Buqtraq Archiv Juni 2006

Date Index

Re: Fire fox dos exploit, anoni . mouse
- Re: Fire fox dos exploit, Ronald van den Blink
- <Possible follow-ups>
- Re: Fire fox dos exploit, pagvac
- RE: Fire fox dos exploit, Andy
  - RE: Fire fox dos exploit, Sanjay Rawat
    - RE: Fire fox dos exploit, Jaroslaw Sajko
- Re: Fire fox dos exploit, Ronald van den Blink
- Re: Fire fox dos exploit, Yannick von Arx
- Re: Re: Fire fox dos exploit, vincenzo . ampolo
- Re: Fire fox dos exploit, Phil Trainor
- Re: Fire fox dos exploit, Aaron Hopkins
- Re: Re: Fire fox dos exploit, al4321
rPSA-2006-0087-1 kernel, Justin M. Forbes
SUSE Security Announcement: rug (SUSE-SA:2006:029), Thomas Biege
Internet explorer Vulnerbility, Mr . Niega
- Re: Internet explorer Vulnerbility, Alexander Sotirov
- RE: Internet explorer Vulnerbility, Peter Kruse
- Re: Internet explorer Vulnerbility, Hariharan
- <Possible follow-ups>
- Internet Explorer vulnerbility, Mr . Niega
  - Re: Internet Explorer vulnerbility, Andrei Ponomarev
  - Re: Internet Explorer vulnerbility, Michael N. Telnov
- RE: Internet Explorer vulnerbility, Greg Merideth (Forward Technology)
  - Re: RE: Internet Explorer vulnerbility, Charles Hamby
[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution, Steve Kemp
[security bulletin] HPSBUX02122 SSRT061158 rev.1 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
multiple file inclusion exploits in ovidentia v5.8.0, black code
- <Possible follow-ups>
- multiple file inclusion exploits in ovidentia v5.8.0, black-cod3
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv, FreeBSD Security Advisories
ishopcart cgi 0day and multiple vulnerabilities, bugtraq
TAL RateMyPic v1.0, luny
Snort HTTP Inspect Pre-Processor Uricontent Bypass, Christian Swartzbaugh
Squirrelmail local file inclusion, brokejunker
- Re: Squirrelmail local file inclusion, Paul Schmehl
- <Possible follow-ups>
- Re: Squirrelmail local file inclusion, Steven M. Christey
  - Re: Squirrelmail local file inclusion, pauls
SyScan'06 - The Hackers' Conference in Asia, thomas48
[SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities, Martin Schulze
- Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities, Thomas Dickey
Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue, advisories
Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., rgod
- <Possible follow-ups>
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., nukedx
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., Steven M. Christey
[ MDKSA-2006:094 ] - Updated evolution packages fix DoS (crash) vulnerability on certain messages., security
CA Forum Remote SQL Injection, omnipresent
Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues, Arne Vidstrom
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities, Yannick von Arx
Re: PHPSimple Choose v0.3, prattmic
northstudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability, Jessica Hope
Re: my Web Server << v-1.0 Denial of Service Exploit, Steven M. Christey
VMSA-2006-0002 - VMware Server sensitive information lifetime issue, VMware Security Team
Weblog Oggi v1.0, luny
PHP ManualMaker v1.0, luny
Bytehoard 2.1 Remote File Include, beford
newsfactory Cross Site Scripting & SQL injection, CrAzY . CrAcKeR
Re: Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., mikes
Redaxo CMS <= 3.2 Remote File Include, beford
New Snort Bypass - Patch - Bypass of Patch, Sigint Consulting
- Re: New Snort Bypass - Patch - Bypass of Patch, M. Dodge Mumford
  - Re: New Snort Bypass - Patch - Bypass of Patch, M. Dodge Mumford
    - Re: New Snort Bypass - Patch - Bypass of Patch, Pukhraj Singh
aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit, ajannhwt
MyTrueHood.com - XSS, luny
[SECURITY] [DSA 1086-1] New xmcd packages fix denial of service, Martin Schulze
new bug, webmaster
Pro Publish SQL Injection and XSS Vulnerabilities, Soothackers
# MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, erne ayaz
- <Possible follow-ups>
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, nukedx
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, Steven M. Christey
[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue, Uwe Hermann
[DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue, Uwe Hermann
[DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue, Uwe Hermann
[DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue, Uwe Hermann
rPSA-2006-0091-1 firefox thunderbird, Justin M. Forbes
Pixelpost <= 1-5rc1-2 multiple vulnerabilities, rgod
[SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities, Martin Schulze
[ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution, eufrato
Critical SQL Injection in CoolForum, gmdarkfig
[SECURITY] [DSA 1088-1] New centericq packages fix arbitrary code execution, Martin Schulze
Blackhat USA 2006 - Review , remarks and proposal agenda, newslist@xxxxxxxxxxxxxxxxxxxxxx
LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability, ajannhwt
- <Possible follow-ups>
- LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability, ajannhwt
phpBB2 (template.php) Remote File Inclusion, canberx
- RE: phpBB2 (template.php) Remote File Inclusion, Scrouaf _
- Re: phpBB2 (template.php) Remote File Inclusion, ad@xxxxxxxxxxxxxxxx
  - Re: phpBB2 (template.php) Remote File Inclusion, Jessica Hope
  - Re: phpBB2 (template.php) Remote File Inclusion, Aaron Klein
  - Re: phpBB2 (template.php) Remote File Inclusion, Paul Laudanski
[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability, admin
[SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution, Martin Schulze
DotClear <= 1.2.4 'blog_dc_path' (php5) arbitrary remote inclusion, rgod
LifeType <=1.0.4 'articleId' SQL injection, rgod
Re: WBB<--v2.3.4"misc.php" SQL injection Vulnerability, nukedx
Re: OaBoard 1.0 Remote File inclusion, Botan Rizgar
Re: [Info Disclosure] Diesel PHP Job Site Latest Version, John F Flynn III
- Re: [Info Disclosure] Diesel PHP Job Site Latest Version, Ronald van den Blink
Re: phpFoX All Version Login Exploit, purefan
VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue, VMware Security Team
Timberland Search XSS Vulnerability, try_og
New <<BackTrack release announcement, Max Moser
SMS "messages.php" SQL injection, CrAzY . CrAcKeR
XSS in ICQ.com, sn4k3 . 23
- <Possible follow-ups>
- Re: XSS in ICQ.com, 321_321
- Re: XSS in ICQ.com, 321_321
- Re: XSS in ICQ.com, 321_321
Client buffer-overflow in Quake 3 engine (1.32c / rev 795), Luigi Auriemma
Bookmark4U Remote File Include, selfar2002
- Re: Bookmark4U Remote File Include, str0ke
# MHG Security Team ---Rumble 1.02 version Remote File Inc., erne
- <Possible follow-ups>
- # MHG Security Team ---Rumble 1.02 version Remote File Inc., MSN : erne [at] ernealizm [dot] com
Re: [Full-disclosure] bug in oscomerce, Frank Laszlo
CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion, SpC-x
Multiple Vendor NTFS Data Stream Malware Stealth Technique, Joxean Koret
- <Possible follow-ups>
- Re: Multiple Vendor NTFS Data Stream Malware Stealth Technique, Andreas Marx
  - Re: Multiple Vendor NTFS Data Stream Malware Stealth Technique, Gadi Evron
LabWiki v1.0, luny
Kmita FAQ v1.0, luny
TSLSA-2006-0032 - multi, Trustix Security Advisor
FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit, ajannhwt
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability, ajannhwt
Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker, Stefan Esser
Re: [Full Disclosure] [Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability, mac68k
[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability, admin
- <Possible follow-ups>
- Re: [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability, admin
Personal Information Disclosure/Account Hijacking Vulerability in mafia online games, Ulrich Keil
[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability, admin
Dmx Forum <= v2.1a Remote Passwords Disclosure, gmdarkfig
[Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability, mac68k
[Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability, mac68k
[KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection, farhadkey
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Tobias Kreidl
- Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Kurt Seifried
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Ray Van Dolson
    - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Jose Ramirez
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Bojan Zdrnja
ASPScriptz Guest Book 2.0 XSS, omnipresent
Re: PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn, k . reznichak
file include in Xtreme Downloads v.1.0, gamr-14
Multiple file include exploits in Xtreme Downloads v.1.0, black code
Particle Gallery v1.0.0, luny
Partial Links v1.2.2, luny
ParticleSoft Whois v1.0.3, luny
ParticleSoft Wiki v1.0.2, luny
[ MDKSA-2006:095 ] - Updated libtiff packages fixes tiffsplit vulnerability, security
GANTTy v1.0.3, luny
Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix, Matt Riddell (IT)
IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, IRM Advisories
- <Possible follow-ups>
- Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, phil . mccracken
  - Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, Hayden Searle
    - Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, alberto
[SECURITY] [DSA 1090-1] New spamassassin packages fix remote command execution, Martin Schulze
libgd 2.0.33 infinite loop in GIF decoding ?, rocheml
- Re: libgd 2.0.33 infinite loop in GIF decoding ?, Xavier Roche
[ GLSA 200606-02 ] shadow: Privilege escalation, Sune Kloppenborg Jeppesen
Re: Buffer-overflow and crash in Fenice OMS 1.10, giampaolo . mancini
bug on showwich.asp, ip . chat
BloggIT <= 1.01 (admin.php) Arbitrary code execution, Federico Fazzi
TinyPHP forum <= 3.6 Remote Command Execution Exploit, hessamx
Re: WebCalendar-1.0.3 reading of any files, craig
XSS on LarkinWEB & Company, spymeta
ADVISORY - D-Link Wireless Access-Point, news
[HV-LOW] Microsoft NetMeeting memory corruption (Brief), vuln
[ GLSA 200606-03 ] Dia: Format string vulnerabilities, Sune Kloppenborg Jeppesen
rPSA-2006-0096-1 spamassassin, Justin M. Forbes
[ GLSA 200606-05 ] Pound: HTTP request smuggling, Sune Kloppenborg Jeppesen
Vice Stats 0.5b SQL injection, CrAzY . CrAcKeR
MyBB 1.1.2 New XSS, o . y . 6
[ GLSA 200606-04 ] Tor: Several vulnerabilities, Sune Kloppenborg Jeppesen
[FLSA-2006:189137-1] Updated mozilla packages fix security issues, Marc Deslauriers
[ GLSA 200606-01 ] Opera: Buffer overflow, Sune Kloppenborg Jeppesen
aWebNews <= 1.0 (login.php) Remote DocumentRoot file disclosure, Federico Fazzi
- Re: aWebNews <= 1.0 (login.php) Remote DocumentRoot file disclosure, str0ke
MiraksGalerie <= 2.62 Multiple Remote command execution, Federico Fazzi
- <Possible follow-ups>
- MiraksGalerie <= 2.62 Multiple Remote command execution, Federico Fazzi
[FLSA-2006:190777] Updated X.org packages fix security issue, Marc Deslauriers
[FLSA-2006:190941] Updated ipsec-tools package fixes security issue, Marc Deslauriers
[FLSA-2006:190884] Updated squirrelmail package fixes security issues, Marc Deslauriers
[FLSA-2006:189137-2] Updated firefox package fixes security issues, Marc Deslauriers
Calendar Express 2 SQL injection, CrAzY . CrAcKeR
[ MDKSA-2006:096 ] - Updated openldap packages fixes buffer overflow vulnerability., security
[ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability., security
PBL Guestbook v1.31 - XSS, luny
[ MDKSA-2006:098 ] - Updated postgresql packages fixes SQL injection vulnerabilities., security
Mafia Moblog Full Path Disclosure / SQL injection, simo64
Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns, luny
Chemical Directory - XSS, luny
Easy Ad-Manager, luny
[NOBYTES.COM: #12] ViArt Shop v2.5.5 - XSS Vulnerability, John Cobb
[ GLSA 200606-06 ] AWStats: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service, Martin Schulze
[MajorSecurity #10]i.List <= 1.5 - XSS, admin
E-Dating System from scriptsez.net - XSS, luny
Ez Ringtone Manager from scriptez.net - XSS, luny
GUESTEX guestbook code execution, root
Tikiwiki 1.9.3.2 security release, marc
Uninformed Journal Release Announcement: Volume 4, Uninformed Journal
Mathcad Area Lock Vulnerability, bugtraq
NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure, gmdarkfig
Back-end = 0.7.2.1 (jpcache.php) Remote command execution, Federico Fazzi
PHP-Nuke <= 7.9 Search XSS Vulnerability, try_og
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability, Paul Laudanski
- <Possible follow-ups>
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability, try_og
[SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution, Martin Schulze
Re: phpBannerExchange 2.0 Directory Traversal Vulnerability, mopeygoff
bug of script injection in shoutcast servers, mantasjadzevicius
Re: Tiny Web Gallery <= 1.4 XSS, tinywebgallery
Ie opera dos exploit, co296
- Re: Ie opera dos exploit, Daniel Hoffmann
- Re: Ie opera dos exploit, Nathaniel Hasenfus
cms-bandits 2.5, Remote command execution, Federico Fazzi
[USN-289-1] tiff vulnerabilities, Martin Pitt
rPSA-2006-0098-1 gdm, Justin M. Forbes
[USN-291-1] FreeType vulnerabilities, Martin Pitt
'Multiple Sql injection and XSS in integramod portal, ahwaz
[SECURITY] [DSA 1092-1] New MySQL 4.1 packages fix SQL injection, Martin Schulze
[security bulletin] HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert
[security bulletin] HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert
SSL VPNs and security, Michal Zalewski
- Re: SSL VPNs and security, Amit Klein (AKsecurity)
- Message not available
  - Re: SSL VPNs and security, E Mintz
- Message not available
  - Re: SSL VPNs and security, Michal Zalewski
    - Re: SSL VPNs and security, E Mintz
- Re: SSL VPNs and security, Eloy Paris
- <Possible follow-ups>
- Re: SSL VPNs and security, wnorth
- Re: SSL VPNs and security, thanekamp
  - Re: SSL VPNs and security, Michal Zalewski
[USN-295-1] xine-lib vulnerability, Martin Pitt
[ GLSA 200606-07 ] Vixie Cron: Privilege Escalation, Sune Kloppenborg Jeppesen
[USN-294-1] courier vulnerability, Martin Pitt
[SECURITY] [DSA 1094-1] New gforge packages fix cross-site scripting, Moritz Muehlenhoff
okscripts.com - XSS Vulns, luny
Dell Openmanage CD Vulnerability, wiz561
- <Possible follow-ups>
- RE: Dell Openmanage CD Vulnerability, Michael Scheidell
iFoto v0.20-06/06/06, luny
- <Possible follow-ups>
- Re: iFoto v0.20-06/06/06, aizu . ikmal
phazizGuestbook v2.0 - XSS, luny
[USN-292-1] binutils vulnerability, Martin Pitt
[USN-293-1] gdm vulnerability, Martin Pitt
Docebo CMS 3.0.3, Remote command execution, Federico Fazzi
Docebo Core 3.0.3, Remote command execution, Federico Fazzi
mole.com.ua Booking Script, luny
mole.com.ua Ticket Booking Script - XSS, luny
Docebo Kms 3.0.3, Remote command execution, Federico Fazzi
Re: DGbook v1.0 - XSS, diangemilang
MobeSpace v2.0 - XSS, luny
Docebo Lms 3.0.3, Remote command execution, Federico Fazzi
[ GLSA 200606-08 ] WordPress: Arbitrary command execution, Sune Kloppenborg Jeppesen
Secunia Research: SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities, Secunia Research
Secunia Research: AutoMate unacev2.dll Buffer Overflow Vulnerability, Secunia Research
TinyMuw v1.0 - XSS, luny
PHP-Nuke Download Module Remote SQL Injection, BuNy-m
Contensis CMS XSS vunerability, smigofthedump
[USN-288-3] PostgreSQL client vulnerabilities, Martin Pitt
[USN-288-2] PostgreSQL server/client vulnerabilities, Martin Pitt
CORE-2006-0327: IAXclient truncated frames vulnerabilities, Core Security Technologies advisories
Windows Software Restriction Policy Protection Bypass, 3APA3A
- Re: [Full-disclosure] Windows Software Restriction Policy Protection Bypass, Dinis Cruz
- RE: Windows Software Restriction Policy Protection Bypass, Roger A. Grimes
P.A.I.D v2.2, luny
ST AdManager Lite v1, luny
0verkill 0.6, Remote integer overflow, Federico Fazzi
TSLSA-2006-0034 - multi, Trustix Security Advisor
[USN-296-1] firefox vulnerabilities, Martin Pitt
[Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability, mac68k
CORE-2006-0330: Asterisk PBX truncated video frame vulnerability, Core Security Technologies advisories
rPSA-2006-0099-1 openldap openldap-clients openldap-servers, Justin M. Forbes
[SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities, Martin Schulze
Ringlink v3.2 - XSS, luny
fx-APP Version 0.0.8.1, luny
Tempinbox.com, luny
AsianXO.com - XSS with cookie data include, luny
[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS, admin
[KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability, farhadkey
[MajorSecurity #12]ZMS<= 2.9 - XSS, admin
[MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS, admin
[MajorSecurity #14]CFXe-CMS <= 2.0 - XSS, admin
Joomla! 1.0 Remote File Inclusion, c4nberx
ERRATA: [ GLSA 200604-10 ] zgv: Heap overflow, Sune Kloppenborg Jeppesen
Call For Papers - No cON Name 2006 Edition Spain, Jose Nicolas Castellano
igloo DoubleSpeak v 0.1 Multiple remote file inclusion, aminrayden
- Re: igloo DoubleSpeak v 0.1 Multiple remote file inclusion, str0ke
[ GLSA 200606-10 ] Cscope: Many buffer overflows, Sune Kloppenborg Jeppesen
Diaryland.com - XSS, luny
[ GLSA 200606-11 ] JPEG library: Denial of Service, Sune Kloppenborg Jeppesen
Mydeardiary.com - XSS, luny
[ GLSA 200606-12 ] Mozilla Firefox: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
5 Star Review - review-script.com - XSS w/ cookie output, luny
[ GLSA 200606-13 ] MySQL: SQL Injection, Sune Kloppenborg Jeppesen
Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability, Secunia Research
Lycos.com - XSS vulnerability, admin
Hotbot.com - XSS vulnerability in search engine, admin
vbulletin.com Multiple XSS Vulnerabilities, chris
- <Possible follow-ups>
- Re: vbulletin.com Multiple XSS Vulnerabilities, contact
WinSCP - URI Handler Command Switch Parsing, Jelmer Kuperus
RCblog 1.03 Directory Traversal [index.php], irc0d3r
Wanderlist.com - XSS vuln with sessions disclosure, luny
CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure, gmdarkfig
tempnam() Bypass unique file name PHP 5.1.4, cxib
Myscrapbook v3.1 - XSS, luny
PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, redl_ine
- <Possible follow-ups>
- Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, reports
Foing (manage_songs.php) Remote File Inclusion[phpBB], darkfire
[KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack, addmimistrator
Opengaia.com - XSS Vuln & Session Include, luny
sorry i wrong something, this is original AWF CMS 1.11 adv, Federico Fazzi
Wireclub.com - XSS & cookie disclosure, luny
Nowtalking.com - XSS, luny
cescripts.com - XSS, luny
ThWboard 3.0 <= SQL Injection, 666
Stargazer.org - XSS with Session output, luny
Windows XP Task Scheduler Local Privilege Escalation (Advisory), zipk0der
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory), Eliah Kagan
[ GLSA 200606-14 ] GDM: Privilege escalation, Sune Kloppenborg Jeppesen
Virtualtourist.com - XSS with cookie disclosure, luny
[ MDKSA-2006:099 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
rPSA-2006-0100-1 freetype, Justin M. Forbes
myPHP Guestbook 2.0.2 XSS Vulnerabilitie, x0r_1
Flork.com, luny
Vampirefreaks.com - XSS with cookie disclosure, luny
[EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow, eEye Advisories
# MHG Security Team --- PHORUM 5.1.13 Remote File Inc., erne
- <Possible follow-ups>
- Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc., brian
Meefo.com - XSS with cookie include, luny
Onlinenode.com - XSS, luny
Yourfacesucks.com - XSS & cookie disclosure, luny
[ GLSA 200606-09 ] SpamAssassin: Execution of arbitrary code, Sune Kloppenborg Jeppesen
Blackplanet.com - XSS & cookie disclosure vuln., luny
Invision Power Board XSS, kepche
internet explorer vulnerability based on MarjinZ & Mr.Niega discovered, Kevin Berkane
[FSA013] phpCMS 1.2.1pl2, Remote command execution, Federico Fazzi
Emllabs.com - XSS, luny
Content-Builder (CMS) 0.7.5, Remote command execution, Federico Fazzi
DCP-Portal 6.1.x, Remote command execution, Federico Fazzi
Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection, Steven M. Christey
Simpnews <= All version - Remote File Include Vulnerabilities, SpC-x
- Re: Simpnews <= All version - Remote File Include Vulnerabilities, str0ke
VBZooM <<-- V1.11 "show.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.02 "meaning.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.11 "subject.php" SQL injection, CrAzY . CrAcKeR
[SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution, Martin Schulze
VBZooM <<--V1.01 "language.php" SQL injection, CrAzY . CrAcKeR
multiple Xss exploits in 35mmslidegallery V6, black code
High Risk Vulnerability in Microsoft Windows RASMAN Service, Peter Winter-Smith
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow, labs-no-reply
iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability, labs-no-reply
ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability, zdi-disclosures
PHP MESSENGER 1.0 Version - Remote File Include Vulnerability, SpC-x
Jobline 1 1 1 Version - Remote File Include Vulnerability, SpC-x
Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, SpC-x
- <Possible follow-ups>
- Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, Steven M. Christey
S H O U T B O X (v1.5) Version - Remote File Include Vulnerability, SpC-x
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS, labs-no-reply
Re: Shoutpro 1.0 Version - Remote File Include Vulnerability, Steven M. Christey
- <Possible follow-ups>
- Shoutpro 1.0 Version - Remote File Include Vulnerability, SpC-x
Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities, SpC-x
[REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege escalation advisory, Reversemode
# MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., erne
Web-CMS <<--1.0 "print.php" SQL injection, CrAzY . CrAcKeR
[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock., Reversemode
TikiWiki Sql injection & XSS Vulnerabilities, bug@xxxxxxxxxxxxxxx
blur6ex <= 0.3.462 'ID' blind sql injection, rgod
REMOTE FILE INCLUSION ( ALL ), SpC-x
- <Possible follow-ups>
- Re: REMOTE FILE INCLUSION ( ALL ), Steven M. Christey
- Re: REMOTE FILE INCLUSION ( ALL ), eufrato
Chipmailer <= 1.09 Multiple Vulnerabilities, tamriel
iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow, labs-no-reply
GamePlay.co.uk XSS, charlie
- Re: GamePlay.co.uk XSS, Patrick Morris
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others, gmdarkfig
Oracle DBMS_STANDARD security problem, putosoft softputo
file include exploits in mcGuestbook 1.3, gamr-14
- <Possible follow-ups>
- file include exploits in mcGuestbook 1.3, SWEET SWEET
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, research
Simpleshout 1.6.0 Version - Remote File Include Vulnerability, SpC-x
ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability, zdi-disclosures
G Shout 1.3.1 Version - Remote File Include Vulnerability, SpC-x
[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, admin
- <Possible follow-ups>
- Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, ellinger
[USN-297-1] Thunderbird vulnerabilities, Martin Pitt
[USN-298-1] libgd2 vulnerability, Martin Pitt
[USN-288-4] dovecot regression fix, Martin Pitt
Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability, Secunia Research
[USN-299-1] dhcdbd vulnerability, Martin Pitt
Black Hat Speakers + 2005 Content on-line, Jeff Moss
Secunia Research: PicoZip "zipinfo.dll" Multiple Archives Buffer Overflow, Secunia Research
[ MDKSA-2006:099-1 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
[ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability, security
Freeze Greetings Cards PWD.txt, alp_eren
bbrss PhpBB (phpbb_root_path) Remote File Inclusion, SpC-x
wbb<<--v 2.2.2 "thread.php" SQL injection, CrAzY . CrAcKeR
wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection, CrAzY . CrAcKeR
wbb<<--v 2.1.6 "profile.php" SQL injection, CrAzY . CrAcKeR
[ GLSA 200606-16 ] DokuWiki: PHP code injection, Sune Kloppenborg Jeppesen
SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability, SEC Consult Research
Flipper Poll (root_path) Remote File Inclusion, SpC-x
[ GLSA 200606-15 ] Asterisk: IAX2 video frame buffer overflow, Sune Kloppenborg Jeppesen
Fusion Polls (xtrphome) Remote File Inclusion, SpC-x
PhpBlueDragon CMS 2.9.1, File inclusion vulnerability, Federico Fazzi
[KDE Security Advisory] KDM symlink attack vulnerability, Dirk Mueller
[SECURITY] [DSA 1097-1] New Kernel 2.4.27 packages fix several vulnerabilities, Moritz Muehlenhoff
MySQL DoS, Kanatoko
- Re: MySQL DoS, Tonnerre Lombard
- <Possible follow-ups>
- Re: MySQL DoS, xhire
[ MDKSA-2006:101 ] - Updated squirrelmail packages fix vulnerabilities, security
[SECURITY] [DSA 1098-1] New horde3 packages fix cross-site scripting, Moritz Muehlenhoff
[ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability, security
[FSA016] ISPConfig 2.2.3, File inclusion vulnerability, Federico Fazzi
- <Possible follow-ups>
- Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability, t . brehm
[USN-301-1] kdm vulnerability, Martin Pitt
[ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability, security
Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities, Secunia Research
EC2ND - Call for Papers, Blyth A J C (Comp)
[SECURITY] [DSA 1099-1] New horde2 packages fix cross-site scripting, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-06:17.sendmail, FreeBSD Security Advisories
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
- <Possible follow-ups>
- Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
[USN-300-1] wv2 vulnerability, Martin Pitt
ePrayver v.Alpha - XSS, luny
APBoard 2.2-r3 <= SQL Injections, 666
[ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability, security
[SECURITY] [DSA 1100-1] New wv2 packages fix integer overflow, Martin Schulze
MP3 Search/Archive v1.2 - XSS, luny
Advisory: Authentication bypass in phpBannerExchange, RedTeam Pentesting
Advisory: Unauthorized password recovery in phpBannerExchange, RedTeam Pentesting
HotPlugCMS_1.0 - SQL Injection Vulnerability, guest01
Andys Chat 4.5 (action) Remote File Inclusion, SpC-x
[USN-297-2] Thunderbird extensions update for recent security update, Martin Pitt
[ GLSA 200606-18 ] PAM-MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed., Reversemode
[ GLSA 200606-17 ] OpenLDAP: Buffer overflow, Sune Kloppenborg Jeppesen
rPSA-2006-0106-1 kdebase, Justin M. Forbes
[ GLSA 200606-19 ] Sendmail: Denial of Service, Sune Kloppenborg Jeppesen
HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities, Federico Fazzi
rPSA-2006-0105-1 arts, Justin M. Forbes
[security bulletin] HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS), security-alert
TSLSA-2006-0036 - multi, Trustix Security Advisor
dvdwolf SQL injection/XSS, CrAzY . CrAcKeR
[USN-303-1] MySQL vulnerability, Martin Pitt
Boardhost.com - XSS, luny
Develooping Flash Chat (banned_file) Remote File Inclusion, SpC-x
Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities, KARKOR23
Re: Several flaws in e-business designer (eBD), ebd . soporte
file include exploits in nucleus 3.23, gamr-14
- <Possible follow-ups>
- Re: file include exploits in nucleus 3.23, nukedx
aXentForum II XSS vuLLn, SnoBmsn
- <Possible follow-ups>
- Re: aXentForum II XSS vuLLn, Steven M. Christey
Chatizens.com - XSS with cookie disclosure, luny
Calendarix 0.7.20060401, SQL Injection Vulnerabilities, Federico Fazzi
Carspace.com - XSS with cookie disclosure, luny
Ji-takz Chat (mycfg) Remote File Inclusion, SpC-x
Zeroboard File Upload & extension bypass Vulnerability, mins
Cisco Secure ACS Cross Site Scripting Vulnerability., liam . romanis
- <Possible follow-ups>
- RE: Cisco Secure ACS Cross Site Scripting Vulnerability., Paul Oxman (poxman)
Blacksingles.com - XSS & cookie disclosure, luny
PHP security (or the lack thereof), Darren Reed
- Re: PHP security (or the lack thereof), Bojan Zdrnja
  - Re: PHP security (or the lack thereof), Jessica Hope
- Re: PHP security (or the lack thereof), Jose Nazario
  - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), kicktd
    - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Crispin Cowan
- Re: PHP security (or the lack thereof), Neil Neely
- Re: PHP security (or the lack thereof), john mullee
  - Re: PHP security (or the lack thereof), Darren Reed
    - Re: PHP security (or the lack thereof), Ronald Chmara
    - Re: PHP security (or the lack thereof), Tonnerre Lombard
    - Re: PHP security (or the lack thereof), Darren Reed
- <Possible follow-ups>
- Re: PHP security (or the lack thereof), Steven M. Christey
- Re: PHP security (or the lack thereof), Alan J Rosenthal
  - Re: PHP security (or the lack thereof), Geo.
- Re: Re: PHP security (or the lack thereof), nabiy
  - Re: PHP security (or the lack thereof), Crispin Cowan
    - Re: PHP security (or the lack thereof), Daniel Hulme
    - Re: PHP security (or the lack thereof), Tobias J. Kreidl
    - Re: PHP security (or the lack thereof), Glynn Clements
  - Re: PHP security (or the lack thereof), Ronald Chmara
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Paul Schmehl
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Kevin Waterson
    - Re: PHP security (or the lack thereof), Matthias Kestenholz
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Mrten
- Re: Re: PHP security (or the lack thereof), nabiy
[ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm, security
Re: Secunia Research: PicoZip "zipinfo.dll" Multiple Archives BufferOverflow, c0rrupt
[ MDKSA-2006:106 ] - Updated mdkkdm packages fix local vulnerability, security
PictureDis Products "lang" Parameter File Inclusion Vulnerability, root-hacked
Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability, t . brehm
Youtube.com - XSS & cookie disclosure, luny
Bingbox.com - XSS & cookie disclosure, luny
- Re: Bingbox.com - XSS & cookie disclosure, Sven Vetsch
file include exploits in dotwidgeta Version 2, SWEET SWEET
Simple PHP Poll Authecnication Admin ByPass, alp_eren
Netscape.com - Cross site scripting vulnerability, admin
webcrawler.com - Cross site scripting vulnerability, admin
GreatDomains.com - XSS with cookie disclosure, admin
bitweaver <= v1.3 multiple vulnerabilities, rgod
[ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion, eufrato
Housecarers.com - XSS & cookie disclosure, luny
Dealgates.com - XSS with cookie disclosure, luny
Mambo <= 4.6rc1 sql injection, rgod
Cline Communications Sql injection, liz0
XSS in GardenWeb, nanoymaster
Apnaspace.com - XSS with cookie disclosure, luny
hi5.com - XSS with cookie disclosure, luny
ISO.org - XSS vulnerability, admin
alipager xss attack, s3rv3r_hack3r
Hotscripts.com - XSS with cookie disclosure, luny
Proof of concept: mybb 1.1.2 remote code execution, Javier Olascoaga
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML], botan
Facerave.com - XSS & sessions disclosure, luny
animesuki XSS, nanoymaster
Re: PHP Advanced Transfer Manager Download users password hashes, jn
Windowsitpro.com - XSS with cookie disclosure, luny
Cybersocieties.com - XSS & cookie disclosure, luny
Ratescene.co.uk - XSS with session disclosure, luny
Macworld.com - XSS vulnerability, admin
About.com - XSS with cookie disclosure, luny
Ratemylook.co.uk - XSS with session disclosure, luny
Palm.com - XSS vulnerability, admin
webcrawler.com - XSS vulnerability in search-engine, admin
VampireFreaks journal XSS, nanoymaster
Ashop Search Module SQL injection, entrika_fs
Facetherating.com - XSS & session disclosure, luny
Confixx <= 3, kr4ch
- <Possible follow-ups>
- Confixx <= 3, kr4ch
B3ta.com - XSS with cookie disclosure, luny
Biblenet.net - XSS, luny
SinFP 2.00 - a major release with many new features, GomoR
RahnemaCo Remote File Inclusion Exploit, Breeeeh
Blogspot.com - XSS with cookie disclosure, luny
43things.com - XSS with cookie disclosure, luny
Technorati.com - XSS with cookie disclosure, luny
PTT.yu Guestbook Vulnebility, us3rg0d
vbzoom V1.11 forum.php SQL Injection Vulnerabilities, KARKOR23
mp3.com - Cross site scripting vulnerability, admin
XSS in http://www.newscientist.com/ - Search, viz . security
MPCS v0.2 - XSS, luny
Microsoft Excel 0-day Vulnerability FAQ document written, Juha-Matti Laurio
[security bulletin] HPSBTU02116 SSRT061135 rev.2 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
e107 v0.7.5 XSS, securityconnection
XSS Vulnerability in Maximus SchoolMAX, Fixer
VBZooM <<--V1.00 "rank.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.11 "message.php" SQL injection, CrAzY . CrAcKeR
vuBB <= 0.2.1 [BFA] SQL Injection Exploit + Advisory link, gmdarkfig
VBZooM <<--V1.00 "lng.php" SQL injection, CrAzY . CrAcKeR
SaphpLesson<<--1.1 "misc.php" SQL injection, CrAzY . CrAcKeR
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, selfar2002
- <Possible follow-ups>
- Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, stormhacker
[ GLSA 200606-21 ] Mozilla Thunderbird: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
onedotoh xss atack, alijsb
[ GLSA 200606-20 ] Typespeed: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
singapore gallery <= 0.10.0 Multiple Vulnerabilities, simo64
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities, liz0
WeBBoA Hosting Script SQL Injection, entrika_fs
Dragons Kingdom v1.0 - XSS & cookie disclosure, luny
Vm ware 0day dos exploit by n00b., co296
- Re: Vm ware 0day dos exploit by n00b., Paul Szabo
- Re: Vm ware 0day dos exploit by n00b., Eliah Kagan
qtofilemanager xss attack !, alijsb
V3Chat Instant Messenger - XSS, luny
- <Possible follow-ups>
- Re: V3Chat Instant Messenger - XSS, support
Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks, Reynolds, Jake
Janus Contact, Charles Hamby
trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows, Martin Herfurt
display.cgi, soltan_defacer
- <Possible follow-ups>
- Re: display.cgi, eufrato
Multiple Bypass and Integrity Lost Vulnerabilities, egavriil
vBulletin<<--v3.5.X "member.php" Cross Site Scripting, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: vBulletin<<--v3.5.X "member.php" Cross Site Scripting, scott
[MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, admin
- Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Marc MERLIN
Re: MAXDEV CMS Multiple vulnerabilities, pete
Module's Name Downloads <<--V 7 SQL injection, CrAzY . CrAcKeR
Module's Name Content<<--V1.0 SQL injection, CrAzY . CrAcKeR
RahnemaCo "page.php" Remote File Inclusion[2], CrAzY . CrAcKeR
ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code), mbrooks
Sendmail MIME DoS vulnerability, Jain, Siddhartha
- Re: Sendmail MIME DoS vulnerability, Gadi Evron
- Re: Sendmail MIME DoS vulnerability, Claus Assmann
[ MDKSA-2006:107 ] - Updated arts packages fix vulnerability in artswrapper, security
JEdit ActiveX Control Information Disclosure vulnerability, bulten
Re: Vacation Retal Script v1.0, radu
[ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities, security
Opera 9 DoS PoC, N9
- Re: Opera 9 DoS PoC, Bruno Lustosa
  - Re: Opera 9 DoS PoC, Bastian Ahrens
  - Re: Opera 9 DoS PoC, Eric Furman
- <Possible follow-ups>
- Re: Opera 9 DoS PoC, Darren Clarke
  - Re: Opera 9 DoS PoC, Laurent
Bypassing of web filters by using ASCII, k . huwig
- Re: Bypassing of web filters by using ASCII, Fixer
  - Re: Bypassing of web filters by using ASCII, Paul
    - Re: Bypassing of web filters by using ASCII, Kurt Huwig
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
    - RE: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - RE: Bypassing of web filters by using ASCII, RSnake
    - Re: Bypassing of web filters by using ASCII, Hubert Seiwert
    - RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
    - Re: Bypassing of web filters by using ASCII, Thor (Hammer of God)
- Re: Bypassing of web filters by using ASCII, RSnake
  - Re: Bypassing of web filters by using ASCII, Kurt Huwig
  - Re: Bypassing of web filters by using ASCII, David Huecking
- Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
  - Message not available
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - Re: Bypassing of web filters by using ASCII, Vincent Archer
    - Re: Bypassing of web filters by using ASCII, Balazs Attila-Mihaly (Cd-MaN)
- Re: Bypassing of web filters by using ASCII, Hubert Seiwert
- <Possible follow-ups>
- Re: Bypassing of web filters by using ASCII, Kurt Huwig
[ MDKSA-2006:110 ] - Updated gnupg packages fix vulnerability, security
Re: possible SQL injection in Subdreamer, ziad
Eduha Meeting php shell upload Vulnerabilities, liz0
cjGuestbook v1.3 - XSS, luny
Excel 0-day FAQ updated with Microsoft advisory information, Juha-Matti Laurio
Somechess v1.5 rc1 - XSS, luny
[ MDKSA-2006:109 ] - Updated wv2 packages fix vulnerability, security
Digital Armaments July-August Hacking Challange: Microsoft, info
- Re: Digital Armaments July-August Hacking Challange: Microsoft, Alexander Sotirov
MS Excel Remote Code Execution POC Exploit, naveed
- <Possible follow-ups>
- RE: MS Excel Remote Code Execution POC Exploit, Jain, Siddhartha
  - Re: MS Excel Remote Code Execution POC Exploit, naveed
- Re: MS Excel Remote Code Execution POC Exploit, Steven M. Christey
  - Re: MS Excel Remote Code Execution POC Exploit, naveed
- Re: Re: MS Excel Remote Code Execution POC Exploit, Juha-Matti Laurio
VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01), VigilantMinds Advisories
[ GLSA 200606-22 ] aRts: Privilege escalation, Sune Kloppenborg Jeppesen
[ GLSA 200606-23 ] KDM: Symlink vulnerability, Sune Kloppenborg Jeppesen
flock d0s exploit remote. beta 1 (v0.7), co296
- Re: flock d0s exploit remote. beta 1 (v0.7), Chris Rothecker
[SECURITY] [DSA 1101-1] New courier packages fix denial of service, Martin Schulze
vlbook 1.2 XSS Bug, omnipresent
[SNS Advisory No.88] Webmin Directory Traversal Vulnerability, snsadv@xxxxxxxxx
QaTraq 6.5 RC: Multiple XSS Vulnerabilities, enji
[KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables, addmimistrator
[security bulletin] HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS), security-alert
TSLSA-2006-0037 - multi, Trustix Security Advisor
aeDating 4.1 XSS, securityconnection
Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability, Darren Bounds
Dating Agent PRO 4.7.1 Vulnerability, securityconnection
Cisco Secure ACS Weak Session Management Vulnerability, Darren Bounds
- Re: Cisco Secure ACS Weak Session Management Vulnerability, Clayton Kossmeyer
[ GLSA 200606-24 ] wv2: Integer overflow, Stefan Cornelius
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability, mac68k
DREAMACCOUNT V3.1 Remote Command Execution Exploit, KARKOR23
Linux VNC evil client patch - BID 17978, embyte
- <Possible follow-ups>
- Re: Linux VNC evil client patch - BID 17978, embyte
rPSA-2006-0110-1 kernel, Justin M. Forbes
productcart soltan_defacer, soltan_defacer
Dating biz@ dating script v1.0 - XSS, luny
[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
- <Possible follow-ups>
- [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
WBB<<---v1.2 "showmods.php" SQL Injection, CrAzY . CrAcKeR
Calendar ( Provided by Codewalkers ) - SQL Injection, Silitix
- <Possible follow-ups>
- Re: Calendar ( Provided by Codewalkers ) - SQL Injection, krustevs
[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, the_day
WBB<<---v2.3.1"report.php" SQL Injection, CrAzY . CrAcKeR
SYMSA-2006-005, research
phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln, rozowa . landrynka
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability, mac68k
WBB<<---v2.0 RC2 "newthread.php" SQL Injection, CrAzY . CrAcKeR
Softbiz Dating 1.0 SQL injection, securityconnection
ERNW Security Advisory 01/2006, mozilla
[Kurdish Security # 9] MyMail Directory Traversal And XSS Attacking Vulnerability, botan
Claroline Cross-Site Scripting Vulnerabilities, bug@xxxxxxxxxxxxxxx
DeluxeBB 1.07 Create admin Exploit, Hessamx
Planetnews Authecnication Admin ByPass, alp_eren
[SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation, Steve Kemp
[USN-304-1] gnupg vulnerability, Martin Pitt
XSS in Cpanel 10, preth00nker
- <Possible follow-ups>
- Re: XSS in Cpanel 10, bug
[ GLSA 200606-25 ] Hashcash: Possible heap overflow, Thierry Carrez
[ GLSA 200606-26 ] EnergyMech: Denial of Service, Thierry Carrez
[ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability., security
GlobeTrotter Mobility Manager - security issue, dzelek
Mailenable SMTP Service DoS, db0
Undisclosed cross site scripting vulnerabilities in domaintools.com - requesting contacts, admin
Amazon and Msn vulnerabilities, dcrab
OpenGuestbook Cross Site Scripting & SQL Injection, simo64
Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities, Gadi Evron
[OpenPKG-SA-2006.010] OpenPKG Security Advisory (gnupg), OpenPKG
Universal Hooker - Tool release, Hernan Ochoa
Taking Over Laptops by Fuzzing Wireless Drivers, Gadi Evron
Winged Gallery v1.0, luny
error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2, cxib
Jaws <= 0.6.2 'Search gadget' SQL injection, rgod
Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow, Alexander Hristov
Usenet Script v0.5, luny
[USN-306-1] MySQL 4.1 vulnerability, Martin Pitt
[USN-305-1] OpenLDAP vulnerability, Martin Pitt
[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities, Moritz Muehlenhoff
Re: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, Steven M. Christey
CrisoftRicette<<--1.0pre15b Remote File Inclusion, CrAzY . CrAcKeR
SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service, research
phpvillage "funshow.php" SQL Injection, CrAzY . CrAcKeR
[Kurdish Security # 11] SiteBar Cross-Site Scripting, botan
Re: Is Windows TCP/IP source routing PoC code available?, 3APA3A
- Re[2]: Is Windows TCP/IP source routing PoC code available?, "Ìèíàåâ_Àíäðåé"
  - Re: [Full-disclosure] Re[2]: Is Windows TCP/IP source routing PoC code available?, 3APA3A
SUSE Security Announcement: freetype2 (SUSE-SA:2006:037), Thomas Biege
[Kurdish Security # 10 ] MF Piadas 1.0 Remote File Include Vulnerability, botan
CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability, Williams, James K
Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
- <Possible follow-ups>
- Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
[Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability, mac68k
smartsite cms v1.0 Remote File include, KARKOR23
Layered Defense Advisory: Format String Vuln in CA eTrust, dh
[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag, addmimistrator
vCard PRO SQL Injection, CrAzY . CrAcKeR
[ MDKSA-2006:112 ] - Updated gd packages fix DoS vulnerability., security
[ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
- <Possible follow-ups>
- [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
PHP-Nuke Module's Name Sections<<--V3 SQL Injection, CrAzY . CrAcKeR
BLOG:CMS <= 4.0.0k sql injection, rgod
[USN-307-1] mutt vulnerability, Martin Pitt
[ GLSA 200606-27 ] Mutt: Buffer overflow, Sune Kloppenborg Jeppesen
AzDGDatingPlatinum<<--v1.1.0 "view.php" SQL Injection, CrAzY . CrAcKeR
SyScan'06 Highlight - Is Phone Banking Safe?, thomas48
MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl), stormhacker
PHP iCalendar Cross Site Scripting, botan
Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System, Cisco Systems Product Security Incident Response Team
Microsoft's Real Test with Vista is Vulnerabilities, Gadi Evron
- Re: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, thomas48
  - RE: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, Larry Seltzer
[OpenPKG-SA-2006.011] OpenPKG Security Advisory (png), OpenPKG
Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Ralf
Cisco Security Advisory: Access Point Web-Browser Interface Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities, security
Secunia Research: Opera SSL Certificate "Stealing" Weakness, Secunia Research
Presentation: AT&T ISNN - "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications.", Kenneth F. Belva
PHPClassifieds General, luny
[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html, addmimistrator
[ MDKSA-2006:115 ] - Updated mutt packages fix buffer overflow vulnerability, security
DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability', K F (lists)
[ GLSA 200606-29 ] Tikiwiki: SQL injection and multiple XSS vulnerabilities, Sune Kloppenborg Jeppesen
CSRF in Nuked Klan 1.7 SP4.2, blwood
Softbiz Banner Exchange 1.0 XSS, securityconnection
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities, Secunia Research
[ GLSA 200606-28 ] Horde Web Application Framework: XSS vulnerability, Sune Kloppenborg Jeppesen
Digital Armaments Security Advisory 29.06.2006: Siemens Speedstream Wireless Router Password Protection Bypass Vulnerability, info
rPSA-2006-0116-1 mutt, Justin M. Forbes
Novell Security contact address change, Roman Drahtmueller
Multiple Vulnerabilities in PatchLink Update Server 6, Chris Steipp
Novell Security Announcement NOVELL-SA:2006:001, Jim Short
[security bulletin] HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution, security-alert
[security bulletin] HPSBUX02122 SSRT061158 rev.2 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
rPSA-2006-0120-1 gnupg, Justin M. Forbes
Msie 7.0 beta Crash, Mr . Niega
- <Possible follow-ups>
- Re: Msie 7.0 beta Crash, mike
Browser bugs hit IE, Firefox today (SANS), Bill Stout
- Re: Browser bugs hit IE, Firefox today (SANS), Alex Potter
Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS), Juha-Matti Laurio
- <Possible follow-ups>
- RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS), Schmehl, Paul L
ezWaiter v3.0 - XSS, luny
[SECURITY] [DSA 1104-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
libwmf integer/heap overflow, sean
[ GLSA 200606-30 ] Kiax: Arbitrary code execution, Sune Kloppenborg Jeppesen
Zen-Cart 1.3.0.2 Full Path Disclosure, o . y . 6
[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability, mac68k
ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox], Juha-Matti Laurio
ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability, zdi-disclosures
FreeHost "misc.php & news.php" SQL Injection, CrAzY . CrAcKeR
MyNewsGroups<<--v. 0.6 "tree.php" SQL Injection, CrAzY . CrAcKeR
CDJ<<--V NITKID 2.0 "category.php" SQL Injection, CrAzY . CrAcKeR
Module's Name "Classifieds" SQL Injection, CrAzY . CrAcKeR
My smiles "browse.php" SQL Injection, CrAzY . CrAcKeR
Hobbit monitor: Security issue with Hobbit 4.2-beta client, Henrik Stoerner
NewsPHP 2006 PRO XSS SQL injection Vulnerability, securityconnection
News <= 5.2 XSS, SQL Injection, Full Path Disclosure, gmdarkfig
phpBB 2.0.21 Full Path Disclosure, xzerox
[security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access, security-alert
[security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS), security-alert
Buddy Zone Version 1.0.1 - XSS, luny
mAds v1.0, lunY
DEF CON 14: Speakers Selected and more., The Dark Tangent
Whitepaper: IT (in)security implementation in a real world example, Denis Jedig

Mail converted by MHonArc