Mail Thread Index

Date Index

[USN-466-1] freetype vulnerability, Kees Cook
MyBloggie 2.1.6 SQL Injection, ls
GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun), James Youngman
PHP JackKnife [multiple vulnerabilities], laurent . gaffie
[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200705-24 ] libpng: Denial of Service, Raphael Marichez
[ GLSA 200705-25 ] file: Integer overflow, Raphael Marichez
Re: Progress Webspeed exploit for all releases, sauge
[USN-467-1] Gimp vulnerability, Kees Cook
rPSA-2007-0112-1 firefox thunderbird, rPath Update Announcements
FLEA-2007-0023-1: firefox, Foresight Linux Essential Announcement Service
Z-Blog 1.7 Authentication Bypass Database Download Vulnerability, Raed
phpreactor <===1.2.7 remote file include, pito pito
[OpenPKG-SA-2007.020] OpenPKG Security Advisory (php), OpenPKG GmbH
SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow, Gerhard Wagner
PBSite - PHP Bulletin Site | CMS ====> RFI, pito pito
- <Possible follow-ups>
- PBSite - PHP Bulletin Site | CMS ====> RFI, pito pito
static XSS / SQL-Injection in Omegasoft Insel, MC Iglo
Prototype of an PHP application ===> RFI, pito pito
Full Path Disclosure in SendCard, xx_hack_xx_2004
n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory, security
[MajorSecurity Advisory #50]chameleon cms - Session fixation Issue, admin
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #50]chameleon cms - Session fixation Issue, admin
bugtraq submission, dr . rezen
- RE: bugtraq submission, Warner Moore
[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue, admin
Outpost Enforcing system reboot with 'outpost_ipc_hdr' mutex Vulnerability, Matousec - Transparent security Research
RevokeBB Blind SQL Injection / Hash Extractor, BlackHawk
Evenzia CMS XSS, glafkos
[USN-468-1] Firefox vulnerabilities, Kees Cook
jumping sudo using ptrace on Linux/i386, Trent Waddington
iDefense Security Advisory 06.01.07: Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability, iDefense Labs
Linker index.php - Cross-Site Scripting Vulnerability, vagrant - e-hack.org
MyEvent1.6 (template.php) Remote File Inclusion Vulnerability, yaser
- Re: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability, str0ke
  - Recent OpenSSL exploits, Ryan's spam address
Comdev Web Blogger 4.1 RFI Vulnerability, johnnytalker
Comdev eCommerce 4.1 RFI Vulnerability, johnnytalker
BCS'07 Call For Papers, Jim Geovedi
CACTUSHOP 6 Default Installation Allows Remote Database Disclosure, DoZ
S21Sec-035: F5 FirePass command execution vulnerability, S21sec Labs
Assorted browser vulnerabilities, Michal Zalewski
WebStudio Multiple XSS Vulnerabilities, glafkos
Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration, john
Re: Buffer overflow in BusinessMail email server system 4.60.00, iant
- Re: Buffer overflow in BusinessMail email server system 4.60.00, Steve Tornio
2007-06-03: PeerCast streaming server submits cleartext password, mpeg
Dansie Cart Script Exploit Reported, h0tturk
- <Possible follow-ups>
- Re: Dansie Cart Script Exploit Reported, Steven M. Christey
CERN İmage Map Dispatcher, h0tturk
uTorrent overflow, Dj . r4iDeN
- Re: uTorrent overflow, Jon Ribbens
  - Re: uTorrent overflow, Andreas Beck
  - Re: uTorrent overflow, Gavin Hanover
  - Message not available
    - Re: uTorrent overflow, Pavel Konov
- <Possible follow-ups>
- Re: uTorrent overflow, Dj . r4iDeN
n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory, security
n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory, security
My Datebook SQL Injection + XSS, ls
[SECURITY] [DSA 1291-4] New samba packages fix regression, Moritz Muehlenhoff
Unpatched input validation flaw in Firefox 2.0.0.4, Thor Larholm
FLEA-2007-0024-1: libexif, Foresight Linux Essential Advisory Service
SYM07-009,Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass and Potential Code Execution in Scheduler Service, secure
rPSA-2007-0114-1 mutt, rPath Update Announcements
rPSA-2007-0115-1 libexif, rPath Update Announcements
Re: [PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability, leo
Disinfectors for the calculator virus (ti89.Gaara), Piotr Bania
[ MDKSA-2007:110 ] - Updated php-pear packages fix directory traversal vulnerability, security
[ MDKSA-2007:113 ] - Updated mutt packages fix vulnerabilities, security
[ MDKSA-2007:115 ] - Updated clamav packages fix vulnerabilities, security
[security bulletin] HPSBUX02217 SSRT071337 rev.2 - HP-UX running Kerberos, Remote Arbitrary Code Execution, security-alert
TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability, TSRT
[ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow vulnerability, security
[ MDKSA-2007:111 ] - Updated util-linux packages address login access policies bypassing issue, security
TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability, TSRT
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability, TSRT
[security bulletin] HPSBUX02218 SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution, security-alert
ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability, zdi-disclosures
SYM07-012 Symantec Reporting Server elevation of privilege, secure
ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability, zdi-disclosures
[ GLSA 200706-01 ] libexif: Integer overflow vulnerability, Raphael Marichez
Comicsense SQL Injection Advisory/Exploit, s0cratex
SYM07-011 Symantec Reporting Server password disclosure, secure
[ MDKSA-2007:114 ] - Updated file packages fix vulnerabilities, security
[ MDKSA-2007:116 ] - Updated libpng packages fix vulnerability, security
[ MDKSA-2007:117 ] - Updated lha packages fix unsafe temporary files creation issue, security
[USN-469-1] Thunderbird vulnerabilities, Kees Cook
iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities, iDefense Labs
Announce - Release RFIDIOt ver 0.1n (June 2007), Adam Laurie
ASP Folder Gallery Vulnerabilities, hack2prison
Light Blog 4.1 XSS Vulnerability, ls
FLEA-2007-0021-2: madwifi, Foresight Linux Essential Announcement Service
[ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code, Raphael Marichez
IE 6/Microsoft Html Popup Window (mshtml.dll) DoS, no-reply
[ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code, Raphael Marichez
IE 6 / MS Office Outlook Express Address Book Activex DoS, no-reply
Remote log injection on DenyHosts, Fail2ban and BlockHosts, Daniel Cid
RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0, Oliver Goebel
Hnkaray Duyuru Script Remote SQL İnjection, Dj_ReMix_20
CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files, Dennis Rand
- Re: CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files, H D Moore
W1L3D4 WEBmarket Remote SQL İnjection, Dj_ReMix_20
Atom PhotoBlog v1.0.9 XSS vulnerability, ls
[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities, Williams, James K
WmsCMS < = 2.0 Multiple XSS Vulnerabilities, glafkos
Sudo: local root compromise with krb5 enabled, Thor Lancelot Simon
- Re: Sudo: local root compromise with krb5 enabled, Thor Lancelot Simon
  - MIT krb5: makes sudo authentication issue MUCH worse., Thor Lancelot Simon
- Re: Sudo: local root compromise with krb5 enabled, James Downs
  - Re: Sudo: local root compromise with krb5 enabled, Mark Senior
    - Re: Sudo: local root compromise with krb5 enabled, Todd C. Miller
- <Possible follow-ups>
- Re: Sudo: local root compromise with krb5 enabled, Ken Raeburn
  - Re: Sudo: local root compromise with krb5 enabled, Kyle Wheeler
    - Re: Sudo: local root compromise with krb5 enabled, Ken Raeburn
OWASP and WASC Cocktail party at Blackhat USA 2007, Anurag Agarwal
phpWebThings ==>1.5.2 RFI, titanichacker titanichacker
[SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service, dann frazier
- Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service, 3APA3A
  - Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service, dann frazier
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities, Moritz Muehlenhoff
Re: Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy, www
Re: LuckyBot v3 Remote File Include, info
Zen Help Desk ==> Version 2.1 Bypass/, titanichacker titanichacker
PHPMyDesk Beta Release 1.0b ==> RFI, titanichacker titanichacker
- <Possible follow-ups>
- Re: PHPMyDesk Beta Release 1.0b ==> RFI, the . tiger100
- Re: Re: PHPMyDesk Beta Release 1.0b ==> RFI, no-spam
CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow, Dennis Rand
Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007, Paul Böhm
Packeteer PacketShaper Web Management Denial of Service, nnposter
rPSA-2007-0117-1 gd php php-mysql php-pgsql, rPath Update Announcements
Wordpress default theme XSS (admin) and other problems, John Smith
[OpenPKG-SA-2007.021] OpenPKG Security Advisory (wordpress), OpenPKG GmbH
TSLSA-2007-0020 - clamav, Trustix Security Advisor
iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability, iDefense Labs
EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows, eEye Advisories
[ MDKSA-2007:118 ] - Updated libexif packages fix crash and possible arbitrary code execution issue, security
[USN-470-1] Linux kernel vulnerabilities, Kees Cook
vSupport Integrated Ticket System 3.*.* SQL injection, stormhacker
[SECURITY] [DSA 1301-1] New Gimp packages fix arbitrary code execution, Noah Meyerhans
myBloggie 2.1.5 Remote File Include, yaser
- <Possible follow-ups>
- Re: myBloggie 2.1.5 Remote File Include, the . tiger100
[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow, Steve Kemp
Cisco Trust Agent Vulnerability, adblake
[SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service, Steve Kemp
Maran Blog XSS vulnerability, ls
Serious holes affecting JFFNMS, Tim Brown
SpyBye 0.3 released, Niels Provos
WinPT User ID Spoofing Vulnerability, nnposter
Webwiz vulnerable, spymaster
[TOOL] w3af - Web Application Attack and Audit Framework, Andres Riancho
Project CERA Is Up Again : Secniche Initiative, Aditya K Sood
MLabs is Shifted Fully : SecNiche Initiative, Aditya K Sood
PHPMailer command execution, Thor Larholm
SECNICHE : Dwelling Security is On the Run, Aditya K Sood
[ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities, Raphael Marichez
[USN-439-2] file vulnerability, Kees Cook
[USN-471-1] libexif vulnerability, Kees Cook
[USN-472-1] libpng vulnerability, Kees Cook
[USN-473-1] libgd2 vulnerabilities, Kees Cook
Safari for Windows, 0day URL protocol handler command injection, Thor Larholm
- RE: [Full-disclosure] Safari for Windows,0day URL protocol handler command injection, Larry Seltzer
[SECURITY] [DSA 1306-1] New xulrunner packages fix several vulnerabilities, Moritz Muehlenhoff
PHP parse_str() arbitrary variable overwrite, gmdarkfig
- <Possible follow-ups>
- Re: PHP parse_str() arbitrary variable overwrite, admin
- Re: PHP parse_str() arbitrary variable overwrite, Steven M. Christey
  - Re: PHP parse_str() arbitrary variable overwrite, Chuck Swiger
- Re: Re: PHP parse_str() arbitrary variable overwrite, gmdarkfig
ZDI-07-036: Arris Cadant C3 CMTS Remote DoS Vulnerability, zdi-disclosures
[SECURITY] [DSA 1307-1] New OpenOffice.org packages fix arbitrary code execution, Martin Schulze
[security bulletin] HPSBUX02219 SSRT061273 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[ MDKSA-2007:119 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
Windows Oday release, Thomas Lim
- Re: Windows Oday release, ge
  - Re: Windows Oday release, Joanna Rutkowska
    - Re: [Full-disclosure] Windows Oday release, Jared DeMott
- <Possible follow-ups>
- Re: Windows Oday release, Steven M. Christey
  - Re: Windows Oday release, ge
    - Re: Windows Oday release, Hugo van der Kooij
[ MDKSA-2007:120 ] - Updated Firefox packages fix multiple vulnerabilities, security
ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability, zdi-disclosures
ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability, zdi-disclosures
Menu Manager Mod for WebAPP - No Input Filtering, web-app
- <Possible follow-ups>
- Re: Menu Manager Mod for WebAPP - No Input Filtering, webapp
iDefense Security Advisory 06.12.07: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability, iDefense Labs
[USN-474-1] xscreensaver vulnerability, Kees Cook
Apple Safari: cookie stealing, Robert Swiecki
- Re: [Full-disclosure] Apple Safari: cookie stealing, Michal Zalewski
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing, Robert Swiecki
  - Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing, Mark Senior
  - Re: Apple Safari: idn urlbar spoofing, Robert Swiecki
    - RE: [Full-disclosure] Apple Safari: idn urlbar spoofing, Larry Seltzer
      - Re: [Full-disclosure] Apple Safari: idn urlbar spoofing, Michal Zalewski
        
        Re: Apple Safari: idn urlbar spoofing, Robert Swiecki
iDefense Security Advisory 06.13.07: Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability, iDefense Labs
High risk vulnerability in OpenOffice RTF parser, NGSSoftware Insight Security Research
[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities, Moritz Muehlenhoff
FLEA-2007-0025-1: openoffice.org, Foresight Linux Essential Announcement Service
[ MDKSA-2007:121 ] - Updated freetype2 packages fix integer overflow vulnerability, security
[ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability, security
Singapore Gallery fullpath disclosure, hack2prison
[ MDKSA-2007:122 ] - Updated gd packages fix vulnerability, security
rPSA-2007-0119-1 spamassassin, rPath Update Announcements
[ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability, security
[CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager, Mark Thomas
Re: Re: BlackBoard Multiple Vulnerabilities (XSS), anonymous
[CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples, Mark Thomas
[SECURITY] [DSA 1308-1] New iceweasel packages fix several vulnerabilities, Moritz Muehlenhoff
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability, iDefense Labs
Elxis CMS <= 2006.4 - banner module - sql injection, Nico Leidecker
Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability, accounting
- Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability, John M. Martinelli
  - Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability, Jon Ribbens
ByPass In PortalApp, Raed
RFI In Script SH-News 3.1, Raed
[ MDKSA-2007:125 ] - Updated spamassassin packages fix possible DoS condition, security
Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue, nobody
- <Possible follow-ups>
- Re: Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue, motokochan
Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
rPSA-2007-0123-1 squirrelmail, rPath Update Announcements
rPSA-2007-0124-1 kernel xen, rPath Update Announcements
rPSA-2007-0126-1 util-linux, rPath Update Announcements
rPSA-2007-0122-1 evolution-data-server, rPath Update Announcements
[ GLSA 200706-05 ] ClamAV: Multiple Denials of Service, Raphael Marichez
Papoo CMS - Multiple Cross Site Scripting, Nico Leidecker
PhpListPro Persistent XSS Vulnerability, corrado . liotta
[ MDKSA-2007:126 ] - Updated Firefox packages fix multiple vulnerabilities, security
[SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities, dann frazier
Sitellite cms <= 4.2.12 RFI Vuln, CarcaBot
- <Possible follow-ups>
- Re: Sitellite cms <= 4.2.12 RFI Vuln, lux
Local Denial of Service in Safari, azizov
Having Fun With PostgreSQL, Nico Leidecker
- Re: Having Fun With PostgreSQL, Ray Stell
- Re: Having Fun With PostgreSQL, Frank Berek
[SECURITY] [DSA 1309-1] New PostgreSQL 8.1 packages fix privilege escalation, Moritz Muehlenhoff
[ MDKSA-2007:126-1 ] - Updated Firefox packages fix multiple vulnerabilities, security
[SECURITY] [DSA 1309-1] New libexif packages fix integer overflow, Steve Kemp
[SECURITY] [DSA 1310-1] New libexif packages fix integer overflow, Steve Kemp
WSPortal version 1.0 Path Disclosure Vulnerability, securityresearch
Utopia News Pro version 1.4.0 XSS Attack Vulnerability, securityresearch
WSPortal version 1.0 SQL Injection Vulnerability, securityresearch
[SECURITY] [DSA 1311-1] New PostgreSQL 7.4 packages fix privilege escalation, Moritz Muehlenhoff
[SECURITY] [DSA 1312-1] New libapache-mod-jk packages fix information disclosure, Moritz Muehlenhoff
ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection, 3APA3A
PHP hosting Biller, rm
[security bulletin] HPSBMA02224 SSRT071334 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Privileged Access, security-alert
Webif.cgi local file inclusion, maiosyet
fuzzylime (forum) XSS, rm
Fusetalk SQL injection submission., Charles Kim
iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability, iDefense Labs
FLEA-2007-0026-1: evolution-data-server, Foresight Linux Essential Announcement Service
[CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing, Mark Thomas
rPSA-2007-0127-1 fetchmail, rPath Update Announcements
fusetalk SQL (autherror.cfm), Ivan Almuina
CfP: 5th ACM Workshop on Recurring Malware (WORM) - Deadline extension, chris
iG Shop 1.4 eval Inclusion Vulnerability, ifx
MaraDNS denial of service vulnerabilities, jantunes
Persistent cross-site scripting in wordpress.com dashboard, Matteo Carli
Local File Include Vulnerabilities in YaBB <= 2.1(all version), krasza
[SECURITY] [DSA 1313-1] New MPlayer packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities, Moritz Muehlenhoff
[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution, Moritz Muehlenhoff
W1L3D4 WEBmarket v0,1 SQL Injection Vuln, crackers_child
[ GLSA 200706-06 ] Mozilla products: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200706-07 ] PHProjekt: Multiple vulnerabilities, Raphael Marichez
[ MDKSA-2007:127 ] - Updated apache packages fix mod_mem_cache issue, security
New post Topic Hijacking XSS All vBulletin v 3.x.x (2), stormhacker
- <Possible follow-ups>
- Re: New post Topic Hijacking XSS All vBulletin v 3.x.x (2), scott-REMOVE-
Comersus Shop Cart 7.07 SQL Injection & XSS, DoZ
Apache Prefork MPM vulnerabilities - Report, Blazej Miga
[ MDKSA-2007:129 ] - Updated jasper packages fix vulnerability, security
New Include Redirect Bug XSS All vBulletin v 3.x.x, stormhacker
- <Possible follow-ups>
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x, scott-REMOVE-
  - Re: New Include Redirect Bug XSS All vBulletin v 3.x.x, kaneda
- Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x, scott-REMOTE-
Pixy - An Open-Source Vulnerability Scanner for PHP Applications, pixy-noreply
FLEA-2007-0027-1: thunderbird, Foresight Linux Essential Announcement Service
[ MDKSA-2007:128 ] - Updated libexif packages fix integer overflow flaw, security
fusetalk CSS (comfinish.cfm), Ivan Almuina
fusetalk CSS (autherror.cfm), Ivan Almuina
[security bulletin] HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access, security-alert
[security bulletin] HPSBTU02218 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation, security-alert
HTTP SERVER (httpsv1.6.2) source code disclosure, imprili
MyServer-0.8.9 - source code disclosure, imprili
MyServer-0.8.9 - xss in sample cgi page, imprili
HTTP SERVER (httpsv1.6.2) 404 Denial of Service, imprili
[ MDKSA-2007:130 ] - Updated proftpd packages fix authentication bypass vulnerability, security
[ MDKSA-2007:131 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
[SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service, Steve Kemp
VLC 0.8.6b format string vulnerability & integer overflow, David Thiel
[ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities, security
NetClassifieds [multiple vulnerabilities], laurent . gaffie
[security bulletin] HPSBGN02199 SSRT071312 rev.3 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Executio, security-alert
HPSBST02231 SSRT071438 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-030 to MS07-035, security-alert
Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x, Steven M. Christey
- <Possible follow-ups>
- Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x, scott-REMOVE-
iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities, iDefense Labs
[ MDKSA-2007:133 ] - Updated emacs packages fix DoS vulnerability, security
[ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue, security
MS07-034: Executing arbitrary script with mhtml: protocol handler, HASEGAWA Yosuke
[USN-475-1] evolution-data-server vulnerability, Kees Cook
All Of the Mambo & Joomla Script Remote File Inclussion Bugs.., spymeta
[CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities, Williams, James K
eNdonesia 8.4 [multiple injection sql], laurent . gaffie
[USN-476-1] redhat-cluster-suite vulnerability, Kees Cook
FLEA-2007-0028-1: libexif, Foresight Linux Essential Announcement Service
[ MDKSA-2007:135 ] - Updated webmin packages fix XSS vulnerability, security
[SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow, Steve Kemp
[SECURITY] [DSA 1318-1] New ekg packages fix denial of service, Moritz Muehlenhoff
[SECURITY] [DSA 1319-1] New maradns packages fix denial of service, Moritz Muehlenhoff
[SECURITY] [DSA 1321-1] New evolution-data-server packages fix arbitrary code execution, Moritz Muehlenhoff
[SECURITY] [DSA 1320-1] New clamav packages fix several vulnerabilities, Moritz Muehlenhoff
[GOODFELLAS - VULN] BarCodeAx.dll v. 4.9 ActiveX Control Remote Stack Buffer Overflow, GOODFELLAS SRT
SHTTPD V1.38 server source code disclosure, imprili
Ingres Unauthenticated Pointer Overwrite 2, NGSSoftware Insight Security Research
Ingres verifydb local stack overflow, NGSSoftware Insight Security Research
KF Web Server 3.1.0 admin console XSS, imprili
- <Possible follow-ups>
- Re: KF Web Server 3.1.0 admin console XSS, support
Papoo CMS 3.6 - SQL Injection, Nico Leidecker
Ingres Unauthenticated Pointer Overwrite 1, NGSSoftware Insight Security Research
Ingres stack overflow in uuid_from_char function, NGSSoftware Insight Security Research
POWER PHLOGGER v.2.2.5 (username) SQL Injection, darkz . gsa
Ingres wakeup setuid(ingres) file truncation, NGSSoftware Insight Security Research
LiteWEB 2.7 404 Denial of Services, imprili
Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities, securityresearch
- <Possible follow-ups>
- Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities, securityresearch
Pluxml 0.3.1 Remote Code Execution Exploit, gmdarkfig
Safari Bookmarks Buffer Overflow Vulnerability, azizov
Calendarix version 0.7. 20070307 Multiple XSS Attacks, securityresearch
phpTrafficA < 1.4.2, laurent . gaffie
Papoo CMS 3.6 - Access Restriction Bypass, Nico Leidecker
Safari XMLHttpRequest HTTP header injection, Richard Moore
"run as" local denial-of-service enables administrative account processes to be killed, Eitan Caspi
- RE: "run as" local denial-of-service enables administrative account processes to be killed, James C. Slora Jr.
rPSA-2007-0131-1 libexif, rPath Update Announcements
[security bulletin] HPSBUX02225 SSRT071295 rev.1 - HP-UX Running Xserver, Local Denial of Service (DoS), security-alert
MyNews version 0.10 SQL Injection Vulnerability, securityresearch
Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities, securityresearch
[ISR] :: Infobyte Security Research :: release (ISR-sqlget.pl) v1.0.0, Francisco Amato
CFP: ISOI III (a DA workshop), Gadi Evron
rPSA-2007-0133-1 emacs emacs-leim, rPath Update Announcements
SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products, research
MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities, Tom Yu
MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow, Tom Yu
iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability, iDefense Labs
Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device, Calyptix Security
iDefense Security Advisory 06.26.07: RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability, iDefense Labs
[GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write, GOODFELLAS SRT
[ GLSA 200706-09 ] libexif: Buffer overflow, Raphael Marichez
[ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabilities, Raphael Marichez
[USN-477-1] krb5 vulnerabilities, Kees Cook
[ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities, security
[USN-478-1] libexif vulnerability, Kees Cook
SAP Web Dynpro Java (BC-WD-JAV) Vulnerability, Ivan Buetler
PHP 4/5 htaccess safemode and open_basedir Bypass, cxib
SAP Internet Communication Framework (BC-MID-ICF) Vulnerability, Ivan Buetler
[ MDKSA-2007:136 ] - Updated evolution packages fix vulnerability, security
Conti FTP Server v1.0 DoS, esc6
Openedge _mprosrv buffer overflow, suresync
HPSBTU02207 SSRT061239 rev.2 - HP Tru64 UNIX OpenSSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS), security-alert
Contact request - nVidia, john-lindsay
Juniper SBR V 6.0.1 CRL-Checking problem, USprotte
CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability, Henri Lindberg - Louhi Networks Oy
rPSA-2007-0135-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements
[GOODFELLAS - VULN] hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write., Goodfellas SRT
[SECURITY] [DSA 1322-1] New wireshark packages fix denial of service, Moritz Muehlenhoff
eTicket version 1.5.5 Path Disclosure Vulnerability, securityresearch
eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch
- <Possible follow-ups>
- Re: eTicket version 1.5.5 XSS Attack Vulnerability, sf
rPSA-2007-0136-1 httpd mod_ssl, rPath Update Announcements
FLEA-2007-0029-1: krb5 krb5-workstation, Foresight Linux Essential Announcement Service
XEForum Cookie Modification Privilege Escalation Vulnerability, Firewall1954
[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias
Secunia Research: Symantec Mail Security for SMTP Boundary Errors, Secunia Research
Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability, Secunia Research
[security bulletin] HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS), security-alert
FLEA-2007-0030-1: avahi avahi-glib avahi-sharp, Foresight Linux Essential Announcement Service
[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising, Steve Kemp
[SECURITY] [DSA 1323-1] New krb5 packages fix several vulnerabilities, Moritz Muehlenhoff
[USN-479-1] MadWifi vulnerabilities, Kees Cook
TSLSA-2007-0021 - kerberos5, Trustix Security Advisor
[SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution, Moritz Muehlenhoff
flac123 0.0.9 - Stack overflow in comment parsing, David Thiel
SQL Injection In Script VBZooM V1.12, RaeD
Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users), Airscanner Corp.

Mail converted by MHonArc