Bugtraq: by thread
439 messages
starting Dec 01 06 and
ending Dec 30 06
Date index |
Thread index |
Author index
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures (Dec 01)
- Invision Gallery 2.0.7 SQL Injection Vulnerability infection (Dec 01)
- <Possible follow-ups>
- Re: Invision Gallery 2.0.7 SQL Injection Vulnerability emin (Dec 04)
- Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability emin (Dec 01)
- [SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation Steve Kemp (Dec 01)
- [ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability security (Dec 01)
- [ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability security (Dec 01)
- rPSA-2006-0221-1 openldap openldap-clients openldap-servers rPath Update Announcements (Dec 01)
- [Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites Advisory (Dec 01)
- deV!L`z Clanportal - Arbitrary File Upload [061124b] Tim Weber (Dec 01)
- deV!L`z Clanportal - SQL Injection [061124a] Tim Weber (Dec 01)
- Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability dh (Dec 01)
- [SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite Noah Meyerhans (Dec 01)
- Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability Matousec - Transparent security Research (Dec 01)
- rPSA-2006-0220-1 dovecot rPath Update Announcements (Dec 01)
- Aspee Ziyareti Defteri (tr) Sql injection Vuln. ShaFuq31 (Dec 01)
- iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability iDefense Labs (Dec 01)
- [SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff (Dec 01)
- iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability iDefense Labs (Dec 01)
- rPSA-2006-0224-1 gnupg rPath Update Announcements (Dec 01)
- TSLSA-2006-0068 - multi Trustix Security Advisor (Dec 01)
- Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Simon Josefsson (Dec 01)
- rPSA-2006-0222-1 tar rPath Update Announcements (Dec 01)
- freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability -= SHELL =- -= SHELL =- (Dec 01)
- [ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability security (Dec 02)
- [Aria-Security Team] DuWare DuNews SQL Injection Vuln Advisory (Dec 02)
- [Aria-Security Team] DuWare DuClassMate SQL Injection Vuln Advisory (Dec 02)
- [Aria-Security Team] DuWare DuPortal SQL Injection Vuln Advisory (Dec 02)
- PHPNews 1.3.0 XSS emulamex (Dec 02)
- KhaledMuratList mdb blasterim (Dec 02)
- [ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability security (Dec 02)
- [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln Advisory (Dec 02)
- CuteNews 1.3.6 XSS emulamex (Dec 02)
- [Aria-Security Team] DuWare DuForum SQL Injection Vuln Advisory (Dec 02)
- [Aria-Security Team] DuWare DuPaypal SQL Injection Vuln Advisory (Dec 02)
- [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS ISecAuditors Security Advisories (Dec 04)
- listpics v5 blasterim (Dec 04)
- [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail ISecAuditors Security Advisories (Dec 04)
- Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln. ShaFuq31 (Dec 04)
- [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail ISecAuditors Security Advisories (Dec 04)
- fl0p - passive L7 flow fingerprinting Michal Zalewski (Dec 04)
- Online BookMarks Multiple SQL Injection/XSS Vulnerabilities security (Dec 04)
- [SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Dec 04)
- [SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Dec 04)
- SMF upload XSS vulnerability Jessica Hope (Dec 04)
- 2[xss]Vulnerabilities in Script Mobile Ac4p.com gamr-14 (Dec 04)
- PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting ajannhwt (Dec 04)
- MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit ajannhwt (Dec 04)
- [SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Dec 04)
- [SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution Moritz Muehlenhoff (Dec 04)
- Vt-Forum Lite System V.1.3 Xss Vuln. starext (Dec 04)
- Re: UPublisher Exploit - Superfreaker me (Dec 04)
- [Aria-Security Team] uGestBook SQL Injection Vuln Advisory (Dec 04)
- <Possible follow-ups>
- Re: [Aria-Security Team] uGestBook SQL Injection Vuln Stuart Moore (Dec 05)
- Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln saps . audit (Dec 05)
- [SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Dec 04)
- Multiple bugs in TFT-Gallery nj (Dec 04)
- <Possible follow-ups>
- Re: Multiple bugs in TFT-Gallery simo64 (Dec 04)
- [USN-392-1] xine-lib vulnerability Kees Cook (Dec 04)
- F-Prot Antivirus for Unix: heap overflow and Denial of Service research (Dec 04)
- Re: aBitWhizzy [local file include] john . goodman (Dec 04)
- [USN-391-1] libgsf vulnerability Kees Cook (Dec 04)
- [ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability security (Dec 04)
- Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team (Dec 04)
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God) (Dec 05)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 06)
- XSS in JAB Guest Book nj (Dec 04)
- <Possible follow-ups>
- Re: XSS in JAB Guest Book Steven M. Christey (Dec 07)
- Re: XSS in JAB Guest Book Barnz (Dec 09)
- rPSA-2006-0211-2 doxygen libpng rPath Update Announcements (Dec 04)
- new xss in modbb forum h angel (Dec 04)
- TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities TSRT (Dec 05)
- SNORT Covered channels detector patch fryxar fryxar (Dec 05)
- [KOffice security advisory] KOffice OLEfilter integer overflow Dirk Mueller (Dec 05)
- Re: GnuPG 1.4 and 2.0 buffer overflow Damien Miller (Dec 05)
- Re: Evolve Merchant[ injection sql ] tony (Dec 05)
- URL Rdirecction Bug Yahoo matrix (Dec 05)
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features Mariano Nuñez Di Croce (Dec 05)
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal Mariano Nuñez Di Croce (Dec 05)
- DistrRTgen 1.0 launched! Martin Jørgensen (Dec 05)
- [SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution Moritz Muehlenhoff (Dec 05)
- EasyPage Portal ( all ver )SQL Injection matrix (Dec 05)
- <Possible follow-ups>
- Re: EasyPage Portal ( all ver )SQL Injection saps . audit (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerabi Damjan (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerabi eugeny gladkih (Dec 05)
- eEye's Zero-Day Tracker Launch chinese soup (Dec 05)
- [security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert (Dec 05)
- HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert (Dec 05)
- EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability eEye Advisories (Dec 06)
- [ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability security (Dec 06)
- [USN-390-2] evince vulnerability Kees Cook (Dec 06)
- Barracuda Convert-UUlib library buffer overflow leads to remote compromise Jean-Sébastien Guay-Leroux (Dec 06)
- Internet Explorer 6. CSS Expression Denial of Service (P.o.C.) José Carlos Nieto Jarquín (Dec 06)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) José Carlos Nieto Jarquín (Dec 06)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys (Dec 07)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 08)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 12)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 08)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys (Dec 07)
- Uploadscript Vulnerabilities: Text file Hash password hack2prison (Dec 06)
- FreeBSD Security Advisory FreeBSD-SA-06:25.kmem FreeBSD Security Advisories (Dec 06)
- FreeBSD Security Advisory FreeBSD-SA-06:26.gtar FreeBSD Security Advisories (Dec 06)
- [SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution Martin Schulze (Dec 06)
- Oracle PL/SQL Fuzzing Tool Joxean Koret (Dec 06)
- BTSaveMySql 1.2 (acces to config files) sn0oPy . team (Dec 06)
- Multiple Vendor Unusual MIME Encoding Content Filter Bypass Hendrik Weimer (Dec 06)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Luke Borg (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass michele.sandrelli () katamail com (Dec 07)
- Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass 3APA3A (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Gadi Evron (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm (Dec 07)
- SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability research (Dec 06)
- GnuPG: remotely controllable function pointer [CVE-2006-6235] Werner Koch (Dec 06)
- rPSA-2006-0226-1 kernel rPath Update Announcements (Dec 06)
- [ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability security (Dec 06)
- rPSA-2006-0227-1 gnupg rPath Update Announcements (Dec 06)
- Microsoft 0-day word vulnerability - Secunia - Extremely critical Ryan Buena (Dec 06)
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Andrew Simmons (Dec 07)
- <Possible follow-ups>
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Juha-Matti Laurio (Dec 07)
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey (Dec 14)
- Re: Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey (Dec 14)
- New MySpace worm could be on its way pdp (architect) (Dec 07)
- ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 07)
- [ GLSA 200612-01 ] wv library: Multiple integer overflows Sune Kloppenborg Jeppesen (Dec 07)
- Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger (Dec 07)
- Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability info (Dec 07)
- TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability TSRT (Dec 07)
- Some Thoughts about Office Open XML and Malware Detection Jan P. Monsch (Dec 07)
- [USN-393-1] GnuPG vulnerability Kees Cook (Dec 07)
- Re: The Week of Oracle Database Bugs Tony Jambu (Dec 07)
- phpbb 2.0.x [xss] saps . audit (Dec 07)
- [USN-390-3] evince-gtk vulnerability Kees Cook (Dec 07)
- phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit crackers_child (Dec 07)
- [USN-393-2] GnuPG2 vulnerabilities Kees Cook (Dec 07)
- DUdirectory Admin Panel SQL Injection Meftun (Dec 07)
- [OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg) OpenPKG GmbH (Dec 07)
- EEYE: Intel Network Adapter Driver Local Privilege Escalation eEye Advisories (Dec 07)
- [Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting Advisory (Dec 08)
- [Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting Advisory (Dec 08)
- [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting Advisory (Dec 08)
- TSLSA-2006-0070 - multi Trustix Security Advisor (Dec 08)
- [OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar) OpenPKG GmbH (Dec 08)
- [SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow Steve Kemp (Dec 08)
- Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written Juha-Matti Laurio (Dec 08)
- Midicart vulerable ifx (Dec 08)
- [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability Williams, James K (Dec 08)
- [USN-394-1] Ruby vulnerability Kees Cook (Dec 08)
- LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories (Dec 08)
- LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories (Dec 08)
- Animated Smiley Generator File Include Vul. starext (Dec 08)
- PHP 5.2.0 session.save_path safe_mode and open_basedir bypass cxib (Dec 08)
- Re: PHP 5.2.0 session.save_path safe_mode and open_basedir bypass Ismail Donmez (Dec 12)
- PhpBB Toplist 1.3.7 Xss Vuln. starext (Dec 08)
- ASX Playlists and Jumping to Conclusions Sûnnet Beskerming (Dec 08)
- Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch (Dec 08)
- <Possible follow-ups>
- Re: Enforcing Java Security Manager in Restricted Windows Environments? jim (Dec 21)
- RE: Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch (Dec 21)
- iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability iDefense Labs (Dec 09)
- iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability iDefense Labs (Dec 09)
- iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability iDefense Labs (Dec 09)
- Call For Papers: SecurityOPUS 2007 Sharkey (Dec 09)
- [ GLSA 200612-02 ] xine-lib: Buffer overflow Sune Kloppenborg Jeppesen (Dec 09)
- KDPics Multiple Vulnerabities mr_kaliman (Dec 09)
- ProNews V1.5 XSS & SQL Injection mr_kaliman (Dec 09)
- Messageriescripthp V2.0 XSS & SQL Injection mr_kaliman (Dec 09)
- AnnonceScriptHP V2.0 Multiple Vulnerabilities mr_kaliman (Dec 09)
- [SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution Moritz Muehlenhoff (Dec 09)
- [SECURITY] [DSA 1232-1] New clamav packages fix denial of service Moritz Muehlenhoff (Dec 09)
- [ GLSA 200612-04 ] ModPlug: Multiple buffer overflows Raphael Marichez (Dec 11)
- [SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities Dann Frazier (Dec 11)
- WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz robert (Dec 11)
- D-LINK DWL-2000AP+ remote DoS poplix (Dec 11)
- [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez (Dec 11)
- <Possible follow-ups>
- [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez (Dec 12)
- [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities Brett Moore (Dec 11)
- Unauthenticated access to IBM Host On-Demand administration pages Ferguson, David (Kansas City) (Dec 11)
- [ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities security (Dec 11)
- RFIDIOt release - version 0.1i Adam Laurie (Dec 11)
- Firefox 2.0 security bug: Extensions can hide themself azurIt (Dec 11)
- ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez (Dec 11)
- Multiple vulnerabilities in Winamp Web Interface 7.5.13 Luigi Auriemma (Dec 11)
- [ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities Raphael Marichez (Dec 11)
- Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document Juha-Matti Laurio (Dec 11)
- Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio (Dec 11)
- <Possible follow-ups>
- Re: Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio (Dec 11)
- looking for security community input Gadi Evron (Dec 11)
- shopsite advisory DoZ (Dec 11)
- <Possible follow-ups>
- Re: shopsite advisory bugtraq (Dec 12)
- [ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities Raphael Marichez (Dec 11)
- Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability Secunia Research (Dec 11)
- Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup Williams, James K (Dec 11)
- [ GLSA 200612-10 ] Tar: Directory traversal vulnerability Matthias Geerdsen (Dec 11)
- The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 11)
- Re: The newest Word flaw is due to malformed data structure handling Alexander Sotirov (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Dave "No, not that one" Korn (Dec 12)
- <Possible follow-ups>
- Re: Re: The newest Word flaw is due to malformed data structure handling test (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Steven M. Christey (Dec 14)
- Re: The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 14)
- Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup Williams, James K (Dec 11)
- [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez (Dec 11)
- RFID access control tokens widely open to cloning Adam Laurie (Dec 11)
- [ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities Raphael Marichez (Dec 11)
- Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow Secunia Research (Dec 11)
- [ GLSA 200612-05 ] KOffice shared libraries: Heap corruption Sune Kloppenborg Jeppesen (Dec 11)
- [ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability security (Dec 11)
- [ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability security (Dec 12)
- OpenLDAP kbind authentication buffer overflow Solar Eclipse (Dec 12)
- [SBDA] SiteKiosk - FileSystem Access Brett Moore (Dec 12)
- Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability rko . thelegendkiller (Dec 12)
- rPSA-2006-0230-1 evince rPath Update Announcements (Dec 12)
- rPSA-2006-0231-1 squirrelmail rPath Update Announcements (Dec 12)
- ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 12)
- Re: [fuzzing] OWASP Fuzzing page Joxean Koret (Dec 12)
- NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page Gadi Evron (Dec 14)
- Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Jerome Athias (Dec 14)
- Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Gadi Evron (Dec 14)
- Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Jerome Athias (Dec 14)
- NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page Gadi Evron (Dec 14)
- ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability zdi-disclosures (Dec 12)
- BLOG:CMS Remote file include Vulnerability security (Dec 12)
- Secunia Research: Internet Explorer Script Error Handling Memory Corruption Secunia Research (Dec 12)
- [ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Dec 12)
- ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability zdi-disclosures (Dec 12)
- [ GLSA 200612-13 ] libgsf: Buffer overflow Sune Kloppenborg Jeppesen (Dec 12)
- [ GLSA 200612-14 ] Trac: Cross-site request forgery Sune Kloppenborg Jeppesen (Dec 12)
- ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 12)
- iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability iDefense Labs (Dec 12)
- iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability iDefense Labs (Dec 12)
- [SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service Steve Kemp (Dec 13)
- Re: worksystem => Remote File Include Vulnerability Exploit Laurent . van_den_reysen (Dec 13)
- [SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service Steve Kemp (Dec 13)
- [SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks Steve Kemp (Dec 13)
- ASP Cmd Shell On IIS 5.1 Brett Moore (Dec 13)
- IBM DB2 Remote DoS during CONNECT processing Team SHATTER (Dec 13)
- ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability zdi-disclosures (Dec 13)
- ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability zdi-disclosures (Dec 13)
- CORE-2006-1127: ProFTPD Controls Buffer Overflow CORE Security Technologies Advisories (Dec 13)
- Call for papers and presenters - Dec. 15th deadline Mike Allgeier (Dec 14)
- The (in)security of Xorg and DRI Darren Reed (Dec 14)
- Re: The (in)security of Xorg and DRI Nicolas RUFF (Dec 15)
- Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
- Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
- Re: The (in)security of Xorg and DRI Pavel Kankovsky (Dec 27)
- Re: The (in)security of Xorg and DRI Nicolas RUFF (Dec 15)
- [ GLSA 200612-16 ] Links: Arbitrary Samba command execution Raphael Marichez (Dec 14)
- GenesisTrader v1.0 - Multiple Vulnerabilities mr_kaliman (Dec 14)
- HyperAccess - Multiple Vulnerabilities Brett Moore (Dec 14)
- [USN-380-2] avahi regression Martin Pitt (Dec 14)
- rPSA-2006-0232-1 libgsf rPath Update Announcements (Dec 14)
- [ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability security (Dec 14)
- [ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability security (Dec 14)
- [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities Williams, James K (Dec 14)
- [ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security (Dec 14)
- iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Labs (Dec 14)
- Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Juha-Matti Laurio (Dec 14)
- [ GLSA 200612-17 ] GNU Radius: Format string vulnerability Raphael Marichez (Dec 14)
- Kerio MailServer < 6.3.1 remote Denial of Service research (Dec 14)
- [ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH Sune Kloppenborg Jeppesen (Dec 14)
- CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th) Dragos Ruiu (Dec 14)
- Top 10 Real Computer Crimes for 2007 Pete Herzog (Dec 14)
- [ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability security (Dec 15)
- BitDefender AV Packed PE File Parsing Engine Heap Overflow security (Dec 15)
- TSLSA-2006-0072 - clamav Trustix Security Advisor (Dec 15)
- Windows Explorer WMV File Denial Of Service Vulnerability sehato (Dec 15)
- RE: Windows Explorer WMV File Denial Of Service Vulnerability Ulises Cuñé (Dec 16)
- [USN-396-1] gdm vulnerability Kees Cook (Dec 15)
- Windows Media MID File Denial Of Service Vulnerability sehato (Dec 15)
- [security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access security-alert (Dec 15)
- Project Server 2003 - Credential Disclosure Brett Moore (Dec 15)
- Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit (Dec 15)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Bruno Lustosa (Dec 15)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Dragos Ruiu (Dec 16)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! George Yobst (Dec 16)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Kamchybek Jusupov (Dec 18)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Marcus Meissner (Dec 18)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Josh Bressers (Dec 15)
- <Possible follow-ups>
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! willysr (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! bastyaelvtars (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! ox90x86 (Dec 16)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! p . kerr (Dec 18)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Bruno Lustosa (Dec 15)
- Bypassing process identification of several personal firewalls and HIPS Matousec - Transparent security Research (Dec 15)
- [ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Dec 15)
- [OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd) OpenPKG GmbH (Dec 15)
- Drone Armies C&C Report - 15 Dec 2006 c2report (Dec 16)
- XSS in gmial google gamr-14 (Dec 16)
- Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln. ShaFuq31 (Dec 16)
- Odysseus 2.0 / Telemachus 1.0 (Beta) Dave (Dec 16)
- Contra Haber Sistemi v1.0 SqL Injection Vuln. ShaFuq31 (Dec 16)
- [HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities DoZ (Dec 16)
- Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs. Pasi Sjoholm (Dec 16)
- [SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities Dann Frazier (Dec 18)
- [SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Dec 18)
- [SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution Moritz Muehlenhoff (Dec 18)
- Cisco not honoring update promises? Michael Scheidell (Dec 18)
- <Possible follow-ups>
- Re: Cisco not honoring update promises? rsmoak (Dec 18)
- RE: Cisco not honoring update promises? Michael Scheidell (Dec 19)
- HyperVM Cross-Site Scripting Advisory (Dec 18)
- RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability saudi (Dec 18)
- SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response research (Dec 18)
- Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow Secunia Research (Dec 18)
- Checkpoint NG3 ICMP Flood bdmoraes (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Michael Schwartzkopff (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Hugo van der Kooij (Dec 18)
- [ GLSA 200612-18 ] ClamAV: Denial of Service Sune Kloppenborg Jeppesen (Dec 18)
- [security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS) security-alert (Dec 18)
- [ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability security (Dec 19)
- [ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability security (Dec 19)
- HITBSecConf2007 - Dubai - Call for Papers now open! Praburaajan (Dec 19)
- WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities 7all7 (Dec 19)
- Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo. filip . palian (Dec 19)
- New Skype Worm Christopher Mosby (Dec 19)
- RE: [BULK] - New Skype Worm Hubbard, Dan (Dec 19)
- HP Printers FTP Server Denial Of Service Joxean Koret (Dec 19)
- Trend Micro's Vista "0day exploit auction" claim Ryan Meyer (Dec 19)
- RE: Trend Micro's Vista "0day exploit auction" claim Roger A. Grimes (Dec 20)
- RE: Trend Micro's Vista "0day exploit auction" claim Simple Nomad (Dec 20)
- Message not available
- Re: Trend Micro's Vista "0day exploit auction" claim Simple Nomad (Dec 21)
- RE: Trend Micro's Vista "0day exploit auction" claim Simple Nomad (Dec 20)
- RE: Trend Micro's Vista "0day exploit auction" claim Roger A. Grimes (Dec 20)
- <Possible follow-ups>
- Re: RE: Trend Micro's Vista "0day exploit auction" claim agoodhez1 (Dec 21)
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit sumit kumar soni (Dec 20)
- <Possible follow-ups>
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit Marco Ivaldi (Dec 21)
- <Possible follow-ups>
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)
- Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting Brian Eaton (Dec 20)
- <Possible follow-ups>
- Re: Oracle Portal 10g HTTP Response Splitting majororacle (Dec 21)
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip 3APA3A (Dec 21)
- <Possible follow-ups>
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Juha-Matti Laurio (Dec 21)
- Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Thierry Zoller (Dec 22)
- Re: [Full-disclosure] Fun with event logs (semi-offtopic) endrazine (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Pukhraj Singh (Dec 21)
- Message not available
- RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Michele Cicciotti (Dec 22)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov (Dec 21)
- Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) 3APA3A (Dec 21)
- Message not available
- RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) Michele Cicciotti (Dec 21)
- <Possible follow-ups>
- Re: Multiple Remote Vulnerabilities in KISGB str0ke (Dec 23)
- Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure") Martin Johns (Dec 26)
- <Possible follow-ups>
- Re: XSS with Vbulletin (new idea !) bas (Dec 27)
- Re: XSS with Vbulletin (new idea !) l . d . 0 (Dec 28)
- Re: XSS with Vbulletin (new idea !) micmast (Dec 28)
- Re: phpcms <=- 1.1.7 Remote File Inclusion Hugo van der Kooij (Dec 27)
- <Possible follow-ups>
- Re: phpcms <=- 1.1.7 Remote File Inclusion Stuart Moore (Dec 26)
- <Possible follow-ups>
- Re: LuckyBot v3 Remote File Include Stuart Moore (Dec 27)
- <Possible follow-ups>
- Re: XSS - CMS Made Simple v1.0.2 nanoymaster (Dec 28)
- <Possible follow-ups>
- Re: XSS in script Mobilelib GOLD v2 gamr-14 (Dec 29)