Mail Index
- phpMyConferences <= 8.0.2 Remote File Inclusion
- ActiveX security leaks in the TV owned web game platform
- Hawking Technology wireless router WR254-CA DNS issue
- [ MDKSA-2006:193 ] - Updated ImageMagick packages fix vulnerabilities
- [ MDKSA-2006:194 ] - Updated PostgreSQL packages fix vulnerabilities
- SQL Injection Vulnerability in bfExplorer 0.0.6
- Sun java System Messenger Express XSS
- New Flaw in Firefox 2.0: DoS and possible remote code execution
- Re: freenews---> fileinclude
- Re: freenews---> fileinclude
- Authentication bypass in BytesFall Explorer
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- [SECURITY] [DSA 1201-1] New ethereal packages fix denial of service
- [SECURITY] [DSA 1202-1] New screen packages fix arbitrary code execution
- PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability
- Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun"
- Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD"
- Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD"
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability
- iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability
- iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability
- Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0
- Re: Re: Simple Machines Forum (SMF) XSS issue
- Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution
- [USN-370-1] screen vulnerability
- [USN-371-1] Ruby vulnerability
- Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
- Re: phpLedAds 2.0(dir) File Include
- Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
- From: Cisco Systems Product Security Incident Response Team
- [USN-373-1] mutt vulnerabilities
- Asterisk Local and Remote Denial of Service vulnerability
- tikiwiki 1.9.5 mysql password disclosure & xss
- Outpost Insufficient validation of 'SandBox' driver input buffer
- From: Matousec - Transparent security Research
- rPSA-2006-0202-1 tshark wireshark
- From: rPath Update Announcements
- [security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access
- Re: PLS-Bannieres 1.21 (bannieres.php) File Include
- [security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution
- [security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access
- [USN-374-1] wvWare vulnerability
- [security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege
- Internet Explorer 7 - Still Spyware Writers' Heaven
- Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00
- how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
- Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
- Firefox 1.5.0.7 Exploit
- iodine client 0.3.2 buffer overflow
- [SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass
- [security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)
- [USN-375-1] PHP vulnerability
- Educational write-up by Amit Klein: "A Refreshing Look at Redirection"
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
- Re: Firefox 1.5.0.7 Exploit
- RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
- Re: Firefox 1.5.0.7 Exploit
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven
- Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability
- EUSecWest/London CFP extended to Nov. 7
- Re: phpMyConferences <= 8.0.2 Remote File Inclusion
- [ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue
- [ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities
- Re: Firefox 1.5.0.7 Exploit
- Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution
- Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00
- [ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability
- [SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
- SIMPLOG 0.9.3 injection sql & multiple xss
- [ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs
- XSS in script Mobile
- ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability
- [USN-376-1] imlib2 vulnerabilities
- [OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven
- MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
- [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
- Web Directory Pro bypass Vulnerabilities
- [OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind)
- [USN-378-1] RPM vulnerability
- [MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues
- [USN-377-1] NVIDIA vulnerability
- Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues
- IF-CMS multiples XSS vunerabilities
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven
- @cid stats v2.3 File Include
- Article Script v1.*and v1.6.3 Sql injection
- Stanford university SCARF user editing
- PHP Rapid Kill All Version File Injection
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- [ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability
- Mail Drives Security Considerations
- [ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability
- Re: @cid stats v2.3 File Include
- [ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability
- [ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss]
- Joomla 1.0.11 Remote File Include
- MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability
- From: -= SHELL =- -= SHELL =-
- Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server
- From: ProCheckUp Research
- TSLSA-2006-0061 - multi
- From: Trustix Security Advisor
- [ GLSA 200611-02 ] Qt: Integer overflow
- Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New)
- MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven
- [SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution
- [SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities
- XSS Vulnerability in Zend Framework Preview 0.2.0
- Hotmail and Windows Live Mail XSS Vulnerabilities
- Advanced Guestbook 2.3.1 (Admin.php) Remote File Include
- VulnDisco Pack for Metasploit
- Re: Firefox 1.5.0.7 Exploit
- ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability
- Re: Firefox 1.5.0.7 Exploit
- IE7 website security certificate discrediting exploit
- From: inge_eivind . henriksen
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00
- Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include
- GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability
- [USN-376-2] imlib2 regression fix
- [ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability
- [ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities
- News publication system remote File include
- Re: IE7 website security certificate discrediting exploit
- From: inge_eivind . henriksen
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php
- [ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability
- Minimizing error cascades in vulnerability information management
- WarFTPd 1.82.00-RC11 Remote Denial Of Service
- XSS in Kayako SupportSuite v3.00.32
- [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php
- WFTPD Pro Server 3.23 Buffer Overflow
- [ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error
- [OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh)
- Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006
- [ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop
- From: Cisco Systems Product Security Incident Response Team
- Y.A.N.S sql injection
- PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
- PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability
- [ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability
- Lotus Notes pre-login User.ID key leak
- iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities
- From: iDefense Labs Security Advisories
- Portix-PHP [login bypass & xss (post)]
- phpsatk => Remote File Include Vulnerability EXploit
- TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability
- Re: Hotmail and Windows Live Mail XSS Vulnerabilities
- Abarcar Realty Portal [injection sql]
- iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability
- knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability
- Speedwiki 2.0 Arbitrary File Upload Vulnerability
- [ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities
- Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie
- From: ProCheckUp Research
- FreeWebshop <=2.2.2 [local file include & xss]
- FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive
- From: FreeBSD Security Advisories
- Antwort: Joomla 1.0.11 Remote File Include
- omnistar article manager [multiples injection sql]
- [ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability
- bitweaver <=1.3.1 [injection sql (post) & xss (post)]
- GNU gv Stack Overflow Vulnerability
- [SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities
- LandShop Real Estate [multiple injection sql & xss]
- [USN-379-1] texinfo vulnerability
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00
- Wheatblog [multiple xss (post) & full path disclosure]
- [security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS)
- [ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities
- rPSA-2006-0204-1 kernel
- From: rPath Update Announcements
- rPSA-2006-0205-1 php php-mysql php-pgsql
- From: rPath Update Announcements
- rPSA-2006-0206-1 firefox thunderbird
- From: rPath Update Announcements
- rPSA-2006-0207-1 openssh openssh-client openssh-server
- From: rPath Update Announcements
- [ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities
- [ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities
- [OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap)
- [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation
- [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow
- [x0n3-h4ck]Drake CMS v 0.2 XSS exploit
- ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability
- encapscms 0.3.6 - Remote File Include by Firewall
- Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability
- Mega Mall [ multiples injection sql & full path disclosure ]
- MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure]
- TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability
- PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
- From: philipp . niedziela
- [SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery
- UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability
- Exophpdesk V1.2 - Remote File Include
- Wordpress File Inclusion
- [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue
- phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit
- AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit
- NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit
- Re: feedsplitter considered harmful
- Re: Wordpress File Inclusion
- NuRems 1.0 Remote XSS/SQL Injection Exploit
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
- NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability
- NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit
- [SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities
- XSS in Email Signature Script
- infinicart [ multiples injection sql & xss (post) ]
- shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit
- Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
- VBulletin DoS Exploit [ all Versions ]
- Web Interface remote file inclusion
- Digipass Go3 Token Dumper (at least for 2006)
- ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow
- Phpjobscheduler 3.0 - Multiple Remote File Include
- Phpdebug 1.1.0 - Remote File Include by Firewall
- ELOG Web Logbook Remote Denial of Service Vulnerability
- UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability
- Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability
- CPanel Multiple Cross Site Scription
- Old SAP exploits
- Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow
- ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit
- UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability
- [FLSA-2006:211760] Updated gzip package fixes security issues
- [SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery
- DirectAdmin Multiple Cross Site Scription
- Challenges faced by automated web application security assessment tools
- VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
- From: VMware Security team
- iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability
- SinFP 2.04 release, works under Windows
- [ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
- [ GLSA 200611-08 ] RPM: Buffer overflow
- New Bug MiniBB Forum <= 2 Remote File Include (index.php)
- VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
- From: VMware Security team
- VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
- From: VMware Security team
- Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit
- VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue
- From: VMware Security team
- VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
- From: VMware Security team
- Re: Wordpress File Inclusion
- [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows
- Re: GNU gv Stack Overflow Vulnerability
- [SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities
- Real Estate Listing System SQL Injection
- ASPintranet SQL Injection
- SiteXpress SQL Injection
- WWWeb Cocepts SQL Injection
- Ustore SQL Injection
- eShopping SQL Injection
- Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
- ECommerce Store Shop Builder
- Engine Manager SQL Injection
- BPG Content Management System SQL Injection
- Apple Safari "match" Buffer Overflow Vulnerability
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
- Evolve Merchant[ injection sql ]
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
- Inventory Manager [injection sql & xss (get)]
- Car Site Manager [injection sql & xss (get)]
- Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php)
- FunkyASP Glossary v1.0 [injection sql]
- Blogme v3 [admin login bypass & xss (post)]
- Property Site Manager [login bypass ,multiples injection sql & xss (get)]
- [Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit']
- Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
- [Fwd: OpenBase SQL multiple vulnerabilities Part Deux]
- EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow
- ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
- ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
- A+ Store E-Commerce[ injection sql & xss (post) ]
- A-Cart pro[ injection sql (post&get)]
- hpecs shopping cart[login bypass & injection sql (post)]
- Dragon calendar [ login bypass & injection sql ]
- [SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution
- MultiCalendars [ multiples injection sql ]
- NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- From: Rodrigo Rubira Branco (BSDaemon)
- [OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo)
- DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- From: Rodrigo Rubira Branco (BSDaemon)
- TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure
- From: Rodrigo Rubira Branco (BSDaemon)
- TSLSA-2006-0063 - multi
- From: Trustix Security Advisor
- [ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability
- [SECURITY] [DSA 1212-1] New openssh packages fix denial of service
- Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability
- From: Matousec - Transparent security Research
- E-Calendar Pro 3.0 [ login bypass & injection sql (post)]
- Helm Cross-Site Scripting (XSS)
- FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- From: Rodrigo Rubira Branco (BSDaemon)
- [ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability
- Bloo => 1.00 Cross Site Scripting
- E-commerce Kit 1 PayPal Edition [ injection sql ]
- MetaCart e-Shop [multiples injection sql (get & post)]
- Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
- discloser => 0.0.4 Remote File Include Vulnerabilities
- Hot Links download backup authorized vulnerabilities
- PhpMyAdmin all version [multiples vulnerability]
- [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues
- OdysseusBlog => 1.0.0 Cross Site Scripting
- Bloo => 1.00 Remote File Include Vulnerability
- Team Evil - Incident #2
- Chetcpasswd 2.x: multiple vulnerabilities
- Secunia Research: MDaemon Insecure Default Directory Permissions
- Re: Apple Safari "match" Buffer Overflow Vulnerability
- dev_wms => 1.5 Remote File Include Vulnerabilities
- discloser => 0.0.4 Remote File Include Vulnerability Exploit
- Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )
- Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
- eShopping Cart [injection sql]
- Whitepaper: Implementing and Detecting a PCI Rootkit
- Vulnerabilities in Client Service for NetWare
- CandyPress Store[ multiples injection sql ]
- BaalAsp forum [login bypass ,injections sql(post), xss(post)]
- ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability
- Helm Cross Site Scripting
- Myphotos => Remote File Include Vulnerability Exploit
- i-Gallery 3.4 Cross Site Scripting
- Sphpblog => 0.8 Cross Site Scripting
- BlogTorrent-preview => 0.92 Cross Site Scripting
- Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include
- ASP Cart [multiples injection sql (post & get)]
- worksystem => Remote File Include Vulnerability Exploit
- Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- Hot Links download backup authorized vulnerabilities (re-post with some edit)
- eggblog=> 3.1.0 Cross Site Scripting
- Secunia Research: Panda ActiveScan Multiple Vulnerabilities
- RE: VBulletin DoS Exploit [ all Versions ]
- UK Security Convention - Continuity 2006
- Links smbclient command execution
- rPSA-2006-0211-1 libpng
- From: rPath Update Announcements
- Image gallery with Access Database SQL Injection
- My-BIC => 0.6.5 Remote File Include Vulnerability Exploit
- ASPintranet SQL Injection
- blogcms => 4.0.0 Remote File Include
- RED Blog => Remote File Include Vulnerability Exploit
- Storystream => 4.0 Remote File Include Vulnerability Exploit
- Pilot Cart V.7.2 [ injection sql (post) ]
- [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities
- Kerio WebSTAR local privilege escalation
- [ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities
- [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities
- [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd)
- Active News Manager [ injection sql (post&get)]
- [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities
- [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities
- [OpenPKG-SA-2006.036] OpenPKG Security Advisory (png)
- [USN-383-1] libpng vulnerability
- [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS)
- [ GLSA 200611-09 ] libpng: Denial of Service
- From: Sune Kloppenborg Jeppesen
- TSLSA-2006-0065 - libpng
- From: Trustix Security Advisor
- [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities
- From: Sune Kloppenborg Jeppesen
- Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion )
- [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory]
- 20/20 auto gallery [ multiples injection sql ]
- 20/20 real estate [ multiples injection sql ]
- TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability
- [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
- Sphpblog => 0.8 Remote File Include Vulnerabilities
- Aspmforum [ multiples injection sql (get&post)]
- igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote
- XSS vBulletin 3.6.X Admin Control Painel
- Dating Site [ login bypass & xss]
- MosReporter Joomla Component Remote File Inclusion Exploi
- 20/20 datashed [ multiples injection sql ]
- Re: blogcms => 4.0.0 Remote File Include
- Re: Airmagnet management interfaces multiple vulnerabilities
- Infinitytechs Restaurants CM
- [ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability
- Re: dev_wms => 1.5 Remote File Include Vulnerabilities
- A-Cart PRO SQL Injection
- [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues
- Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING
- PhpBB Module Dimension Remote File Include
- [ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities
- Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection
- [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite
- Drone Armies C&C Report - 17 Nov 2006
- Vikingboard (0.1.2) [ multiples vulnerability ]
- BLOG:CMS <= 4.1.3 XSS
- [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite
- [MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues
- linksys wrt54g v5 authentication bypass fixed
- A-Cart 2.0 SQL Injection
- Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite
- Re: A-Cart PRO SQL Injection
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include
- GPhotos 1.5 Multiple vulnerabilities
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include
- Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow
- [Full-disclosure] Regarding the heap spray.
- Dovecot IMAP/POP3 server: Off-by-one buffer overflow
- LoudMouth => 2.4 Remote File Include Vulnerabilities
- Telaen <= 1.1.0 Remote File Include Exploit
- Ixprim CMS 1.2 Remote File Include Vulnerability
- Rapid Classified v3.1 [multiple xss (get) & injection sql]
- Digital Armaments November-Decemberr Hacking Challenge: KERNEL
- [SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities
- PhpBB Module Dimension Remote File Include
- PhpQuickGallery <= 1.9 Remote File Inclusion Exploit
- ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability
- ehomes [multiples injections sql]
- PHPOLL => 0.96 Cross Site Scripting
- Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
- eClassifieds [injection sql]
- Rialto 1.6[admin login bypass & multiples injections sql]
- gNews Publisher SQL Injection Vulnerabilites
- Shopping_Catalog Remote File Include exploit
- RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure
- dicshunary 0.1 alpha Remote File Inclusion Exploit
- enomphp => 4.0 Remote Traversal Directory
- DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit
- klf-realty [injection sql]
- iPrimal Forums (index.php) Remote File Include Exploit
- mg.applanix <= 1.3.1 Remote File Include Exploit
- mxBB calsnails module 1.06 Remote File Inclusion Exploit
- Telaen => 1.1.0 Remote File Include Vulnerability
- [SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution
- [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities
- The Week of Oracle Database Bugs
- [ GLSA 200611-13 ] Avahi: "netlink" message vulnerability
- From: Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass
- MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
- [ GLSA 200611-12 ] Ruby: Denial of Service vulnerability
- From: Sune Kloppenborg Jeppesen
- Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
- [ GLSA 200611-14 ] TORQUE: Insecure temproary file creation
- From: Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service
- [ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability
- BirdBlog => v1.4.0 Cross Site Scripting
- Wabbit PHP Gallery => 0.9 Remote Traversal Directory
- [SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code
- mAlbum v0.3 Multiple vulnerabilitizzz
- my little weblog => Cross Site Scripting
- [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities
- From: Sune Kloppenborg Jeppesen
- Classified System [injection sql]
- Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
- Re: GPhotos 1.5 Multiple vulnerabilities
- ltwCalendar => 4.2.1 Remote File Include Vulnerabilities
- [SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression
- [ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability
- The Classified Ad System [multiple xss & injection sql]
- [USN-384-1] OpenLDAP vulnerability
- Which is more secure? Oracle vs. Microsoft
- Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
- LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability
- [KAPDA]::Security analysis of cutenews 1.4.5
- New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
- [ GLSA 200611-15 ] qmailAdmin: Buffer overflow
- From: Sune Kloppenborg Jeppesen
- Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities
- [ GLSA 200611-16 ] Texinfo: Buffer overflow
- From: Sune Kloppenborg Jeppesen
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities
- Secunia Research: My Firewall Plus Privilege Escalation Vulnerability
- [SECURITY] [DSA 1218-1] New proftpd packages fix denial of service
- aBitWhizzy [local file include]
- ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities
- [USN-382-1] Thunderbird vulnerabilities
- Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include
- Link Exchange Lite [injection sql]
- creadirectory [injection sql & xss]
- JiRos Links Manager[injection sql & xss permanent]
- Advisory: LDU <= 8.x Remote SQL Injection Vulnerability.
- From: Mustafa Can Bjorn IPEKCI
- Clarifying integer overflows vs. signedness errors
- VMSA-2006-0010 - SSL sessions not authenticated by VC Clients
- From: VMware Security team
- Vulnerability in PostNuke
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
- Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
- From: Mustafa Can Bjorn IPEKCI
- [USN-381-1] Firefox vulnerabilities
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities
- RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability
- *BSD banner INT overflow vulnerability
- Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions
- Re: *BSD banner INT overflow vulnerability
- Re: Clarifying integer overflows vs. signedness errors
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability
- Windows Media ASX PlayList File Denial Of Service Vulnerability
- [ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
- Re: Re: *BSD banner INT overflow vulnerability
- Re: *BSD banner INT overflow vulnerability
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
- CONFidence 2007 CFP
- Perl proxy checker using samair.ru
- XSS in scriptat support InverseFlow Help Desk v2.31
- Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
- Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
- [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion
- NVIDIA nView (keystone) local Denial Of service
- CFP - VII National Computer and Information Security Conference
- Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
- Re: tikiwiki 1.9.5 mysql password disclosure & xss
- Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
- Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
- [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability
- Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include
- Re: *BSD banner INT overflow vulnerability
- LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability
- [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection
- Active PHP Bookmarks (apb.php) Remote file include
- Cracking String Encryption in Java Obfuscated Bytecode
- Re: Cracking String Encryption in Java Obfuscated Bytecode
- [Aria-Security Team] Ultimate Survey Pro SQL Injection
- Cross site scripting & fullpath disclosure
- [ GLSA 200611-18 ] TIN: Multiple buffer overflows
- From: Sune Kloppenborg Jeppesen
- [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection
- PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities
- mmgallery Multiple vulnerabilities
- Re: Active PHP Bookmarks (apb.php) Remote file include
- Wolflab Burning Board Lite 1.0.2 two sql injections
- Re: Cracking String Encryption in Java Obfuscated Bytecode
- [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection
- [Aria-Security Team] ASP ListPics 5.0 SQL Injection
- [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection
- [Aria-Security Team] iNews News Manager SQL Injection
- Re: Digipass Go3 Token Dumper (at least for 2006)
- [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows
- From: Sune Kloppenborg Jeppesen
- Cahier de texte V2.0 SQL Code Execution Exploit
- PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit
- CPanel 11 Multiple Cross-Site Scription
- [ GLSA 200611-20 ] GNU gv: Stack overflow
- From: Sune Kloppenborg Jeppesen
- WebHost Manager (WHM) Multiple Cross-Site Scripting
- DoS in Microsoft Windows Live Messenger <= 8.0
- New Windows tool - NBTEnum 3.3
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- Re: tikiwiki 1.9.5 mysql password disclosure & xss
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- From: Thor (Hammer of God)
- Siap Cms Sql Injection (login.asp)
- Wisi Portal [Sql Injection By Jesus Tovar]
- AttackAPI 2.0 alpha
- Re: DoS in Microsoft Windows Live Messenger <= 8.0
- Free tool for pattern identification (for researchers)
- Re: Re: Digipass Go3 Token Dumper (at least for 2006)
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- Re: Clarifying integer overflows vs. signedness errors
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- From: Thor (Hammer of God)
- mAlbum v0.3 local file inclusion
- [Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability
- [Aria-Security Team] General Shopping Cart SQL Injection Vulnerability
- [SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- Clickblog Sql Injection
- ClickGallery Sql Injection
- iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability
- TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)
- VMware 5.5.1 Local Buffer Overflow (HTML Exploit)
- [SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities
- CuteNews v1.4.5 (search.php) Remote file include vulnerability
- rPSA-2006-0218-1 ImageMagick
- From: rPath Update Announcements
- TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)
- rPSA-2006-0219-1 info install-info texinfo
- From: rPath Update Announcements
- PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
- MHL-2006-003 Public Advisory: "mboard" file creation issue
- From: Mayhemic Labs Security
- iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability
- [ GLSA 200611-21 ] Kile: Incorrect backup file permission
- From: Sune Kloppenborg Jeppesen
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
- RE: Cracking String Encryption in Java Obfuscated Bytecode
- 2nd European Conference on Computer Network Defense (EC2ND)
- Cursor snarfing - a new class of vulnerability and attack in Oracle
- AIDE problem handling symlinks
- ClickContact SQL Injection
- SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal
- GnuPG 1.4 and 2.0 buffer overflow
- CVE-2006-5815: remote code execution in ProFTPD
- [ GLSA 200611-22 ] Ingo H3: Folder name shell command injection
- From: Sune Kloppenborg Jeppesen
- uPhotoGallery (v 1.1) SQL Injection
- Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- [USN-386-1] ImageMagick vulnerability
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- evince buffer overflow exploit (gv)
- TSLSA-2006-0066 - multi
- From: Trustix Security Advisor
- ProFTPD mod_tls pre-authentication buffer overflow
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity
- b2evolution XSS Vulnerabilities
- [USN-387-1] Dovecot vulnerability
- [ GLSA 200611-23 ] Mono: Insecure temporary file creation
- [ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability
- [ GLSA 200611-24 ] LHa: Multiple vulnerabilities
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity
- [USN-385-1] tar vulnerability
- New report on Teredo security
- Multiple Vulnerabilities in AlternC version 0.9.5
- Re: [Full-disclosure] New report on Teredo security
- b2evolution Remote File inclusion Vulnerability
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
- Re: [WEB SECURITY] The state of JavaScript Hacking
- PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability
- Re: ProFTPD mod_tls pre-authentication buffer overflow
- ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability
- iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability
- [ MDKSA-2006:219 ] - Updated tar packages fix vulnerability
- Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability
- SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability
- OWASP JBroFuzz 0.3 Fuzzer Released!
- RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
- New Windows tool - PWDumpX v1.0
- Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities
- [Aria-Security Team] FipsSHOP SQL Injection
- Potentially OT: AJAX article
- Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability
- [USN-388-1] KOffice vulnerability
- [USN-389-1] GnuPG vulnerability
Mail converted by MHonArc