Buqtraq Archiv März 2007

Date Index

[ MDKSA-2007:050 ] - Updated Firefox packages fix multiple vulnerabilities, security
Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB, Chris Travers
[ MDKSA-2007:051 ] - Updated snort packages fix DoS vulnerability, security
[USN-416-2] nvidia-glx-config regression, Martin Pitt
Comodo Bypassing settings protection using magic pipe Vulnerability, Matousec - Transparent security Research
Angel LMS 7.1 - Remote SQL Injection, Guns
- Re: Angel LMS 7.1 - Remote SQL Injection, str0ke
Serendipity unauthenticated SQL-Injection, SaMuschie
Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting, the_3dit0r
Re: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), sithlordstorm
aWebNews v 1.1=>RFI, mostafa_ragab
Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit, revenge
WB News Remote File Include in all versions, mostafa_ragab
LayerOne 2007 - Call for Papers and Pre-Registration, Layer One
aWebNews V 1.1, mostafa_ragab
Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, jrgong420
- <Possible follow-ups>
- Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, ron . kleinman
- RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability, Dr Joe
- Re: RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability, 5150sd
[ GLSA 200703-01 ] Snort: Remote execution of arbitrary code, Raphael Marichez
[ GLSA 200703-02 ] SpamAssassin: Long URI Denial of Service, Raphael Marichez
SPAW Editor PHP Edition, RaeD Hasadya
- Re: SPAW Editor PHP Edition, Steve Watt
[USN-428-2] Firefox regression, Kees Cook
[ GLSA 200703-03 ] ClamAV: Denial of Service, Raphael Marichez
vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln., meto5757
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability, zdi-disclosures
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day, SaMuschie
- Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day, MC Iglo
Re: Re: WordPress Search Function SQL-Injection, none
iDefense Security Advisory 03.02.07: Kaspersky AntiVirus UPX File Decompression DoS Vulnerability, iDefense Labs
Remote File Include In DBImageGallery, RaeD Hasadya
- <Possible follow-ups>
- Re: Remote File Include In DBImageGallery, tg
Limited format string in Netrek 2.12.0, Luigi Auriemma
[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities, security
WordPress source code compromised to enable remote code execution, ifsecure
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit, gmdarkfig
[ GLSA 200703-04 ] Mozilla Firefox: Multiple vulnerabilities, Raphael Marichez
rPSA-2007-0048-1 tcpdump, rPath Update Announcements
Tyger Bug Tracking System Multiple Vulnerability, corrado . liotta
BJ Webring XSS, sn0oPy . team
Re: Evading the Norman SandBox Analyzer, John Smith
- Re: Evading the Norman SandBox Analyzer, Arne Vidstrom
rPSA-2007-0040-3 firefox thunderbird, rPath Update Announcements
[Fwd: Re: Angel LMS 7.1 - Remote SQL Injection], don bailey
Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities, emptysands
ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code, Raphael Marichez
[ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200703-06 ] AMD64 x86 emulation Qt library: Integer overflow, Raphael Marichez
[SECURITY] [DSA 1262-1] New gnomemeeting packages fix arbitrary code execution, Moritz Muehlenhoff
Show Password Admin In Script Uploadscript, RaeD Hasadya
ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities, Stefan Friedli
Konqueror DoS Via JavaScript Read Of FTP Iframe, mark
Extending JavaScript Portscanning to Include Banner Grabbing, mark
- Re: Extending JavaScript Portscanning to Include Banner Grabbing, Vincent Archer
XXS in script Phorum, RaeD Hasadya
- Re: XXS in script Phorum, Maurice Makaay
Sava's GuestBook Multiple Vulnerabilities, bugtraq
LI-Guestbook SQL Injection Vulnerability, bugtraq
Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6, Sebastian Wolfgarten
HITBSecConf2007 - Malaysia: Call for Papers now Open, Praburaajan
XSS Remote In vCard 2.6 (c)2002, RaeD Hasadya
Wordpress <= v2.1.0, ciri
- RE: Wordpress <= v2.1.0, McCarty, Eric C.
- Re: Wordpress <= v2.1.0, vvitkov@xxxxxxxxxxxxx
- <Possible follow-ups>
- Re: Re: Wordpress <= v2.1.0, ciri
DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25, Chris Travers
iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability, iDefense Labs
CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability, CORE Security Technologies Advisories
Apple QuickTime Player Remote Heap Overflow, Piotr Bania
Call for Participation Chaos Communication Camp 2007, fukami
Apple QuickTime udta ATOM Integer Overflow, Sowhat
[security bulletin] HPSBUX02153 SSRT061181 rev.3 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS), security-alert
[Reversemode Advisory] Apple Quicktime Color ID remote heap corruption, Reversemode
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass, retrog
Re: Tinyportal Shoutbox, ichbin
rPSA-2007-0050-1 kernel, rPath Update Announcements
[ GLSA 200703-07 ] STLport: Possible remote execution of arbitrary code, Matthias Geerdsen
[USN-429-1] tcpdump vulnerability, Kees Cook
[USN-430-1] mod_python vulnerability, Kees Cook
[SECURITY] [DSA 1263-1] New clamav packages fix denial of service, Moritz Muehlenhoff
[USN-431-1] Thunderbird vulnerabilities, Kees Cook
[ MDKSA-2007:052 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
[ MDKSA-2007:053 ] - Updated util-linux packages address umount crash issue, security
Re: Drake CMS v0.3.2 < = RFi Vulnerabilities, legolas558
iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities, iDefense Labs
xss in phpmyadmin >=2.8.0 and < 2.10.0, alfa
Firekeeper - IDS for Firefox available, Jan Wrobel
- Re: Firekeeper - IDS for Firefox available, Jex
  - Re: Firekeeper - IDS for Firefox available, Bob Beck
    - Re: Firekeeper - IDS for Firefox available, Jan Wrobel
    - Re: Firekeeper - IDS for Firefox available, Bob Beck
    - Re: Firekeeper - IDS for Firefox available, Gadi Evron
  - Re: Firekeeper - IDS for Firefox available, Jan Wrobel
- <Possible follow-ups>
- Re: Re: Firekeeper - IDS for Firefox available, irondell
month of PHP bugs, secondary message?, Gadi Evron
- Re: [Full-disclosure] month of PHP bugs, secondary message?, Marcus Meissner
RPS 6.2 SQL Injection Exploit, s0cratex
ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability, zdi-disclosures
ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability, zdi-disclosures
[SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities, Moritz Muehlenhoff
FLSA - foresight linux security announcements, Jonathan Smith
- Message not available
  - FLEA-2007-0001-1: firefox, Foresight Linux Essential Announcement Service
- Message not available
  - FLEA-2007-0002-1: inkscape, Foresight Linux Essential Announcement Service
- Message not available
  - FLEA-2007-0003-1: cups, Foresight Linux Essential Announcement Service
- Message not available
  - FLEA-2007-0004-1: openoffice.org, Foresight Linux Essential Announcement Service
- Message not available
  - FLEA-2007-0005-1: slocate, Foresight Linux Essential Announcement Service
Lazarus Guestbook (admin.php)Remote File Include Expliot, c_r_ck
- Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot -, Mailinglists Address
Buffer-overflow in Conquest client 8.2a (svn 691), Luigi Auriemma
rPSA-2007-0051-1 mod_python, rPath Update Announcements
rPSA-2007-0052-1 kdelibs, rPath Update Announcements
dynaliens v2.0/v2.1 bypass admin authentification + XSS, sn0oPy . team
Black Hat USA CFP Now Open!, Jeff Moss
Ann: Backtrack 2.0 released, Thierry Zoller
[USN-424-2] PHP regression, Kees Cook
[ MDKSA-2007:057 ] - Updated xine-lib packages to address buffer overflow vulnerability, security
PHP 4.4.6 crack_opendict() local buffer overflow poc exploit, retrog
[ MDKSA-2007:056 ] - Updated tcpdump packages address off-by-one overflow, security
[ MDKSA-2007:055 ] - Updated mplayer packages to address buffer overflow vulnerability, security
Word Press Sensitive Directory exposure (SQL), r00t2000
- Re: Word Press Sensitive Directory exposure (SQL), Francesco Laurita
- <Possible follow-ups>
- Re: Word Press Sensitive Directory exposure (SQL), none
[ MDKSA-2007:054 ] - Updated kdelibs packages to address DoS issue in KDE Javascript, security
[USN-432-1] GnuPG vulnerability, Kees Cook
Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
- RE: Microsoft Windows Vista/2003/XP/2000 file management security issues, M. Burnett
- RE: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
  - Message not available
    - RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
    - Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Tim
    - RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
    - RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Laundrup, Jens
    - Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
    - Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Tim
    - Message not available
    - Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God)
    - RE: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
    - Message not available
    - Re: Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God)
    - Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
    - RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, M. Burnett
    - RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
    - Message not available
    - RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Roger A. Grimes
    - Message not available
    - Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, Thor (Hammer of God)
- <Possible follow-ups>
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Steven M. Christey
  - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
    - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Daniel Hazelton
    - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
    - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Paweł Goleń
    - Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues, 3APA3A
  - Re: Microsoft Windows Vista/2003/XP/2000 file management security issues, Richard Huxton
PHP import_request_variables() arbitrary variable overwrite, Stefano Di Paola
[ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability, erdc
[ MDKSA-2007:059 ] - Updated gnupg packages provide enhanced forgery detection, security
Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005), Daniel Roethlisberger
[USN-434-1] Ekiga vulnerability, Kees Cook
TSLSA-2007-0009 - multi, Trustix Security Advisor
MS07-016 FTP Response DOS PoC, Mathew Rowley
XSS In Script deviantART, RaeD Hasadya
Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, hugo
Php Nuke POST XSS on steroids, ascii
- Re: Php Nuke POST XSS on steroids, Paul Laudanski
  - Re: Php Nuke POST XSS on steroids, ascii
    - Re: Php Nuke POST XSS on steroids, Paul Laudanski
SyScan'07 - Call for Paper - NEW UPDATES, organiser@xxxxxxxxxx
Sql injection in WordPress 2.1.2, Omid
- Re: Sql injection in WordPress 2.1.2, steven
[CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability, Williams, James K
Remote File Include In Script copyright (c) James Coyle; JCcorp, RaeD Hasadya
Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, KJKHyperion
Remote File Include In Script Coppermine Photo Gallery, RaeD Hasadya
SecurityFocus is turning seven. What's next? - OFFTOPIC - Please excuse the X-Post, Alfred Huger
SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service, research
HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection, UniquE
[ MDKSA-2007:058 ] - Updated ekiga packages fix string vulnerabilities., security
[ MDKSA-2007:060 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
WordPress XSS under function wp_title(), g30rg3_x
Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today), Chris Travers
[ GLSA 200703-08 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez
wwwpaintboar(newsfile) Remote File Inclusion Vulnerability, saw_xyz
[USN-433-1] Xine vulnerability, Kees Cook
[ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities, Raphael Marichez
[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper), Cesar
PHP-Nuke <= 8.0 Cookie Manipulation (lang), programmer
- Re: PHP-Nuke <= 8.0 Cookie Manipulation (lang), Paul Laudanski
Remote File Include In Script Premod SubDog 2, RaeD Hasadya
Remote File Include In Script SoftNews Media Group, RaeD Hasadya
Fıstıq Duyuru Scripti Remote Sql İnjection Exploit, crazy_king
WWWboard password disclosure, r00t2000
Grayscale <= 0.8.0 Multiple Vulnerabilities, omnipresent
Pre-open files attack agains locked file, 3APA3A
[ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability, erdc
NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit, gmdarkfig
Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefan Esser
- Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefano Di Paola
  - Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Stefan Esser
- Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, ascii
- <Possible follow-ups>
- Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, Steven M. Christey
- Re: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite, retrog
Re: PHP Classifieds 7.1 - Remote File Include Vulnerability, support
[ GLSA 200703-10 ] KHTML: Cross-site scripting (XSS) vulnerability, Raphael Marichez
[SECURITY] [DSA 1265-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
Remote File Include In ClipShare.v1.5.3, RaeD Hasadya
Remote File Include In Script PHP Photo Album, RaeD Hasadya
- <Possible follow-ups>
- Re: Remote File Include In Script PHP Photo Album, Steven M. Christey
[security bulletin] HPSBUX02129 SSRT061149 rev.2 - HP-UX running SLP, Remote Unauthorized Access, security-alert
Remote File Include In Script moodle-1.7.1, RaeD Hasadya
- <Possible follow-ups>
- Re: Remote File Include In Script moodle-1.7.1, martin
Wiki Remote Authentication Bypass Vulnerability, DoZ
- Re: Wiki Remote Authentication Bypass Vulnerability, Matt D. Harris
AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability, BorN To K!LL BorN To K!LL
Fantastico In all Version Cpanel 10.x <= local File Include, z3r0 z3r0.2.z3r0
GuppY v4.0 remote del files/index, sn0oPy . team
RIM BlackBerry Pearl 8100 Browser DoS, clappymonkey
- <Possible follow-ups>
- Re: RIM BlackBerry Pearl 8100 Browser DoS, anon
- Re: Re: RIM BlackBerry Pearl 8100 Browser DoS, clappymonkey
[security bulletin] HPSBUX02196 SSRT071318 rev.2 - HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code, security-alert
[USN-435-1] Xine vulnerability, Kees Cook
[USN-436-1] KTorrent vulnerabilities, Kees Cook
[ECHO_ADV_69$2007] OES (Open Educational System) 0.1beta Remote File Inclusion Vulnerability, erdc
Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Thierry Zoller
- Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Gadi Evron
- Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Reversemode
  - Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god.., Nicolas RUFF
Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007, Paul Böhm
Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln, BorN To K!LL BorN To K!LL
- Re: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln, Mailinglists Address
[ECHO_ADV_73$2007] MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability, erdc
[USN-432-2] GnuPG2, GPGME vulnerability, Kees Cook
JGBBS 3.0beta1 Version Search.ASP "Author" SQL Injection Exploit, UniquE
[ MDKSA-2007:061 ] - Updated mplayer packages to address buffer overflow vulnerability, security
[ MDKSA-2007:062 ] - Updated xine-lib packages to address buffer overflow vulnerability, security
CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow, CORE Security Technologies Advisories
[ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code, Raphael Marichez
n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation, security
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery, security
[SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery, Moritz Muehlenhoff
n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion, security
n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection, security
[ GLSA 200703-12 ] SILC Server: Denial of Service, Matthias Geerdsen
SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal, David Matscheko
SymEvent Driver Local Access System Denial of Service, Matousec - Transparent security Research
New report on Windows Vista network attack surface, Jim Hoagland
Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability, starcadi starcadi
iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, iDefense Labs
[ECHO_ADV_71$2007] AMP v3.2 (base_path) Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability, erdc
[ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability, erdc
WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit, UniquE
Phishing using IE7 local resource vulnerability, avivra
- <Possible follow-ups>
- Re: Phishing using IE7 local resource vulnerability, robert
  - RE: Phishing using IE7 local resource vulnerability, avivra
[ GLSA 200703-13 ] SSH Communications Security's Secure Shell Server: SFTP privilege escalation, Raphael Marichez
Woltab Burning Board SQL Injection usergroups.php, x666
Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues, Moritz Naumann
Horde 3.1.4 (RC1) fixes XSS issue, Moritz Naumann
[ECHO_ADV_76$2007] Company WebSite Builder PRO (INCLUDE_PATH) Remote File Inclusion Vulnerability, erdc
IBM Rational ClearQuest Web - Cross Site Scripting, james
[ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability, erdc
Orion-Blog v2.0 Version Remote Privilege Escalation Exploit, UniquE
Norton Insufficient validation of 'SymTDI' driver input buffer, Matousec - Transparent security Research
XSS vulnerability in the online help system of several Cisco products, cassio
- Re: XSS vulnerability in the online help system of several Cisco products, Eloy Paris
Remote File Inclusion in ViperWeb, asamad
iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability, iDefense Labs
PHP <= 4.4.6 ibase_connect() local buffer overflow, retrog
QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow, starcadi starcadi
- Call for chapters - Handbook of Research on Digital Anti-forensics and In-security Governance, Jeimy Cano
LIBFtp 5.0 (sprintf(), strcpy()) Multiple local buffer overflow, starcadi starcadi
vbulletin admincp sql injection, disfigure
WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include, drackanz
- <Possible follow-ups>
- Re: WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include, craig
PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln, BorN To K!LL BorN To K!LL
Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit, UniquE
Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php, Bastian Ahrens
DirectAdmin Cross Site Scripting XSS, Mandr4ke . root
[SECURITY] [DSA 1267-1] New webcalendar packages fix remote file inclusion, Moritz Muehlenhoff
MS07-012 Not Fixed, Greg Sinclair
[CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities, Williams, James K
Rot 13 <= (enkrypt.php) Remote File Disclosure Vulnerability, BorN To K!LL BorN To K!LL
Oracle Portal PORTAL.wwv_main.render_warning_screen XSS, Sea Shark
RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, Topolski, Leo
Re: fx-APP Version 0.0.8.1, osdesk
Call For Papers - IT Underground Dublin, Marcin Tkaczyk
- <Possible follow-ups>
- Call For Papers - IT Underground Dublin, marcin . tkaczyk
April, 2007 is the "Month of Myspace Bugs", mondo_armando
iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities, iDefense Labs
Your Opinion, Mark Litchfield
- Re: Your Opinion, bugtraq
- Re: Your Opinion, Jonathan Glass (GM)
- RE: Your Opinion, Mario Contestabile
- Re: Your Opinion, Crispin Cowan
- Re: Your Opinion, William A. Rowe, Jr.
- RE: Your Opinion, Scott Blake
- Re: Your Opinion, The Fungi
- Re: Your Opinion, Casper . Dik
  - RE: Your Opinion, Jim Harrison
- RE: Your Opinion, Jim Harrison
  - RE: Your Opinion, Alex Eckelberry
  - Re: Your Opinion, Andrew Kramer
- Re: Your Opinion, Forrest J. Cavalier III
- Re: Your Opinion, Paul Stepowski
- <Possible follow-ups>
- Re: Your Opinion, Neil Dickey
  - Re: Your Opinion, Jack Lloyd
- RE: Your Opinion, jay.tomas
  - RE: Your Opinion, Jim Harrison
- RE: Your Opinion, Neale Green
Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit, UniquE
rPSA-2007-0056-1 gnupg, rPath Update Announcements
rPSA-2007-0057-1 libwpd, rPath Update Announcements
[ MDKSA-2007:063 ] - Updated libwpd packages to address heap overflow vulnerabilities, security
[ MDKSA-2007:064 ] - Updated openoffice.org packages to address libwpd heap overflow vulnerabilities, security
Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot, Steven M. Christey
[NETRAGARD-20070316 SECURITY ADVISORY][FrontBase Database <= 4.2.7 ALL PLATFORMS][REMOTE BUFFER OVERFLOW CONDITION][LEVEL: EASY][RISK:MEDIUM], Netragard Security Advisories
[ GLSA 200703-14 ] Asterisk: SIP Denial of Service, Raphael Marichez
[ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200703-16 ] Apache JK Tomcat Connector: Remote execution of arbitrary code, Raphael Marichez
Bypassing Mcafee Entreprise Password Protection, thesinoda
- Re: Bypassing Mcafee Entreprise Password Protection, 3APA3A
  - RE: Bypassing Mcafee Entreprise Password Protection, Rogheden Anders
CLBOX <= (signup.php header) Remote File Include Vulnerability, BorN To K!LL BorN To K!LL
Your Opinion +, Mark Litchfield
- Re: Your Opinion +, Alex Belits
- <Possible follow-ups>
- Re: Your Opinion +, Thor (Hammer of God)
Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability, starcadi
[SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution, Martin Schulze
Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB, Chris Travers
Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day, gmdarkfig
[SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file, Martin Schulze
MetaForum <= 0.513 Beta - Remote file upload Vulnerability, aeroxteam------nospam-----
[ GLSA 200703-17 ] ulogd: Remote execution of arbitrary code, Raphael Marichez
[ GLSA 200703-18 ] Mozilla Thunderbird: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200703-19 ] LTSP: Authentication bypass in included LibVNCServer code, Raphael Marichez
[ GLSA 200703-20 ] LSAT: Insecure temporary file creation, Raphael Marichez
Unclassified NewsBoard 1.6.3 multiples logs disclosure, none
Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability, dh
CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability, snakeapollon
- Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability, str0ke
phpx 3.5.15 multiples vulnerabilities, none
Conflict of Interest - My summary, Mark Litchfield
- Re: Conflict of Interest - My summary, crazy frog crazy frog
[Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation, Reversemode
w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities, jesper . jurcenoks
w-agora version 4.2.1 Information Disclosure Vulnerability, jesper . jurcenoks
ZynOS v3.40 One packet killer, Joxean Koret
[USN-437-1] libwpd vulnerability, Kees Cook
Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy, Sea Shark
Web Wiz Forums 8.05 (MySQL version) SQL Injection, Ivan Fratric
Advisory - Redirection Vulnerability in wp-login.php., Metaeye SG
w-agora [multiples file upload,xss,full path disclosure,error sql], none
Microsoft coverup ? Stolen Xbox live accounts list of known victims - Please Help, Kevin Finisterre (lists)
[ GLSA 200703-22 ] Mozilla Network Security Service: Remote execution of arbitrary code, Raphael Marichez
Helix Server heap overflow, research
[ GLSA 200703-21 ] PHP: Multiple vulnerabilities, Raphael Marichez
[ GLSA 200703-23 ] WordPress: Multiple vulnerabilities, Raphael Marichez
Linksys WAG200G - Information disclosure, dniggebrugge
- Re: Linksys WAG200G - Information disclosure, Shawn Merdinger
- Re: Linksys WAG200G - Information disclosure, Bartłomiej Ochman
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug, Noah Meyerhans
[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
[ MDKSA-2007:065 ] - Updated nas packages address multiple vulnerabilities, security
[ MDKSA-2007:066 ] - Updated OpenAFS packages address vulnerability, security
[USN-438-1] Inkscape vulnerability, Kees Cook
Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow, Secunia Research
Secunia Research: Evolution Shared Memo Categories Format String Vulnerability, Secunia Research
Secunia Research: XMMS Integer Overflow and Underflow Vulnerabilities, Secunia Research
[security bulletin] HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS), security-alert
HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access, security-alert
Two new DoS Vulnerabilities in Asterisk Fixed, Matt Riddell (NZ)
**SubHub v2.3.0**, anon
- <Possible follow-ups>
- Re: **SubHub v2.3.0**, webmaster
[ECHO_ADV_77$2007] Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability, erdc
CFP for RAID 2007: Extended due date for papers: April 8th, jeffh
[USN-439-1] file vulnerability, Kees Cook
[USN-440-1] MySQL vulnerability, Kees Cook
rPSA-2007-0059-1 file, rPath Update Announcements
ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, yearsilent
- <Possible follow-ups>
- Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, support
- Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, support
Remote File Include In Coppermine Photo Gallery, RaeD Hasadya
[ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability, security
[NB07-22] Multiple vulnerabilities in NETxEIB OPC server, Lluis Mora
[NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server, Lluis Mora
[NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server, Lluis Mora
[NB07-08] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server, Lluis Mora
[SECURITY] [DSA 1272-1] New tcpdump packages fix denial of service, Moritz Muehlenhoff
[NB07-09] Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server, Lluis Mora
[NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server, Lluis Mora
[ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability, security
CRLF injection in PHP ftp function, fangxiaodun
[ MDKSA-2007:069 ] - Updated inkscape packages to format string vulnerability, security
iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability, iDefense Labs
iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability, iDefense Labs
Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi, Cold - Zero
File Upload System V1.0 (AD_BODY_TEMP) multiple file include, ngevedBangetAsli
Remote File Include In phpBB-2.0.19, RaeD Hasadya
- BOGUS: Remote File Include In phpBB-2.0.19, Cornelius Riemenschneider
- <Possible follow-ups>
- Re: Remote File Include In phpBB-2.0.19, neothermic
Fizzle : Firefox Extension Vulnerability, CrYpTiC MauleR
CcCounter 2.0 cross-site scripting vulnerability, localexploit
Path Disclosure - Wordpress 2.1.2, lj
- Re: Path Disclosure - Wordpress 2.1.2, jm
Horde Webmail Multiple HTML Injection vulnerability, DoZ
- Re: Horde Webmail Multiple HTML Injection vulnerability, Jan Schneider
Mephisto blog is vulnerable to XSS, Sergey Tikhonov
Satel Lite for PhpNuke (Satellite.php) <= Local File Inclusion, stormhacker
Re: [Full-disclosure] XSS at Aon.at, Austrian ISP, Nikolay Kichukov
Multiple XSS in IronMail, Javier Olascoaga
PHP 5.2.1 with PECL phpDOC local buffer overflow, retrog
Playstation 3 "Remote Play" Remote DoS Exploit, mak0b
Libero.it (italian ISP) XSS vulnerability, rosario . valotta
[USN-441-1] Squid vulnerability, Kees Cook
[USN-442-1] Evolution vulnerability, Kees Cook
[ GLSA 200703-24 ] mgv: Stack overflow in included gv code, Raphael Marichez
Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC, UniquE
- <Possible follow-ups>
- Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC, andy
Metasploit Framework 3.0 RELEASED!, H D Moore
[KAPDA::#64] - Flexbb Sql Injection, alireza hassani
[ECHO_ADV_78$2007] C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability, erdc
[KDE Security Advisory] KDE ioslave PASV port scanning vulnerability, Dirk Mueller
Yahoo! Messenger Auth Bypass Vulnerability, kishor . tech
Linux Kernel DCCP Memory Disclosure Vulnerability, Robert Święcki
- Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability, Robert Święcki
[ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability, security
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01, skillTube.com
[SECURITY] [DSA 1273-1] New nas packages fix multiple remote vulnerabilities, Noah Meyerhans
[USN-443-1] Firefox vulnerability, Kees Cook
[USN-444-1] OpenOffice.org vulnerabilities, Kees Cook
[USN-445-1] XMMS vulnerabilities, Kees Cook
Bypass phishing protection in Firefox / Opera, zonafirefox
- <Possible follow-ups>
- Re: Bypass phishing protection in Firefox / Opera, Anonymous
- Re: Re: Bypass phishing protection in Firefox / Opera, bob
- Re: Re: Bypass phishing protection in Firefox / Opera, zonafirefox
- Re: Bypass phishing protection in Firefox / Opera, Łukasz Pilorz
[USN-446-1] NAS vulnerabilities, Kees Cook
Corel Wordperfect Office X3 Stack Overflow, jonny
[Full-Disclosure] Another XSS vulnerability in italian Libero.it, Matteo G.P. Flora
iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability, iDefense Labs
iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability, iDefense Labs
ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability, zdi-disclosures
Re: Multiple Vulnerabilities In osTicket, eticket
Re: [SECURITY ALERT] osTicket bugs, eticket
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue, Moritz Naumann
- Re: [viewvc-users] Update: ViewCVS and ViewVC 'checkout view' content type fixation issue, C. Michael Pilato
Re: SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)., William A. Rowe, Jr.
Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180), Tim Rees
[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
Arbitrary Command Execution in DataDomain Administrator Interface, Elliot Kendall
Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Re: Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability, acme
rPSA-2007-0061-1 inkscape, rPath Update Announcements
Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability, 3APA3A
Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit, ajannhwt
Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability, bithedz
Widespread vulnerabilities in Libero.it/Infostrada.it web portals, rosario . valotta
[Full-disclosure] [USN-447-1] KDE library vulnerabilities, Kees Cook
Windows Live Spaces logged user NetworkSetup.aspx cross site scripting, paolo . difebbo
AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability, Justin Seitz
[ MDKSA-2007:071 ] - Updated xmms packages to address integer vulnerabilities, security
[ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror, security
[ GLSA 200703-25 ] Ekiga: Format string vulnerability, Raphael Marichez
iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability, iDefense Labs
[ MDKSA-2007:073 ] - Updated openoffice.org packages to address vulnerabilities, security
Mybb Change Password Vulnerability, security
VMSA-2007-0002 VMware ESX security updates, VMware Security team
0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov
- Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Jan Wrobel
  - Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov
    - RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038), Eric Sites
- Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038), Alexander Sotirov
CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability, M. Shirk
DrakeCMS multiple vulerabilities, security
AIX 4.3 lsmcode local root command execution, pr1nce_empire
The Week Of Vista Bugs [TWOVB], TWOVB Team
[ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability, erdc
ANI Zeroday, Third Party Patch, Marc Maiffret
[ GLSA 200703-26 ] file: Integer underflow, Raphael Marichez
Busting The Bluetooth Myth, Max Moser
TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability, TSRT
CA BrightStor ARCserve Backup Mediasvr.exe vulnerability, Williams, James K
On-going Internet Emergency and Domain Names, Gadi Evron
Windows .ANI Stack Overflow Exploit, devcode29
PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC, UniquE
Remot File Include In SLAED_CMS_2, RaeD Hasadya
Remot File Include In Shop-SCRIPT FREE, RaeD Hasadya
Remot File Include In Aardvark Topsites PHP 5, RaeD Hasadya

Mail converted by MHonArc