Buqtraq Archiv Dezember 2005

Date Index

MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
Re: DNS query spam, fugi
- Re: DNS query spam, Piotr Kamisiski
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Florian Weimer
- <Possible follow-ups>
- Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Mike Caudill
Re: What is wrong with these people?, Steve Shockley
PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution, retrogod
Re: WebCalendar Multiple Vulnerabilities, craig
Sunbelt set to acquire Kerio Personal Firewall, Paul Laudanski
- Re: Sunbelt set to acquire Kerio Personal Firewall, Nick Boyce
Re: Opera 8.50 DoS with simple java applet, Yngve N. Pettersen (Developer Opera Software ASA)
[security bulletin] SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS), security-alert
WebCalendar Multiple Vulnerabilities., lwang
Microsoft Windows CreateRemoteThread Exploit, q7x
- Re: Microsoft Windows CreateRemoteThread Exploit, Anton
- <Possible follow-ups>
- RE: Microsoft Windows CreateRemoteThread Exploit, Michael Wojcik
- Re: Re: Microsoft Windows CreateRemoteThread Exploit, warl0ck
[SECURITY] [DSA 914-1] New horde2 packages fix cross-site scripting, Martin Schulze
[DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue, Uwe Hermann
[DRUPAL-SA-2005-007] Drupal 4.6.4 / 4.5.6 fixes XSS issue, Uwe Hermann
Edgewall Trac SQL Injection Vulnerability, David Maciejak
[USN-220-1] w3c-libwww vulnerability, Martin Pitt
[SECURITY] [DSA 913-1] New gdk-pixbuf packages fix several vulnerabilities, Martin Schulze
Perl format string integer wrap vulnerability, robert
[DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue, Uwe Hermann
Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution, Martin Schulze
phpMyChat Multiple XSS vulnerabilities., secresearch
SEC Consult SA-20051202-1 :: GMX Webmail XSS, Sec Consult Research
SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs, Sec Consult Research
SEC Consult SA-XXXXXXXXXXX, Bernhard Mueller
- 22nd CCC conference in Berlin, Harry Behrens
Format String Vulnerabilities in Perl Programs, Steven M. Christey
[xfocus-SD-051202]openMotif libUil Multiple vulnerability, alert7@xxxxxxxxxx
[USN-221-1] racoon vulnerability, Martin Pitt
[USN-222-1] Perl vulnerability, Martin Pitt
WinEggDropShell Multiple Remote Stack Overflow, Sowhat
MDKSA-2005:223 - Updated webmin package fixes format string vulnerability, Mandriva Security Team
[OpenPKG-SA-2005.026] OpenPKG Security Advisory (lynx), OpenPKG
MDKSA-2005:221 - Updated spamassassin packages fixes vulnerability, Mandriva Security Team
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1
- <Possible follow-ups>
- eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1
[OpenPKG-SA-2005.025] OpenPKG Security Advisory (perl), OpenPKG
Alisveristr E-Commerce Admin Login SQL İnjection, B3g0k
Re: WebCalendar, Louis Wang
MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities, Mandriva Security Team
[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php), OpenPKG
[Updated] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers
QNX 4.25 suided dhcp.client binary, lms
DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability', KF (lists)
PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure, xer0x . west
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:, retrogod
more MD5 colliding examples, Gerardo Richarte
[security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd Local Unauthorized Access, security-alert
[USN-223-1] Inkscape vulnerability, Martin Pitt
[scip_Advisory] e107 v0.6 rate.php manipulation, Marc Ruef
have you ever been BluePIMped?, KF (lists)
[USN-180-2] MySQL 4.1 vulnerability, Martin Pitt
Blog System v1.2 Multiple SQL Injection Vulnerabilities, vipsta
Outpost24 Public Security Note: Linux/Elxbot, David Jacoby
Buffer Overflow in MultiTech VoIP Implementations, SecurityLab Research
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067), Marcus Meissner
Horde IMP Webmail Client XSS all versions, Igor
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability, iDEFENSE Labs
[USN-224-1] Kerberos vulnerabilities, Martin Pitt
[USN-225-1] Apache 2 vulnerability, Martin Pitt
Critical Myspace.com Vulnerabilites, silentproducts
[KAPDA::#15] - ThWboard multiple vulnerabilities, alireza hassani
SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew, unitedasia
SugarSuite Open Source <= 4.0beta Remote code execution, retrogod
[SECURITY] [DSA 916-1] New Inkscape packages fix arbitrary code execution, Martin Schulze
Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability, Stefan Esser
Advisory 24/2005: libcurl URL parsing vulnerability, Stefan Esser
Mobile Antivirus Researchers Assoc. Call for White Papers, contact . removethis
DRZES HMS XSS and SQL Injection Vulnerabilities, vipsta
Journal of Computer Virology-Call for Papers, Saeed Abu Nimeh
[security bulletin] SSRT4884 HP-UX TCP/IP Remote Denial of Service (DoS), security-alert
[KDE Security Advisory] multiple buffer overflows in kpdf/koffice, Dirk Mueller
[ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200512-01 ] Perl: Format string errors can lead to code execution, Sune Kloppenborg Jeppesen
[security bulletin] SSRT5954 Revised - HP-UX TCP/IP Remote Denial of Service (DoS), security-alert
[security bulletin] SSRT051037 HP-UX Running IPSec Remote Unauthorized Access, security-alert
iDefense Security Advisory 12.07.05: Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability, labs-no-reply@xxxxxxxxxxxx
Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), contact . removethis
-Exploiting Freelist[0] On Windows XP Service Pack 2-, Brett Moore
[SECURITY] [DSA 917-1] New courier packages fix unauthorised access, Martin Schulze
3com product security hole, jaime . blasco
- Re: 3com product security hole, Nicob
- <Possible follow-ups>
- Re: 3com product security hole, Juha-Matti Laurio
Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, retrogod
- <Possible follow-ups>
- Re: Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, ryan
= 1.2.6d blind SQL injection / remote commands execution:, retrogod
[security bulletin] SSRT051069 - HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code, security-alert
TSLSA-2005-0070 - multi, Trustix Security Advisor
[TKPN2005-12-001] Multiple critical vulnerabilities in MyBB, tk
[KAPDA::#16] - SMF SQL Injection, alireza hassani
- <Possible follow-ups>
- Re: [KAPDA::#16] - SMF SQL Injection, grudge
  - Re: [KAPDA::#16] - SMF SQL Injection, ascii
- Re: Re: [KAPDA::#16] - SMF SQL Injection, retrogod
- Re: Re: [KAPDA::#16] - SMF SQL Injection, polnby
- Re: Re: [KAPDA::#16] - SMF SQL Injection, Steven M. Christey
- Re: Re: Re: [KAPDA::#16] - SMF SQL Injection, grudge
Milliscript 1.4 Multiple Vulnerabilities, NaPa
[USN-226-1] Courier vulnerability, Martin Pitt
MDKSA-2005:224 - Updated curl package fixes format string vulnerability, Mandriva Security Team
[SECURITY] [DSA 918-1] New osh packages fix privilege escalation, Martin Schulze
iDefense Security Advisory 12.09.05: Ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
MDKSA-2005:225 - Updated perl package fixes format string vulnerability, Mandriva Security Team
PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer, H D Moore
Motorola SB5100E Cable Modem DoS, Алексей Синцов
Apani Network Response to ISAKMP cert-fi:7710 Alert, mkuch
Flatnuke 2.5.6 privilege escalation / remote commands execution exploit, retrogod
MDKSA-2005:206-1 - Updated openvpn packages fix multiple vulnerabilities, Mandriva Security Team
DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, Major Malfunction
- Re: [DCG] DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, racerx
Torrential 1.2 Directory Traversal, Shell
[SECURITY] [DSA 919-1] New curl packages fix potential security problem, Martin Schulze
BTGrup Admin WebController Script SQL injection, khc
IMOEL CMS Sql password discovery, silversmith
- <Possible follow-ups>
- Re: IMOEL CMS Sql password discovery, Steven M. Christey
[ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Guestserver guestbook system vulnerabilities, jaakko
[scip_Advisory] NetGear RP114 Flooding Denial of Service, Marc Ruef
- Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService, Morning Wood
- Re: [scip_Advisory] NetGear RP114 Flooding Denial of Service, Thierry Zoller
oracle not only offeder - researchers NOT responsible?, Gadi Evron
[USN-227-1] xpdf vulnerabilities, Martin Pitt
SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook, Johannes Greil
iDEFENSE Security Advisory 12.12.05: SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Re: Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service, JHannah01
SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution, SEC Consult Research
Arab Portal v2 Beta2 SQL Injections, stranger-killer
[PHP-CHECKER] 99 potential SQL injection vulnerabilities, php-checker
- Re: [PHP-CHECKER] 99 potential SQL injection vulnerabilities, Andy Lindeman
- <Possible follow-ups>
- [PHP-CHECKER] 99 potential SQL injection vulnerabilities, Yichen Xie
[USN-228-1] curl library vulnerability, Martin Pitt
Status on PGP NTFS File Wipe issue, 11 Dec 2005, Jon Callas
[OpenPKG-SA-2005.028] OpenPKG Security Advisory (curl), OpenPKG
[USN-222-2] Perl vulnerability, Martin Pitt
[USN-229-1] Zope vulnerability, Martin Pitt
[SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution, Martin Schulze
[EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Advisories
- Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Joshua Russel
  - Message not available
    - Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Tom Ferris
  - Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Ron
[ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, Thierry Carrez
- Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, Paul Wouters
  - Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, VANHULLEBUS Yvan
phpCOIN 1.2.2 multiple vulnerabilities, retrogod
MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail, Mandriva Security Team
Secunia Research: Internet Explorer Suppressed "Download Dialog" Vulnerability, Secunia Research
ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug, liz0
RE: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Marc Maiffret
LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution, retrogod
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
[OpenPKG-SA-2005.029] OpenPKG Security Advisory (apache), OpenPKG
Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler
- Re: Countering Trusting Trust through Diverse Double-Compiling, Mike Lisanke
  - Re: Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler
Disclosure timelines from vendors - a promising practice?, Steven M. Christey
Bypass XSS filter in PHPNUKE 7.9=>x, max
- Re: Bypass XSS filter in PHPNUKE 7.9=>x, Paul Laudanski
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure, labs-no-reply@xxxxxxxxxxxx
DIMVA 2006 - 2nd Call for Papers, Thomas Biege
SUSE Security Announcement: php4, php5 (SUSE-SA:2005:069), Ludwig Nussel
[ GLSA 200512-05 ] Xmail: Privilege escalation through sendmail, Thierry Carrez
[SECURITY] [DSA 921-1] New Linux 2.4.27 packages fix several vulnerabilities, Martin Schulze
Business Objects WebIntelligence 6.5x Account Lockout and System DoS, mkemp4
RLA ("Remote LanD Attack"), Synister Syntax
- Message not available
  - Re: RLA ("Remote LanD Attack"), Synister Syntax
    - Message not available
    - Message not available
    - Re: RLA ("Remote LanD Attack"), Synister Syntax
- <Possible follow-ups>
- RE: RLA ("Remote LanD Attack"), Roger A. Grimes
- RE: RLA ("Remote LanD Attack"), Patrick Galligan
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:068), Marcus Meissner
CodeCon submission deadline reminder, Len Sassaman
[USN-230-1] ffmpeg vulnerability, Martin Pitt
Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability, Secunia Research
Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation, Thierry Carrez
[ GLSA 200512-06 ] Ethereal: Buffer overflow in OSPF protocol dissector, Thierry Carrez
iDefense Security Advisory 12.14.05: Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability, labs-no-reply@xxxxxxxxxxxx
[SECURITY] [DSA 922-1] New Linux 2.6.8 packages fix several vulnerabilities, Martin Schulze
MDKSA-2005:227 - Updated ethereal packages fix vulnerability, Mandriva Security Team
MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team
Patches available for IBM AIX flaws, NGSSoftware Insight Security Research
- Re: Patches available for IBM AIX flaws, David Litchfield
- <Possible follow-ups>
- Re: Patches available for IBM AIX flaws, Shiva Persaud
Notacon Call for Proposals open, Paul Schneider
Metasploit Framework v3.0 Alpha Release 1, H D Moore
CYBSEC - Security Advisory: Watchfire AppScan QA Remote Code Execution, Mariano Nuñez Di Croce
MarmaraWeb E-commerce Remote Command Exucetion, B3g0k
MarmaraWeb E-commerce Script Cross Site Scripting, B3g0k
[security bulletin] SSRT4728 rev.1 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
AIX Heap Overflow paper, David Litchfield
Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability, Owen Dhu
Bios Information Leakage, Jonathan Brossard
- Re: Bios Information Leakage, Ron van Daal
[ GLSA 200512-09 ] cURL: Off-by-one errors in URL handling, Sune Kloppenborg Jeppesen
[USN-230-2] ffmpeg/xine-lib vulnerability, Martin Pitt
[ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200512-07 ] OpenLDAP, Gauche: RUNPATH issues, Thierry Carrez
phpCOIN-1.2.2-Full-2005 SQL Injection, stranger-killer
ZRCSA-200505: libremail - "pop.c" Format String Vulnerability, deepfear
DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping', Kevin Finisterre
iDefense Security Advisory 12.16.05: Citrix Program Neighborhood Name Heap Corruption Vulnerability, labs-no-reply@xxxxxxxxxxxx
DoS in Cisco Clean Access, alex
Advisory: XSS in WebCal (v1.11-v3.04), Stan Bubrouski
exploit (html) for Advanced Guestbook 2.2, irc0d3r
Update on the PGP NTFS File Wipe Issue, 16 Dec 2005, Jon Callas
Bug in HC, hackeriri
Fullpath disclosure in roundcube webmail, king_purba
- <Possible follow-ups>
- Re: Fullpath disclosure in roundcube webmail, Steven M. Christey
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit, inge . henriksen
phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., Alice Bryson
- <Possible follow-ups>
- Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., michal
[SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution, Martin Schulze
[FLSA-2005:152787] Updated redhat-config-nfs package fixes security issue, Marc Deslauriers
[FLSA-2005:152832] Updated lynx package fixes security issues, Marc Deslauriers
[FLSA-2005:152870] Updated a2ps package fixes security issue, Marc Deslauriers
[FLSA-2005:155510] Updated gtk2 packages fixes security issues, Marc Deslauriers
[FLSA-2005:166939] Updated openssl packages fix security issues, Marc Deslauriers
[FLSA-2005:168326] Updated util-linux and mount packages fix security issue, Marc Deslauriers
[ GLSA 200512-10 ] Opera: Command-line URL shell command injection, Thierry Carrez
Authenticated EIGRP DoS / Information leak, Andrew A. Vladimirov
Making unidirectional VLAN and PVLAN jumping bidirectional, Andrew A. Vladimirov
- <Possible follow-ups>
- Re: Making unidirectional VLAN and PVLAN jumping bidirectional, Clayton Kossmeyer
about phpMyAdmin's server_privileges.php announced vulnerability, Marc Delisle
[security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS), security-alert
MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM, Mandriva Security Team
[FLSA-2005:152892] Updated enscript package fixes security issues, Marc Deslauriers
Symantec Antivirus Library Remote Heap Overflows, list
- <Possible follow-ups>
- Re: Symantec Antivirus Library Remote Heap Overflows, ltr
iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass, darkz . gsa
iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite, labs-no-reply@xxxxxxxxxxxx
[security bulletin] SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access, security-alert
[ GLSA 200512-11 ] CenterICQ: Multiple vulnerabilities, Thierry Carrez
Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability, info
Re: Unauthenticated EIGRP DoS, Paul Oxman (poxman)
Acidcat ASP CMS Multiple Vulnerabilities, h e
PHPGedView <= 3.3.7 remote code execution, retrogod
[Overflow.pl] Blender BlenLoader Integer Overflow, Damian Put
Secunia Research: Pegasus Mail Buffer Overflow and Off-by-One Vulnerabilities, Secunia Research
IRM 014: Sygate Protection Agent 5.0 vulnerability - A low privileged user can disable the security agent, Advisories
IRM 013: Ultraapps Issue Manager is vulnerable to Privilege Escalation, Advisories
IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack, Advisories
MDKSA-2005:234 - Updated sudo packages fix vulnerability, Mandriva Security Team
Call for Paper - VI National Computer and Information Security Conference - COLOMBIA, Jeimy José Cano Martínez
[Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy, service
Workshop "Dependability Aspects in DWH and Mining applications"Deadline:15-01-06, Manh Tho
[ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day
- <Possible follow-ups>
- [ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day@xxxxxxxxxx
Tolva PHP website system Remote File Include, beford
security patch for Linux Kernel 2.6, breno
[Security-Advisories@xxxxxxxxxxx: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others], Andrew Griffiths
mIRC buffer overflow, Crowdat Kurobudetsu
Vulnerability in Metadot portal server allows users to gain administrative privileges, Gerry Chng
[KAPDA::#17] - beehiveforum Script Injection, alireza hassani
Re: XSS bypass in PHPNuke - FIX ?, Paul Laudanski
[SECURITY] [DSA 924-1] New nbd packages fix potential arbitrary code execution, Martin Schulze
Cisco Security Response: DoS in Cisco Clean Access, Clayton Kossmeyer
WinRAR - Processing Filename Incorrectly Vulnerability, agoanywhere
XSS vulnerabilities in Google.com, Watchfire Research
VMware vulnerability in NAT networking, vmware-security-alert
iDefense Security Advisory 12.21.05: Macromedia JRun 4 Web Server URL Parsing Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, ovt
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, 3APA3A
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, Eloy A. Paris
MDKSA-2005:235 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348), ma+bt
[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities, Martin Schulze
CYBSEC - Security Advisory: httprint Multiple Vulnerabilities, Mariano Nuñez Di Croce
Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Reed Arvin
iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
[USN-231-1] Linux kernel vulnerabilities, Martin Pitt
Webwasher CSM Appliance Script Security Restriction Bypass, d0t v0rt3x
- <Possible follow-ups>
- RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau
XSS&Sql injection attack in PHP-Fusion 6.00.3 Released, krasza
[ GLSA 200512-12 ] Mantis: Multiple vulnerabilities, Stefan Cornelius
[TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB, tk
[SECURITY] [DSA 926-2] New ketm packages fix privilege escalation, Martin Schulze
Multiple Network-related Vulnerabilities in Electric Sheep, MichaelAiello
Electric Sheep window-id stack overflow, MichaelAiello
MDKSA-2005:236 - Updated fetchmail packages fix vulnerability, Mandriva Security Team
MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64, Mandriva Security Team
Dev web management system <= 1.5 SQL injection / cross site scripting, retrogod
[SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation, Martin Schulze
CFP - IT Underground 2006, Prague, Czech Republic, Piotr Sobolewski
Found new bug, hackeriri
[ GLSA 200512-13 ] Dropbear: Privilege escalation, Stefan Cornelius
Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure, contact . removethis
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #1, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #2, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #3, bugtraq
Multiple Translation websites Cross Site Scripting vulnerability: Google, Altavista, IBM, freetranslation, worldlingo, etc, simo
Obsidis n1 released!, angelo
Cerberus Helpdesk multiple vulnerabilities., A. Ramos
[ GLSA 200512-15 ] rssh: Privilege escalation, Stefan Cornelius
Secunia Research: IceWarp Web Mail Multiple File Inclusion Vulnerabilities, Secunia Research
[SECURITY] [DSA 927-1] New tkdiff packages fix insecure temporary file creation, Martin Schulze
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio
Malware sample site, mvalsmith
Is this a new exploit?, noemailpls
- Re: Is this a new exploit?, H D Moore
- <Possible follow-ups>
- Re: Is this a new exploit?, redxii1234
- Re: Is this a new exploit?, Andreas Marx
- RE: Is this a new exploit?, Portz, Jon
MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability, Mandriva Security Team
Exploitation of Windows WMF on the web, Daniel Bonekeeper
- <Possible follow-ups>
- Re: Exploitation of Windows WMF on the web, psgw
[BUGZILLA] Security advisory for Bugzilla < 2.16.11, David Miller
RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Paul
- RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Jim Serino
[ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library, Thierry Carrez
WMF Exploit, davidribyrne
- <Possible follow-ups>
- WMF Exploit, davidribyrne
- RE: WMF Exploit, Hayes, Bill
  - RE: WMF Exploit, Bill Busby
    - Re: WMF Exploit, Paul Laudanski
    - RE: WMF Exploit, Paul
    - Re: WMF Exploit, Frank Knobbe
- WMF exploit, ninjapicook
- RE: WMF Exploit, Derick Anderson
- RE: WMF Exploit, Discussion Lists
PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion, retrogod
[SECURITY] [DSA 927-2] New tkdiff packages fix insecure temporary file creation, Martin Schulze
Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass, contact . removethis
Black Hat Federal and Europe Call for Papers, Jeff Moss
[ GLSA 200512-17 ] scponly: Multiple privilege escalation issues, Thierry Carrez
rssh: root privilege escalation flaw, Derek Martin
phpbb2.0.19 fixes security issues, Paul Laudanski
Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research
Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
WTF??, veil_of_darkness
- Re: WTF??, Nick FitzGerald
- <Possible follow-ups>
- Re: WTF??, anthony . aykut
Yahoo mail Cross Site Scripting vulnerability, simo
WMF browser-ish exploit vectors, Evans, Arian
- Re: WMF browser-ish exploit vectors, Nick FitzGerald
[KAPDA::#18] - WebWiz Products SQL Injection, advisory
MyBB XSS cross-site scripting, addmimistrator
MyBB 1.0 SQL injection in uploading file, addmimistrator
[ GLSA 200512-18 ] XnView: Privilege escalation, Thierry Carrez
Recruitment Software allows MySQL credentials disclosure, Rafael San Miguel Carrasco
Dumb IE6/XP denial of service found on the web, 8ux1fpd02
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability, Mandriva Security Team
Mapping and Remote manipulation of databases, Gandalf The White
WMF: New Metasploit Framework Module, H D Moore

Mail converted by MHonArc