Mail Thread Index

Date Index

DMCounter Remote File Include, beford
[ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow, Sune Kloppenborg Jeppesen
JMK's Picture Gallery admin login, alp_eren
planetGallery admin login, tugr
free-php.net Poll 1.0 admin login, tugr
Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability, Secunia Research
[SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution, Martin Schulze
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, buggy
[SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access, Martin Schulze
Image file crashes Finder, Safari and other apps, cmertes
Thyme 1.3 Cross Site Scripting, outlaw
4images<-- 1.7.1 SQL Injection, CrAzY . CrAcKeR
Invision Power Board v2.1.5 Remote SQL Injection, o . y . 6
- <Possible follow-ups>
- Re: Invision Power Board v2.1.5 Remote SQL Injection, mattmecham
OpenBB 1.0.8 Full Path Disclosure, o . y . 6
Poll: Emerging Threats, Jon R. Kibler
- <Possible follow-ups>
- RE: Poll: Emerging Threats, H Alsaleh
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N, AminRayden
CoolMenus Event Remote File Inclusion exploit, AminRayden
- <Possible follow-ups>
- Re: CoolMenus Event Remote File Inclusion exploit, Steven M. Christey
XINE format string bugs when handling non existen file, king_purba
Blog Mod <= 0.2.x SQL Injection, qex
RE: Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo
FTP Fuzzer, infocus
- Re: FTP Fuzzer, Alexey Biznya
VHCS --- Virtual Hosting Control System Cross Site Scripting, outlaw
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability, security
JSBoard XSS vulnerability, Alexander Klink
Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation, Cisco Systems Product Security Incident Response Team
X7 Chat <=2.0 remote commands execution, rgod
[SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities, Martin Schulze
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck
Ejabberd : Symlink vulnerability during installation process, Julien L.
- <Possible follow-ups>
- Re: Ejabberd : Symlink vulnerability during installation process, mickael . remond
geoBlog Mutiple XSS Vulnerability, admin
sBlog SQL Injection and Path Disclosure Vulnerability, admin
Cmscout <= V1.10 multiple XSS attack vectors, zerogue
SF-Users V1.0 XSS injection, zerogue
FileProtection Express <= 1.0.1 authentification bypass, zerogue
Russcom.net Loginphp multiple vulnerabilties, zerogue
TyroCms beta V1.0 multiple XSS injections, zerogue
Invision Gallery 2.0.6 ( SQL Injection ), o . y . 6
- <Possible follow-ups>
- Re: Invision Gallery 2.0.6 ( SQL Injection ), mattmecham
- Re: Re: Invision Gallery 2.0.6 ( SQL Injection ), an0n
Oracle, where are the patches???, David Litchfield
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???), Michael Shigorin
- <Possible follow-ups>
- RE: Oracle, where are the patches???, Kornbrust, Alexander
  - Re: [Full-disclosure] RE: Oracle, where are the patches???, Cesar
MySQL Anonymous Login Handshake - Information Leakage., Stefano Di Paola
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution., Stefano Di Paola
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension, Sune Kloppenborg Jeppesen
[ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam, Sune Kloppenborg Jeppesen
[ GLSA 200605-04 ] phpWebSite: Local file inclusion, Sune Kloppenborg Jeppesen
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability, security
[USN-276-1] Thunderbird vulnerabilities, Martin Pitt
Quagga RIPD unauthenticated route table broadcast, Konstantin V. Gavrilenko
SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023), Ludwig Nussel
Dynamic Evaluation Vulnerabilities in PHP applications, Steven M. Christey
- Re: Dynamic Evaluation Vulnerabilities in PHP applications, Michael Schlenker
[SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution, Martin Schulze
[USN-277-1] TIFF library vulnerabilities, Martin Pitt
Quagga RIPD unauthenticated route injection, Konstantin V. Gavrilenko
- Re: Quagga RIPD unauthenticated route injection, Paul Jakma
[USN-278-1] gdm vulnerability, Martin Pitt
Vulnerability in the way Ultr@xxxxxxxxx handles MS-Logon Authentication., gdehanot
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, David F. Skoll
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Joachim Schipper
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Kurt Seifried
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
    - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Giancarlo Razzolini
BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park
- <Possible follow-ups>
- Re: BankTown's ActiveX Buffer Overflow Vulnerability, lkh1348
[USN-279-1] libnasl/nessus vulnerability, Martin Pitt
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities, security
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
ISA Server 2004 Log Manipulation, beSIRT
- <Possible follow-ups>
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
  - Re: ISA Server 2004 Log Manipulation, beSIRT
    - Re: ISA Server 2004 Log Manipulation, Thor (Hammer of God)
- Re: ISA Server 2004 Log Manipulation, Shaun Colley
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability, rewterz
CuteGuestbook XSS attack, omnipresent
PunBB 1.2.11 Cross-Site Scripting, o . y . 6
zawhttpd - Buffer Overflow, Kamil Sienicki
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion, Aminrayden
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability, rewterz
Fast Click <= 2.3.8 Remote File Inclusion, Aminrayden
[USN-281-1] Linux kernel vulnerabilities, Martin Pitt
321soft PhP Gallery 0.9 - directory travel & XSS, d4igoro
[USN-280-1] X.org server vulnerability, Martin Pitt
libero.it XSS vulnerability - HTML injection, Davide Denicolo
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret
bigwebmaster guestbook multiply XSS, Javor Ninov
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, leonleon77
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Tonnerre Lombard
WebCalendar User Account Enumeration Weakness, David Maciejak
- Re: WebCalendar User Account Enumeration Weakness, David Maciejak
modules name(Sections)SQL Injection Exploit, Mster-X
- Re: modules name(Sections)SQL Injection Exploit, security curmudgeon
- <Possible follow-ups>
- RE: modules name(Sections)SQL Injection Exploit, Evans, Arian
modules name(Downloads)SQL Injection Exploit, Mster-X
- Re: modules name(Downloads)SQL Injection Exploit, Paul Laudanski
  - Re: modules name(Downloads)SQL Injection Exploit, znx
CuteNews 1.4.1 Multiple vulnerabilities, k4p0k4p0
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability, security
SaPHPLesson 3.0 Multbugs, o . y . 6
Invision Community Blog .. Bugs, o . y . 6
- <Possible follow-ups>
- Re: Invision Community Blog .. Bugs, mattmecham
Cryptomathic ActiveX Buffer Overflow (TDC Digital signature), CIRT.DK Advisory
TSLSA-2006-0024 - multi, Trustix Security Advisor
[ GLSA 200605-05 ] rsync: Potential integer overflow, Sune Kloppenborg Jeppesen
OpenFAQ - HTML injection and XSS (Cross Site Scripting), Kamil Sienicki
JetBox CMS Remote File Include, beford
ChipmunkBlogger improper input sanitizing, zerogue
ChipmunkBoard Multiple Attack vectors, zerogue
FlexCustomer <= 0.0.4 sql injection, zerogue
myBloggie <= 2.1.3 XSS, zerogue
PassMasterFlex (and PassMasterFlex+) XSS injection, zerogue
[ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution, Thierry Carrez
VisionSource CMS <= 0.6 XSS vectors, zerogue
WebsiteBaker CMS lack of sanitizing, zerogue
- <Possible follow-ups>
- Re: WebsiteBaker CMS lack of sanitizing, ryan
X7Chat <= 2.0.2 avatar XSS injection, zerogue
Re: DB_eSession deleteSession() SQL injection, interact
Alexadex.com players.py XSS Exploit, skinnypuppy
Intel wireless service s24evmon.exe confidential information disclosure., ruben
phpBB 2.0.20 Full Path Disclosure and SQL Errors, cxib
- Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
  - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Maksymilian Arciemowicz
    - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
Firefox 1.5.0.3 code execution exploit, yesn
- Re: Firefox 1.5.0.3 code execution exploit, James_gmail-ij
- Re: Firefox 1.5.0.3 code execution exploit, Flavio Visentin
- Re: Firefox 1.5.0.3 code execution exploit, Daniel Veditz
- Re: Firefox 1.5.0.3 code execution exploit, Ismail Donmez
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 code execution exploit, Juha-Matti Laurio
Idle scan rediscovered!!!, Joel Jose
URL Bug On 1ASPHost and DomainDLX Hosting Services, spymeta
X-POLL admin By-Pass, alp_eren
Limbo CMS (option=weblinks) SQL injection exploit, SnoBMSN
Phil's Bookmark script admin By-pass, alp_eren
- <Possible follow-ups>
- Re: Phil's Bookmark script admin By-pass, Steven M. Christey
- Re: Re: Phil's Bookmark script admin By-pass, theproffx
OpenEngine (PHP CMS), ck
[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack, addmimistrator
[ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen
AngelineCMS Multiple Vulnerabilities, admin
[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution, Martin Schulze
CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability, Williams, James K
Dokeos Learning Management System 1.6.4 Remote File Include, beford
Multiple Vulnerabilities In IdealBB ASP Bulletin Board, CodeScan Labs
Claroline Open Source e-Learning 1.7.5 Remote File Include, beford
singapore v0.9.7 XSS Vulnerabilities, alp_eren
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, infocus
- Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, Andrea Rimicci
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB), botan
[Kurdish Security # 5] phpRaid Remote File Include [SMF], botan
[USN-282-1] Nagios vulnerability, Martin Pitt
[USN-283-1] MySQL vulnerabilities, Martin Pitt
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability, Secunia Research
[ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, VSR Advisories
- <Possible follow-ups>
- VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, Matthew Cerha
ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability, zdi-disclosures
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago
- Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity)
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities, rgod
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability, admin
SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, research
- Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, Matthew Cerha
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability, Secunia Research
tseekdir.cgi<--Local File Include, BoNy-m
- Re: tseekdir.cgi<--Local File Include, security curmudgeon
- <Possible follow-ups>
- Re: tseekdir.cgi<--Local File Include, Steven M. Christey
[SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution, Martin Schulze
ICQ Client Cross-Application Scripting (XAS), 3APA3A
# MHG Security Team --- OzzyWork Gallery SQL Injection, Dj_ReMix_20
plaNetStat Admin ByPass, alp_eren
# MHG Security Team --- DuGallery V2.x SQL Injection, Dj_ReMix_20
[EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service, eEye Advisories
[EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow, eEye Advisories
ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability, zdi-disclosures
IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Thierry Zoller
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Hugo van der Kooij
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Felipe openglx
- <Possible follow-ups>
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, Thilo Schulz
[Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
- <Possible follow-ups>
- Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, marco . correnti
  - Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution, Martin Schulze
IBM Websphere Application Server Multiple Vulnerabilities, SnoBmsn
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities, Dj_ReMix_20
[ GLSA 200605-11 ] Ruby: Denial of Service, Sune Kloppenborg Jeppesen
[ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution, Sune Kloppenborg Jeppesen
[ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow, Sune Kloppenborg Jeppesen
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code, Brian Gallagher
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability, security
Hackmaster Group DMCounter Remote File Include, c-w-m
Oracle - the last word, David Litchfield
- <Possible follow-ups>
- Re: Oracle - the last word, Steven M. Christey
  - RE: Oracle - the last word, Lee Kelly
    - RE: Oracle - the last word, Iggy E
  - Re: Oracle - the last word, Stefano Di Paola
Re: Milliscript 1.4 Multiple Vulnerabilities, webmaster
UBlog Remote XSS Exploit, SnoBMSN
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities, security
Firefox 1.5.0.3 - DoS, p4 . werterxyz
- Re: Firefox 1.5.0.3 - DoS, Chris Horry
  - Re: Firefox 1.5.0.3 - DoS, RSnake
- Re: Firefox 1.5.0.3 - DoS, Flavio Visentin
- Re: Firefox 1.5.0.3 - DoS, Ronald van den Blink
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 - DoS, marrob
- Re: Re: Firefox 1.5.0.3 - DoS, Ronald
mybb v1.1.1(showthread.php) SQL Injection Exploit, Breeeeh
[TZO-042006] Insecure Auto-Update and File execution, Thierry Zoller
PhpListPro 2.01 Remote File Include Vulnerability, SnoBMSN
- <Possible follow-ups>
- Re: PhpListPro 2.01 Remote File Include Vulnerability, not
vbulletin security Alert, aura
- <Possible follow-ups>
- Re: vbulletin security Alert, scott
[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL, 48Bits.com [I+D Team]
Kerio WinRoute Firewall Protocol Inspection Denial, SnoBMSN
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability, zdi-disclosures
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, Greg owens
- <Possible follow-ups>
- RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, John Stuppi (jstuppi)
Cisco Security Advisory: AVS TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities, security
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion, rgod
[TZO-042006] Insecure Auto-Update and File execution (2), Thierry Zoller
[SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution, Martin Schulze
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Microsoft MSDTC NdrAllocate Validation Vulnerability, avert
Verizon Voicewing and Linksys PAP2-VN, securityfocus
phpBB "charts.php" XSS and SQL-Injection, sn4k3 . 23
- <Possible follow-ups>
- Re: phpBB "charts.php" XSS and SQL-Injection, g30rg3x
- Re: phpBB "charts.php" XSS and SQL-Injection, phpbb
[ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen
Ipswitch WhatsUp Professional multiple flaws, David Maciejak
Apple QuickTime udta ATOM Heap Overflow, Sowhat
Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability, jason . gerfen
yet more XSS in older versions of ColdFusion, zuxncwaruio
ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability, zdi-disclosures
How secure is software X?, David Litchfield
- Re: How secure is software X?, Adam Shostack
- Re: How secure is software X?, Tim Newsham
- Re: [Full-disclosure] How secure is software X?, Michael Silk
  - Re: [Full-disclosure] How secure is software X?, David Litchfield
- Re: How secure is software X?, Paul B. Saitta
- Re: How secure is software X?, Fabian Becker
  - Re: How secure is software X?, Matt . Carpenter
    - Re: How secure is software X?, Duncan Simpson
  - Re: How secure is software X?, Crispin Cowan
- <Possible follow-ups>
- RE: How secure is software X?, Ferguson, Justin (IARC)
  - Re: How secure is software X?, David Litchfield
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB], botan
Apple QuickDraw/QuickTime Multiple Vulnerabilities, Avert
TSLSA-2006-0026 - kernel, Trustix Security Advisor
[EEYEB-20060307] Apple QuickTime FPX Integer Overflow, eEye Advisories
PHPBB 2.0.20 persistent issues with avatars, rgod
- Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
- <Possible follow-ups>
- Re: PHPBB 2.0.20 persistent issues with avatars, s89df987 s9f87s987f
  - Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
Dokeos LDAP hole fixed, thomas . depraetere
SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure, Bernhard Mueller
Dovecot IMAP: Mailbox names list disclosure with mboxes, Timo Sirainen
Several flaws in e-business designer (eBD), Pedro Andújar
PHP Live Helper ASP(chat.php) XSS, mster-X
# MHG Security Team --- Gallery Upload Vulnerabilities, Dj_ReMix_20
[FLSA-2006:152898] Updated emacs packages fix a security issue, Marc Deslauriers
Buffer-overflow and NULL pointer crash in Genecys 0.2, Luigi Auriemma
[FLSA-2006:152868] Updated tetex packages fix security issues, Marc Deslauriers
Multiple vulnerabilities in Outgun 1.0.3 bot 2, Luigi Auriemma
Multiple vulnerabilities in Raydium rev 309, Luigi Auriemma
Socket unreachable in GNUnet rev 2780, Luigi Auriemma
[FLSA-2006:185355] Updated gnupg package fixes security issues, Marc Deslauriers
Gphotos Directory Traversal and Cross Site Scripting, doz
[FLSA-2006:152904] Updated ncpfs package fixes security issues, Marc Deslauriers
[FLSA-2006:152923] Updated xloadimage package fixes security issues, Marc Deslauriers
Server crash in Empire 4.3.2, Luigi Auriemma
[FLSA-2006:164512] Updated fetchmail packages fix security issues, Marc Deslauriers
SQL-Injection in e107 allows attacker to become a site admininstrator, socsam
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid), rgod
[SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting, Martin Schulze
[USN-274-2] MySQL vulnerability, Martin Pitt
Is MS06-018 a DoS or a system compromise ?, Nick Boyce
- RE: Is MS06-018 a DoS or a system compromise ?, Maxime Ducharme
- <Possible follow-ups>
- RE: Is MS06-018 a DoS or a system compromise ?, Hayes, Bill
  - Re: Is MS06-018 a DoS or a system compromise ?, Nick Boyce
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Marc Schoenefeld
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, William Starling
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Leif Erik Andersen (at Seven)
90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- <Possible follow-ups>
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., Kamil Sienicki
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection, bonsite
POC exploit for freeSSHd version 1.0.9, Tauqeer Ahmad
- Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9, David Maciejak
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak, Martin Schulze
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop', KF (lists)
RealVNC 4.1.1 Remote Compromise, James Evans
- Message not available
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Joachim Schipper
- <Possible follow-ups>
- re: RealVNC 4.1.1 Remote Compromise, plato
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit, rgod
Azboard <= 1.0 Multiple Sql Injections, geinblues
tyree[at]users.sourceforge.net, tyree
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector), Leandro Meiners
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector), Leandro Meiners
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Juha-Matti Laurio
- <Possible follow-ups>
- RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Krpata, Tyler
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Matt Venzke
Novell NDPS Remote Vulnerability (Server & Client), Ryan Smith
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
[USN-284-1] Quagga vulnerabilities, Martin Pitt
Confixx 3.1.2 <= Code Injection, Snake_23
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability, geinblues
DeluxeBB 1.06 Remote SQL Injection Exploit, kingofska
PhpRemoteView Multiple Xss Vulnerabilities, Soothackers
Sphider Multiple Xss Vulnerabilities, Soothackers
IceWarp Cross-Site Scripting(XSS), LiNuX_rOOt1
Newsportal: code injection vulnerability, newsportal
ScanAlert Security Advisory, Joseph Pierini
Checkpoint SYN DoS Vulnerability, sanjay naik
- Re: Checkpoint SYN DoS Vulnerability, Pawel Worach
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik
    - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja
      - Re: Checkpoint SYN DoS Vulnerability, Jim Clausing
    - Re: Checkpoint SYN DoS Vulnerability, Erick Mechler
      - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja
- Re: Checkpoint SYN DoS Vulnerability, Chris Brenton
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik
    - Re: Checkpoint SYN DoS Vulnerability, Niranjan S Patil
- <Possible follow-ups>
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik
- Re: Re: Checkpoint SYN DoS Vulnerability, jrh57
- RE: Checkpoint SYN DoS Vulnerability, Sterling, Chuck
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik
Caucho Resin Windows Directory Traversal Vulnerability, advisory
The Weakness of Windows Impersonation Model, Brian L. Walche
- Re: The Weakness of Windows Impersonation Model, David Litchfield
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche
    - Re: Re[2]: The Weakness of Windows Impersonation Model, Cesar
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure, rgod
vulnerability details, Arnold Grossmann
UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen
DeluxeBB <= v1.06 attachment mod_mime exploit, rgod
ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen
Maksymilian Arciemowicz, cxib
- Re: Maksymilian Arciemowicz, frantisek holop
Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Newsportal <= 0.36 Remote File Inclusion Vulnerability, philipp . niedziela
iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@xxxxxxxxxxxx
Re: Zen Cart login.php SQL Injection Vulnerability, noreply
VNC_bypauth: vnc scanner multithreaded linux & windows, ad@xxxxxxxxxxxxxxxx
What's Up Professional Spoofing Authentication Bypass, Kenneth F. Belva
- Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass, David Maciejak
Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Debasis Mohanty
- <Possible follow-ups>
- Re: Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Roman Daszczyszak
DIMVA 2006 - Call For Participation, Thomas Biege
Two heap overflow in libextractor 0.5.13 (rev 2832), Luigi Auriemma
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Mobotix IP Network Cameras Multiple XSS, jaime . blasco
Boastmachine Cross Site Scripting Vulnerability, mail
OpenWiki<--v0.78 Cross-Site Scripting, LiNuX_rOOt1
HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, h4cky0u . org
RadLance Local Inclusion Exploit, Hussain Salim
Wargamming Network.., Dusty
Gawab.com Register Xss Bugtraq, rootter
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload, CodeScan Labs
Multiple Vulns in Bitrix CMS, Gogi The Georgian
[cosmoshop again] sql injection + view all files as admin user, innate
[Info Disclosure] Diesel PHP Job Site Latest Version, Matt Gibson
- <Possible follow-ups>
- Re: [Info Disclosure] Diesel PHP Job Site Latest Version, support
  - Re: [Info Disclosure] Diesel PHP Job Site Latest Version, GulfTech Security Research
AspBB Forum "profile.asp & default.asp" XSS Vulnerability, TeufeL Online
Gmail/Gtalk web client DoS, dan
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution, Martin Schulze
XSS in orkut.com, Rohin Koul
- Re: XSS in orkut.com, Google Security Team
FrontRange iHeat Vulnerability, mcdanielar
POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
- Re: POC exploit for freeFTPd 1.0.10, Sanjay Rawat
- <Possible follow-ups>
- Re:POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
- Re: POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability, gyzmo77
Myspace Friend Train v2.8, luny
Code Injection via Hidden Form Field Manipulation, mtoren
Sun single-CPU DOS, Doug Hughes
- Re: Sun single-CPU DOS, Mike O'Connor
  - Re: Sun single-CPU DOS, Doug Hughes
    - Re: Sun single-CPU DOS, Mike O'Connor
      - Re: Sun single-CPU DOS, Doug Hughes
        
        Re: Sun single-CPU DOS, Mike O'Connor
        
        Re: Sun single-CPU DOS, Mike O'Connor
        
        Re: Sun single-CPU DOS, Doug Hughes
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities, security
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS), security-alert
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities, Martin Schulze
Yourfreeworld Styleish Text Ads Script, luny
[SECURITY] [DSA 1062-1] New kphone packages fix information disclosure, Moritz Muehlenhoff
[SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation, Moritz Muehlenhoff
Yourfreeworld.com Short Url & Url Tracker Script, luny
[SECURITY] [DSA 1061-1] New popfile packages fix denial of service, Moritz Muehlenhoff
Jemscripts Download Control v1.0, luny
CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command, Leandro Meiners
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code, Moritz Muehlenhoff
[SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code, Moritz Muehlenhoff
phpBazar <= 2.1.0 Multiple vulnerabilites, i6d
Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC, fredck
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service, Moritz Muehlenhoff
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability, i6d
Interlink "news_information.php" XSS, Mster-X
RaceEventManagement <--v0.7.6 SQL injection & XSS, Mster-X
Xtremescripts Topsites v1.1, luny
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities, Moritz Muehlenhoff
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2, fredck
[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff
cPanel OpenBaseDir Bypass, i6d
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, i6d
- <Possible follow-ups>
- Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, farhadkey
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service, Moritz Muehlenhoff
Hiox Guestbook 3.1, luny
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities, Moritz Muehlenhoff
- <Possible follow-ups>
- [SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities, Moritz Muehlenhoff
PunBB 1.2.11 Cross site scripting, k4p0k4p0
Destiney Rated Images Script v0.5.0 - XSS Vulnv, luny
- <Possible follow-ups>
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, webmaster
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, Steven M. Christey
Destiney Links Script v2.1.2, luny
[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities, Moritz Muehlenhoff
Captivate 1.0 - XSS Vuln, luny
PHP Easy Galerie Index.PHP Remote File Include Vulnerability, craziest
Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions, milw0rm
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit, rgod
[TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart, Thierry Zoller
[ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows, Stefan Cornelius
[ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities, Stefan Cornelius
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, EitanCaspi@xxxxxxxxx
- Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, Roman Drahtmueller
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06, Marc Schoenefeld
[KAPDA::#43] - phpwcms multiple vulnerabilities, alireza hassani
Skype - URI Handler Command Switch Parsing, Brett Moore
[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities, Martin Schulze
Perlpodder Remote Arbitrary Command Execution, RedTeam Pentesting
Prodder Remote Arbitrary Command Execution, RedTeam Pentesting
BitZipper Archive Extraction Directory traversal, h e
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS), security-alert
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities, Martin Schulze
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability, zdi-disclosures
ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service, ACROS Security
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution, Martin Schulze
mybb v1.1.1(rss.php) SQL Injection Exploit, Breeeeh
- <Possible follow-ups>
- Re: mybb v1.1.1(rss.php) SQL Injection Exploit, Steven M. Christey
CANews Multiple Vulnerabilities, omnipresent
SOE's implementation of Lithium Forums Software allows users to log on as each other., john
Beoped Portal XSS, outlaw
phpRaid "view.php" XSS Vulnerability, TeufeL Online
TSLSA-2006-0028 - multi, Trustix Security Advisor
Remote Code Execution in artmedic Newsletter 4.1 [log.php], c . j . schmitz
Microsoft Internet Explorer - Crash on mouse button click, mac68k
- <Possible follow-ups>
- Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
      - Message not available
        
        Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
- RE: Microsoft Internet Explorer - Crash on mouse button click, Jain, Siddhartha
- Re: Microsoft Internet Explorer - Crash on mouse button click, mac68k
Hackernetwork.Com Mail XSS Vulnerability, TeufeL Online
Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, 3APA3A
- RE: Circumventing quarantine control in Windows 2003 and ISA 2004, Roger A. Grimes
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Mark Senior
  - Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Andreas Beck
Chatty improper input sanitizing, zerogue
DSChat <= 1.0 XSS, zerogue
IpLogger <= 1.7 XSS, zerogue
- <Possible follow-ups>
- Re: IpLogger <= 1.7 XSS, thrasher . basher
QBv14 XSS, zerogue
Russcom PHPImages lack of validation, zerogue
Russcom Ping Remote code execution, zerogue
SkyeShoutbox <= v.1.2.0 XSS, zerogue
Kaspersky antivirus 6: HTTP monitor bypassing, john
- <Possible follow-ups>
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, denisov_vit
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, dmitryp . spm
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap), OpenPKG
Non eXecutable Stack Lovin on OSX86, KF (lists)
Nucleus CMS <= 3.22 arbitrary remote inclusion, rgod
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege, security-alert
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!), ajannhwt
AlstraSoft E-Friends - XSS, luny
Alstrasoft Article Manager Pro v1.6, luny
[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access, security-alert
DGbook v1.0 - XSS, luny
[USN-285-1] awstats vulnerability, Martin Pitt
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation, security-alert
Server termination in netPanzer 0.8 (rev 952), Luigi Auriemma
Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229), Luigi Auriemma
AlstraSoft Web Host Directory v1.2, luny
Publicist v0.95 - XSS And Full Path Errors, luny
Mambo <= 4.6. RC1 xss, rgod
YLZH(right.php)Cross Site Scripting, Breeeeh
Default Screen Saver Vulnerability in Microsoft Windows, susam . pal
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Eliah Kagan
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Ansgar -59cobalt- Wiechers
  - Re: Default Screen Saver Vulnerability in Microsoft Windows, Jason V. Miller
Vodafone.de XSS Vulnerability, try_og
NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability, info
Diesel Joke Site SQL INJECTION, a_linuxer
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)", Amit Klein (AKsecurity)
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting, jaime . blasco
[SECURITY] [DSA 1074-1] New mpg123 packages fix arbitrary code execution, Martin Schulze
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption, security
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability, security
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc, security
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability, security
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities, security
VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow, advisories
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other., support
Kaspersky antivirus 6: POP3 state machine error, bug . registrator
- <Possible follow-ups>
- Re: Kaspersky antivirus 6: POP3 state machine error, denisov_vit
phpFoX All Version Login Exploit, mx
Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, phpnuke
AZ Photo Album Script Pro, luny
ChatPat v1.0, luny
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., 3APA3A
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., Alexander Klimov
- RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., phugo
- <Possible follow-ups>
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ennead@xxxxxxxxxxxxx
- Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ahariri
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda
- Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin
sql injection in phpWebSite 0.8.3, help-users
iFdate v1.2, luny
Realty Pro One Property Listing Script, luny
- <Possible follow-ups>
- RE: Realty Pro One Property Listing Script, Krpata, Tyler
Bulletin Board Elite-Board v.1.1, luny
[USN-286-1] Dia vulnerabilities, Martin Pitt
GuestbookXL 1.3, luny
CMS Mundo V1.0, luny
Pre Shopping Mall v1.0, luny
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie, farhadkey
Pre News Manager v1.0, luny
Drupal <= 4.7 attachment/mod_mime remote code execution, rgod
rPSA-2006-0082-1 vixie-cron, Justin M. Forbes
iFlance v1.1, luny
Hackernetwork Mail Xss[Search] Vulnerability, ajannhwt
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15, PostgreSQL Security
Wordpress <=2.0.2 'cache' shell injection, rgod
- Re: Wordpress <=2.0.2 'cache' shell injection, pokley
Addendum, ennead@xxxxxxxxxxxxx
TSLSA-2006-0030 - multi, Trustix Security Advisor
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service, Martin Schulze
[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service, Martin Schulze
V-Webmail 1.6.4 Remote File Include, beford
- Re: V-Webmail 1.6.4 Remote File Include, Ventsislav Genchev
[BuHa-Security] DoS Vulnerability in MS IE 6 SP2, bugtraq
- Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2, ad@xxxxxxxxxxxxxxxx
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2, bugtraq
ASLR now built into Vista, David Litchfield
- Re: [Full-disclosure] ASLR now built into Vista, c0ntex
  - Re[2]: [Full-disclosure] ASLR now built into Vista, 3APA3A
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution, Martin Schulze
XSS in Omegasoft's Insel, MC Iglo
Docebo LMS 2.05 Remote File Include, beford
XSS in Monster Top List | MTL 1.4, V8f3
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities, ajannhwt
Toasts Forums 1.6.44 in Xss, ajannhwt
phpjobboard Authecnical admin byPass, alp_eren
qjForum(member.asp) SQL Injection Vulnerability, ajannhwt
[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability, admin
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities, ajannhwt
my Web Server << v-1.0 Denial of Service Exploit, s3rv3r_hack3r
- Re: my Web Server << v-1.0 Denial of Service Exploit, str0ke
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood
Plume CMS Remote File Include, beford
PHPResidence <= 0.6 XSS, zerogue
PHP AGTC-Membership system <= v1.1a XSS, zerogue
ByteHoard <= 2.1 multiple vulnerabilities, zerogue
Assetman <= 2.4a XSS, zerogue
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities, ajannhwt
Seditio Cross Site Scripting Vulnerability, mail
XSS Vulnerability on www.my6d.com Connection Work System, spymeta
[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils), OpenPKG
On the Recent PGP and Truecrypt Posting, jon
- Re: On the Recent PGP and Truecrypt Posting, John Pettitt
  - Re: On the Recent PGP and Truecrypt Posting, Jon Callas
    - Message not available
      - Re: On the Recent PGP and Truecrypt Posting, Jon Callas
    - Re: On the Recent PGP and Truecrypt Posting, Andreas Beck
rPSA-2006-0080-1 postgresql postgresql-server, Justin M. Forbes
XSS Vulnerability on Vodafone, try_og
iBoutique.MALL - Directory Traversal, luny
PHPSimple Choose v0.3, luny
Super Link Exchange Script v1.0, luny
Vacation Retal Script v1.0, luny
MyYearBook.com - XSS, luny
Pretty Guestbook v1, luny
Smile Guestbook v1, luny
Morris Guestbook v1, luny
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability., security
LM hashes in a hot-desking environment, feedb4ck
- Re: LM hashes in a hot-desking environment, 3APA3A
- Re: LM hashes in a hot-desking environment, Ansgar -59cobalt- Wiechers
  - Re: LM hashes in a hot-desking environment, The Little Prince
- RE: LM hashes in a hot-desking environment, Roger A. Grimes
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib
rPSA-2006-0084-1 fetchmail, Justin M. Forbes
Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password, Cemil Degirmenci
rPSA-2006-0083-1 enscript, Justin M. Forbes
Symantec antivirus software exposes computers, Michael Scheidell
InternerExplorer error: ECMAScript interpreter stack overflow, sehato
Critical sql injection in saphplesson 2.0, black-cod3
Xss exploit in Chipmunk guestbook, black-cod3
Multiple Xss exploits in ar-blog v 5.2, black-cod3
sql injection in PHPcafe.net Tutorial Manager, black-cod3
Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit, ajannhwt
[SECURITY] [DSA 1078-1] New tiff packages fix denial of service, Martin Schulze
D-Link DSA-3100 Cross-Site Scripting, jaime . blasco
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda
- Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, Andreas Beck
html Guest Gear, pieisgdvgd
[SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal, Steve Kemp
[SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution, Martin Schulze
[USN-287-1] Nagios vulnerability, Martin Pitt
[USN-288-1] PostgreSQL server/client vulnerabilities, Martin Pitt
Buffer overflow in QuickTime 7.0.4?, John Richard Moser
multiple file include exploits in EzUpload Pro v2.10, black-cod3
JAMES 2.2.0 <-- Denial Of Service, y3dips
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability, Mustafa Can Bjorn IPEKCI
Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities, Mustafa Can Bjorn IPEKCI
Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
- RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Egg
Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI
- RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability, austin best
VARIOMAT(advanced cms tool)SQL injection/XSS, CrAzY . CrAcKeR
Xss exploit in Photoalbum B&W v1.3, black-cod3
[KAPDA::#45] - geeklog multiple vulnerabilities, alireza hassani
UBBThreads 5.x,6.x md5 hash disclosure, chris
Foing Remote File Include Vulnerability [PHPBB], s3rv3r_hack3r
New SMB and DCERPC features on Impacket released with doc, Gerardo Richarte
WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities, Moritz Muehlenhoff
Multiple Xss exploits in Chipmunk Board, black code
RE: Multiple Xss exploits in coolphp magazine, black code
multiple Xss exploits in : vCard 2.9, black code
[KAPDA::#46] - Nukedit Unauthorized Admin Add, farhadkey
Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., Robert
4nNukeWare<--V 0.91 SQL Injection exploits, CrAzY . CrAcKeR
phpMyDesktop|arcade 1.0 FINAL Code Execution, darkgod . xsf
Bratpack Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
NorthStudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
WBB<--v2.3.4"misc.php" SQL injection Vulnerability, CrAzY . CrAcKeR
OaBoard 1.0 Remote File inclusion, hessamx
Backdoor in RelevantKnowledge adware (What are we fighting for?), 3APA3A
Fire fox dos exploit, co296
[ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability, Stefan Cornelius
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities., security
[ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities, Stefan Cornelius
WebCalendar-1.0.3 reading of any files, socsam
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities, enji
Xss exploit in Chipmunk directory, black code
pppBlog <= 0.3.8 administrative credentials/system disclosure, rgod
# MHG Security Team --- PHP NUKE All version Remote File Inc., erne
QontentOneCMS v1.0, luny

Mail converted by MHonArc