Buqtraq Archiv November 2006

Date Index

iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability, iDefense Labs
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0, security
iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability, iDefense Labs
iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability, iDefense Labs
Re: Re: Simple Machines Forum (SMF) XSS issue, oldiesmann
Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jerome Athias
  - Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution, 3APA3A
- <Possible follow-ups>
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, Jan Heisterkamp
[USN-370-1] screen vulnerability, Kees Cook
[USN-371-1] Ruby vulnerability, Kees Cook
Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion
- <Possible follow-ups>
- Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", rvirtue
Re: phpLedAds 2.0(dir) File Include, Stefano Zanero
Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass, Cisco Systems Product Security Incident Response Team
[USN-373-1] mutt vulnerabilities, Kees Cook
Asterisk Local and Remote Denial of Service vulnerability, sil
tikiwiki 1.9.5 mysql password disclosure & xss, securfrog
- <Possible follow-ups>
- Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI
- Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin
Outpost Insufficient validation of 'SandBox' driver input buffer, Matousec - Transparent security Research
rPSA-2006-0202-1 tshark wireshark, rPath Update Announcements
[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access, security-alert
Re: PLS-Bannieres 1.21 (bannieres.php) File Include, Stefano Zanero
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution, security-alert
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access, security-alert
[USN-374-1] wvWare vulnerability, Kees Cook
[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege, security-alert
Internet Explorer 7 - Still Spyware Writers' Heaven, avivra
- RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes
  - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Thierry Zoller
    - Message not available
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven, Eliah Kagan
    - RE: Internet Explorer 7 - Still Spyware Writers' Heaven, Roger A. Grimes
Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00, Nicob
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], securfrog
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä
  - Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Taneli Leppä
    - RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Richard Stanway
- Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)], Paul Laudanski
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability, Stefan Esser
Firefox 1.5.0.7 Exploit, koenig
- Re: Firefox 1.5.0.7 Exploit, Robert McGrew
- Re: Firefox 1.5.0.7 Exploit, Bram Dumolin
- Re: Firefox 1.5.0.7 Exploit, Martin Pitt
- Re: Firefox 1.5.0.7 Exploit, Lubomir Kundrak
- <Possible follow-ups>
- Re: Firefox 1.5.0.7 Exploit, OOZIE
iodine client 0.3.2 buffer overflow, poplix
[SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass, Moritz Muehlenhoff
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS), security-alert
[USN-375-1] PHP vulnerability, Martin Pitt
Educational write-up by Amit Klein: "A Refreshing Look at Redirection", Amit Klein
Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability, Stefan Esser
EUSecWest/London CFP extended to Nov. 7, Dragos Ruiu
Re: phpMyConferences <= 8.0.2 Remote File Inclusion, Steven M. Christey
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue, security
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities, security
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, harrisonholland
- Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob
  - Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00, Nicob
[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability, Matthias Geerdsen
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation, Steve Kemp
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
XSS in script Mobile, m-0-t
SIMPLOG 0.9.3 injection sql & multiple xss, saps . audit
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability, zdi-disclosures
[USN-376-1] imlib2 vulnerabilities, Kees Cook
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby), OpenPKG
MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, admin
- <Possible follow-ups>
- Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues, saps . audit
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php), OpenPKG
Web Directory Pro bypass Vulnerabilities, hack2prison
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind), OpenPKG
[USN-378-1] RPM vulnerability, Kees Cook
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues, admin
[USN-377-1] NVIDIA vulnerability, Kees Cook
IF-CMS multiples XSS vunerabilities, saps . audit
@cid stats v2.3 File Include, mahmood ali
- Re: @cid stats v2.3 File Include, Heiko Wundram
Article Script v1.*and v1.6.3 Sql injection, liz0
Stanford university SCARF user editing, navairum
PHP Rapid Kill All Version File Injection, null_hack
[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability, erdc
Mail Drives Security Considerations, darkz . gsa
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability, erdc
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss], saps . audit
Joomla 1.0.11 Remote File Include, root
- Antwort: Joomla 1.0.11 Remote File Include, srunschke
MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability, -= SHELL =- -= SHELL =-
Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server, ProCheckUp Research
TSLSA-2006-0061 - multi, Trustix Security Advisor
[ GLSA 200611-02 ] Qt: Integer overflow, Matthias Geerdsen
Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New), ajannhwt
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues, admin
[SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution, Moritz Muehlenhoff
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities, Moritz Muehlenhoff
XSS Vulnerability in Zend Framework Preview 0.2.0, security
Hotmail and Windows Live Mail XSS Vulnerabilities, applesoup
- Message not available
  - Re: Hotmail and Windows Live Mail XSS Vulnerabilities, HASEGAWA Yosuke
Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, broken-proxy
- <Possible follow-ups>
- Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include, simo64
VulnDisco Pack for Metasploit, Evgeny Legerov
ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability, zdi-disclosures
IE7 website security certificate discrediting exploit, inge_eivind . henriksen
- <Possible follow-ups>
- Re: IE7 website security certificate discrediting exploit, inge_eivind . henriksen
[USN-376-2] imlib2 regression fix, Kees Cook
GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability, skulmatic
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability, security
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities, security
News publication system remote File include, navairum
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, jesper . jurcenoks
- <Possible follow-ups>
- DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php, Jesper Jurcenoks
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability, security
Minimizing error cascades in vulnerability information management, Steven M. Christey
WarFTPd 1.82.00-RC11 Remote Denial Of Service, Joxean Koret
XSS in Kayako SupportSuite v3.00.32, hacker hackers
[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick Boyce
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez
    - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick FitzGerald
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Glynn Clements
WFTPD Pro Server 3.23 Buffer Overflow, Joxean Koret
[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error, security
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh), OpenPKG
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006, Manh Tho
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities, security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop, Cisco Systems Product Security Incident Response Team
Y.A.N.S sql injection, navairum
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities, ajannhwt
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability, ajannhwt
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability, security
Lotus Notes pre-login User.ID key leak, Andrew Christensen
iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities, iDefense Labs Security Advisories
Portix-PHP [login bypass & xss (post)], saps . audit
phpsatk => Remote File Include Vulnerability EXploit, h4ck3riran
TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability, TSRT
Abarcar Realty Portal [injection sql], saps . audit
iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability, h4ck3riran
Speedwiki 2.0 Arbitrary File Upload Vulnerability, saps . audit
FreeWebshop <=2.2.2 [local file include & xss], saps . audit
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities, security
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research
FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive, FreeBSD Security Advisories
omnistar article manager [multiples injection sql], saps . audit
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability, security
bitweaver <=1.3.1 [injection sql (post) & xss (post)], saps . audit
GNU gv Stack Overflow Vulnerability, Renaud Lifchitz
- Re: GNU gv Stack Overflow Vulnerability, Noam Rathaus
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities, Moritz Muehlenhoff
LandShop Real Estate [multiple injection sql & xss], saps . audit
[USN-379-1] texinfo vulnerability, Kees Cook
Wheatblog [multiple xss (post) & full path disclosure], saps . audit
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS), security-alert
[ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities, Matthias Geerdsen
rPSA-2006-0204-1 kernel, rPath Update Announcements
rPSA-2006-0205-1 php php-mysql php-pgsql, rPath Update Announcements
rPSA-2006-0206-1 firefox thunderbird, rPath Update Announcements
rPSA-2006-0207-1 openssh openssh-client openssh-server, rPath Update Announcements
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities, security
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap), OpenPKG
[ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez
[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, corrado . liotta
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, Noam Rathaus
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit, corrado . liotta
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability, zdi-disclosures
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
encapscms 0.3.6 - Remote File Include by Firewall, firewall1954
Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
Mega Mall [ multiples injection sql & full path disclosure ], saps . audit
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure], benjilenoob
TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability, stormhacker
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, philipp . niedziela
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability, ajannhwt
Exophpdesk V1.2 - Remote File Include, firewall1954
Wordpress File Inclusion, vannovax
- Re: Wordpress File Inclusion, Expanders
- <Possible follow-ups>
- Re: Wordpress File Inclusion, emc3
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue, admin
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit, ajannhwt
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit, ajannhwt
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit, ajannhwt
Re: feedsplitter considered harmful, wmodes
NuRems 1.0 Remote XSS/SQL Injection Exploit, ajannhwt
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability, ajannhwt
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit, ajannhwt
[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities, Moritz Muehlenhoff
XSS in Email Signature Script, miladkaleh
infinicart [ multiples injection sql & xss (post) ], saps . audit
shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit, crackers_child
ELOG Web Logbook Remote Denial of Service Vulnerability, OS2A BTO
VBulletin DoS Exploit [ all Versions ], root
- RE: VBulletin DoS Exploit [ all Versions ], Bart Seresia
Web Interface remote file inclusion, navairum
Digipass Go3 Token Dumper (at least for 2006), fcollyer
- Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij
- <Possible follow-ups>
- Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow, zdi-disclosures
Phpjobscheduler 3.0 - Multiple Remote File Include, Firewall1954
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include, Stefano Zanero
  - Re: Phpjobscheduler 3.0 - Multiple Remote File Include, str0ke
Phpdebug 1.1.0 - Remote File Include by Firewall, Firewall1954
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability, ajannhwt
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability, ajannhwt
CPanel Multiple Cross Site Scription, Advisory
Old SAP exploits, Nicob
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit, ajannhwt
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability, ajannhwt
[FLSA-2006:211760] Updated gzip package fixes security issues, David Eisenstein
[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
DirectAdmin Multiple Cross Site Scription, Advisory
Challenges faced by automated web application security assessment tools, bugtraq
New Bug MiniBB Forum <= 2 Remote File Include (index.php), philip anselmo
- <Possible follow-ups>
- Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php), navairum
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4, VMware Security team
iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, iDefense Labs
SinFP 2.04 release, works under Windows, GomoR
[ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities, Raphael Marichez
[ GLSA 200611-08 ] RPM: Buffer overflow, Raphael Marichez
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2, VMware Security team
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1, VMware Security team
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit, ajannhwt
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue, VMware Security team
VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2, VMware Security team
[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows, Raphael Marichez
[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
Real Estate Listing System SQL Injection, Advisory
ASPintranet SQL Injection, Advisory
- <Possible follow-ups>
- ASPintranet SQL Injection, Advisory
SiteXpress SQL Injection, Advisory
WWWeb Cocepts SQL Injection, Advisory
Ustore SQL Injection, Advisory
Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Stefan Esser
- Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Marcello Barnaba
eShopping SQL Injection, Advisory
ECommerce Store Shop Builder, Advisory
Engine Manager SQL Injection, Advisory
BPG Content Management System SQL Injection, Advisory
Apple Safari "match" Buffer Overflow Vulnerability, jbh_cg
- Re: Apple Safari "match" Buffer Overflow Vulnerability, J. Oquendo
Evolve Merchant[ injection sql ], saps . audit
Inventory Manager [injection sql & xss (get)], saps . audit
Car Site Manager [injection sql & xss (get)], saps . audit
FunkyASP Glossary v1.0 [injection sql], saps . audit
Blogme v3 [admin login bypass & xss (post)], saps . audit
Property Site Manager [login bypass ,multiples injection sql & xss (get)], saps . audit
[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'], K F (lists)
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux], K F (lists)
EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, eEye Advisories
- Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, security-list
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, zdi-disclosures
- Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability, zdi-disclosures
A+ Store E-Commerce[ injection sql & xss (post) ], saps . audit
A-Cart pro[ injection sql (post&get)], saps . audit
hpecs shopping cart[login bypass & injection sql (post)], saps . audit
Dragon calendar [ login bypass & injection sql ], saps . audit
[SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution, Moritz Muehlenhoff
NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
MultiCalendars [ multiples injection sql ], saps . audit
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo), OpenPKG
DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability, security
TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
TSLSA-2006-0063 - multi, Trustix Security Advisor
[SECURITY] [DSA 1212-1] New openssh packages fix denial of service, Noah Meyerhans
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
E-Calendar Pro 3.0 [ login bypass & injection sql (post)], saps . audit
Helm Cross-Site Scripting (XSS), Advisory
FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
- Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Lucas Holt
- <Possible follow-ups>
- RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability, security
Bloo => 1.00 Cross Site Scripting, the_3dit0r
E-commerce Kit 1 PayPal Edition [ injection sql ], saps . audit
PhpMyAdmin all version [multiples vulnerability], saps . audit
MetaCart e-Shop [multiples injection sql (get & post)], saps . audit
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection, Advisory
discloser => 0.0.4 Remote File Include Vulnerabilities, the_3dit0r
Hot Links download backup authorized vulnerabilities, hack2prison
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues, admin
OdysseusBlog => 1.0.0 Cross Site Scripting, the_3dit0r
Bloo => 1.00 Remote File Include Vulnerability, the_3dit0r
Team Evil - Incident #2, beSIRT
Chetcpasswd 2.x: multiple vulnerabilities, riclem
Secunia Research: MDaemon Insecure Default Directory Permissions, Secunia Research
Kerio WebSTAR local privilege escalation, K F (lists)
dev_wms => 1.5 Remote File Include Vulnerabilities, the_3dit0r
- Re: dev_wms => 1.5 Remote File Include Vulnerabilities, Stefano Zanero
discloser => 0.0.4 Remote File Include Vulnerability Exploit, the_3dit0r
Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), revenge
- <Possible follow-ups>
- Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), dean
eShopping Cart [injection sql], saps . audit
Whitepaper: Implementing and Detecting a PCI Rootkit, John Heasman
Vulnerabilities in Client Service for NetWare, Avert
CandyPress Store[ multiples injection sql ], saps . audit
BaalAsp forum [login bypass ,injections sql(post), xss(post)], saps . audit
ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability, zdi-disclosures
Helm Cross Site Scripting, Advisory
Myphotos => Remote File Include Vulnerability Exploit, the_3dit0r
i-Gallery 3.4 Cross Site Scripting, Advisory
Sphpblog => 0.8 Cross Site Scripting, the_3dit0r
BlogTorrent-preview => 0.92 Cross Site Scripting, the_3dit0r
Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include, AG- Spider
ASP Cart [multiples injection sql (post & get)], saps . audit
worksystem => Remote File Include Vulnerability Exploit, the_3dit0r
Hot Links download backup authorized vulnerabilities (re-post with some edit), hack2prison
eggblog=> 3.1.0 Cross Site Scripting, the_3dit0r
Secunia Research: Panda ActiveScan Multiple Vulnerabilities, Secunia Research
UK Security Convention - Continuity 2006, Manchester 2600
Links smbclient command execution, Teemu Salmela
rPSA-2006-0211-1 libpng, rPath Update Announcements
Image gallery with Access Database SQL Injection, Advisory
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit, the_3dit0r
blogcms => 4.0.0 Remote File Include, the_3dit0r
- Re: blogcms => 4.0.0 Remote File Include, Stefano Zanero
RED Blog => Remote File Include Vulnerability Exploit, the_3dit0r
Storystream => 4.0 Remote File Include Vulnerability Exploit, the_3dit0r
Pilot Cart V.7.2 [ injection sql (post) ], saps . audit
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities, security
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities, security
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities, security
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd), OpenPKG
Active News Manager [ injection sql (post&get)], saps . audit
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities, security
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities, security
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png), OpenPKG
[USN-383-1] libpng vulnerability, Kees Cook
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS), security-alert
[ GLSA 200611-09 ] libpng: Denial of Service, Sune Kloppenborg Jeppesen
TSLSA-2006-0065 - libpng, Trustix Security Advisor
[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory], Advisory
20/20 auto gallery [ multiples injection sql ], saps . audit
20/20 real estate [ multiples injection sql ], saps . audit
TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability, liuqx
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Reversemode
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K
Sphpblog => 0.8 Remote File Include Vulnerabilities, the_3dit0r
Aspmforum [ multiples injection sql (get&post)], saps . audit
igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote, info
XSS vBulletin 3.6.X Admin Control Painel, insanity
MosReporter Joomla Component Remote File Inclusion Exploi, crackers_child
Dating Site [ login bypass & xss], saps . audit
20/20 datashed [ multiples injection sql ], saps . audit
Infinitytechs Restaurants CM, saps . audit
Re: Airmagnet management interfaces multiple vulnerabilities, ckuan
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability, security
A-Cart 2.0 SQL Injection, Advisory
A-Cart PRO SQL Injection, Advisory
- <Possible follow-ups>
- Re: A-Cart PRO SQL Injection, gmdarkfig
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues, admin
Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection, gmdarkfig
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING, pagvac
PhpBB Module Dimension Remote File Include, bluespy . ok
- <Possible follow-ups>
- PhpBB Module Dimension Remote File Include, bluespy . ok
Drone Armies C&C Report - 17 Nov 2006, c2report
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite, Advisory
Vikingboard (0.1.2) [ multiples vulnerability ], saps . audit
BLOG:CMS <= 4.1.3 XSS, katatafish
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, Advisory
- <Possible follow-ups>
- Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, gmdarkfig
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues, admin
linksys wrt54g v5 authentication bypass fixed, Ginsu Rabbit
GPhotos 1.5 Multiple vulnerabilities, tux025
- Re: GPhotos 1.5 Multiple vulnerabilities, packet
Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen
LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r
Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r
Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis
Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit
Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities, Moritz Muehlenhoff
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt
ehomes [multiples injections sql], saps . audit
PHPOLL => 0.96 Cross Site Scripting, the_3dit0r
Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
- Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
- Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
  - Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl
eClassifieds [injection sql], saps . audit
Rialto 1.6[admin login bypass & multiples injections sql], saps . audit
gNews Publisher SQL Injection Vulnerabilites, Advisory
Shopping_Catalog Remote File Include exploit, the_3dit0r
klf-realty [injection sql], saps . audit
dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r
enomphp => 4.0 Remote Traversal Directory, the_3dit0r
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r
iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r
mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r
mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r
Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r
[SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution, Moritz Muehlenhoff
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security
- Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research
The Week of Oracle Database Bugs, Cesar
[ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass, Moritz Muehlenhoff
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r
[ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service, Moritz Muehlenhoff
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security
BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r
Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code, Moritz Muehlenhoff
mAlbum v0.3 Multiple vulnerabilitizzz, tux025
my little weblog => Cross Site Scripting, the_3dit0r
Classified System [injection sql], saps . audit
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression, Moritz Muehlenhoff
[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security
The Classified Ad System [multiple xss & injection sql], saps . audit
[USN-384-1] OpenLDAP vulnerability, Kees Cook
Which is more secure? Oracle vs. Microsoft, David Litchfield
- "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover
  - Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
- RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K
[KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani
[Full-disclosure] [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev
[ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit
- Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research
[SECURITY] [DSA 1218-1] New proftpd packages fix denial of service, Moritz Muehlenhoff
aBitWhizzy [local file include], saps . audit
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge
[USN-382-1] Thunderbird vulnerabilities, Kees Cook
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin
Link Exchange Lite [injection sql], saps . audit
creadirectory [injection sql & xss], saps . audit
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
Clarifying integer overflows vs. signedness errors, Steven M. Christey
- Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti
- Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team
Vulnerability in PostNuke, sni-labs
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
[USN-381-1] Firefox vulnerabilities, Kees Cook
JiRos Links Manager[injection sql & xss permanent], saps . audit
*BSD banner INT overflow vulnerability, Gruzicki Wlodek
- Re: *BSD banner INT overflow vulnerability, Steve Shockley
  - Re: *BSD banner INT overflow vulnerability, admin
- <Possible follow-ups>
- Re: Re: *BSD banner INT overflow vulnerability, evilrabbi
  - Re: *BSD banner INT overflow vulnerability, Bob Beck
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research
Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim
Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
- Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik
- <Possible follow-ups>
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
Perl proxy checker using samair.ru, Iko Riyadi
CONFidence 2007 CFP, andrzej . targosz
XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14
Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on
- Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc
NVIDIA nView (keystone) local Denial Of service, no-reply
CFP - VII National Computer and Information Security Conference, Jeimy Cano
Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell
- <Possible follow-ups>
- Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security
Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include, webmaster
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories
[ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen
Active PHP Bookmarks (apb.php) Remote file include, philip anselmo
- <Possible follow-ups>
- Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto
Cracking String Encryption in Java Obfuscated Bytecode, subere
- Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico
  - Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET
- <Possible follow-ups>
- RE: Cracking String Encryption in Java Obfuscated Bytecode, Jeremy Epstein
[Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory
Cross site scripting & fullpath disclosure, saudi
[ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst
mmgallery Multiple vulnerabilities, saudi
Wolflab Burning Board Lite 1.0.2 two sql injections, retrog
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory
[Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory
[Aria-Security Team] iNews News Manager SQL Injection, Advisory
[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen
Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child
CPanel 11 Multiple Cross-Site Scription, Advisory
[ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen
WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory
DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar
- <Possible follow-ups>
- Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz
New Windows tool - NBTEnum 3.3, Reed Arvin
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl
  - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Tim Newsham
    - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- <Possible follow-ups>
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
  - Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steven M. Christey
  - Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
- RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Shawn Fitzgerald
Siap Cms Sql Injection (login.asp), nagazakig74
Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74
AttackAPI 2.0 alpha, pdp (architect)
Free tool for pattern identification (for researchers), Gary Golomb
mAlbum v0.3 local file inclusion, tux025
[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability, Advisory
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability, Advisory
Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution, Moritz Muehlenhoff
Clickblog Sql Injection, Advisory
ClickGallery Sql Injection, Advisory
iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability, iDefense Labs
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename), liuqx
VMware 5.5.1 Local Buffer Overflow (HTML Exploit), NormandiaN_MailID
- Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit), str0ke
[SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities, Noah Meyerhans
CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, Francesco Laurita
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, raven
rPSA-2006-0218-1 ImageMagick, rPath Update Announcements
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), liuqx
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, x___ . _
- <Possible follow-ups>
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, Mefisto
- Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, yalnifj
rPSA-2006-0219-1 info install-info texinfo, rPath Update Announcements
MHL-2006-003 Public Advisory: "mboard" file creation issue, Mayhemic Labs Security
iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs
[ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, sflist
2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (AT)
AIDE problem handling symlinks, fryxar fryxar
ClickContact SQL Injection, Advisory
CVE-2006-5815: remote code execution in ProFTPD, John Morrissey
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, research
- Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal, Jon Hart
GnuPG 1.4 and 2.0 buffer overflow, Werner Koch
- safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow), Solar Designer
[ GLSA 200611-22 ] Ingo H3: Folder name shell command injection, Sune Kloppenborg Jeppesen
uPhotoGallery (v 1.1) SQL Injection, Advisory
[USN-386-1] ImageMagick vulnerability, Kees Cook
evince buffer overflow exploit (gv), kspecial
TSLSA-2006-0066 - multi, Trustix Security Advisor
ProFTPD mod_tls pre-authentication buffer overflow, research
- Re: ProFTPD mod_tls pre-authentication buffer overflow, Mark Wadham
b2evolution XSS Vulnerabilities, tarkus
[USN-387-1] Dovecot vulnerability, Kees Cook
[ GLSA 200611-23 ] Mono: Insecure temporary file creation, Raphael Marichez
[ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability, Raphael Marichez
[ GLSA 200611-24 ] LHa: Multiple vulnerabilities, Raphael Marichez
[USN-385-1] tar vulnerability, Kees Cook
New report on Teredo security, Jim Hoagland
- Re: [Full-disclosure] New report on Teredo security, Jeroen Massar
Multiple Vulnerabilities in AlternC version 0.9.5, Vincent A . Menard
b2evolution Remote File inclusion Vulnerability, tarkus
Re: [WEB SECURITY] The state of JavaScript Hacking, bugtraq
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, philip anselmo
- <Possible follow-ups>
- Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, Stuart Moore
ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
  - Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
    - Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle
iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability, iDefense Labs
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability, jesper . jurcenoks
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability, Secunia Research
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability, Mike Prosser
OWASP JBroFuzz 0.3 Fuzzer Released!, subere
New Windows tool - PWDumpX v1.0, Reed Arvin
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
[Aria-Security Team] FipsSHOP SQL Injection, Advisory
Potentially OT: AJAX article, clappymonkey
[USN-388-1] KOffice vulnerability, Kees Cook
[USN-389-1] GnuPG vulnerability, Kees Cook
[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities, security
Secunia Research: MailEnable IMAP Service Two Vulnerabilities, Secunia Research
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert
[USN-390-1] evince vulnerability, Kees Cook
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS, mr_kaliman
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez
contentserv 4.x, capt . nem0
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability, ajannhwt
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION, blueshisha
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs
LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability, security
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability, security
rPSA-2006-0221-1 openldap openldap-clients openldap-servers, rPath Update Announcements
rPSA-2006-0220-1 dovecot, rPath Update Announcements
rPSA-2006-0224-1 gnupg, rPath Update Announcements
rPSA-2006-0222-1 tar, rPath Update Announcements

Mail converted by MHonArc