Mail Thread Index
- UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Re: cpanel login problem,
Scott Gemma
- Re: Portail PHP v1.7 Remote File Include,
x0r0n
- Re: PHP ip2long() function circumvention,
darylf
- com_moskool (admin.moskool.php) Remote File Include Vulnerabilities,
saudi . unix
- ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure,
rgod
- PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI,
philipp . niedziela
- SQL injection Seir Anphin v666 Community Management System,
vulnerabilities
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory,
Pavel Kankovsky
- Re: Gdiplus.dll division by 0,
Early Warning Team
- Re: Check Point R55W Directory Traversal,
Hugo van der Kooij
- Oracle and Apache mod_rewrite Vulnerability,
tigerblue
- Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue,
advisories
- Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue,
advisories
- Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue,
advisories
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow,
solutions_PHP
- Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5,
Luigi Auriemma
- MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability,
philipp . niedziela
- Re: Do world's famous companies take care of their security?,
Steven M. Christey
- Re: Xss in MttKe-php v2.6,
Steven M. Christey
- [ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite,
Matthias Geerdsen
- NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit,
tr_zindan
- [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution,
botan
- [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution,
botan
- [Kurdish Security # 18 ] FAQ Script Remote Command Execution,
botan
- [Kurdish Security # 19 ] FileManager Remote Command Execution,
botan
- [Kurdish Security # 20 ] Quickie Remote Command Execution,
botan
- [Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution,
botan
- [SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting,
Martin Schulze
- WoW Roster <= 1.5.x Remote File Include (hsList.php),
AG Spider
- [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability,
vulnpost-remove
- [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities,
security
- VMSA-2006-0004 Cross site scripting vulnerability and other fixes,
VMware Security Team
- [USN-327-2] firefox regression,
Martin Pitt
- TSEP 0.9.4.2 <= Remote File Inclusion,
philipp . niedziela
- ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability,
David Matousek
- [SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow,
Steve Kemp
- [SECURITY] [DSA 1131-1] New apache package fix buffer overflow,
Steve Kemp
- SUSE Security Announcement: freetype2 (SUSE-SA:2006:045),
Thomas Biege
- SUSE Security Announcement: libtiff (SUSE-SA:2006:044),
Thomas Biege
- [ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities,
security
- SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure,
secure
- Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01],
gssincla
- Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02],
gssincla
- DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow',
K F (lists)
- [ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities,
security
- [SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code,
Moritz Muehlenhoff
- JavaScript port scanning,
pdp (architect)
- rPSA-2006-0142-1 libtiff,
Justin M. Forbes
- EEYE: research.eeye.com,
Marc Maiffret
- [SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities,
Martin Schulze
- Secunia Research: Jetbox Multiple Vulnerabilities,
Secunia Research
- SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability,
x0r0n
- Content Management Framework "G3" - XSS Vulnerability in Search Function,
Stefan Friedli
- rPSA-2006-0143-1 gnupg,
Justin M. Forbes
- [USN-330-1] tiff vulnerabilities,
Martin Pitt
- [eVuln] MyBB 'Avatar URL' XSS Vulnerability,
alex
- [security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 1136-1] New gpdf packages fix denial of service,
Martin Schulze
- [security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS),
security-alert
- OZJournal v1.5 - XSS,
luny
- [SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities,
Martin Schulze
- [security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS),
security-alert
- Hobbit monitor security bugfix release - 4.1.2p2,
Henrik Stoerner
- [SECURITY] [DSA 1138-1] New cfs packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution,
Martin Schulze
- [security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS),
security-alert
- Simpliciti Locked Browser Jail Breakout Vulnerability,
EvilPacket
- TSEP <= 0.942 Remote File Include,
beford
- Vwar v1.5.0 <= Sql Injection and XSS vuln.,
mfoxhacker
- Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions,
Secunia Research
- CMSimple Cross Site Scripting,
Outlaw
- [USN-331-1] Linux kernel vulnerabilities,
Martin Pitt
- [USN-332-1] gnupg vulnerability,
Martin Pitt
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released,
Philip M. Gollucci
- [SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation,
Moritz Muehlenhoff
- Javascript software authentication brute force attack,
Gianstefano Monni
- [MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue,
admin
- SendCard <= 3.4.0 unauthorized administrative access / remote commands execution,
rgod
- [SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service,
Martin Schulze
- [ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities,
Stefan Cornelius
- SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion,
chris_hasibuan
- [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue,
Uwe Hermann
- [ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities,
Thierry Carrez
- vbulletin 3.5.4 IE exploit xss,
stefan
- ME Download System 1.3 Remote File Inclusion,
philipp . niedziela
- [ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities,
Thierry Carrez
- ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability,
x0r0n
- [security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation,
security-alert
- GaesteChaos <= 0.2 Multiple Vulnerabilities,
Tamriel
- CounterChaos <= 0.48c SQL Injection Vulnerability,
Tamriel
- GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities,
Tamriel
- XSS in Vbulletin 3.6.0 in IE 0nly,
Stefan
- [SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service,
Martin Schulze
- [ GLSA 200608-05 ] LibVNCServer: Authentication bypass,
Sune Kloppenborg Jeppesen
- [ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
- [ECHO_ADV_42$2006] BufferOverflow in Eremove Client,
erdc
- [SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution,
Martin Schulze
- [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion,
matdhule
- [SECURITY] [DSA 1143-1] New dhcp packages fix denial of service,
Martin Schulze
- TSLSA-2006-0044 - multi,
Trustix Security Advisor
- CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities,
Williams, James K
- phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion,
philipp . niedziela
- Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01],
Matthew Hall
- [ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit,
addmimistrator
- Tinyportal Shoutbox,
exploitex
- [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability,
Sune Kloppenborg Jeppesen
- MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure,
rgod
- XSS Vulnerability in FTD v3.7.3,
try_og
- Re: flatnuke <= 2.5.7 arbitrary php file upload,
segatom
- [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion,
erdc
- XennoBB <= 2.1.0 "birthday" SQL injection,
c . boulton
- SAPID CMS remote File Inclusion vulnerabilities,
simo64
- 0-day XP SP2 wmf exploit,
cyanid-E
- SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion,
chris_hasibuan
- 0-day XP SP2 wmf exploit (some details),
cyanid-E
- NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion,
philipp . niedziela
- when will AV vendors fix this???,
Bipin Gautam
- blur6ex 0.3 Comment title HTML inyection vuln.,
piiiiiii pppiiiiiiii
- PHP: Zend_Hash_Del_Key_Or_Index Vulnerability,
Stefan Esser
- IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY,
king_purba
- Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006),
Luigi Auriemma
- php local buffer underflow could lead to arbitary code execution,
heintz
- [ GLSA 200608-10 ] pike: SQL injection vulnerability,
Sune Kloppenborg Jeppesen
- [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure,
Sune Kloppenborg Jeppesen
- Virtual War v1.5.0 Remote File Include (vwar_root),
AG Spider
- [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability,
vulnpost-remove
- Will Microsoft patch remarkable old Msjet40.dll issue?,
Juha-Matti Laurio
- Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.,
dinoboff
- [SECURITY] [DSA 1144-1] New chmlib packages fix denial of service,
Moritz Muehlenhoff
- linksys WRT54g authentication bypass,
Ginsu Rabbit
- [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code,
Sune Kloppenborg Jeppesen
- DeluxeBB Multiple Vulnerabilities,
darkz . gsa
- simplog 0.9.3 and prior XSS,
piiiiiii pppiiiiiiii
- Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability,
x0r0n
- TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability,
TSRT
- TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability,
TSRT
- ARES 2007: Call for workshop proposals, deadline Sept 10, 2006,
Manh Tho
- Attacking the local LAN via XSS,
pdp (architect)
- AUTODAFE: an Act of Software Torture [FUZZER],
Martin Vuagnoux
- phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability,
sh3ll
- [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow,
eEye Advisories
- Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper],
SPI Labs
- [ GLSA 200608-13 ] ClamAV: Heap buffer overflow,
Matthias Geerdsen
- ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability,
zdi-disclosures
- ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability,
zdi-disclosures
- [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities,
Moritz Muehlenhoff
- Archangel Weblog 0.90.02 and prior Multiple HTML injections,
piiiiiii pppiiiiiiii
- docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability,
x0r0n
- rPSA-2006-0147-1 mysql mysql-bench mysql-server,
Justin M. Forbes
- phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability,
tr_zindan
- Microsoft PowerPoint Malformed Record Memory Corruption,
Sowhat
- [ GLSA 200608-14 ] DUMB: Heap buffer overflow,
Sune Kloppenborg Jeppesen
- TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities,
TSRT
- unwrapping PL/SQL,
pete
- MojoScripts' xss vulnerable,
tugra
- MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities,
Tom Yu
- ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability,
Sune Kloppenborg Jeppesen
- rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
Justin M. Forbes
- [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow,
pucik
- SUSE Security Announcement: clamav (SUSE-SA:2006:046),
Ludwig Nussel
- PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities,
x0r0n
- [USN-333-1] libwmf vulnerability,
Martin Pitt
- Latinchat Denial Of Service,
Vicente Perez
- Assessment of Vista Kernel Mode Security,
ATR-Bugtraq
- [SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation,
Martin Schulze
- [ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability,
security
- CivicSpace Version 0.8.5 HTML injection,
HeLiOsZ RooT
- BlogHoster v2.2 Post Comment Html Injection,
piiiiiii pppiiiiiiii
- [ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability,
security
- Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability,
philipp . niedziela
- [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting),
Francisco Amato
- TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability,
TSRT
- Multiple buffer-overflows in AlsaPlayer 0.99.76,
Luigi Auriemma
- TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability,
TSRT
- Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8,
Luigi Auriemma
- TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability,
TSRT
- [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting,
Moritz Muehlenhoff
- [ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability,
security
- XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php),
ratboy727
- PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection,
simo64
- Yabb XSS,
Outlaw
- TinyWebGallery v1.5 ( image ) Remote Include Vulnerability,
x0r0n
- [SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution,
Martin Schulze
- Sending multipart/form-data requests from Flash (with arbitrary headers),
Amit Klein (AKsecurity)
- Directory Traversal vulnerability in IPCheck Monitor Server,
auuw73
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service,
Mariano Nuñez Di Croce
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow,
Mariano Nuñez Di Croce
- PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service,
Collin R. Mulliner
- [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@),
Raphael Marichez
- [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability,
Sune Kloppenborg Jeppesen
- [ GLSA 200608-18 ] Net::Server: Format string vulnerability,
Sune Kloppenborg Jeppesen
- [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows,
Sune Kloppenborg Jeppesen
- Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability,
camino
- Netgear FVG318 is vunerable to DOS attack,
root
- Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability,
sh3ll
- InfanView 3.98 (with plugins) - Access violation at processing images ANI files,
sehato
- myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability,
sh3ll
- Compersus ASP shopping cart <= DataBase Downloading vuln.,
mfoxhacker
- Virtual War v1.5.0 <= Sql Injection vuln.,
mfoxhacker
- XennoBB <= "avatar gallery" Directory Transversal,
c . boulton
- CGI Script Source Code Disclosure Vulnerability in Apache for Windows,
susam . pal
- Simple one-file GuestBook 1.0,
omnipresent
- Dragonfly CMS 9.0.6.1 and prior XSS,
HeLiOsZ RooT
- Security Contact,
Sean Warnock
- RE: [Full-disclosure] RE: when will AV vendors fix this???,
Thomas D.
- Bypassing script filters with variable-width encodings,
Cheng Peng Su
- XSSing the Lan 3 (web trojans.. not a new idea),
pdp (architect)
- Security Vulnerability in Ruby on Rails 1.1.x,
michael
- [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS),
security-alert
- TSLSA-2006-0046 - multi,
Trustix Security Advisor
- miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability,
sh3ll
- [ GLSA 200608-19 ] WordPress: Privilege escalation,
Raphael Marichez
- Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability,
sh3ll
- rPSA-2006-0152-1 squirrelmail,
Justin M. Forbes
- WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI,
philipp . niedziela
- wheatblog ُSession.php Remote File Inclusion,
Outlaw
- UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities,
Raphael Marichez
- VWar <= 1.50 R14 (n) Remote SQL Injection,
brom0815
- Nokia Browser Crash,
qode
- SquirrelMail 1.4.8 released - fixes variable overwriting attack,
Thijs Kinkhorst
- Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability,
sh3ll
- myEvent <= 1.4 Multiple Remote File Include Vulnerabilities,
sh3ll
- Concurrency-related vulnerabilities in browsers - expect problems,
Michal Zalewski
- [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation,
Martin Schulze
- Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities,
Benjamin Tobias Franz
- Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss,
blood2_20032003
- (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow,
Secure
- ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability,
ScatterChat Advisories
- Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability,
public
- Informix - Discovery, Attack and Defense,
David Litchfield
- Informix Long Username Buffer Overflow Vulnerability,
NGSSoftware Insight Security Research
- Error logging buffer overflow in Informix,
NGSSoftware Insight Security Research
- [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability,
erdc
- Google Picasa Listening on Port 80?,
Geoff Vass
- SQLIDEBUG envariable overflow on Informix,
NGSSoftware Insight Security Research
- XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution,
rgod
- BlaBla 4U XSS Vulnerabilite,
vampire_chiristof
- Virtual War v1.5.0 SQL injection and XSS,
vampire_chiristof
- JavaScript get Internal Address (thanks to DanBUK),
pdp (architect)
- HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution,
security-alert
- Kaspersky Anti-Hacker personal firewall unstealthy stealth mode,
tbratusa
- Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability,
ss_team
- Arbitrary Library Loading in Informix,
NGSSoftware Insight Security Research
- Multiple Arbitrary Command Execution Vulnerabilities,
NGSSoftware Insight Security Research
- InfanView 3.98 (with plugins) - Access violation at processing images CUR files,
sehato
- Technical note: under some conditions, it's possible to steal HTTP credentials using Flash,
Amit Klein (AKsecurity)
- Unauthorized Database Creation Privilege on Informix,
NGSSoftware Insight Security Research
- Local privilege Escalation in SmartLine DeviceLock 5.73,
seppi
- Multiple Password Exposures Flaws,
NGSSoftware Insight Security Research
- osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed,
vijay
- RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA,
Dave Wichers
- Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities,
matdhule
- Multiple buffer-overflows in libmusicbrainz 2.1.2,
Luigi Auriemma
- [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow,
Damian Put
- (somewhat) breaking the same-origin policy by undermining dns-pinning,
Martin Johns
- Multiple Buffer Overflow Vulnerabilities in Informix,
NGSSoftware Insight Security Research
- Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities,
x0r0n
- [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities,
Raphael Marichez
- Multiple Arbitrary File Access (Write/Read) Vulnerabilities,
NGSSoftware Insight Security Research
- Opera 9 Remote Denial of Service,
NNP
- Security contact from Critical Path Inc,
Guillermo Marro
- [ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability,
security
- [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability,
security
- local file include in PHP-Nuke (autohtml.php),
MosT3mR
- Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942),
Gerardo Richarte
- [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability,
nop
- Koobi Pro CMS 5.6 SQL injection & XSS,
vampire_chiristof
- [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability,
nop
- [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability,
nop
- [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service,
Martin Schulze
- [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS),
security-alert
- Lizge V.20 Web Portal File Include Vulnerability,
crackers_child
- otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln,
vampire_chiristof
- fusionnews 3,7 Remote File Inclusion,
Outlaw
- CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service,
Core Security Technologies advisories
- [USN-334-1] krb5 vulnerabilities,
Martin Pitt
- [XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue.,
root
- Mambo com_lm component (archive.php) Remote File Include Vulnerabilities,
crackers_child
- [USN-335-1] heartbeat vulnerability,
Martin Pitt
- [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing,
Marc Ruef
- [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting,
Marc Ruef
- MS Terminal Server application session breakout,
pedantic1
- ShockwaveFlash 9 (Stack overflow),
Mr . Niega
- [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS),
security-alert
- Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)",
Amit Klein (AKsecurity)
- [ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege,
Mike Prosser
- Reporter Mambo Component Remote File İnclude,
crackers_child
- discloser 0.0.4 Remote File Inclusion (with Exploit),
dr . t3rr0r1st
- [USN-337-1] imagemagick vulnerability,
Martin Pitt
- [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability,
eEye Advisories
- [USN-336-1] binutils vulnerability,
Martin Pitt
- CubeCart <= 3.0.11 SQL injection & cross site scripting,
rgod
- [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability,
nop
- World Summit on Intrusion Prevention,
wsip
- UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities,
Tom Yu
- RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems,
Michael Wojcik
- powergap <= (s0x.php) Remote File Inclusion,
saudi . unix
- [security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS),
security-alert
- [ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability,
nop
- ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added,
h1kari@xxxxxxxxxxx
- Secunia Research: AOL Insecure Default Directory Permissions,
Jakob Balle
- mtg_myhomepage Component For Mambo R.F.I,
Outlaw
- Joomla x-shop <= 1.7 Remote File Include Vulnerability,
crackers_child
- anjel Mambo Component Remote File Include,
crackers_child
- Joomla Rssxt <= 1.0 Remote File Include Vulnerability,
crackers_child
- [SECURITY] [DSA 1152-1] New trac packages fix information disclosure,
Martin Schulze
- mambo-phphop Product Scroller Module R.F.I,
Outlaw
- Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability,
David Matousek
- Mambo jim Component Remote Include Vulnerability,
x0r0n
- Multiple xxs cPanel 10,
preth00nker
- UPDATE vBulletin Version 3.5.4 exploit,
dicomdk
- Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA,
Dave Wichers
- OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS,
vampire_chiristof
- JavaScript Lazy Authorization Forcer and Visited Link Scaner,
pdp (architect)
- contentpublisher Mambo Component Remote File Include Vulnerabilities,
crackers_child
- Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability,
bilkopat
- [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution,
Martin Schulze
- Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability,
camino
- Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability,
camino
- [KAPDA::#55] - Joomla poll component vulnerability,
alireza hassani
- Joomla RFİ ( ERNE ),
erne
- Sonium Enterprise Adressbook Version 0.2 (folder) RFI,
philipp . niedziela
- Modification For OpenSEF Remote file Inclusion,
Outlaw
- Ako Comments (mod) Remote File Inclusion,
Outlaw
- [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability,
botan
- Mambo CatalogShop Remote File Inclusion,
Outlaw
- Mambo com_cropimage 1.0 Component Remote Include Vulnerability,
x0r0n
- XennoBB <= 2.2.1 "icon_topic" SQL Injection,
c . boulton
- POC & exploit for Apache mod_rewrite off-by-one,
Jacobo Avariento
- LBlog <= "comments.asp" SQL Injection Exploit,
ChironeX . FleckeriX
- WoltLab Burning Board 2.3.5(WBB) in XSS,
ZeberuS
- [SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure,
Moritz Muehlenhoff
- New PowerPoint 0-day and Trojan - FAQ document ready,
Juha-Matti Laurio
- [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability,
nop
- Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln,
Outlaw
- DoS 2wire Gateway,
preth00nker
- Mambo Component - EstateAgent Remote File Inclusion,
Outlaw
- [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability,
nop
- ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include,
h4ck3riran
- SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit,
ChironeX . FleckeriX
- Diesel Job Site forgot.php Cross-Site Scripting,
night_warrior-
- Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability,
night_warrior-
- Smart Traffic Remote File Include Vulnerability,
night_warrior-
- DieselPay İndex.php Cross-Site Scripting Vulnerability,
night_warrior-
- [ MDKSA-2006:144 ] - Updated php packages fix vulnerability,
security
- [ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- MDaemon POP3 server remote buffer overflow (preauth),
infocus
- [ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security
- TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities,
TTG
- Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug,
dkabs
- EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable,
Marc Maiffret
- Major updates in PowerPoint FAQ document - not a 0-day issue,
Juha-Matti Laurio
- Simple Machines Forum <=1.1RC2 unset() vulnerabilities,
rgod
- unauthorized VNC access in AK-Systems Windows Terminals,
Victor Sudakov
- (exploit) firefox 1.5.0.6 linux DoS,
tomas
- Linux Kernel SCTP Privilege Elevation Vulnerability,
Avert
- Tons of SQL-injections and XSS in Eichhorn Portal and vendor page,
MC Iglo
- Symantec Enterprise Security Manager Denial-of-Service Vulnerability,
Avert
- PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability,
D3nGeR
- PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2),
D3nGeR
- BlackBoard Multiple Vulnerabilities (XSS),
Pr070n
- [ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities,
security
- faille include in "VeriTECH" isreal,
king-hacker
- Symantec Gateway Security DNS exploit,
Gianstefano Monni
- Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Unintentional Password Modification in Cisco Firewall Products,
Cisco Systems Product Security Incident Response Team
- Bugtraq ID: 18402,
The Cute Group
- New malware names and updates to PowerPoint FAQ document,
Juha-Matti Laurio
- [ GLSA 200608-21 ] Heimdal: Multiple local privilege escalation vulnerabilities,
Raphael Marichez
- [ GLSA 200608-22 ] fbida: Arbitrary command execution,
Raphael Marichez
- FreeBSD Security Advisory FreeBSD-SA-06:18.ppp,
FreeBSD Security Advisories
- Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities,
Mustafa Can Bjorn IPEKCI
- Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability,
Mustafa Can Bjorn IPEKCI
- Re: Opsware NAS 6.0 reveals MySQL 'root' password,
danil9470
- [SECURITY] [DSA 1155-1] New sendmail packages fix denial of service,
Martin Schulze
- [ GLSA 200608-23 ] Heartbeat: Denial of Service,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1155-2] New sendmail packages fix denial of service,
Martin Schulze
- EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability,
Marc Maiffret
- [ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities,
security
- [ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities,
security
- Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities,
Stefan Esser
- pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability,
x0r0n
- Re: [eVuln] B-net Software Multiple XSS Vulnerabilities,
anon
- rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
Justin M. Forbes
- Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11),
Matt Riddell (IT)
- NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability,
NSFOCUS Security Team
- rPSA-2006-0158-1 tshark wireshark,
Justin M. Forbes
- TSLSA-2006-0048 - multi,
Trustix Security Advisor
- FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED],
FreeBSD Security Advisories
- Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities,
Krulewitch, Sean V
- YaPiG thanks_comment.php Cross-Site Scripting Vulnerability,
Kuon_at_Armorize_dot_com
- [ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities,
security
- [ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities,
security
- CuteNews 1.3.* Remote File Include Vulnerability,
stormhacker
- [ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities,
security
- MyBB Html Injection ( XSS ),
Redworm
- AlstraSoft Video Share Enterprise Remote File Include Vulnerability,
night_warrior-
- [ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows,
Raphael Marichez
- Sql injection in Mambo & Joomla,
Omid
- Bigace 1.8.2 (GLOBALS) Remote File Inclusion,
vampire_chiristof
- Sql injection in Xoops,
Omid
- Jupiter CMS 1.1.5 index.php Remote File Include,
D3nGeR
- Jetbox CMS search_function.php Remote File,
D3nGeR
- Suggested Fix for CVE-2006-4299,
Michael Jennings
- Cisco NAC Appliance Agent Installation Bypass Vulnerability,
Andreas Gal
- Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities,
matdhule
- [SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure,
Moritz Muehlenhoff
- [XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability,
nop
- [SECURITY] [DSA 1159-1] New Mozilla Thunderbird packages fix several problems,
Martin Schulze
- [SECURITY] [DSA 1158-1] New streamripper packages fix arbitrary code execution,
Moritz Muehlenhoff
- [SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations,
Raphael Marichez
- interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability,
carcabotx
- JetBox cms (search_function.php) Remote File Include,
carcabotx
- Re: Another YabbSE Remote Code Execution Vulnerability,
wiziwig
- Possible Myspace Worm,
mjw
- SYMSA-2006-009,
research
- [ GLSA 200608-27 ] Motor: Execution of arbitrary code,
Raphael Marichez
- [ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities,
Raphael Marichez
- [ GLSA 200608-28 ] PHP: Arbitary code execution,
Raphael Marichez
- rPSA-2006-0159-1 ImageMagick,
Justin M. Forbes
- [ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities,
security
- [ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities,
security
- [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability,
security
- LinksCaffe no checker at admin,
hoangyenxinhdep
- CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow,
Mariano Nuñez Di Croce
- [SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities,
Martin Schulze
- e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution,
rgod
- Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ),
h4ck3riran
- Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ),
h4ck3riran
- JS ASP Faq Manager v1.10 sql injection,
ali
- [SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze
- DUpoll 3.1 security alert,
bozkurtserdar
- Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion,
x0r0n
- InfoSec Paper: Creating Business Through Virtual Trust,
Kenneth F. Belva
- Re: AW: JetBox cms (search_function.php) Remote File Include,
Steven M. Christey
- SQL-Ledger serious security vulnerability and workaround,
chris
- [SECURITY] [DSA 1162-1] New libmusicbrainz packages fix arbitrary code execution,
Martin Schulze
- Ezportal/Ztml v1.0 Multiple vulnerabilities,
Hessamx
- IwebNegar v1.1 Multiple vulnerabilities,
Hessamx
- Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed,
Blwood
- XSS in HLstats 1.34,
MC Iglo
- [KAPDA::#56] - FREEKOT SQL Injection Vulnerability,
farhadkey
- [SECURITY] [DSA 1163-1] New gtetrinet packages fix arbitrary code execution,
Martin Schulze
- ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS,
gmdarkfig
- osCommerce < 2.2 Milestone 2 060817 POC Exploit,
s10242006
- [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack,
addmimistrator
- feedsplitter considered harmful,
jon
- Hackers to Hackers Conference III - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
- [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack,
addmimistrator
Mail converted by MHonArc