Bugtraq: by date

569 messages starting Aug 01 06 and ending Aug 31 06
Date index | Thread index | Author index

Tuesday, 01 August

[ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite Matthias Geerdsen
NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit tr_zindan
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution botan
[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution botan
[Kurdish Security # 18 ] FAQ Script Remote Command Execution botan
[Kurdish Security # 19 ] FileManager Remote Command Execution botan
[Kurdish Security # 20 ] Quickie Remote Command Execution botan
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution botan
[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting Martin Schulze
WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider
Re: Gdiplus.dll division by 0 giacomo collini
[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability vulnpost-remove
[ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities security
VMSA-2006-0004 Cross site scripting vulnerability and other fixes VMware Security Team
[USN-327-2] firefox regression Martin Pitt
TSEP 0.9.4.2 <= Remote File Inclusion philipp . niedziela
ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability David Matousek
WoW Roster <= 1.5.x Remote File Include (hsList.php) AG Spider
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow Steve Kemp
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow Steve Kemp
SUSE Security Announcement: freetype2 (SUSE-SA:2006:045) Thomas Biege
SUSE Security Announcement: libtiff (SUSE-SA:2006:044) Thomas Biege
[ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities security
SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure secure
Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] gssincla
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] gssincla
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities security
DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' K F (lists)
Re: Gdiplus.dll division by 0 Dennis Lubert
[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code Moritz Muehlenhoff
JavaScript port scanning pdp (architect)

Wednesday, 02 August

rPSA-2006-0142-1 libtiff Justin M. Forbes
EEYE: research.eeye.com Marc Maiffret
[SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze
Secunia Research: Jetbox Multiple Vulnerabilities Secunia Research
Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Roy Hills
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure Chris Wysopal
SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability x0r0n
Content Management Framework "G3" - XSS Vulnerability in Search Function Stefan Friedli
rPSA-2006-0143-1 gnupg Justin M. Forbes
[USN-330-1] tiff vulnerabilities Martin Pitt
[eVuln] MyBB 'Avatar URL' XSS Vulnerability alex
Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] pingywon
[security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 1136-1] New gpdf packages fix denial of service Martin Schulze
[security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert
OZJournal v1.5 - XSS luny
[security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS) security-alert
Hobbit monitor security bugfix release - 4.1.2p2 Henrik Stoerner
[SECURITY] [DSA 1138-1] New cfs packages fix denial of service Moritz Muehlenhoff
[SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution Martin Schulze
[security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert
Simpliciti Locked Browser Jail Breakout Vulnerability EvilPacket
RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01] Roger A. Grimes

Thursday, 03 August

TSEP <= 0.942 Remote File Include beford
Vwar v1.5.0 <= Sql Injection and XSS vuln. mfoxhacker
Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions Secunia Research
CMSimple Cross Site Scripting Outlaw
[USN-331-1] Linux kernel vulnerabilities Martin Pitt
[USN-332-1] gnupg vulnerability Martin Pitt
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Philip M. Gollucci
[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation Moritz Muehlenhoff
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released William A. Rowe, Jr.
Javascript software authentication brute force attack Gianstefano Monni
[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue admin
SendCard <= 3.4.0 unauthorized administrative access / remote commands execution rgod
[SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service Martin Schulze
SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion chris_hasibuan
[ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities Stefan Cornelius
[DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue Uwe Hermann
vbulletin 3.5.4 IE exploit xss stefan
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] Matthew Hall
[ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities Thierry Carrez
ME Download System 1.3 Remote File Inclusion philipp . niedziela
[ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities Thierry Carrez
ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability x0r0n
[security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation security-alert

Friday, 04 August

GaesteChaos <= 0.2 Multiple Vulnerabilities Tamriel
CounterChaos <= 0.48c SQL Injection Vulnerability Tamriel
GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities Tamriel
XSS in Vbulletin 3.6.0 in IE 0nly Stefan
[SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service Martin Schulze
[ GLSA 200608-05 ] LibVNCServer: Authentication bypass Sune Kloppenborg Jeppesen
[ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability Sune Kloppenborg Jeppesen
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client erdc
[SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 1143-1] New dhcp packages fix denial of service Martin Schulze
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion matdhule
TSLSA-2006-0044 - multi Trustix Security Advisor
CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities Williams, James K
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion philipp . niedziela
Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01] Matthew Hall

Saturday, 05 August

[ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities Sune Kloppenborg Jeppesen
vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit addmimistrator
Tinyportal Shoutbox exploitex
[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen
MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure rgod

Monday, 07 August

XSS Vulnerability in FTD v3.7.3 try_og
Re: flatnuke <= 2.5.7 arbitrary php file upload segatom
[ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion erdc
XennoBB <= 2.1.0 "birthday" SQL injection c . boulton
SAPID CMS remote File Inclusion vulnerabilities simo64
0-day XP SP2 wmf exploit cyanid-E
0-day XP SP2 wmf exploit (some details) cyanid-E
SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion chris_hasibuan
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion philipp . niedziela
when will AV vendors fix this??? Bipin Gautam
blur6ex 0.3 Comment title HTML inyection vuln. piiiiiii pppiiiiiiii
PHP: Zend_Hash_Del_Key_Or_Index Vulnerability Stefan Esser
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY king_purba
Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006) Luigi Auriemma
Virtual War v1.5.0 Remote File Include (vwar_root) AG Spider
[ GLSA 200608-10 ] pike: SQL injection vulnerability Sune Kloppenborg Jeppesen
php local buffer underflow could lead to arbitary code execution heintz
Re: when will AV vendors fix this??? Denis Jedig
[ GLSA 200608-11 ] Webmin, Usermin: File Disclosure Sune Kloppenborg Jeppesen
[vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability vulnpost-remove
Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio
[SECURITY] [DSA 1144-1] New chmlib packages fix denial of service Moritz Muehlenhoff
Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln. dinoboff
linksys WRT54g authentication bypass Ginsu Rabbit
[ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code Sune Kloppenborg Jeppesen
RE: linksys WRT54g authentication bypass Andy Meyers
DeluxeBB Multiple Vulnerabilities darkz . gsa
simplog 0.9.3 and prior XSS piiiiiii pppiiiiiiii
Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability x0r0n
TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability TSRT
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability TSRT
Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released Steve VanDevender
Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion Mailinglists Address
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006 Manh Tho
Attacking the local LAN via XSS pdp (architect)
Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke
Re: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller
Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect)
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect)
Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller
Re: vbulletin 3.5.4 IE exploit xss james
AUTODAFE: an Act of Software Torture [FUZZER] Martin Vuagnoux
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability sh3ll
[EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow eEye Advisories
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] SPI Labs

Tuesday, 08 August

[ GLSA 200608-13 ] ClamAV: Heap buffer overflow Matthias Geerdsen
ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability zdi-disclosures
ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability zdi-disclosures
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities Moritz Muehlenhoff
Archangel Weblog 0.90.02 and prior Multiple HTML injections piiiiiii pppiiiiiiii
docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability x0r0n
rPSA-2006-0147-1 mysql mysql-bench mysql-server Justin M. Forbes
phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability tr_zindan
Microsoft PowerPoint Malformed Record Memory Corruption Sowhat
[ GLSA 200608-14 ] DUMB: Heap buffer overflow Sune Kloppenborg Jeppesen
TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities TSRT
unwrapping PL/SQL pete
MojoScripts' xss vulnerable tugra
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu
Re: Will Microsoft patch remarkable old Msjet40.dll issue? Juha-Matti Laurio
AW: Virtual War v1.5.0 Remote File Include (vwar_root) Frank Reißner
ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability Sune Kloppenborg Jeppesen

Wednesday, 09 August

rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation Justin M. Forbes
[Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow pucik
SUSE Security Announcement: clamav (SUSE-SA:2006:046) Ludwig Nussel
PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities x0r0n
[USN-333-1] libwmf vulnerability Martin Pitt
Latinchat Denial Of Service Vicente Perez
Assessment of Vista Kernel Mode Security ATR-Bugtraq
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation Martin Schulze
[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability security
CivicSpace Version 0.8.5 HTML injection HeLiOsZ RooT
BlogHoster v2.2 Post Comment Html Injection piiiiiii pppiiiiiiii
Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability philipp . niedziela
[ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability security
[ISR] - Novell Groupwise Webaccess (Cross-Site Scripting) Francisco Amato
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability TSRT
Multiple buffer-overflows in AlsaPlayer 0.99.76 Luigi Auriemma
TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability TSRT
Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 Luigi Auriemma
TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability TSRT
[SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting Moritz Muehlenhoff
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability security

Thursday, 10 August

XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php) ratboy727
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection simo64
Yabb XSS Outlaw
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability x0r0n
[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution Martin Schulze
Sending multipart/form-data requests from Flash (with arbitrary headers) Amit Klein (AKsecurity)
Directory Traversal vulnerability in IPCheck Monitor Server auuw73
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service Mariano Nuñez Di Croce
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow Mariano Nuñez Di Croce
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service Collin R. Mulliner
[ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@) Raphael Marichez
[ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability Sune Kloppenborg Jeppesen
[ GLSA 200608-18 ] Net::Server: Format string vulnerability Sune Kloppenborg Jeppesen
[ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows Sune Kloppenborg Jeppesen
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure dm
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability camino
Netgear FVG318 is vunerable to DOS attack root
Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability sh3ll
InfanView 3.98 (with plugins) - Access violation at processing images ANI files sehato
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability sh3ll
Compersus ASP shopping cart <= DataBase Downloading vuln. mfoxhacker
Virtual War v1.5.0 <= Sql Injection vuln. mfoxhacker
XennoBB <= "avatar gallery" Directory Transversal c . boulton
CGI Script Source Code Disclosure Vulnerability in Apache for Windows susam . pal
Simple one-file GuestBook 1.0 omnipresent
Dragonfly CMS 9.0.6.1 and prior XSS HeLiOsZ RooT
Security Contact Sean Warnock
Re: when will AV vendors fix this??? Marius Huse Jacobsen

Friday, 11 August

RE: when will AV vendors fix this??? Thomas D.
Re: when will AV vendors fix this??? Paul Schmehl
RE: [Full-disclosure] RE: when will AV vendors fix this??? Thomas D.
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory henry . sieff
Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov
Re: linksys WRT54g authentication bypass Nicholas Knight
Re: linksys WRT54g authentication bypass Rodrigo Barbosa
Re: linksys WRT54g authentication bypass Ginsu Rabbit
RE: linksys WRT54g authentication bypass Miguel Valentin
RE: linksys WRT54g authentication bypass Ginsu Rabbit
Re: when will AV vendors fix this??? Bipin Gautam
Bypassing script filters with variable-width encodings Cheng Peng Su
Re: linksys WRT54g authentication bypass guant a
XSSing the Lan 3 (web trojans.. not a new idea) pdp (architect)
Re: linksys WRT54g authentication bypass Ginsu Rabbit
Security Vulnerability in Ruby on Rails 1.1.x michael
[security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS) security-alert
TSLSA-2006-0046 - multi Trustix Security Advisor
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Henry Sieff
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability sh3ll
[ GLSA 200608-19 ] WordPress: Privilege escalation Raphael Marichez
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability sh3ll
rPSA-2006-0152-1 squirrelmail Justin M. Forbes
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI philipp . niedziela
Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code xvml
wheatblog ُSession.php Remote File Inclusion Outlaw
UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities Raphael Marichez
VWar <= 1.50 R14 (n) Remote SQL Injection brom0815
Nokia Browser Crash qode
SquirrelMail 1.4.8 released - fixes variable overwriting attack Thijs Kinkhorst
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Yves Goergen

Saturday, 12 August

Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability sh3ll
myEvent <= 1.4 Multiple Remote File Include Vulnerabilities sh3ll
Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski
[SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Martin Schulze
Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Benjamin Tobias Franz
Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability nukedx
(Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow Secure
Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss blood2_20032003
ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability ScatterChat Advisories
Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities Reversemode

Monday, 14 August

Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability public
Informix - Discovery, Attack and Defense David Litchfield
Informix Long Username Buffer Overflow Vulnerability NGSSoftware Insight Security Research
Error logging buffer overflow in Informix NGSSoftware Insight Security Research
Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities Carsten Eilers
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability noname
[ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability erdc
RE: [Full-disclosure] RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov
Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability Carsten Eilers
Google Picasa Listening on Port 80? Geoff Vass
SQLIDEBUG envariable overflow on Informix NGSSoftware Insight Security Research
XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution rgod
Re: Yabb XSS - or NOT Volker Tanger
BlaBla 4U XSS Vulnerabilite vampire_chiristof
Virtual War v1.5.0 SQL injection and XSS vampire_chiristof
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Allie Daneman
JavaScript get Internal Address (thanks to DanBUK) pdp (architect)
RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory Lance Seelbach
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability Carsten Eilers
HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution security-alert
Kaspersky Anti-Hacker personal firewall unstealthy stealth mode tbratusa
Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability ss_team
Arbitrary Library Loading in Informix NGSSoftware Insight Security Research
Multiple Arbitrary Command Execution Vulnerabilities NGSSoftware Insight Security Research
InfanView 3.98 (with plugins) - Access violation at processing images CUR files sehato
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack Michael Engert
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash Amit Klein (AKsecurity)
Unauthorized Database Creation Privilege on Informix NGSSoftware Insight Security Research
Local privilege Escalation in SmartLine DeviceLock 5.73 seppi
Multiple Password Exposures Flaws NGSSoftware Insight Security Research
Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability mr
osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed vijay
RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability noname
Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities matdhule
Multiple buffer-overflows in libmusicbrainz 2.1.2 Luigi Auriemma
[Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Damian Put
(somewhat) breaking the same-origin policy by undermining dns-pinning Martin Johns
Multiple Buffer Overflow Vulnerabilities in Informix NGSSoftware Insight Security Research
Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities x0r0n
[ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities Raphael Marichez
RE: linksys WRT54g authentication bypass TeamXMM Consulting, Inc.
Multiple Arbitrary File Access (Write/Read) Vulnerabilities NGSSoftware Insight Security Research
Opera 9 Remote Denial of Service NNP
Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: RE: linksys WRT54g authentication bypass gooorguss
Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability istgha
Security contact from Critical Path Inc Guillermo Marro
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Steven M. Christey
[ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability security
[ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability security
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability Carsten Eilers

Tuesday, 15 August

local file include in PHP-Nuke (autohtml.php) MosT3mR
Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Gerardo Richarte
[XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability nop
Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability Carsten Eilers
[XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability nop
Koobi Pro CMS 5.6 SQL injection & XSS vampire_chiristof
[XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability nop
[SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service Martin Schulze
[security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) security-alert
otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln vampire_chiristof
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski
Lizge V.20 Web Portal File Include Vulnerability crackers_child
fusionnews 3,7 Remote File Inclusion Outlaw
CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service Core Security Technologies advisories

Wednesday, 16 August

[USN-334-1] krb5 vulnerabilities Martin Pitt
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue. root
Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows Joe Orton
Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability tinywebgallery
Mambo com_lm component (archive.php) Remote File Include Vulnerabilities crackers_child
[USN-335-1] heartbeat vulnerability Martin Pitt
[scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing Marc Ruef
[scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting Marc Ruef
MS Terminal Server application session breakout pedantic1
ShockwaveFlash 9 (Stack overflow) Mr . Niega
[security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) security-alert
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" Amit Klein (AKsecurity)
[ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities security
Re: MS Terminal Server application session breakout Thor (Hammer of God)
SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege Mike Prosser
Reporter Mambo Component Remote File İnclude crackers_child
Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow Daniel Kobras

Thursday, 17 August

discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st
[USN-337-1] imagemagick vulnerability Martin Pitt
[EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability eEye Advisories
Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA Richard Lindberg
CubeCart <= 3.0.11 SQL injection & cross site scripting rgod
[USN-336-1] binutils vulnerability Martin Pitt
Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows nareshhacker
[XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability nop
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Steven M. Christey
UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities Tom Yu
World Summit on Intrusion Prevention wsip
Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege secure
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers
powergap <= (s0x.php) Remote File Inclusion saudi . unix
RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michael Wojcik
[security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS) security-alert
[ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities security
[XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability nop

Friday, 18 August

RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) Marc Maiffret
ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added h1kari () toorcon org
Secunia Research: AOL Insecure Default Directory Permissions Jakob Balle
mtg_myhomepage Component For Mambo R.F.I Outlaw
Joomla x-shop <= 1.7 Remote File Include Vulnerability crackers_child
Joomla Rssxt <= 1.0 Remote File Include Vulnerability crackers_child
anjel Mambo Component Remote File Include crackers_child
[SECURITY] [DSA 1152-1] New trac packages fix information disclosure Martin Schulze
mambo-phphop Product Scroller Module R.F.I Outlaw
Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability David Matousek
Mambo jim Component Remote Include Vulnerability x0r0n
Re: when will AV vendors fix this??? Andreas Marx
Re: [Full-disclosure] RE: when will AV vendors fix this??? Paul Schmehl
Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski
Multiple xxs cPanel 10 preth00nker
Re: [Full-disclosure] Re: when will AV vendors fix this??? Paul Schmehl
RE: Google Picasa Listening on Port 80? Kameron Gasso
UPDATE vBulletin Version 3.5.4 exploit dicomdk
RE: Security contact from Critical Path Inc Tony Maupin
Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers
OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS vampire_chiristof
Re: [Full-disclosure] RE: when will AV vendors fix this??? Bipin Gautam
contentpublisher Mambo Component Remote File Include Vulnerabilities crackers_child
JavaScript Lazy Authorization Forcer and Visited Link Scaner pdp (architect)
Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) naveed
Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability bilkopat
[SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution Martin Schulze
Re: UPDATE vBulletin Version 3.5.4 exploit scott
[KAPDA::#55] - Joomla poll component vulnerability alireza hassani
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability camino
Re: Concurrency-related vulnerabilities in browsers - expect problems mannion
Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability camino
Joomla RFİ ( ERNE ) erne
Sonium Enterprise Adressbook Version 0.2 (folder) RFI philipp . niedziela
Re: Concurrency-related vulnerabilities in browsers - expect problems Michal Zalewski
Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st
Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner mikeiscool

Saturday, 19 August

Modification For OpenSEF Remote file Inclusion Outlaw
Ako Comments (mod) Remote File Inclusion Outlaw
[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability botan
Mambo CatalogShop Remote File Inclusion Outlaw
Mambo com_cropimage 1.0 Component Remote Include Vulnerability x0r0n
XennoBB <= 2.2.1 "icon_topic" SQL Injection c . boulton

Monday, 21 August

POC & exploit for Apache mod_rewrite off-by-one Jacobo Avariento
LBlog <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX
WoltLab Burning Board 2.3.5(WBB) in XSS ZeberuS
[SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure Moritz Muehlenhoff
New PowerPoint 0-day and Trojan - FAQ document ready Juha-Matti Laurio
Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation Henry Jensen
[XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability nop
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Outlaw
DoS 2wire Gateway preth00nker
[XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability nop
ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include h4ck3riran
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability securityfocus
SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit ChironeX . FleckeriX
Diesel Job Site forgot.php Cross-Site Scripting night_warrior-
Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability night_warrior-
Smart Traffic Remote File Include Vulnerability night_warrior-
DieselPay İndex.php Cross-Site Scripting Vulnerability night_warrior-
[ MDKSA-2006:144 ] - Updated php packages fix vulnerability security
Mambo Component - EstateAgent Remote File Inclusion Outlaw

Tuesday, 22 August

[ MDKSA-2006:145 ] - Updated Firefox packages fix multiple vulnerabilities security
MDaemon POP3 server remote buffer overflow (preauth) infocus
[ MDKSA-2006:146 ] - Updated Thunderbird packages fix multiple vulnerabilities security
TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities TTG
Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug dkabs
Simpliciti Locked Browser Jail Breakout Vulnerability dc
EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable Marc Maiffret
Major updates in PowerPoint FAQ document - not a 0-day issue Juha-Matti Laurio
Simple Machines Forum <=1.1RC2 unset() vulnerabilities rgod
Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability Carsten Eilers
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability Carsten Eilers
unauthorized VNC access in AK-Systems Windows Terminals Victor Sudakov
Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln Jan de Groot
Re: mtg_myhomepage Component For Mambo R.F.I Carsten Eilers
(exploit) firefox 1.5.0.6 linux DoS tomas
Linux Kernel SCTP Privilege Elevation Vulnerability Avert
Symantec Enterprise Security Manager Denial-of-Service Vulnerability Avert
Tons of SQL-injections and XSS in Eichhorn Portal and vendor page MC Iglo
Re: mambo-phphop Product Scroller Module R.F.I Carsten Eilers
PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability D3nGeR
BlackBoard Multiple Vulnerabilities (XSS) Pr070n
PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) D3nGeR
Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers
Re: anjel Mambo Component Remote File Include Carsten Eilers
[ MDKSA-2006:147 ] - Updated squirrelmail packages fix vulnerabilities security
faille include in "VeriTECH" isreal king-hacker

Wednesday, 23 August

Re: BlackBoard Multiple Vulnerabilities (XSS) C. Hamby
Symantec Gateway Security DNS exploit Gianstefano Monni
Re: BlackBoard Multiple Vulnerabilities (XSS) pr0t0n
Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Unintentional Password Modification in Cisco Firewall Products Cisco Systems Product Security Incident Response Team
AW: Symantec Gateway Security DNS exploit Andre Braun
RE: Symantec Gateway Security DNS exploit Pretorius, Wynand (ZA - Johannesburg)
Bugtraq ID: 18402 The Cute Group
New malware names and updates to PowerPoint FAQ document Juha-Matti Laurio
[ GLSA 200608-21 ] Heimdal: Multiple local privilege escalation vulnerabilities Raphael Marichez
[ GLSA 200608-22 ] fbida: Arbitrary command execution Raphael Marichez

Thursday, 24 August

FreeBSD Security Advisory FreeBSD-SA-06:18.ppp FreeBSD Security Advisories
Advisory: VistaBB <= 2.x Multiple File Inclusion Vulnerabilities Mustafa Can Bjorn IPEKCI
Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability Mustafa Can Bjorn IPEKCI
Re: Modification For OpenSEF Remote file Inclusion Carsten Eilers
Re: Joomla RFİ ( ERNE ) Carsten Eilers
Re: Opsware NAS 6.0 reveals MySQL 'root' password danil9470
[SECURITY] [DSA 1155-1] New sendmail packages fix denial of service Martin Schulze
Re: Directory Traversal vulnerability in IPCheck Monitor Server support
Re: PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability Carsten Eilers
Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) Carsten Eilers
Re: Mambo Component - EstateAgent Remote File Inclusion Carsten Eilers
[ GLSA 200608-23 ] Heartbeat: Denial of Service Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1155-2] New sendmail packages fix denial of service Martin Schulze
Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include Carsten Eilers
EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability Marc Maiffret
[ MDKSA-2006:149 ] - Updated MySQL packages fix user privilege vulnerabilities security
pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability x0r0n
Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities Stefan Esser
[ MDKSA-2006:148 ] - Updated xorg-x11 packages fix vulnerabilities security
Re: contentpublisher Mambo Component Remote File Include Vulnerabilities Carsten Eilers

Friday, 25 August

Re: [eVuln] B-net Software Multiple XSS Vulnerabilities anon
Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Matt Riddell (IT)
rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs Justin M. Forbes
NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability NSFOCUS Security Team
rPSA-2006-0158-1 tshark wireshark Justin M. Forbes
TSLSA-2006-0048 - multi Trustix Security Advisor
FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED] FreeBSD Security Advisories
Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities Krulewitch, Sean V
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability Kuon_at_Armorize_dot_com
Re: Symantec Gateway Security DNS exploit axel
[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities security
[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities security
CuteNews 1.3.* Remote File Include Vulnerability stormhacker

Saturday, 26 August

[ MDKSA-2006:152 ] - Updated wireshark packages fix multiple vulnerabilities security
MyBB Html Injection ( XSS ) Redworm
AlstraSoft Video Share Enterprise Remote File Include Vulnerability night_warrior-
[ GLSA 200608-24 ] AlsaPlayer: Multiple buffer overflows Raphael Marichez
Sql injection in Mambo & Joomla Omid
Bigace 1.8.2 (GLOBALS) Remote File Inclusion vampire_chiristof
Sql injection in Xoops Omid
Jupiter CMS 1.1.5 index.php Remote File Include D3nGeR
Jetbox CMS search_function.php Remote File D3nGeR
Suggested Fix for CVE-2006-4299 Michael Jennings
Cisco NAC Appliance Agent Installation Bypass Vulnerability Andreas Gal
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities matdhule

Monday, 28 August

Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Eloy Paris
[SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure Moritz Muehlenhoff
[XSec-06-10]: Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability nop
[SECURITY] [DSA 1159-1] New Mozilla Thunderbird packages fix several problems Martin Schulze
[SECURITY] [DSA 1158-1] New streamripper packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities Moritz Muehlenhoff
[ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations Raphael Marichez
interact <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability carcabotx
JetBox cms (search_function.php) Remote File Include carcabotx
Re: Another YabbSE Remote Code Execution Vulnerability wiziwig
Possible Myspace Worm mjw
Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Udo Sprotte

Tuesday, 29 August

SYMSA-2006-009 research
[ GLSA 200608-27 ] Motor: Execution of arbitrary code Raphael Marichez
[ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities Raphael Marichez
[ GLSA 200608-28 ] PHP: Arbitary code execution Raphael Marichez
rPSA-2006-0159-1 ImageMagick Justin M. Forbes
[ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities security
[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities security
CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow Mariano Nuñez Di Croce
[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability security
LinksCaffe no checker at admin hoangyenxinhdep
[SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities Martin Schulze
AW: JetBox cms (search_function.php) Remote File Include Frank Reißner
e107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands execution rgod
Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) h4ck3riran
Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ) h4ck3riran
JS ASP Faq Manager v1.10 sql injection ali
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
DUpoll 3.1 security alert bozkurtserdar
Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion x0r0n

Wednesday, 30 August

Re: Jupiter CMS 1.1.5 index.php Remote File Include Carsten Eilers
Re: CuteNews 1.3.* Remote File Include Vulnerability Carsten Eilers
InfoSec Paper: Creating Business Through Virtual Trust Kenneth F. Belva
Re: Cisco NAC Appliance Agent Installation Bypass Vulnerability Joe Feise
Re: AW: JetBox cms (search_function.php) Remote File Include Steven M. Christey
SQL-Ledger serious security vulnerability and workaround chris
[SECURITY] [DSA 1162-1] New libmusicbrainz packages fix arbitrary code execution Martin Schulze
Ezportal/Ztml v1.0 Multiple vulnerabilities Hessamx
IwebNegar v1.1 Multiple vulnerabilities Hessamx
Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed Blwood
XSS in HLstats 1.34 MC Iglo
[KAPDA::#56] - FREEKOT SQL Injection Vulnerability farhadkey
[SECURITY] [DSA 1163-1] New gtetrinet packages fix arbitrary code execution Martin Schulze
Re: JetBox cms (search_function.php) Remote File Include Carsten Eilers
ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS gmdarkfig
osCommerce < 2.2 Milestone 2 060817 POC Exploit s10242006
feedsplitter considered harmful jon
[KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack addmimistrator
Hackers to Hackers Conference III - Call for Papers Rodrigo Rubira Branco (BSDaemon)
[KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack addmimistrator

Thursday, 31 August

[ MDKSA-2006:157 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities security
Re: JetBox cms (search_function.php) Remote File Include Steven M. Christey
[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion erdc
[ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities security
New NT4/Windows botnet reported Juha-Matti Laurio
XXS in learncenter.asp exe_crack
rPSA-2006-0161-1 libmusicbrainz rPath Update Announcements
Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Design Properly
Membrepass v1.5 Php code execution, Xss, Sql Injection gmdarkfig
AW: AW: JetBox cms (search_function.php) Remote File Include Frank Reißner
[SECURITY] [DSA 1164-1] New sendmail packages fix denial of service Martin Schulze
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug security
Compression Plus and Tumblweed EMF Stack Overflow Michael Hale Ligh
Re: Re: BlackBoard Multiple Vulnerabilities (XSS) Pr070n
Pheap CMS<= (lpref) Remote File Inclusion Exploit SHiKaA-
rPSA-2006-0162-1 kernel rPath Update Announcements
ModuleBased CMS alfa 1 Multiple Remote File Inclusion amir . scorpino
[ISR] - IBM eGatherer ActiveX Code Execution PoC Francisco Amato
Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) do

Previous period

Next period