Mail Thread Index

• Date Index

• Flaw in about.r OS and Progress version disclosure, suresync
• please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB", Simson Garfinkel
  • Re: please retract CVE-2007-2056 "Time-of-Check-Time-of-Use File Race in AFFLIB", Tim
• [SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities, Moritz Muehlenhoff
• GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability, crazy_king
  • Re: GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability, Jamie Riden
• 3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow exploits., v9
• iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability, iDefense Labs
• [security bulletin] HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges, security-alert
• Re: Sphider Version 1.2.x (include_dir) file include, ijoo . keren
• FLEA-2007-0014-1: vim, Foresight Linux Essential Announcement Service
• FLEA-2007-0015-1: gimp, Foresight Linux Essential Announcement Service
• E-Annu (home.php) Remote SQL Injection Vulnerability, ilkerkandemir
• iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities, iDefense Labs
  • Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities, Marvin Frick
    • Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities, Reversemode
• ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability, Matousec - Transparent security Research
• [SECURITY] [DSA 1284-1] New qemu packages fix several vulnerabilities, Moritz Muehlenhoff
• [SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilities, Noah Meyerhans
• [ GLSA 200705-02 ] FreeType: User-assisted execution of arbitrary code, Raphael Marichez
• [ GLSA 200705-01 ] Ktorrent: Multiple vulnerabilities, Raphael Marichez
• [ GLSA 200705-03 ] Tomcat: Information disclosure, Raphael Marichez
• Radware Security Advisory - Yate 1.1.0 Denial of Service Vulnerability, no-reply
• ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability, zdi-disclosures
• rPSA-2007-0084-1 kernel, rPath Update Announcements
• [ GLSA 200705-05 ] Quagga: Denial of Service, Sune Kloppenborg Jeppesen
• Wordpress All versions XSS, jcarlos . norte
• [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (wpPATH) Remote File Inclusion Vulnerability, erdc
• [ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclusion Vulnerability, erdc
• [ GLSA 200705-04 ] Apache mod_perl: Denial of Service, Sune Kloppenborg Jeppesen
• [ MDKSA-2007:095 ] - Updated ktorrent packages fix vulnerability, security
• [USN-456-1] net-snmp vulnerability, Kees Cook
• Atomix Mp3 Buffer Overflow, preth00nker
• Vulnerability in InterVations' MailCopa, skillTube.com
• Disable website access for sites running Webspeed, suresync
• response Progress: Denial of Service attack against WebSpeed possible, suresync
• Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances, Cisco Systems Product Security Incident Response Team
• Post Nuke v4bJournal Module Sql Inject, abbasi
• iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability, iDefense Labs
• [SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities, Dann Frazier
• [ MDKSA-2007:096 ] - Updated quagga packages fix DoS vulnerability, security
• TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption, TSRT
• TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities, TSRT
• 12All File Upload Vulnerability, John McGuire
  • <Possible follow-ups>
  • Re: 12All File Upload Vulnerability, info
• [security bulletin] HPSBPI02185 SSRT071290 rev.2 - HP Jetdirect Running ftp, Remote Denial of Service (DoS), security-alert
• Medium security hole affecting DSL-G624T, Tim Brown
  • Re: Medium security hole affecting DSL-G624T, 3APA3A
    • Re: Medium security hole affecting DSL-G624T, Tim Brown
      • Re[2]: Medium security hole affecting DSL-G624T, 3APA3A
        • Re: Medium security hole affecting DSL-G624T, Tim Brown
• [security bulletin] HPSBTU02179 SSRT061256 rev.1 - HP Tru64 UNIX Running the ps command, Local Disclosure of Sensitive Information, security-alert
• [ MDKSA-2007:097 ] - Updated xscreensaver packages fix vulnerability, security
• Bradford CampusManager v3.1(6) Sensitive Data Disclosure, john
• SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability, ilkerkandemir
• Aardvark Topsites PHP Directory Disclosure Vulnerability, DoZ
• [security bulletin] HPSBTU02116 SSRT061135 rev.3 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
• [security bulletin] HPSBMI02210 SSRT071396 rev.1 - ProCurve Series 9300m Switches, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX01137 SSRT5954 rev.10 - HP-UX Running TCP/IP (IPv4), Remote Unauthorized Denial of Service (DoS), security-alert
• rPSA-2007-0085-1 lftp, rPath Update Announcements
• rPSA-2007-0090-1 gimp, rPath Update Announcements
• rPSA-2007-0089-1 net-snmp net-snmp-utils, rPath Update Announcements
• rPSA-2007-0088-1 xscreensaver, rPath Update Announcements
• Multiple vendors ZOO file decompression infinite loop DoS, Jean-Sébastien Guay-Leroux
• PHPSecurityAdmin Remote File Include Exploit, ilkerkandemir
• Remote File Include In Script impex, RaeD
• RunCms <= 1.5.2 debug_show.php sql injection, retrog
• Re: sunshop v4 >> RFI, lagged2hell
• safari's saved password at risk, poplix
• NPDS <= 5.10 - Multiple SQL injections, aeroxteam_PLEASEDONTSPAMUS
  • <Possible follow-ups>
  • Re: NPDS <= 5.10 - Multiple SQL injections, aeroxteam_PLEASEDONTSPAMUS
• Re: WebScarab <= 20060621-0003 cross site scripting, Rogan Dawes
• XSS in Microsoft SharePoint, ville . solarius
  • RE: XSS in Microsoft SharePoint, Jim Harrison
    • Re: XSS in Microsoft SharePoint, Solarius
• ACP3 (v4.0b3) - Multiple Vulnerabilities, john
• [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue, admin
• Nuked-klaN 1.7.6 Remote Code Execution Exploit, gmdarkfig
• Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies), sapheal-hack.pl
• Podium CMS - Cookie Manipulation Exploit, john
  • <Possible follow-ups>
  • Re: Podium CMS - Cookie Manipulation Exploit, Steven M. Christey
• SunShop (v4) Multiple Vulnerabilities, john
• [ GLSA 200705-06 ] X.Org X11 library: Multiple integer overflows, Raphael Marichez
• UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability, john
  • <Possible follow-ups>
  • Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability, info
• Drake CMS (v0.4.0) - CRLF Injection Vulnerability, john
• Re: nucleus 3.22 >> RFI, security curmudgeon
• Mini Web Shop v.2 Vulnerable to XSS, corrado . liotta
• Kayako eSupport v3.00.90 Cross Site Scripting (XSS), e1c4
• [SECURITY] [DSA 1287-1] New ldap-account-manager packages fix multiple vulnerabilities, Noah Meyerhans
• [USN-457-1] elinks vulnerability, Kees Cook
• [Reversemode Advisory] VMware Products - GPF Denial of Service, Reversemode
• pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability, ilkerkandemir
• fipsCMS v2.1 Remote SQL injection Vulnerability, ilkerkandemir
• PHPHtmlLib <= 2.4.0 Remote File Include Exploit, ilkerkandemir
• phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability, ilkerkandemir
• american cart 3.* (abs_path) remote file include, kepledehlah
• Re: NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections, technocrat
• iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability, iDefense Labs
• OTRS <= 2.0.x XSS/XSRF, ciri
• Updated: webMethods Security Advisory: Glue console directory traversal vulnerability, Jeremy Epstein
• [ GLSA 200705-07 ] Lighttpd: Two Denials of Service, Raphael Marichez
• [ GLSA 200705-08 ] GIMP: Buffer overflow, Raphael Marichez
• WASC Announcement: Distributed Open Proxy Honeypot Project Data Released, announcements
• VMSA-2007-0004 Multiple Denial-of-Service issues fixed, VMware Security team
• ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability, zdi-disclosures
• Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities, securityresearch
• rPSA-2007-0092-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements
• FLEA-2007-0016-1: kernel, Foresight Linux Essential Announcement Service
• Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability, securityresearch
• [ GLSA 200705-09 ] IPsec-Tools: Denial of Service, Raphael Marichez
• AP Newspower software <=4.0.1 allows remote data manipulation, gobbles_fo_evar
• [ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilities, Raphael Marichez
• ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability, zdi-disclosures
• [ GLSA 200705-10 ] LibXfont, TightVNC: Multiple vulnerabilities, Raphael Marichez
• Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities, securityresearch
• rPSA-2007-0094-1 cpio, rPath Update Announcements
• [USN-458-1] MoinMoin vulnerabilities, Kees Cook
• ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability, zdi-disclosures
• ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability, zdi-disclosures
• [security bulletin] HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution, security-alert
• [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation, security-alert
  • Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation, Daniele Calore
• [SECURITY] [DSA 1288-1] New pptpd packages fix denial of service, Moritz Muehlenhoff
• [ MDKSA-2007:099 ] - Updated python packages fix vulnerabilities, security
• [ MDKSA-2007:098 ] - Updated clamav packages fix vulnerabilities, security
• RDP TLS downgrade, software
  • RE: RDP TLS downgrade, M. Burnett
  • RE: RDP TLS downgrade, Roger A. Grimes
• SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express, Johannes Greil
• Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039), Alexander Sotirov
• iDefense Security Advisory 05.08.07: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability, iDefense Labs
• Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server, Cisco Systems Product Security Incident Response Team
• Digital Armaments May-June-2007 Hacking Challenge: VMware, info
• Re: [Full-disclosure] Vulnerabilities Hashes DB needed, Morning Wood
• Re: [Dailydave] Vulnerabilities Hashes DB needed, shadown
• Multiple vulnerabilities, Michal Bucko (hackpl)
• Defeating Citibank Virtual Keyboard protection using screenshot method, yashks
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Reversemode
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Gadi Evron
  • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Jim Harrison
    • Message not available
      • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Jim Harrison
        • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Gadi Evron
          • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Jim Harrison
            • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Gadi Evron
              • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, David Gillett
                • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Florian Weimer
                  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Ansgar -59cobalt- Wiechers
                  • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, James C. Slora Jr.
          • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Debasis Mohanty
    • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Nick FitzGerald
      • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Eli Dart
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Jan Heisterkamp
  • <Possible follow-ups>
  • Re: Re: Defeating Citibank Virtual Keyboard protection using screenshot method, yashks
  • Re: RE: Defeating Citibank Virtual Keyboard protection using screenshot method, balazs . zolika
  • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Rogier Mulhuijzen
    • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Nick FitzGerald
      • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Omar A. Herrera
        • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Hugo van der Kooij
          • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Seth
          • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Glynn Clements
      • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Bojan Zdrnja
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Reversemode
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Paul Foote
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, imipak
  • RE: Defeating Citibank Virtual Keyboard protection using screenshot method, Rogier Mulhuijzen
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, sethb
  • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, mailbox@xxxxxxxxxxxxxx
    • Message not available
      • Defeating Citibank Virtual Keyboard protection using screenshot method, aditya kuppa
        • Re: Defeating Citibank Virtual Keyboard protection using screenshot method, Bojan Zdrnja
  • Re: Re: Defeating Citibank Virtual Keyboard protection using screenshot method, balazs . zolika
• Training Classes in SyScan'07, organiser@xxxxxxxxxx
• [ MDKSA-2007:100 ] - Updated bind packages fix vulnerability, security
• iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability, iDefense Labs
• iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability, iDefense Labs
• iDefense Security Advisory 05.08.07: Microsoft Excel Filter Record Code Execution Vulnerability, iDefense Labs
• iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability, iDefense Labs
• 2nd OWASP Israel mini conference at the Interdisciplinary Center Herzliya (IDC), Monday, May 21st, 13:30, Ofer Shezaf
• [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability, security
  • Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability, Stefano
• Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
• Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability, Secunia Research
• squirrelmail CSRF vulnerability, p3rlhax
  • Re: squirrelmail CSRF vulnerability, Josh Zlatin-Amishav
    • Re: squirrelmail CSRF vulnerability, Tim Newsham
      • Re: squirrelmail CSRF vulnerability, Josh Zlatin-Amishav
        • Re: squirrelmail CSRF vulnerability, Pavel Kankovsky
• iDefense Security Advisory 05.09.07: Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 05.10.07: Sun Microsystems Solaris SRS Proxy Core srsexec Arbitrary File Read Vulnerability, iDefense Labs
• [ GLSA 200705-12 ] PostgreSQL: Privilege escalation, Sune Kloppenborg Jeppesen
• [ GLSA 200705-13 ] ImageMagick: Multiple buffer overflows, Sune Kloppenborg Jeppesen
• iDefense Security Advisory 05.10.07: Novell NetMail NMDMC Buffer Overflow Vulnerability, iDefense Labs
• phpMUR Cross Site Scripting, the_3dit0r
• iDefense Security Advisory 05.10.07: Apple Darwin Streaming Proxy Multiple Vulnerabilities, iDefense Labs
• Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability, binagres
• [ MDKSA-2007:103 ] - Updated php packages fix multiple vulnerabilities, security
• eFileCabinet Authentication Bypass, VulnerabilityResearch
• [ MDKSA-2007:102 ] - Updated php packages fix multiple vulnerabilities, security
• fotolog xss, absamu
• TFTPdWin 0.4.2 Server Directory Traversal Vulnerability, VulnerabilityResearch
• TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability, TSRT
• rPSA-2007-0096-1 shadow, rPath Update Announcements
• ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability, zdi-disclosures
• [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities, Williams, James K
• Multiple Denial of Service attacks possible for Webspeed OpenEdge, suresync
• W1L3D4 Philboard v0.2 sql injection, ALEMIN KRALI
• Cross-Site Scripting in Adobe RoboHelp 6, Server 6 and X5, Michael Domberg
• Design Flaw in Deutsche Telekom Speedport w700v broadband router, Michael Domberg
• [vuln.sg] yEnc32 Decoder Long Filename Buffer Overflow Vulnerability, vulnpost-remove
• Webspeed OpenEdge Dos exploit, bendeniz_avci
• Broadband routers and botnets - being proactive, Gadi Evron
  • <Possible follow-ups>
  • Re: Broadband routers and botnets - being proactive, Gadi Evron
• notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit., v9
  • <Possible follow-ups>
  • Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit., kimhm682000
    • Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit., Jerome Athias
• Exim 4.66 in conjunction with spamd Overflow issues, calcite
  • Re: Exim 4.66 in conjunction with spamd Overflow issues, 3APA3A
• SonicBB version 1.0 XSS Attack Vulnerabilities, securityresearch
• [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities, Moritz Muehlenhoff
• Uninformed Journal Release Announcement: Volume 7, sflist
• [SECURITY] [DSA 1290-1] New squirrelmail packages fix cross-site scripting, Moritz Muehlenhoff
• [security bulletin] HPSBMI02210 SSRT071396 rev.2 - ProCurve Series 9300m Switches, Remote Denial of Service (DoS), security-alert
• SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities, securityresearch
• SonicBB version 1.0 Multiple SQL Injection Vulnerabilities, securityresearch
• ifdate 2.* unauthorized administrative access bug, expw0rm
• [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution, Gerald (Jerry) Carter
• [ GLSA 200705-14 ] XScreenSaver: Privilege escalation, Raphael Marichez
• [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation, Gerald (Jerry) Carter
• MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities, securityresearch
• BTCrack 1.1 Heisec Release, Thierry Zoller
• [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability, Gerald (Jerry) Carter
• [security bulletin] HPSBGN02189 SSRT071297 rev.3 - ServiceGuard for Linux, Remote Unauthorized Access, security-alert
• IMF 2007 - Deadline Extension, Oliver Goebel
• Windows Vista: Non-privileged code can redirect shortcuts to intercept privilege elevation requests, robpaveza
• iDefense Security Advisory 05.14.07: Samba SAMR Change Password Remote Command Injection Vulnerability, iDefense Labs
• Apple Safari on MacOSX may reveal user's saved passwords, poplix
  • RE: Apple Safari on MacOSX may reveal user's saved passwords, Lucas, Mark J.
    • Re: Apple Safari on MacOSX may reveal user's saved passwords, stephen joseph butler
  • <Possible follow-ups>
  • RE: Apple Safari on MacOSX may reveal user's saved passwords, mailbox@xxxxxxxxxxxxxx
    • RE: Apple Safari on MacOSX may reveal user's saved passwords, samelinux
  • Re: RE: Apple Safari on MacOSX may reveal user's saved passwords, poplix
    • Re: Apple Safari on MacOSX may reveal user's saved passwords, David Cantrell
      • Re: Apple Safari on MacOSX may reveal user's saved passwords, graham . coles
        • Re: Apple Safari on MacOSX may reveal user's saved passwords, Ian Ward Comfort
        • Re: Apple Safari on MacOSX may reveal user's saved passwords, David Cantrell
          • Re: Apple Safari on MacOSX may reveal user's saved passwords, graham . coles
            • Re: Apple Safari on MacOSX may reveal user's saved passwords, poplix
              • Re: Apple Safari on MacOSX may reveal user's saved passwords, Kevin Finisterre (lists)
                • Re: Apple Safari on MacOSX may reveal user's saved passwords, poplix
          • Re: Apple Safari on MacOSX may reveal user's saved passwords, Mark Senior
  • RE: Apple Safari on MacOSX may reveal user's saved passwords, poplix
• ImI image file inclusion in script upload, spriteversus
• Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability, Michal Bucko (hackpl)
  • Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability, 3APA3A
    • Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability, Michal Bucko (hackpl)
• [USN-459-1] pptpd vulnerability, Kees Cook
• rPSA-2007-0098-1 samba samba-swat, rPath Update Announcements
• GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability, Fatih Ozavci
• [ GLSA 200705-15 ] Samba: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
• [ MDKSA-2007:104 ] - Updated samba packages fix multiple vulnerabilities, security
• Bypassing PFW/HIPS open process control with uncommon identifier, Matousec - Transparent security Research
• Jetbox CMS version 2.1 E-Mail Injection Vulnerability, securityresearch
  • <Possible follow-ups>
  • Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability, laurent . gaffie
• Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), Davide Del Vecchio
  • RE: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), Zhihao
  • Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), 3APA3A
    • Re[2]: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), Matthew Leeds
    • Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), Davide Del Vecchio
  • Re: [Full-disclosure] Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), Eduardo Tongson
  • Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60), diabol the japanophile
• [SECURITY] [DSA 1291-1] New samba packages fix multiple vulnerabilities, Noah Meyerhans
• FLEA-2007-0017-1: samba, Foresight Linux Essential Announcement Service
• ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability, zdi-disclosures
• ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability, zdi-disclosures
• ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability, zdi-disclosures
• ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability, zdi-disclosures
• ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability, zdi-disclosures
• [SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability, Noah Meyerhans
• [USN-460-1] Samba vulnerabilities, Kees Cook
• I, Bot. Taking advantage of robots power (Article), crossbower
• vbulletin < 3.6.6 [permanent xss], laurent . gaffie
• ANNOUNCE: RFIDIOt version 0.1m released (May 16th 2007), Adam Laurie
• Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability, secure
• CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe Vulnerabilities, Williams, James K
• rPSA-2007-0102-1 libpng, rPath Update Announcements
• VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability, john
• XSS vulnerability on various german online banking sites (sparkasse), Ulrich Keil
  • Re: XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION, Ulrich Keil
• TSLSA-2007-0017 - multi, Trustix Security Advisor
• [SECURITY] [DSA 1293-1] New quagga packages fix denial of service, Martin Schulze
• XCon2007 Call For Paper, XFOCUS Security Team
• [SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities, Noah Meyerhans
• [ GLSA 200705-16 ] PhpWiki: Remote execution of arbitrary code, Raphael Marichez
• [ GLSA 200705-17 ] Apache mod_security: Rule bypass, Raphael Marichez
• [security bulletin] HPSBTU02209 SSRT071323 rev.1 - HP Tru64 UNIX Running Secure Shell (SSH), Remote Unauthorized Identification of Valid Users, security-alert
• [security bulletin] HPSBMA02213 SSRT061214 rev.1 - HP Systems Insight Manager (SIM) for Windows, Remote Privileged Access and Arbitrary Code Execution, security-alert
• [OpenPKG-SA-2007.012] OpenPKG Security Advisory (samba), OpenPKG GmbH
• [security bulletin] HPSBST02214 SSRT071422 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-023 to MS07-029, security-alert
• [OpenPKG-SA-2007.013] OpenPKG Security Advisory (png), OpenPKG GmbH
• RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included), john
• [ MDKSA-2007:105 ] - Updated fetchmail packages fix potential APOP vulnerabilities, security
• FLEA-2007-0018-1: libpng, Foresight Linux Essential Announcement Service
• [USN-461-1] Quagga vulnerability, Kees Cook
• rPSA-2007-0104-1 idle python, rPath Update Announcements
• eSyndiCat Input Validation Error Vulnerability, hack2prison
• [OpenPKG-SA-2007.015] OpenPKG Security Advisory (quagga), OpenPKG GmbH
• Predictable TCP ISN in Packeteer PacketShaper, nnposter
• [OpenPKG-SA-2007.017] OpenPKG Security Advisory (ratbox), OpenPKG GmbH
• ACROS Security: Session Fixation Vulnerability in HP SIM 5.0, ACROS Security
• REWTERZ-20070518 - Authentication Bypass in Rational Soft's Hidden Administrator, rewterz security team
• VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability, VMware Security team
• [USN-436-2] KTorrent vulnerability, Kees Cook
• NASA Site Bug ( Check URI Input ), matrix
• [SECURITY] [DSA 1295-1] New php5 packages fix several vulnerabilities, Moritz Muehlenhoff
• [CVE-2007-1355] Tomcat documentation XSS vulnerabilities, Mark Thomas
• RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2, john
• RedLevel Advisory #016 - HLstats v1.35 Cross-Site Scripting Vulnerability, john
• [ MDKSA-2007:106 ] - Updated squirrelmailpackages fix vulnerabilities, security
• [ MDKSA-2007:107 ] - Updated evolution packages fix APOP weakness, security
• SimpGB v1.46.0 Remote File Include Exploit, the_3dit0r
• Simple Accessible XHTML Online News v4.6 Remote File Include Exploit, the_3dit0r
• Re: Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot -, webmaster
• Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities, securityresearch
  • RE: DDOS abuse contacts, test
• [USN-459-2] pptpd regression, Kees Cook
• Remedy for: Remot File Include In phpexplorator_2_0, tchouamou
• [SECURITY] [DSA 1281-2] New clamav packages fix denial of service vulnerability, Noah Meyerhans
• [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass, ISecAuditors Security Advisories
• RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability, john
• Jetbox CMS version 2.1 XSS Attack Vulnerability, securityresearch
• Security Videos, thejus_mb
• Oracle Forensics Part 4: Live Response, David Litchfield
• [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3, come2waraxe
• Remider: VNSECON 07 Call for Papers ends on June 08, rd
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets, Cisco Systems Product Security Incident Response Team
• RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities, john
• Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities, securityresearch
• [SECURITY] [DSA 1296-1] New php4 packages fix privilege escalation, Moritz Muehlenhoff
• GMTT Music Distro 1.2 XSS Exploit, corrado . liotta
• [security bulletin] HPSBUX02217 SSRT071337 rev.1 - HP-UX running Kerberos, Remote Arbitrary Code Execution, security-alert
• Q1 2007 Application Security Trends Report, Tom Stracener
• Cisco Security Advisory: Vulnerability In Crypto Library, Cisco Systems Product Security Incident Response Team
• [USN-460-2] Samba regression, Kees Cook
• [ GLSA 200705-18 ] PPTPD: Denial of Service attack, Sune Kloppenborg Jeppesen
• [Call for Participation] DIMVA 2007, Robin Sommer
• RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2, john
• [SECURITY] [DSA 1291-3] New samba packages fix regression, Moritz Muehlenhoff
• FINAL Call For Papers: Chaos Communication Camp 2007, Berlin, Paul Böhm
• RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3, john
• FLEA-2007-0019-1: python, Foresight Linux Essential Announcement Service
• phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy, the_3dit0r
• SQL-Injection in IP-TRACKING Mod for phpBB2.0.x, Cornelius Riemenschneider
• RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability, john
• Magic iso heap over flow <Help>, KaCo678
  • <Possible follow-ups>
  • Re: Magic iso heap over flow <Help>, v9
  • Re: Magic iso heap over flow <Help>, c0ntexb
• BoastMachine v3.0 platinum - Session İd Hacking, vagrant Pest
• NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
  • <Possible follow-ups>
  • Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, v9
    • Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
• ABC Excel Parser Pro v4.0 Remote File Include Exploit, the_3dit0r
• POC CODE - TI89 Titanium Resident EPO Calculator Virus (T89.GAARA), Piotr Bania
• [USN-462-1] PHP vulnerabilities, Kees Cook
• [ MDKSA-2007:108 ] - Updated gimp packages fix stack overflow in sunras plugin, security
• [USN-463-1] vim vulnerability, Kees Cook
• Secunia Research: eScan Products Agent Service Command Decryption Buffer Overflow, Secunia Research
• Q1 2007 Application Security Trends Report (Corrected Link), Tom Stracener
• Cisco CallManager 4.1 Input Validation Vulnerability, Stefan Friedli
  • RE: Cisco CallManager 4.1 Input Validation Vulnerability, Mark-David McLaughlin (marmclau)
• [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5, come2waraxe
• FreeBSD Security Advisory FreeBSD-SA-07:04.file, FreeBSD Security Advisories
• iDefense Security Advisory 05.23.07: Opera Software Opera Web Browser Transfer Item Pop-up Menu Stack Overflow Vulnerability, iDefense Labs
• rPSA-2007-0107-1 mysql mysql-bench mysql-server, rPath Update Announcements
• Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???, 3APA3A
  • RE: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???, kingcope
  • Message not available
    • Message not available
      • Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???, Richard Moore
  • Message not available
    • Re[2]: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???, 3APA3A
• rPSA-2007-0108-1 freetype, rPath Update Announcements
• FLEA-2007-0020-1: freetype, Foresight Linux Essential Announcement Service
• [ MDKSA-2007:109 ] - Updated tetex packages fix vulnerabilities, security
• [ MDKSA-2007:104-1 ] - Updated samba packages fix multiple vulnerabilities, security
• [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution, Moritz Muehlenhoff
• [OpenPKG-SA-2007.018] OpenPKG Security Advisory (freetype), OpenPKG GmbH
• n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbitrary Code Execution Advisory, security
• Vulnerability in Credant Mobile Guardian Shield for Windows, myucebox
• WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW), vagrant - e-hack.org
• Dart Communications PowerTCP Service Control (DartService.dll 3.1.3.3) remote buffer overflow, retrog
• FLEA-2007-0021-1: madwifi, Foresight Linux Essential Announcement Service
• FLEA-2007-0022-1: file, Foresight Linux Essential Announcement Service
• iDefense Security Advisory 05.24.07: Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability, iDefense Labs
• rPSA-2007-0109-1 file, rPath Update Announcements
• n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory, security
• GTP 3G © Gnuturk Portal System year=**&month= Cross-Site Scripting Vulnerability, vagrant - e-hack.org
• Multiple XSS in Digirez, xx_hack_xx_2004
• Pligg critical vulnerability, 242th section
  • Re: Pligg critical vulnerability, crazy frog crazy frog
• BoastMachine index.php Cross Site Scripting Vulnerability, newbinaryfile
• IE 6 / Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) remote buffer overflow, retrog
• Web Directory / Search Engine v2.0 Authentication Bypass/Database Download Vulne, pito pito
• Vulnerability - cpCommerce - XSS, jadoba
• TSLSA-2007-0019 - multi, Trustix Security Advisor
• iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities, iDefense Labs
• rtpBreak - detects, reconstructs and analyzes any RTP session, michele dallachiesa
• [OpenPKG-SA-2007.019] OpenPKG Security Advisory (php), OpenPKG GmbH
• webCMS_1.00 Database Disclosure Vulnerabilitiy, the_3dit0r
• [USN-465-1] PulseAudio vulnerability, Kees Cook
• Zindizayn Okul Web Sistemi v1.0 Sql VulnZ., g0rk3m-31
• [ GLSA 200705-19 ] PHP: Multiple vulnerabilities, Raphael Marichez
• RMForum Database Disclosure Vulnerabilitiy, the_3dit0r
• [ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation, Raphael Marichez
• n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory, security
• [SECURITY] [DSA 1298-1] New otrs2 packages fix cross-site scripting, Moritz Muehlenhoff
• Inout Meta Searh engine Remote Code Execution, BlackHawk
• RFI In Script FlashChat_v479, Raed
  • <Possible follow-ups>
  • Re: RFI In Script FlashChat_v479, the . tiger100
  • Re: RFI In Script FlashChat_v479, mailbox@xxxxxxxxxxxxxx
• DGNews version 2.1 Path Disclosure Vulnerability, securityresearch
• DGNews version 2.1 SQL Injection Vulnerability, securityresearch
  • <Possible follow-ups>
  • Re: DGNews version 2.1 SQL Injection Vulnerability, laurent . gaffie
• myEvent version 1.6 Multiple Path Disclosure Vulnerabilities, securityresearch
• Re: fx-APP Version 0.0.8.1, chiweeman
• DGNews version 2.1 XSS Attack Vulnerability, securityresearch
• Mac OS X vpnd local format string, NGSSoftware Insight Security Research
  • Re: Mac OS X vpnd local format string, lists
• [MajorSecurity Advisory #48]eggblog - Session fixation Issue, admin
• n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory, security
• Apache httpd vulenrabilities, Blazej Miga
• RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability, john
• [security bulletin] HPSBUX02087 SSRT4728 rev.5 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
• cpcommerce < v1.1.0 [sql injection], laurent . gaffie
• Full Path Disclosure in Almnzm, xx_hack_xx_2004
• Particle Blogger 1.2.1 SQL Injection, ls
• Practicle Gallery 1.0.1 XSS, ls
• [tool] Etherbat - Ethernet topology discovery, bugtraq
• [ GLSA 200705-21 ] MPlayer: Two buffer overflows, Raphael Marichez
• [ GLSA 200705-22 ] FreeType: Buffer overflow, Raphael Marichez
• n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service, security