Mail Thread Index
- [ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities,
Robert Buchholz
- [ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code,
Robert Buchholz
- [ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution,
Pierre-Yves Rofes
- Bitweaver source code disclosure, arbitrary file upload,
admin
- Fingerprints in Astaro Security Gateway v7.1,
morin . josh
- [ GLSA 200712-22 ] Opera: Multiple vulnerabilities,
Pierre-Yves Rofes
- Re: Re: Cryptome: NSA has real-time access to Hushmail servers,
gb
- Re: Cryptome: NSA has real-time access to Hushmail servers,
John Simpson
- Re: Cryptome: NSA has real-time access to Hushmail servers,
Lee Dilkie
- RE: Re: Cryptome: NSA has real-time access to Hushmail servers,
M. Burnett
- <Possible follow-ups>
- RE: Cryptome: NSA has real-time access to Hushmail servers,
Juha-Matti Laurio
- Re: Cryptome: NSA has real-time access to Hushmail servers,
Seth
- RE: Cryptome: NSA has real-time access to Hushmail servers,
Kevin Reiter
- Re: Cryptome: NSA has real-time access to Hushmail servers,
mark seiden-via mac
- Re: Cryptome: NSA has real-time access to Hushmail servers,
J. Oquendo
- RE: Cryptome: NSA has real-time access to Hushmail servers,
Craig Wright
- RE: Cryptome: NSA has real-time access to Hushmail servers,
Thor (Hammer of God)
- Re: Cryptome: NSA has real-time access to Hushmail servers,
Jay Hennigan
- Re: Cryptome: NSA has real-time access to Hushmail servers,
Rob Thompson
- milliscripts (dir.php) Cross-Site Scripting Vulnerability,
sys-project
- LiveCart Multiple Cross-Site Scripting Vulnerabilities,
DoZ
- Instant Softwares DatingSite SQL Injection,
The-0utl4w-noreply
- Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities,
oldguy
- [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise,
zinho
- Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search,
Audun Larsen
- MODx CMS Source code disclosure, local file inclusion,
admin
- XSS Vulnerabilities in Common Shockwave Flash Files,
rich cannings
- Buffer-overflow and format string in White_Dune 0.29beta791,
Luigi Auriemma
- phpBB2 2.0.22 Cross Site Scripting Vulnerability,
bugtraq
- Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003,
Luigi Auriemma
- AST-2008-001: Crash from transfer using BYE with Also header,
Asterisk Security Team
- Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication,
avivra
- [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access,
security-alert
- xss in w3-msql error page,
vivek_infosec
- [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities,
security
- RE: Latest round of web hacking incidents for 2007 & Project news,
Memisyazici, Aras
- [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service,
Moritz Muehlenhoff
- rPSA-2008-0001-1 dovecot,
rPath Update Announcements
- multiple CAPTCHA automation test bypass digest,
3APA3A
- [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- securityvulns.com russian vulnerabilities digest,
3APA3A
- [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1445-1] New maradns packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- rPSA-2008-0004-1 tshark wireshark,
rPath Update Announcements
- FortiGuard: URL Filtering Application Bypass Vulnerability,
Danux
- Multiple vulnerabilities in yaSSL 1.7.5,
Luigi Auriemma
- Some DoS in some telnet servers,
Luigi Auriemma
- Pre-auth buffer-overflow in mySQL through yaSSL,
Luigi Auriemma
- iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability,
iDefense Labs
- rPSA-2008-0006-1 libexif,
rPath Update Announcements
- NetRisk 1.9.7 Remote File Inclusion Vulnerability,
erne
- INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT,
underwater
- [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service,
security
- [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error,
Steve Kemp
- rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi,
rPath Update Announcements
- [SECURITY] [DSA 1450-1] New util-linux packages fix programming error,
Steve Kemp
- [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code,
Steve Kemp
- rPSA-2008-0008-1 cups,
rPath Update Announcements
- [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution,
Steve Kemp
- Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207,
Robbie Gill
- vBulletin 3.6.8 XSRF/XSS Vulnerability,
nbbn
- eTicket 1.5.5.2 Multiple Vulnerabilities,
L4teral
- [HSC] Snitz Forums Multiple Vulnerabilities,
DoZ
- netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss),
hadihadi_zedehal_2006
- OneCMS Vulnerabilities,
admin
- New Web Hacking Incidents at WHID,
Ofer Shezaf
- [Reversemode Paper] Exploiting WDM Audio Drivers,
Reversemode
- [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Moritz Muehlenhoff
- Linksys WRT54 GL - Session riding (CSRF),
tomaz . bratusa
- SocialURL Login Page Cross-Site Scripting,
morin . josh
- PostgreSQL 2007-01-07 Cumulative Security Release,
Josh Berkus
- [SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service,
Steve Kemp
- [SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- LayerOne 2008 - CFP Released,
Layer One
- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.,
p4imi0
- CORE-2007-1106: SynCE Remote Command Injection,
CORE Security Technologies Advisories
- [SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution,
Moritz Muehlenhoff
- PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes.,
Reed Arvin
- PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes,
Reed Arvin
- iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability,
iDefense Labs
- VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages,
VMware Security team
- [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities,
security
- [USN-560-1] Tomboy vulnerability,
Jamie Strandboge
- sysHotel On Line Remote File Disclosure Vulnerability.,
p4imi0
- VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1,
VMware Security team
- Corsaire Security Advisory: Sun J2RE DoS issue,
advisories
- HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
- HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
- Level-One WBR-3460A Grants Root Access,
anastasiosm
- Joomla 1.0.13 CSRF,
J. Carlos Nieto
- [SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems,
Steve Kemp
- ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow,
Robert Buchholz
- LFI in Tuned Studios Templates,
Digital Security Research Group [DSecRG]
- [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution,
security-alert
- First (Major) web hacking incidents for 2008. Sign of the year to come?,
Ofer Shezaf
- [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS,
infocus
- [USN-562-1] opal vulnerability,
Kees Cook
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues,
security
- Privileg escalation in Omegasoft Insel 7,
MC Iglo
- [ GLSA 200801-01 ] unp: Arbitrary command execution,
Robert Buchholz
- [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities,
security
- Pre-auth remote commands execution in SAP MaxDB 7.6.03.07,
Luigi Auriemma
- [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected,
infocus
- [USN-561-1] pwlib vulnerability,
Kees Cook
- [USN-564-1] Net-SNMP vulnerability,
Jamie Strandboge
- [ GLSA 200801-02 ] R: Multiple vulnerabilities,
Pierre-Yves Rofes
- [USN-563-1] CUPS vulnerabilities,
Kees Cook
- iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability,
iDefense Labs
- [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation,
Pierre-Yves Rofes
- [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service,
Thijs Kinkhorst
- [ GLSA 200801-05 ] Squid: Denial of Service,
Pierre-Yves Rofes
- [USN-565-1] Squid vulnerability,
Kees Cook
- [ GLSA 200801-04 ] OpenAFS: Denial of Service,
Pierre-Yves Rofes
- [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities,
security
- [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure,
Thijs Kinkhorst
- uCon 2008 call for participation - Recife, Brazil,
ucon
- Simple Machines Forum Cross-Site Scripting Vulnerabilities,
DoZ
- PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager,
ProCheckUp Research
- [USN-566-1] OpenSSH vulnerability,
Kees Cook
- Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit,
info
- [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities,
Robert Buchholz
- BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP,
Adrian P
- Word 2007 Email as PDF path disclosure flaw,
ebk_lists
- Buffer-overflow in Quicktime Player 7.3.1.70,
Luigi Auriemma
- MTCMS <=2.0 SQL Injection Vulnerbility,
hadihadi_zedehal_2006
- [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability,
Noah Meyerhans
- [ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability,
security
- [USN-567-1] Dovecot vulnerability,
Kees Cook
- re-resting of zzuf results,
Hanno Böck
- At long last -- Extra Outlooks!,
Thor (Hammer of God)
- [ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities,
security
- SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability,
sp3x
- SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability,
sp3x
- ImageAlbum Remote SQL Injection Vulnerabilities,
db
- CFP: EuroSec Workshop (March 31st, 2008),
Stefano Zanero
- Member Area System (MAS) Remote File Include Vulnerability (view_func.php),
ship_nx
- Naymz multiple XSS,
morin . josh
- Cross site scripting (XSS) in Moodle 1.8.3,
Hanno Böck
- [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability,
security
- [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities,
security
- Safari 2 Denial of Service,
S21sec labs
- [ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration,
security
- [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- Garment Center (index.cgi) Local File Inclusion,
Smasher
- [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation,
Moritz Muehlenhoff
- what is this?,
crazy frog crazy frog
- F5 BIG-IP Web Management List Search XSS,
nnposter
- [ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration,
security
- [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities,
Moritz Muehlenhoff
- SQID v0.3 - SQL Injection Digger.,
Metaeye SG
- RE: At long last - Extra Outlooks!,
Thor (Hammer of God)
- [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection,
Thijs Kinkhorst
- ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability,
zdi-disclosures
- Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily,
sys-project
- Hacking The Interwebs,
pdp (architect)
- [SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [USN-568-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service,
Moritz Muehlenhoff
- [security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002,
security-alert
- [ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities,
security
- [ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module,
security
- FreeBSD Security Advisory FreeBSD-SA-08:01.pty,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-08:02.libc,
FreeBSD Security Advisories
- [USN-569-1] libxml2 vulnerability,
Kees Cook
- Defeating audio captcha systems,
"JosŽé M. Palazón Romero"
- Country by Country ISA Computer Sets,
Thor (Hammer of God)
- Exploiting the SpamBam plugin for wordpress,
"JosŽé M. Palazón Romero"
- SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS),
sp3x
- Article DashBoard all version SQL Injection Vulnerability,
xcross87
- Max's File Uploader File Upload Vulnerability,
xcross87
- MicroNews Admin Direct Access vulnerability,
xcross87
- Pipe to FOR Crashes CMD,
James C. Slora Jr.
- iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities,
iDefense Labs
- [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service,
Moritz Muehlenhoff
- [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities,
Digital Security Research Group [DSecRG]
- RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit,
sys-project
- rPSA-2008-0015-1 cairo,
rPath Update Announcements
- cPanel Hosting Manager (dohtaccess.html),
no-reply
- rPSA-2008-0016-1 postgresql postgresql-server,
rPath Update Announcements
- [DSECRG-08-002] Local File Include in arias 0.99-6,
Digital Security Research Group [DSecRG]
- rPSA-2008-0017-1 libxml2,
rPath Update Announcements
- 8e6 Technologies R3000 Internet Filter Bypass by Request Split,
nnposter
- TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability,
DVLabs
- [Aria-Security.Net] Real Estate Web SQL Injection,
no-reply
- iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability,
iDefense Labs
- Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow,
Cisco Systems Product Security Incident Response Team
- mcGuestbook v1.2 Remote File Inc.,
gokhankaya
- Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5,
Luigi Auriemma
- Country by Country Computer Sets now available for ISA 2004,
Thor (Hammer of God)
- [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10,
come2waraxe
- TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability,
DVLabs
- SQL scalar function to convert big int to dot notation,
Thor (Hammer of God)
- [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10,
come2waraxe
- Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit,
sys-project
- [ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities,
security
- [USN-570-1] boost vulnerabilities,
Jamie Strandboge
- [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities,
security
- [security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update,
security-alert
- [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution,
Steve Kemp
- JoomlaFlash Component Multiple Remote File Inclusion,
Smasher
- PHPEchoCMS Multible remote vulnerabilitis,
security
- rPSA-2008-0018-1 mysql mysql-bench mysql-server,
rPath Update Announcements
- Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples,
linlei99
- [ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities,
security
- rPSA-2008-0021-1 kernel,
rPath Update Announcements
- [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution,
Steve Kemp
- Re: Utimaco Safeguard Easy vulnerability,
benleavett
- Clever Copy <=3.0 Multiple Remote Vulnerabilities,
hadihadi_zedehal_2006
- [CSNC] OKI C5510MFP Printer Password Disclosure,
Adrian Leuenberger
- RE: Skype videomood XSS,
avivra
- CORE-2007-1119: CORE FORCE Kernel Buffer Overflow,
CORE Security Technologies Advisories
- iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability,
iDefense Labs
- ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability,
zdi-disclosures
- IMF 2008 - Call for Papers,
Oliver Goebel
- [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH),
Robert Scheck
- [USN-571-1] X.org vulnerabilities,
Kees Cook
- Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities,
houssamix
- New search engine for exploits,
Security Basic
- common dns misconfiguration can lead to "same site" scripting,
Tavis Ormandy
- SocksCap Stack Overflow (<= 2.40-051231),
azizov
- Making big money...,
jmacaranas
- Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm,
michael . lambie
- MyBB 1.2.11 Multiple XSRF Vulnerabilities,
nbbn
- [USN-572-1] apt-listchanges vulnerability,
Kees Cook
- [USN-571-2] X.org regression,
Kees Cook
- [SECURITY] [DSA 1466-2] New xorg-server packages fix regression,
Moritz Muehlenhoff
- BitDefender Update Server - Unauthorized Remote File Access Vulnerability,
oliver karow
- [SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities,
Thijs Kinkhorst
- Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure,
admin
- [SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- Php Search Remote Inclusion,
effectiveness63
- AXIGEN 5.0.x AXIMilter Format String Exploit,
hempel
- MegaBBS ASP Forum Cross-Site Scripting,
grossman
- WifiZoo v1.3 released (minor release),
Hernan Ochoa
- Flaw in Alice gate2 pluswifi adsl modem,
wargame89
- boastMachine <=3.1 SQL Injection Vulnerbility,
hadihadi_zedehal_2006
- [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities,
Robert Buchholz
- Pass-The-Hash Toolkit v1.2 released.,
Hernan Ochoa
- Call Jacking: Phreaking the BT Home Hub,
Adrian P
- [ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code,
Robert Buchholz
- BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include,
رومانسي هكر
- [SECURITY] [DSA 1470-1] New horde3 packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution,
Moritz Muehlenhoff
- Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability,
gmdarkfig
- [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities,
Robert Buchholz
- [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01,
come2waraxe
- [ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities,
security
- [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11,
come2waraxe
- [SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution,
Moritz Muehlenhoff
- PR07-38: XSS on sIFR,
ProCheckUp Research
- [ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability,
security
- Some hashes for the record,
Sergio 'shadown' Alvarez
- Troopers 08 Security Conference, Call for Papers,
Enno Rey
- [SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution,
Florian Weimer
- [ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities,
security
- PacerCMS Multiple Vulnerabilities (XSS/SQL),
db
- Belong Site Builder 0.1b Bypass Admincp,
رومانسي هكر
- DeluxeBB 1.1 XSS Vulnerabilitie,
nbbn
- XSRF under Dean’s Permalinks Migration 1.0,
g30rg3_x
- Apache mod_negotiation Xss and Http Response Splitting,
Minded Security Research Labs
- SDL_Image 1.2.6 and prior GIF handling buffer overflow,
Gynvael Coldwind
- PHP 5.2.5 cURL safe_mode bypass,
cxib
- [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS),
security-alert
- UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages,
VMware Security team
- Web Wiz Forums Directory traversal,
admin
- Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server,
admin
- Web Wiz NewsPad Directory traversal,
admin
- [ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities,
security
- Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Default Passwords in the Application Velocity System,
Cisco Systems Product Security Incident Response Team
- Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities,
Felipe M. Aragon
- Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities,
Felipe M. Aragon
- Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability,
Felipe M. Aragon
- Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability,
nbbn
- [SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution,
Moritz Muehlenhoff
- [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities,
Raphaël Marichez
- [SECURITY] [DSA 1444-2] New php5 packages fix regression,
Moritz Muehlenhoff
- PIX Privilege Escalation Vulnerability,
tbbunn
- [ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities,
security
- ImageShack Toolbar FileUploader Class insecurities,
retrog
- [ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities,
security
- [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities,
security
- [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities,
security
- [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability,
security
- Tiger PHP News System SQL Injection,
0in . email
- iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability,
iDefense Labs
- rPSA-2008-0029-1 bind bind-utils,
rPath Update Announcements
- rPSA-2008-0030-1 CherryPy,
rPath Update Announcements
- iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability,
iDefense Labs
- phpBB 2.0.22 Remote PM Delete XSRF Vulnerability,
nbbn
- Pre Hotel and Resorts reservation portal login bypass,
milad_sa2007
- E-SMART CART bypass,
milad_sa2007
- Pre Dynamic Institution bypass,
milad_sa2007
- [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure),
Admin
- gdb bug,
digit2004
- C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability,
Eyal Udassin
- C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow,
Eyal Udassin
- C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution,
Eyal Udassin
- [ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities,
security
- Two vulnerabilities for PatchLink Update Client for Unix.,
lcashdol
- [ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability,
security
- [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting,
Thijs Kinkhorst
- Tool availability - browser DOM Checker,
Michal Zalewski
- F5 BIG-IP Web Management ASM Security Report XSS,
nnposter
- PhPress-0.3.0 Read All Sql Information For Config,
r2t
- phpIP 4.3.2 - Numerous SQL Injection Vulnerablities,
Charles Hooper
- Metasploit Framework v3.1 Released,
H D Moore
- [SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation,
Moritz Muehlenhoff
- Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS,
admin
- [ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code,
Robert Buchholz
- [ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability,
Robert Buchholz
- Facebook security contact,
Alexander Sotirov
- ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.,
p4imi0
- [SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution,
Moritz Muehlenhoff
- eTicket 'index.php' Cross Site Scripting Path Vulnerability,
Alessandro Tanasi
- [ GLSA 200801-13 ] ngIRCd: Denial of Service,
Robert Buchholz
- [ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code,
Robert Buchholz
- ASPired2Protect bypass,
milad_sa2007
- WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability,
nbbn
- CORE-2007-1219: Firebird Remote Memory Corruption,
Core Security Technologies Advisories
- VB Marketing "tseekdir.cgi" Local File Inclusion,
Sw33t . h4cK3r
- Uninformed Journal Release Announcement: Volume 9,
Uninformed Journal
- [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Moritz Muehlenhoff
- Re: Exploit in IE6,7,
Nick FitzGerald
- Advisory: Tripwire Enterprise/Server XSS Vulnerability,
Liquidmatrix Security Digest
- [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities,
Raphael Marichez
- CSRF/XSS in Sungard Banner,
banner
- Remote File Disclosure in phpCMS 1.2.2,
Digital Security Research Group
- Nucleus 3.31 XSS in path,
Digital Security Research Group
- PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities,
nbbn
- [!!FIX Information ] Nucleus 3.31 XSS in path,
Digital Security Research Group
- AmpJuke-0.7.0 (index.php) Xss VuLn.,
g0rk3m-31
- Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340),
Daniel Roethlisberger
- Recent Web Hacks: WHID update for Janury 30th 2008,
Ofer Shezaf
- tinyBB v0.2 Message Board Remote File Inc.,
g0rk3m-31
- [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14,
come2waraxe
- Webspell 4.01.02 2 Vulnerabilites,
nbbn
- [ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service,
Raphael Marichez
- [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service,
Raphael Marichez
- [ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities,
security
- Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj.,
g0rk3m-31
- Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability,
Cisco Systems Product Security Incident Response Team
- PeteFinnigan.com Limited advisory for Oracle January 2008 CPU,
Pete Finnigan
- rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
- [ GLSA 200801-20 ] libxml2: Denial of Service,
Pierre-Yves Rofes
- [ GLSA 200801-19 ] GOffice: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution,
Pierre-Yves Rofes
- [ GLSA 200801-22 ] PeerCast: Buffer overflow,
Pierre-Yves Rofes
- contactforms "cforms-css.php" Remote File Inclusion,
Sw33t . h4cK3r
Mail converted by MHonArc