NextAge Shopping Cart Software XSS
  • From: AminRayden
• [ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities
  • From: security
• PhpWebFtp Cross Site Scripting Vulnerability
  • From: arko . dhar
• [SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution
  • From: Martin Schulze
• NASL 'Split' function Buffer overflow Vulnerability
  • From: OS2A BTO
• Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
  • From: fabio
• Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
  • From: Andreas Beck
• Invision Vulnerabilities, including remote code execution
  • From: spam
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: Tom Ferris
• Re: NASL 'Split' function Buffer overflow Vulnerability
  • From: Renaud Deraison
• [SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service
  • From: Martin Schulze
• Re: NASL 'Split' function Buffer overflow Vulnerability
  • From: Renaud Deraison
• Fenice - Open Media Streaming Server remote BOF exploit
  • From: Kaveh Razavi
• PowerPoint Phishing Trojan
  • From: Lance James
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Thor (Hammer of God)
• Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance
  • From: Moonen, Ralph
• Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
  • From: Duncan Simpson
• RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  • From: Sean Scott
• Re: Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.
  • From: nukedx
• Multiple browsers Windows mailto protocol Office 2003 file attachment exploit
  • From: inge . henriksen
• Instant Photo Gallery <= Multiple XSS
  • From: qex
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: Billy Bues
• Instant Photo Gallery <= Multiple XSS
  • From: qex
• DCForumLite V 3.0<--XSS/SQL Injection
  • From: Breeeeh
• Recent Oracle exploit is _actually_ an 0day with no patch
  • From: David Litchfield
• [ MDKSA-2006:076 ] - Updated mozilla packages fix numerous vulnerabilities
  • From: security
• [ MDKSA-2006:077 ] - Updated ethereal packages fix numerous vulnerabilities
  • From: security
• [ MDKSA-2006:078 ] - Updated mozilla-thunderbird packages fix numerous vulnerabilities
  • From: security
• [ MDKSA-2006:079 ] - Updated ruby packages fix vulnerability
  • From: security
• Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
  • From: Martin Schulze
• MySmartBB<---v 1.1.x SQL Injection/XSS
  • From: BoNy-m
• DevBB <= 1.0.0 XSS
  • From: qex
• [SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
  • From: Martin Schulze
• Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow
  • From: Secunia Research
• [ GLSA 200604-15 ] xine-ui: Format string vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution
  • From: Martin Schulze
• [ GLSA 200604-16 ] xine-lib: Buffer overflow vulnerability
  • From: Sune Kloppenborg Jeppesen
• [eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities
  • From: alex
• SQL Injection On DUportal
  • From: outlaw
• Open Bulletin Board < Multiple Vulnerability
  • From: qex
• XXS Attack On FarsiNews
  • From: outlaw
• Local XXS Attack On CuteNews
  • From: outlaw
• ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability
  • From: zdi-disclosures
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: jens
• Re: XV multiple buffer overflows (update)
  • From: kvea
• Re: Invision Vulnerabilities, including remote code execution
  • From: Steven M. Christey
• [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow
  • From: eEye Advisories
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: Aaron Phillips
• Re: Invision Vulnerabilities, including remote code execution
  • From: mattmecham
• MyBB 1.1.1 Local SQL Injections
  • From: o . y . 6
• • From: Yannick von Arx
• [USN-274-1] MySQL vulnerability
  • From: Martin Pitt
• Land Down Under 802 and below version Path Disclosure Vulnerability
  • From: Advisory
• [security bulletin] HPSBUX02108 SSRT061133 rev.9 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access
  • From: security-alert
• Re: Instant Photo Gallery <= Multiple XSS
  • From: security curmudgeon
• [ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors
  • From: Sune Kloppenborg Jeppesen
• [security bulletin] HPSBMA02113 SSRT061148 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update April 2006
  • From: security-alert
• SQL injection exploit IPB <= 2.1.4
  • From: satanchild123
• Re: Instant Photo Gallery <= Multiple XSS
  • From: Steven M. Christey
• [USN-275-1] Mozilla vulnerabilities
  • From: Martin Pitt
• [SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities
  • From: Martin Schulze
• BL4's SMTP server BufferOverflow Vulnerable
  • From: the_day
• Re: Recent Oracle exploit is _actually_ an 0day with no patch
  • From: Steven M. Christey
• Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability
  • From: Secunia Research
• [ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability
  • From: the_day
• WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability
  • From: Sowhat
• Cireos Portal Cross Site Scripting
  • From: outlaw
• [Argeniss] Alert - Yahoo! Mail XSS vulnerability
  • From: Cesar
• Re: Recent Oracle exploit is _actually_ an 0day with no patch
  • From: Cesar
• [Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP)
  • From: botan
• [ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities
  • From: Thierry Carrez
• [Kurdish Security #2] Artmedic Event Remote File Include Vulnerability
  • From: botan
• RE: Recent Oracle exploit is _actually_ an 0day with no patch
  • From: Kornbrust, Alexander
• Neomail.pl Local Cross Site Scripting
  • From: outlaw
• Re: Recent Oracle exploit is _actually_ an 0day with no patch
  • From: David Litchfield
• [Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability
  • From: botan
• Re: VWar Path Disclosure
  • From: spic
• RE: Invision Vulnerabilities, including remote code execution
  • From: Mike Weller
• Re: Apple Mac OS X Safari 2.0.3 Vulnerability
  • From: Ian MacPhedran
• Re: Recent Oracle exploit is _actually_ an 0day with no patch
  • From: David Litchfield
• Re: phpMyForum Cross Site Scripting & CRLF injection
  • From: chris
• Invision Power Board 2.1.5 POC
  • From: Javier Olascoaga
• poll.pl<--remote commands execution exploit
  • From: CrAzY . CrAcKeR
• W-Agora 4.20 XSS
  • From: r0xes . ratm
• XSS Attack On DirectAdmin Hosting Managment
  • From: outlaw
• TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability
  • From: mfoxhacker
• TextFileBB 1.0.16 Multiple XSS
  • From: r0xes . ratm