Mail Thread Index

Date Index

[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities, security
Secunia Research: MailEnable IMAP Service Two Vulnerabilities, Secunia Research
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert
[USN-390-1] evince vulnerability, Kees Cook
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS, mr_kaliman
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
- <Possible follow-ups>
- Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, emin
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
  - Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer
- Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Simon Josefsson
contentserv 4.x, capt . nem0
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION, blueshisha
LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
Invision Gallery 2.0.7 SQL Injection Vulnerability, infection
- <Possible follow-ups>
- Re: Invision Gallery 2.0.7 SQL Injection Vulnerability, emin
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation, Steve Kemp
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability, security
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability, security
rPSA-2006-0221-1 openldap openldap-clients openldap-servers, rPath Update Announcements
[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites, Advisory
deV!L`z Clanportal - Arbitrary File Upload [061124b], Tim Weber
Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability, dh
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite, Noah Meyerhans
Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability, Matousec - Transparent security Research
deV!L`z Clanportal - SQL Injection [061124a], Tim Weber
rPSA-2006-0220-1 dovecot, rPath Update Announcements
Aspee Ziyareti Defteri (tr) Sql injection Vuln., ShaFuq31
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability, iDefense Labs
[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability, iDefense Labs
rPSA-2006-0224-1 gnupg, rPath Update Announcements
TSLSA-2006-0068 - multi, Trustix Security Advisor
rPSA-2006-0222-1 tar, rPath Update Announcements
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-
[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability, security
[Aria-Security Team] DuWare DuNews SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln, Advisory
PHPNews 1.3.0 XSS, emulamex
KhaledMuratList mdb, blasterim
[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability, security
[Aria-Security Team] DuWare DuDownloads SQL Injection Vuln, Advisory
CuteNews 1.3.6 XSS, emulamex
[Aria-Security Team] DuWare DuForum SQL Injection Vuln, Advisory
[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln, Advisory
[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS, ISecAuditors Security Advisories
listpics v5, blasterim
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail, ISecAuditors Security Advisories
Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln., ShaFuq31
[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail, ISecAuditors Security Advisories
fl0p - passive L7 flow fingerprinting, Michal Zalewski
Online BookMarks Multiple SQL Injection/XSS Vulnerabilities, security
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
SMF upload XSS vulnerability, Jessica Hope
2[xss]Vulnerabilities in Script Mobile Ac4p.com, gamr-14
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting, ajannhwt
MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, ajannhwt
- Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit, 3APA3A
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution, Moritz Muehlenhoff
Vt-Forum Lite System V.1.3 Xss Vuln., starext
Re: UPublisher Exploit - Superfreaker, me
[Aria-Security Team] uGestBook SQL Injection Vuln, Advisory
- <Possible follow-ups>
- Re: [Aria-Security Team] uGestBook SQL Injection Vuln, Stuart Moore
- Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln, saps . audit
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
Multiple bugs in TFT-Gallery, nj
- <Possible follow-ups>
- Re: Multiple bugs in TFT-Gallery, simo64
F-Prot Antivirus for Unix: heap overflow and Denial of Service, research
[USN-392-1] xine-lib vulnerability, Kees Cook
Re: aBitWhizzy [local file include], john . goodman
[USN-391-1] libgsf vulnerability, Kees Cook
[ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability, security
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, ss_team
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell
  - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, eugeny gladkih
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Steve Shockley
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Ansgar -59cobalt- Wiechers
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Thor (Hammer of God)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation, Michael Scheidell
XSS in JAB Guest Book, nj
- <Possible follow-ups>
- Re: XSS in JAB Guest Book, Steven M. Christey
- Re: XSS in JAB Guest Book, Barnz
rPSA-2006-0211-2 doxygen libpng, rPath Update Announcements
new xss in modbb forum, h angel
TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities, TSRT
[KOffice security advisory] KOffice OLEfilter integer overflow, Dirk Mueller
SNORT Covered channels detector patch, fryxar fryxar
Re: GnuPG 1.4 and 2.0 buffer overflow, Damien Miller
Re: Evolve Merchant[ injection sql ], tony
URL Rdirecction Bug Yahoo, matrix
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features, Mariano Nuñez Di Croce
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal, Mariano Nuñez Di Croce
DistrRTgen 1.0 launched!, Martin Jørgensen
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution, Moritz Muehlenhoff
EasyPage Portal ( all ver )SQL Injection, matrix
- <Possible follow-ups>
- Re: EasyPage Portal ( all ver )SQL Injection, saps . audit
eEye's Zero-Day Tracker Launch, chinese soup
Re: Symantec LiveState Agent for Windows vulnerabi, Damjan
- Re: Symantec LiveState Agent for Windows vulnerabi, eugeny gladkih
[security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert
HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability, eEye Advisories
[ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability, security
[USN-390-2] evince vulnerability, Kees Cook
Barracuda Convert-UUlib library buffer overflow leads to remote compromise, Jean-Sébastien Guay-Leroux
Internet Explorer 6. CSS Expression Denial of Service (P.o.C.), José Carlos Nieto Jarquín
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), José Carlos Nieto Jarquín
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), Andrius Paurys
  - Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), chinese soup
    - Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.), chinese soup
Uploadscript Vulnerabilities: Text file Hash password, hack2prison
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:26.gtar, FreeBSD Security Advisories
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution, Martin Schulze
Oracle PL/SQL Fuzzing Tool, Joxean Koret
BTSaveMySql 1.2 (acces to config files), sn0oPy . team
Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Hendrik Weimer
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Tomasz Kojm
  - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Luke Borg
  - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, michele.sandrelli@xxxxxxxxxxxx
  - Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, 3APA3A
    - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Tomasz Kojm
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass, Gadi Evron
SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability, research
GnuPG: remotely controllable function pointer [CVE-2006-6235], Werner Koch
rPSA-2006-0226-1 kernel, rPath Update Announcements
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability, security
rPSA-2006-0227-1 gnupg, rPath Update Announcements
Microsoft 0-day word vulnerability - Secunia - Extremely critical, Ryan Buena
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, Andrew Simmons
- <Possible follow-ups>
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, Juha-Matti Laurio
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, schafer_jeffrey
- Re: Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical, schafer_jeffrey
New MySpace worm could be on its way, pdp (architect)
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability, zdi-disclosures
Linksys WIP 330 VoIP wireless phone crash from Nmap scan, Shawn Merdinger
[ GLSA 200612-01 ] wv library: Multiple integer overflows, Sune Kloppenborg Jeppesen
Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability, info
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability, TSRT
Some Thoughts about Office Open XML and Malware Detection, Jan P. Monsch
[USN-393-1] GnuPG vulnerability, Kees Cook
Re: The Week of Oracle Database Bugs, Tony Jambu
phpbb 2.0.x [xss], saps . audit
[USN-390-3] evince-gtk vulnerability, Kees Cook
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit, crackers_child
[USN-393-2] GnuPG2 vulnerabilities, Kees Cook
DUdirectory Admin Panel SQL Injection, Meftun
[OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg), OpenPKG GmbH
EEYE: Intel Network Adapter Driver Local Privilege Escalation, eEye Advisories
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting, Advisory
[Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting, Advisory
[Aria-Security Team] cPanel BoxTrapper Cross Site Scripting, Advisory
TSLSA-2006-0070 - multi, Trustix Security Advisor
[OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar), OpenPKG GmbH
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow, Steve Kemp
Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written, Juha-Matti Laurio
Midicart vulerable, ifx
[CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability, Williams, James K
LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability, advisories
LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability, advisories
Animated Smiley Generator File Include Vul., starext
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass, cxib
- Re: PHP 5.2.0 session.save_path safe_mode and open_basedir bypass, Ismail Donmez
[USN-394-1] Ruby vulnerability, Kees Cook
ASX Playlists and Jumping to Conclusions, Sûnnet Beskerming
PhpBB Toplist 1.3.7 Xss Vuln., starext
Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch
- <Possible follow-ups>
- Re: Enforcing Java Security Manager in Restricted Windows Environments?, jim
  - RE: Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch
iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability, iDefense Labs
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability, iDefense Labs
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability, iDefense Labs
Call For Papers: SecurityOPUS 2007, Sharkey
[ GLSA 200612-02 ] xine-lib: Buffer overflow, Sune Kloppenborg Jeppesen
KDPics Multiple Vulnerabities, mr_kaliman
ProNews V1.5 XSS & SQL Injection, mr_kaliman
Messageriescripthp V2.0 XSS & SQL Injection, mr_kaliman
AnnonceScriptHP V2.0 Multiple Vulnerabilities, mr_kaliman
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1232-1] New clamav packages fix denial of service, Moritz Muehlenhoff
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities, Dann Frazier
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, robert
D-LINK DWL-2000AP+ remote DoS, poplix
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow, Raphael Marichez
- <Possible follow-ups>
- [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow, Raphael Marichez
[SBDA] - ColdFusion MX7 - Multiple Vulnerabilities, Brett Moore
Unauthenticated access to IBM Host On-Demand administration pages, Ferguson, David (Kansas City)
[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities, security
RFIDIOt release - version 0.1i, Adam Laurie
Firefox 2.0 security bug: Extensions can hide themself, azurIt
ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities, Raphael Marichez
Multiple vulnerabilities in Winamp Web Interface 7.5.13, Luigi Auriemma
[ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez
Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document, Juha-Matti Laurio
Another, different MS Word 0-day vulnerability reported, Juha-Matti Laurio
- <Possible follow-ups>
- Re: Another, different MS Word 0-day vulnerability reported, Juha-Matti Laurio
shopsite advisory, DoZ
- <Possible follow-ups>
- Re: shopsite advisory, bugtraq
Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability, Secunia Research
looking for security community input, Gadi Evron
[ GLSA 200612-04 ] ModPlug: Multiple buffer overflows, Raphael Marichez
[ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez
Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup, Williams, James K
[ GLSA 200612-10 ] Tar: Directory traversal vulnerability, Matthias Geerdsen
The newest Word flaw is due to malformed data structure handling, Juha-Matti Laurio
- Re: The newest Word flaw is due to malformed data structure handling, Alexander Sotirov
- Re: The newest Word flaw is due to malformed data structure handling, Dave \"No, not that one\" Korn
- <Possible follow-ups>
- Re: Re: The newest Word flaw is due to malformed data structure handling, test
- Re: The newest Word flaw is due to malformed data structure handling, Steven M. Christey
- Re: The newest Word flaw is due to malformed data structure handling, Juha-Matti Laurio
Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup, Williams, James K
[ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities, Raphael Marichez
RFID access control tokens widely open to cloning, Adam Laurie
[ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez
Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow, Secunia Research
[ GLSA 200612-05 ] KOffice shared libraries: Heap corruption, Sune Kloppenborg Jeppesen
[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability, security
[ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability, security
OpenLDAP kbind authentication buffer overflow, Solar Eclipse
[SBDA] SiteKiosk - FileSystem Access, Brett Moore
Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability, rko . thelegendkiller
rPSA-2006-0230-1 evince, rPath Update Announcements
rPSA-2006-0231-1 squirrelmail, rPath Update Announcements
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability, zdi-disclosures
Re: [fuzzing] OWASP Fuzzing page, Joxean Koret
- NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page, Gadi Evron
  - Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Jerome Athias
    - Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Gadi Evron
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability, zdi-disclosures
BLOG:CMS Remote file include Vulnerability, security
Secunia Research: Internet Explorer Script Error Handling Memory Corruption, Secunia Research
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability, zdi-disclosures
[ GLSA 200612-13 ] libgsf: Buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200612-14 ] Trac: Cross-site request forgery, Sune Kloppenborg Jeppesen
ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability, zdi-disclosures
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability, iDefense Labs
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service, Steve Kemp
Re: worksystem => Remote File Include Vulnerability Exploit, Laurent . van_den_reysen
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service, Steve Kemp
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks, Steve Kemp
ASP Cmd Shell On IIS 5.1, Brett Moore
IBM DB2 Remote DoS during CONNECT processing, Team SHATTER
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability, zdi-disclosures
ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability, zdi-disclosures
CORE-2006-1127: ProFTPD Controls Buffer Overflow, CORE Security Technologies Advisories
Call for papers and presenters - Dec. 15th deadline, Mike Allgeier
The (in)security of Xorg and DRI, Darren Reed
- Re: The (in)security of Xorg and DRI, Nicolas RUFF
  - Re: The (in)security of Xorg and DRI, Darren Reed
  - Re: The (in)security of Xorg and DRI, Darren Reed
- Re: The (in)security of Xorg and DRI, Pavel Kankovsky
[ GLSA 200612-16 ] Links: Arbitrary Samba command execution, Raphael Marichez
GenesisTrader v1.0 - Multiple Vulnerabilities, mr_kaliman
HyperAccess - Multiple Vulnerabilities, Brett Moore
[USN-380-2] avahi regression, Martin Pitt
rPSA-2006-0232-1 libgsf, rPath Update Announcements
[ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability, security
[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability, security
[CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities, Williams, James K
[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security
iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability, iDefense Labs
- Re: iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability, iDefense Labs
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page, Juha-Matti Laurio
[ GLSA 200612-17 ] GNU Radius: Format string vulnerability, Raphael Marichez
Kerio MailServer < 6.3.1 remote Denial of Service, research
[ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH, Sune Kloppenborg Jeppesen
CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th), Dragos Ruiu
Top 10 Real Computer Crimes for 2007, Pete Herzog
[ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability, security
BitDefender AV Packed PE File Parsing Engine Heap Overflow, security
TSLSA-2006-0072 - clamav, Trustix Security Advisor
Windows Explorer WMV File Denial Of Service Vulnerability, sehato
- RE: Windows Explorer WMV File Denial Of Service Vulnerability, Ulises Cuñé
[USN-396-1] gdm vulnerability, Kees Cook
Windows Media MID File Denial Of Service Vulnerability, sehato
[security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access, security-alert
Project Server 2003 - Credential Disclosure, Brett Moore
Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, gplit
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Bruno Lustosa
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Dragos Ruiu
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, George Yobst
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Kamchybek Jusupov
    - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Marcus Meissner
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Josh Bressers
- <Possible follow-ups>
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, gplit
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, bastyaelvtars
  - Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, Hunger
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, ox90x86
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, willysr
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!, p . kerr
Bypassing process identification of several personal firewalls and HIPS, Matousec - Transparent security Research
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
[OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd), OpenPKG GmbH
Drone Armies C&C Report - 15 Dec 2006, c2report
XSS in gmial google, gamr-14
Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln., ShaFuq31
Odysseus 2.0 / Telemachus 1.0 (Beta), Dave
Contra Haber Sistemi v1.0 SqL Injection Vuln., ShaFuq31
[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities, DoZ
Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs., Pasi Sjoholm
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities, Dann Frazier
[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities, Moritz Muehlenhoff
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution, Moritz Muehlenhoff
Cisco not honoring update promises?, Michael Scheidell
- <Possible follow-ups>
- Re: Cisco not honoring update promises?, rsmoak
- RE: Cisco not honoring update promises?, Michael Scheidell
HyperVM Cross-Site Scripting, Advisory
RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability, saudi
SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response, research
Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow, Secunia Research
Checkpoint NG3 ICMP Flood, bdmoraes
- Re: Checkpoint NG3 ICMP Flood, Michael Schwartzkopff
- Re: Checkpoint NG3 ICMP Flood, Hugo van der Kooij
[ GLSA 200612-18 ] ClamAV: Denial of Service, Sune Kloppenborg Jeppesen
[security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS), security-alert
[ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability, security
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability, security
HITBSecConf2007 - Dubai - Call for Papers now open!, Praburaajan
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities, 7all7
Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo., filip . palian
New Skype Worm, Christopher Mosby
- RE: [BULK] - New Skype Worm, Hubbard, Dan
HP Printers FTP Server Denial Of Service, Joxean Koret
Trend Micro's Vista "0day exploit auction" claim, Ryan Meyer
- RE: Trend Micro's Vista "0day exploit auction" claim, Roger A. Grimes
  - RE: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad
    - Message not available
      - Re: Trend Micro's Vista "0day exploit auction" claim, Simple Nomad
- <Possible follow-ups>
- Re: RE: Trend Micro's Vista "0day exploit auction" claim, agoodhez1
xss in Support Cards v1 ( oSTicket ), l . d . 0
Burak Yilmaz Download Portal Sql Injection Vuln., ShaFuq31
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit, none
Oracle <= 9i / 10g File System Access via utl_file Exploit, none
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit, sumit kumar soni
- <Possible follow-ups>
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit, Marco Ivaldi
Multiple Bugs in MINI WEB SHOP, xx_hack_xx_2004
MkPortal Urlobox Cross Site Request Forgery, info
- <Possible follow-ups>
- Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus
- Re: MkPortal Urlobox Cross Site Request Forgery, securityfocus
ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability, zdi-disclosures
SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability, SEC Consult Research
Oracle Portal 10g HTTP Response Splitting, putosoft softputo
- Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton
- <Possible follow-ups>
- Re: Oracle Portal 10g HTTP Response Splitting, majororacle
NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory, security
Mono XSP ASP.NET Server sourcecode disclosure vulnerability, jose . palanco
[security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege, security-alert
[security bulletin] HPSBST02180 SSRT061288 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-072 Through MS06-078, security-alert
[ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability, Raphael Marichez
[ GLSA 200612-20 ] imlib2: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200612-21 ] Ruby: Denial of Service vulnerability, Raphael Marichez
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, 3APA3A
- <Possible follow-ups>
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio
  - Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Thierry Zoller
[USN-397-1] mono vulnerability, Kees Cook
[CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability, Williams, James K
[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus), OpenPKG GmbH
NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory, security
Fun with event logs (semi-offtopic), 3APA3A
- Re: [Full-disclosure] Fun with event logs (semi-offtopic), endrazine
Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A
  - Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Alexander Sotirov
    - Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh
    - Message not available
      - RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Michele Cicciotti
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution, Steve Kemp
[ MDKSA-2006:234 ] - Updated mono packages fix vulnerability, security
RE: [Full-disclosure] Fun with event logs (semi-offtopic), Michele Cicciotti
- Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic), 3APA3A
- Message not available
  - RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic), Michele Cicciotti
Ixprim CMS 1.2 Remote Blind SQL Injection Exploit, gmdarkfig
SQID v0.1 - SQL Inhection Digger., contact
Re: Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images, matthieu . paineauSTOPSPAM
[TOOL] untidy - XML Fuzzer, Andres Riancho
[OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby), OpenPKG GmbH
OpenSER 1.1.0 parse_config buffer overflow vulnerability, sapheal
PWDumpX updated (includes CacheDump functionality), Reed Arvin
Xt-News 0.1 : SQL Injection Vulnerability & XSS, mr_kaliman
rPSA-2006-0234-1 firefox, rPath Update Announcements
Oracle Applications/Portal 9i/10g Cross Site Scripting, putosoft softputo
TSLSA-2006-0074 - multi, Trustix Security Advisor
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, putosoft softputo
Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Mike
SQID v0.2 - SQL Injection Digger., contact
Re: Multiple Remote Vulnerabilities in KISGB, 3APA3A
- <Possible follow-ups>
- Re: Multiple Remote Vulnerabilities in KISGB, str0ke
ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability, zdi-disclosures
ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability, zdi-disclosures
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability, zdi-disclosures
Efkan Forum v1.0 SqL Inj. Vuln., ShaFuq31
Multiple Bugs in Future Internet ( XSS & SQL Injection ), xx_hack_xx_2004
iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability, iDefense Labs
Okul Merkezi Portal v1.0 Remote File IncLude Vuln., ShaFuq31
Chatwm V1.0 SqL Injection Vuln., ShaFuq31
Fishyshoop Security Vulnerability, James Gray
TimberWolf 1.2.2 vulnerable to XSS, corrado . liotta
Forum AnyBoard - Sql Inyection By Firewall, Firewall1954
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
- Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns
XSS with Vbulletin (new idea !), ashraf1984
- <Possible follow-ups>
- Re: XSS with Vbulletin (new idea !), bas
- Re: XSS with Vbulletin (new idea !), l . d . 0
- Re: XSS with Vbulletin (new idea !), micmast
[SECURITY] [DSA 1241-1] New squirrelmail packages fix cross-site scripting, Moritz Muehlenhoff
PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities, DoZ
Cahier de texte V2.2 Bypass general access protection exploit, gmdarkfig
phpcms <=- 1.1.7 Remote File Inclusion, Zarloule04
- Re: phpcms <=- 1.1.7 Remote File Inclusion, Hugo van der Kooij
- <Possible follow-ups>
- Re: phpcms <=- 1.1.7 Remote File Inclusion, Stuart Moore
LuckyBot v3 Remote File Include, i-k-t
- <Possible follow-ups>
- Re: LuckyBot v3 Remote File Include, Stuart Moore
PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability, xorontr
HLStats Remote SQL Injection Exploit, nospam
XSS - CMS Made Simple v1.0.2, Curtis Zimmerman
- <Possible follow-ups>
- Re: XSS - CMS Made Simple v1.0.2, nanoymaster
logahead UNU edition 1.0 Remote File Upload & code execution, corrado . liotta
[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser), OpenPKG GmbH
[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links), OpenPKG GmbH
Host directory full disclosure and input error, hack2prison
Secure Login Manager Multiple Input Validation Vulnerabilities, DoZ
Re: Cross site scripting & fullpath disclosure, james . brown
NtRaiseHardError Csrss.exe memory Disclosure exploit, Reversemode
ShmooCon Announcement, B Potter
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution, Moritz Muehlenhoff
Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities, xorontr
[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution, Moritz Muehlenhoff
OpenSER OSP Module remote code execution, sapheal
SMS handling OpenSER remote code executing, sapheal
[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m), OpenPKG GmbH
[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution, Moritz Muehlenhoff
XSS in script Mobilelib GOLD v2, gamr-14
- <Possible follow-ups>
- Re: XSS in script Mobilelib GOLD v2, gamr-14
XSS with default page parameter in Oracle Portal 10g, duchaikhtn
QuickCam linux device driver allows arbitrary code execution, sapheal
LDU <= 8.x (journal.php) SQL Injection Vulnerability, starext
DoceboLMS Xss Vuln., starext
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit, Reversemode
MythControl (MythTV remote control) arbitrary code execution, sapheal
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, inge_eivind . henriksen
[vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability, vulnpost-remove
Enigma Coppermine Bridge (boarddir) Remote File Include, xorontr
Enigma WordPress Bridge (boarddir) Remote File Include, xorontr

Mail converted by MHonArc