Buqtraq Archiv Januar 2008
- Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search,
Audun Larsen
- MODx CMS Source code disclosure, local file inclusion,
admin
- XSS Vulnerabilities in Common Shockwave Flash Files,
rich cannings
- Buffer-overflow and format string in White_Dune 0.29beta791,
Luigi Auriemma
- phpBB2 2.0.22 Cross Site Scripting Vulnerability,
bugtraq
- Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003,
Luigi Auriemma
- AST-2008-001: Crash from transfer using BYE with Also header,
Asterisk Security Team
- Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication,
avivra
- [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access,
security-alert
- xss in w3-msql error page,
vivek_infosec
- [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities,
security
- Re: Cryptome: NSA has real-time access to Hushmail servers,
John Simpson
- RE: Latest round of web hacking incidents for 2007 & Project news,
Memisyazici, Aras
- [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service,
Moritz Muehlenhoff
- rPSA-2008-0001-1 dovecot,
rPath Update Announcements
- multiple CAPTCHA automation test bypass digest,
3APA3A
- [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- securityvulns.com russian vulnerabilities digest,
3APA3A
- [SECURITY] [DSA 1445-1] New maradns packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- rPSA-2008-0004-1 tshark wireshark,
rPath Update Announcements
- FortiGuard: URL Filtering Application Bypass Vulnerability,
Danux
- Multiple vulnerabilities in yaSSL 1.7.5,
Luigi Auriemma
- Some DoS in some telnet servers,
Luigi Auriemma
- Pre-auth buffer-overflow in mySQL through yaSSL,
Luigi Auriemma
- iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability,
iDefense Labs
- [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service,
security
- rPSA-2008-0006-1 libexif,
rPath Update Announcements
- NetRisk 1.9.7 Remote File Inclusion Vulnerability,
erne
- INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT,
underwater
- [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error,
Steve Kemp
- rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi,
rPath Update Announcements
- [SECURITY] [DSA 1450-1] New util-linux packages fix programming error,
Steve Kemp
- [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code,
Steve Kemp
- rPSA-2008-0008-1 cups,
rPath Update Announcements
- [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution,
Steve Kemp
- Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207,
Robbie Gill
- vBulletin 3.6.8 XSRF/XSS Vulnerability,
nbbn
- netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss),
hadihadi_zedehal_2006
- eTicket 1.5.5.2 Multiple Vulnerabilities,
L4teral
- [HSC] Snitz Forums Multiple Vulnerabilities,
DoZ
- OneCMS Vulnerabilities,
admin
- New Web Hacking Incidents at WHID,
Ofer Shezaf
- [Reversemode Paper] Exploiting WDM Audio Drivers,
Reversemode
- [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Moritz Muehlenhoff
- Linksys WRT54 GL - Session riding (CSRF),
tomaz . bratusa
- SocialURL Login Page Cross-Site Scripting,
morin . josh
- PostgreSQL 2007-01-07 Cumulative Security Release,
Josh Berkus
- [SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service,
Steve Kemp
- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.,
p4imi0
- [SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- LayerOne 2008 - CFP Released,
Layer One
- CORE-2007-1106: SynCE Remote Command Injection,
CORE Security Technologies Advisories
- [SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution,
Moritz Muehlenhoff
- PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes.,
Reed Arvin
- PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes,
Reed Arvin
- iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability,
iDefense Labs
- Level-One WBR-3460A Grants Root Access,
anastasiosm
- VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages,
VMware Security team
- [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities,
security
- [USN-560-1] Tomboy vulnerability,
Jamie Strandboge
- sysHotel On Line Remote File Disclosure Vulnerability.,
p4imi0
- VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1,
VMware Security team
- Corsaire Security Advisory: Sun J2RE DoS issue,
advisories
- HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
- HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
- Joomla 1.0.13 CSRF,
J. Carlos Nieto
- [SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems,
Steve Kemp
- ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow,
Robert Buchholz
- [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution,
security-alert
- First (Major) web hacking incidents for 2008. Sign of the year to come?,
Ofer Shezaf
- LFI in Tuned Studios Templates,
Digital Security Research Group [DSecRG]
- [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS,
infocus
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues,
security
- [USN-562-1] opal vulnerability,
Kees Cook
- Privileg escalation in Omegasoft Insel 7,
MC Iglo
- [ GLSA 200801-01 ] unp: Arbitrary command execution,
Robert Buchholz
- [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities,
security
- Pre-auth remote commands execution in SAP MaxDB 7.6.03.07,
Luigi Auriemma
- [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected,
infocus
- [USN-561-1] pwlib vulnerability,
Kees Cook
- [USN-564-1] Net-SNMP vulnerability,
Jamie Strandboge
- [ GLSA 200801-02 ] R: Multiple vulnerabilities,
Pierre-Yves Rofes
- [USN-563-1] CUPS vulnerabilities,
Kees Cook
- iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability,
iDefense Labs
- [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation,
Pierre-Yves Rofes
- [ GLSA 200801-04 ] OpenAFS: Denial of Service,
Pierre-Yves Rofes
- [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service,
Thijs Kinkhorst
- [ GLSA 200801-05 ] Squid: Denial of Service,
Pierre-Yves Rofes
- [USN-565-1] Squid vulnerability,
Kees Cook
- [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities,
security
- [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure,
Thijs Kinkhorst
- uCon 2008 call for participation - Recife, Brazil,
ucon
- Simple Machines Forum Cross-Site Scripting Vulnerabilities,
DoZ
- PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager,
ProCheckUp Research
- [USN-566-1] OpenSSH vulnerability,
Kees Cook
- Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit,
info
- [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities,
Robert Buchholz
- BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP,
Adrian P
- Word 2007 Email as PDF path disclosure flaw,
ebk_lists
- MTCMS <=2.0 SQL Injection Vulnerbility,
hadihadi_zedehal_2006
- Buffer-overflow in Quicktime Player 7.3.1.70,
Luigi Auriemma
- <Possible follow-ups>
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70,
none
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70,
snagg
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability,
security
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability,
Noah Meyerhans
[USN-567-1] Dovecot vulnerability,
Kees Cook
ImageAlbum Remote SQL Injection Vulnerabilities,
db
re-resting of zzuf results,
Hanno Böck
At long last -- Extra Outlooks!,
Thor (Hammer of God)
[ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities,
security
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability,
sp3x
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability,
sp3x
CFP: EuroSec Workshop (March 31st, 2008),
Stefano Zanero
Member Area System (MAS) Remote File Include Vulnerability (view_func.php),
ship_nx
Naymz multiple XSS,
morin . josh
Cross site scripting (XSS) in Moodle 1.8.3,
Hanno Böck
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability,
security
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities,
security
Safari 2 Denial of Service,
S21sec labs
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration,
security
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
F5 BIG-IP Web Management List Search XSS,
nnposter
Garment Center (index.cgi) Local File Inclusion,
Smasher
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation,
Moritz Muehlenhoff
what is this?,
crazy frog crazy frog
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration,
security
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities,
Moritz Muehlenhoff
SQID v0.3 - SQL Injection Digger.,
Metaeye SG
RE: At long last - Extra Outlooks!,
Thor (Hammer of God)
[SECURITY] [DSA 1459-1] New gforge packages fix SQL injection,
Thijs Kinkhorst
ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability,
zdi-disclosures
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily,
sys-project
Hacking The Interwebs,
pdp (architect)
[SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities,
Moritz Muehlenhoff
[USN-568-1] PostgreSQL vulnerabilities,
Jamie Strandboge
[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service,
Moritz Muehlenhoff
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002,
security-alert
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities,
security
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module,
security
FreeBSD Security Advisory FreeBSD-SA-08:01.pty,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:02.libc,
FreeBSD Security Advisories
[USN-569-1] libxml2 vulnerability,
Kees Cook
Country by Country ISA Computer Sets,
Thor (Hammer of God)
Defeating audio captcha systems,
"JosŽé M. Palazón Romero"
Exploiting the SpamBam plugin for wordpress,
"JosŽé M. Palazón Romero"
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS),
sp3x
Article DashBoard all version SQL Injection Vulnerability,
xcross87
Max's File Uploader File Upload Vulnerability,
xcross87
MicroNews Admin Direct Access vulnerability,
xcross87
Pipe to FOR Crashes CMD,
James C. Slora Jr.
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities,
iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities,
iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities,
iDefense Labs
iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability,
iDefense Labs
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service,
Moritz Muehlenhoff
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities,
Digital Security Research Group [DSecRG]
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit,
sys-project
rPSA-2008-0015-1 cairo,
rPath Update Announcements
cPanel Hosting Manager (dohtaccess.html),
no-reply
rPSA-2008-0016-1 postgresql postgresql-server,
rPath Update Announcements
[DSECRG-08-002] Local File Include in arias 0.99-6,
Digital Security Research Group [DSecRG]
rPSA-2008-0017-1 libxml2,
rPath Update Announcements
8e6 Technologies R3000 Internet Filter Bypass by Request Split,
nnposter
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability,
DVLabs
[Aria-Security.Net] Real Estate Web SQL Injection,
no-reply
Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow,
Cisco Systems Product Security Incident Response Team
Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5,
Luigi Auriemma
mcGuestbook v1.2 Remote File Inc.,
gokhankaya
Country by Country Computer Sets now available for ISA 2004,
Thor (Hammer of God)
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10,
come2waraxe
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10,
come2waraxe
TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability,
DVLabs
SQL scalar function to convert big int to dot notation,
Thor (Hammer of God)
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit,
sys-project
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities,
security
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities,
security
[USN-570-1] boost vulnerabilities,
Jamie Strandboge
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update,
security-alert
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution,
Steve Kemp
JoomlaFlash Component Multiple Remote File Inclusion,
Smasher
PHPEchoCMS Multible remote vulnerabilitis,
security
rPSA-2008-0018-1 mysql mysql-bench mysql-server,
rPath Update Announcements
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples,
linlei99
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities,
security
rPSA-2008-0021-1 kernel,
rPath Update Announcements
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution,
Steve Kemp
Re: Utimaco Safeguard Easy vulnerability,
benleavett
Clever Copy <=3.0 Multiple Remote Vulnerabilities,
hadihadi_zedehal_2006
[CSNC] OKI C5510MFP Printer Password Disclosure,
Adrian Leuenberger
RE: Skype videomood XSS,
avivra
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow,
CORE Security Technologies Advisories
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities,
iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability,
iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities,
iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability,
iDefense Labs
ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability,
zdi-disclosures
IMF 2008 - Call for Papers,
Oliver Goebel
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH),
Robert Scheck
[USN-571-1] X.org vulnerabilities,
Kees Cook
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities,
houssamix
New search engine for exploits,
Security Basic
common dns misconfiguration can lead to "same site" scripting,
Tavis Ormandy
SocksCap Stack Overflow (<= 2.40-051231),
azizov
Making big money...,
jmacaranas
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm,
michael . lambie
MyBB 1.2.11 Multiple XSRF Vulnerabilities,
nbbn
[USN-572-1] apt-listchanges vulnerability,
Kees Cook
[USN-571-2] X.org regression,
Kees Cook
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression,
Moritz Muehlenhoff
BitDefender Update Server - Unauthorized Remote File Access Vulnerability,
oliver karow
[SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities,
Thijs Kinkhorst
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure,
admin
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities,
Moritz Muehlenhoff
Php Search Remote Inclusion,
effectiveness63
AXIGEN 5.0.x AXIMilter Format String Exploit,
hempel
MegaBBS ASP Forum Cross-Site Scripting,
grossman
WifiZoo v1.3 released (minor release),
Hernan Ochoa
Flaw in Alice gate2 pluswifi adsl modem,
wargame89
boastMachine <=3.1 SQL Injection Vulnerbility,
hadihadi_zedehal_2006
[ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities,
Robert Buchholz
Pass-The-Hash Toolkit v1.2 released.,
Hernan Ochoa
Call Jacking: Phreaking the BT Home Hub,
Adrian P
[ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code,
Robert Buchholz
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include,
رومانسي هكر
[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service,
Moritz Muehlenhoff
[SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution,
Moritz Muehlenhoff
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability,
gmdarkfig
[ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities,
Robert Buchholz
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01,
come2waraxe
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities,
security
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11,
come2waraxe
[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution,
Moritz Muehlenhoff
PR07-38: XSS on sIFR,
ProCheckUp Research
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities,
security
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability,
security
Some hashes for the record,
Sergio 'shadown' Alvarez
Troopers 08 Security Conference, Call for Papers,
Enno Rey
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution,
Florian Weimer
PacerCMS Multiple Vulnerabilities (XSS/SQL),
db
Belong Site Builder 0.1b Bypass Admincp,
رومانسي هكر
DeluxeBB 1.1 XSS Vulnerabilitie,
nbbn
XSRF under Dean’s Permalinks Migration 1.0,
g30rg3_x
Apache mod_negotiation Xss and Http Response Splitting,
Minded Security Research Labs
SDL_Image 1.2.6 and prior GIF handling buffer overflow,
Gynvael Coldwind
PHP 5.2.5 cURL safe_mode bypass,
cxib
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS),
security-alert
UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages,
VMware Security team
Web Wiz Forums Directory traversal,
admin
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server,
admin
Web Wiz NewsPad Directory traversal,
admin
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities,
security
Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Passwords in the Application Velocity System,
Cisco Systems Product Security Incident Response Team
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities,
Felipe M. Aragon
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities,
Felipe M. Aragon
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability,
Felipe M. Aragon
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability,
nbbn
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution,
Moritz Muehlenhoff
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities,
Raphaël Marichez
[SECURITY] [DSA 1444-2] New php5 packages fix regression,
Moritz Muehlenhoff
PIX Privilege Escalation Vulnerability,
tbbunn
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities,
security
ImageShack Toolbar FileUploader Class insecurities,
retrog
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities,
security
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities,
security
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities,
security
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability,
security
Tiger PHP News System SQL Injection,
0in . email
iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability,
iDefense Labs
rPSA-2008-0029-1 bind bind-utils,
rPath Update Announcements
rPSA-2008-0030-1 CherryPy,
rPath Update Announcements
iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability,
iDefense Labs
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability,
nbbn
Pre Hotel and Resorts reservation portal login bypass,
milad_sa2007
E-SMART CART bypass,
milad_sa2007
Pre Dynamic Institution bypass,
milad_sa2007
[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure),
Admin
gdb bug,
digit2004
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability,
Eyal Udassin
C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow,
Eyal Udassin
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution,
Eyal Udassin
[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities,
security
Two vulnerabilities for PatchLink Update Client for Unix.,
lcashdol
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability,
security
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting,
Thijs Kinkhorst
Tool availability - browser DOM Checker,
Michal Zalewski
F5 BIG-IP Web Management ASM Security Report XSS,
nnposter
PhPress-0.3.0 Read All Sql Information For Config,
r2t
phpIP 4.3.2 - Numerous SQL Injection Vulnerablities,
Charles Hooper
Metasploit Framework v3.1 Released,
H D Moore
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation,
Moritz Muehlenhoff
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS,
admin
[ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code,
Robert Buchholz
[ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability,
Robert Buchholz
Facebook security contact,
Alexander Sotirov
ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.,
p4imi0
[SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution,
Moritz Muehlenhoff
eTicket 'index.php' Cross Site Scripting Path Vulnerability,
Alessandro Tanasi
[ GLSA 200801-13 ] ngIRCd: Denial of Service,
Robert Buchholz
[ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code,
Robert Buchholz
ASPired2Protect bypass,
milad_sa2007
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability,
nbbn
CORE-2007-1219: Firebird Remote Memory Corruption,
Core Security Technologies Advisories
VB Marketing "tseekdir.cgi" Local File Inclusion,
Sw33t . h4cK3r
Uninformed Journal Release Announcement: Volume 9,
Uninformed Journal
[SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Moritz Muehlenhoff
Exploit in IE6,7,
r2t
[ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities,
Raphael Marichez
Advisory: Tripwire Enterprise/Server XSS Vulnerability,
Liquidmatrix Security Digest
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities,
nbbn
CSRF/XSS in Sungard Banner,
banner
Remote File Disclosure in phpCMS 1.2.2,
Digital Security Research Group
Nucleus 3.31 XSS in path,
Digital Security Research Group
[!!FIX Information ] Nucleus 3.31 XSS in path,
Digital Security Research Group
AmpJuke-0.7.0 (index.php) Xss VuLn.,
g0rk3m-31
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340),
Daniel Roethlisberger
Recent Web Hacks: WHID update for Janury 30th 2008,
Ofer Shezaf
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14,
come2waraxe
tinyBB v0.2 Message Board Remote File Inc.,
g0rk3m-31
Webspell 4.01.02 2 Vulnerabilites,
nbbn
[ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service,
Raphael Marichez
[ GLSA 200801-17 ] Netkit FTP Server: Denial of Service,
Raphael Marichez
[ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities,
security
Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj.,
g0rk3m-31
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability,
Cisco Systems Product Security Incident Response Team
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU,
Pete Finnigan
rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
[ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200801-20 ] libxml2: Denial of Service,
Pierre-Yves Rofes
[ GLSA 200801-19 ] GOffice: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution,
Pierre-Yves Rofes
[ GLSA 200801-22 ] PeerCast: Buffer overflow,
Pierre-Yves Rofes
contactforms "cforms-css.php" Remote File Inclusion,
Sw33t . h4cK3r
[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack,
security
[DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS.,
Digital Security Research Group
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14,
come2waraxe
sflog! 0.96 remote file disclosure vulnerabilities,
muuratsalo experimental hack lab
Attackers can SkypeFind you,
avivra
[USN-573-1] PulseAudio vulnerability,
Jamie Strandboge
Mail converted by MHonArc