Bugtraq: by thread

Previous period

Next period

439 messages starting Dec 01 06 and ending Dec 30 06
Date index | Thread index | Author index

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures (Dec 01)
- Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability Dude VanWinkle (Dec 01)
Invision Gallery 2.0.7 SQL Injection Vulnerability infection (Dec 01)
- <Possible follow-ups>
- Re: Invision Gallery 2.0.7 SQL Injection Vulnerability emin (Dec 04)
Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability emin (Dec 01)
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation Steve Kemp (Dec 01)
[ MDKSA-2006:220 ] - Updated libgsf packages fix heap buffer overflow vulnerability security (Dec 01)
[ MDKSA-2006:221 ] - Updated gnupg packages fix vulnerability security (Dec 01)
rPSA-2006-0221-1 openldap openldap-clients openldap-servers rPath Update Announcements (Dec 01)
[Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites Advisory (Dec 01)
deV!L`z Clanportal - Arbitrary File Upload [061124b] Tim Weber (Dec 01)
deV!L`z Clanportal - SQL Injection [061124a] Tim Weber (Dec 01)
Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability dh (Dec 01)
[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite Noah Meyerhans (Dec 01)
Outpost Bypassing Self-Protection via Advanced DLL injection with handle stealing Vulnerability Matousec - Transparent security Research (Dec 01)
rPSA-2006-0220-1 dovecot rPath Update Announcements (Dec 01)
Aspee Ziyareti Defteri (tr) Sql injection Vuln. ShaFuq31 (Dec 01)
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability iDefense Labs (Dec 01)
[SECURITY] [DSA 1222-2] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff (Dec 01)
iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability iDefense Labs (Dec 01)
rPSA-2006-0224-1 gnupg rPath Update Announcements (Dec 01)
TSLSA-2006-0068 - multi Trustix Security Advisor (Dec 01)
Re: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Simon Josefsson (Dec 01)
rPSA-2006-0222-1 tar rPath Update Announcements (Dec 01)
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability -= SHELL =- -= SHELL =- (Dec 01)
[ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability security (Dec 02)
[Aria-Security Team] DuWare DuNews SQL Injection Vuln Advisory (Dec 02)
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln Advisory (Dec 02)
[Aria-Security Team] DuWare DuPortal SQL Injection Vuln Advisory (Dec 02)
PHPNews 1.3.0 XSS emulamex (Dec 02)
KhaledMuratList mdb blasterim (Dec 02)
[ MDKSA-2006:222 ] - Updated koffice packages fixes integer overflow vulnerability security (Dec 02)
[Aria-Security Team] DuWare DuDownloads SQL Injection Vuln Advisory (Dec 02)
CuteNews 1.3.6 XSS emulamex (Dec 02)
[Aria-Security Team] DuWare DuForum SQL Injection Vuln Advisory (Dec 02)
[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln Advisory (Dec 02)
[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS ISecAuditors Security Advisories (Dec 04)
listpics v5 blasterim (Dec 04)
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail ISecAuditors Security Advisories (Dec 04)
Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln. ShaFuq31 (Dec 04)
[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail ISecAuditors Security Advisories (Dec 04)
fl0p - passive L7 flow fingerprinting Michal Zalewski (Dec 04)
Online BookMarks Multiple SQL Injection/XSS Vulnerabilities security (Dec 04)
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Dec 04)
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Dec 04)
SMF upload XSS vulnerability Jessica Hope (Dec 04)
2[xss]Vulnerabilities in Script Mobile Ac4p.com gamr-14 (Dec 04)
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting ajannhwt (Dec 04)
MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit ajannhwt (Dec 04)
- Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit 3APA3A (Dec 05)
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze (Dec 04)
[SECURITY] [DSA 1226-1] New links packages fix arbitrary shell command execution Moritz Muehlenhoff (Dec 04)
Vt-Forum Lite System V.1.3 Xss Vuln. starext (Dec 04)
Re: UPublisher Exploit - Superfreaker me (Dec 04)
[Aria-Security Team] uGestBook SQL Injection Vuln Advisory (Dec 04)
- <Possible follow-ups>
- Re: [Aria-Security Team] uGestBook SQL Injection Vuln Stuart Moore (Dec 05)
- Re: Re: [Aria-Security Team] uGestBook SQL Injection Vuln saps . audit (Dec 05)
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Dec 04)
Multiple bugs in TFT-Gallery nj (Dec 04)
- <Possible follow-ups>
- Re: Multiple bugs in TFT-Gallery simo64 (Dec 04)
[USN-392-1] xine-lib vulnerability Kees Cook (Dec 04)
F-Prot Antivirus for Unix: heap overflow and Denial of Service research (Dec 04)
Re: aBitWhizzy [local file include] john . goodman (Dec 04)
[USN-391-1] libgsf vulnerability Kees Cook (Dec 04)
[ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability security (Dec 04)
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team (Dec 04)
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 05)
  - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley (Dec 05)
    - Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God) (Dec 05)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 06)
XSS in JAB Guest Book nj (Dec 04)
- <Possible follow-ups>
- Re: XSS in JAB Guest Book Steven M. Christey (Dec 07)
- Re: XSS in JAB Guest Book Barnz (Dec 09)
rPSA-2006-0211-2 doxygen libpng rPath Update Announcements (Dec 04)
new xss in modbb forum h angel (Dec 04)
TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities TSRT (Dec 05)
SNORT Covered channels detector patch fryxar fryxar (Dec 05)
[KOffice security advisory] KOffice OLEfilter integer overflow Dirk Mueller (Dec 05)
Re: GnuPG 1.4 and 2.0 buffer overflow Damien Miller (Dec 05)
Re: Evolve Merchant[ injection sql ] tony (Dec 05)
URL Rdirecction Bug Yahoo matrix (Dec 05)
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features Mariano Nuñez Di Croce (Dec 05)
CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal Mariano Nuñez Di Croce (Dec 05)
DistrRTgen 1.0 launched! Martin Jørgensen (Dec 05)
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution Moritz Muehlenhoff (Dec 05)
EasyPage Portal ( all ver )SQL Injection matrix (Dec 05)
- <Possible follow-ups>
- Re: EasyPage Portal ( all ver )SQL Injection saps . audit (Dec 05)
Re: Symantec LiveState Agent for Windows vulnerabi Damjan (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerabi eugeny gladkih (Dec 05)
eEye's Zero-Day Tracker Launch chinese soup (Dec 05)
[security bulletin] HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert (Dec 05)
HPSBUX02178 SSRT061267 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) security-alert (Dec 05)
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability eEye Advisories (Dec 06)
[ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability security (Dec 06)
[USN-390-2] evince vulnerability Kees Cook (Dec 06)
Barracuda Convert-UUlib library buffer overflow leads to remote compromise Jean-Sébastien Guay-Leroux (Dec 06)
Internet Explorer 6. CSS Expression Denial of Service (P.o.C.) José Carlos Nieto Jarquín (Dec 06)
Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) José Carlos Nieto Jarquín (Dec 06)
- Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) Andrius Paurys (Dec 07)
  - Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 08)
    - Re: Internet Explorer 6 CSS "expression" Denial of Service Exploit (P.o.C.) chinese soup (Dec 12)
Uploadscript Vulnerabilities: Text file Hash password hack2prison (Dec 06)
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem FreeBSD Security Advisories (Dec 06)
FreeBSD Security Advisory FreeBSD-SA-06:26.gtar FreeBSD Security Advisories (Dec 06)
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution Martin Schulze (Dec 06)
Oracle PL/SQL Fuzzing Tool Joxean Koret (Dec 06)
BTSaveMySql 1.2 (acces to config files) sn0oPy . team (Dec 06)
Multiple Vendor Unusual MIME Encoding Content Filter Bypass Hendrik Weimer (Dec 06)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm (Dec 07)
  - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Luke Borg (Dec 07)
  - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass michele.sandrelli () katamail com (Dec 07)
  - Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass 3APA3A (Dec 07)
    - Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Tomasz Kojm (Dec 07)
- Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass Gadi Evron (Dec 07)
SYMSA-2006-012: 2X ThinClientServer Create Admin Account Replay Vulnerability research (Dec 06)
GnuPG: remotely controllable function pointer [CVE-2006-6235] Werner Koch (Dec 06)
rPSA-2006-0226-1 kernel rPath Update Announcements (Dec 06)
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability security (Dec 06)
rPSA-2006-0227-1 gnupg rPath Update Announcements (Dec 06)
Microsoft 0-day word vulnerability - Secunia - Extremely critical Ryan Buena (Dec 06)
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Andrew Simmons (Dec 07)
- <Possible follow-ups>
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical Juha-Matti Laurio (Dec 07)
- Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey (Dec 14)
- Re: Re: Microsoft 0-day word vulnerability - Secunia - Extremely critical schafer_jeffrey (Dec 14)
New MySpace worm could be on its way pdp (architect) (Dec 07)
ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 07)
[ GLSA 200612-01 ] wv library: Multiple integer overflows Sune Kloppenborg Jeppesen (Dec 07)
Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger (Dec 07)
Digital Armaments Security Advisory 07.12.2006: Yahoo multiple services authentication bypass Vulnerability info (Dec 07)
TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability TSRT (Dec 07)
Some Thoughts about Office Open XML and Malware Detection Jan P. Monsch (Dec 07)
[USN-393-1] GnuPG vulnerability Kees Cook (Dec 07)
Re: The Week of Oracle Database Bugs Tony Jambu (Dec 07)
phpbb 2.0.x [xss] saps . audit (Dec 07)
[USN-390-3] evince-gtk vulnerability Kees Cook (Dec 07)
phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit crackers_child (Dec 07)
[USN-393-2] GnuPG2 vulnerabilities Kees Cook (Dec 07)
DUdirectory Admin Panel SQL Injection Meftun (Dec 07)
[OpenPKG-SA-2006.037] OpenPKG Security Advisory (gnupg) OpenPKG GmbH (Dec 07)
EEYE: Intel Network Adapter Driver Local Privilege Escalation eEye Advisories (Dec 07)
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting Advisory (Dec 08)
[Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting Advisory (Dec 08)
[Aria-Security Team] cPanel BoxTrapper Cross Site Scripting Advisory (Dec 08)
TSLSA-2006-0070 - multi Trustix Security Advisor (Dec 08)
[OpenPKG-SA-2006.038] OpenPKG Security Advisory (tar) OpenPKG GmbH (Dec 08)
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow Steve Kemp (Dec 08)
Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written Juha-Matti Laurio (Dec 08)
Midicart vulerable ifx (Dec 08)
[CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability Williams, James K (Dec 08)
[USN-394-1] Ruby vulnerability Kees Cook (Dec 08)
LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories (Dec 08)
LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories (Dec 08)
Animated Smiley Generator File Include Vul. starext (Dec 08)
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass cxib (Dec 08)
- Re: PHP 5.2.0 session.save_path safe_mode and open_basedir bypass Ismail Donmez (Dec 12)
PhpBB Toplist 1.3.7 Xss Vuln. starext (Dec 08)
ASX Playlists and Jumping to Conclusions Sûnnet Beskerming (Dec 08)
Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch (Dec 08)
- <Possible follow-ups>
- Re: Enforcing Java Security Manager in Restricted Windows Environments? jim (Dec 21)
  - RE: Enforcing Java Security Manager in Restricted Windows Environments? Jan P. Monsch (Dec 21)
iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability iDefense Labs (Dec 09)
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability iDefense Labs (Dec 09)
iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability iDefense Labs (Dec 09)
Call For Papers: SecurityOPUS 2007 Sharkey (Dec 09)
[ GLSA 200612-02 ] xine-lib: Buffer overflow Sune Kloppenborg Jeppesen (Dec 09)
KDPics Multiple Vulnerabities mr_kaliman (Dec 09)
ProNews V1.5 XSS & SQL Injection mr_kaliman (Dec 09)
Messageriescripthp V2.0 XSS & SQL Injection mr_kaliman (Dec 09)
AnnonceScriptHP V2.0 Multiple Vulnerabilities mr_kaliman (Dec 09)
[SECURITY] [DSA 1231-1] New gnupg packages fix arbitrary code execution Moritz Muehlenhoff (Dec 09)
[SECURITY] [DSA 1232-1] New clamav packages fix denial of service Moritz Muehlenhoff (Dec 09)
[ GLSA 200612-04 ] ModPlug: Multiple buffer overflows Raphael Marichez (Dec 11)
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities Dann Frazier (Dec 11)
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz robert (Dec 11)
D-LINK DWL-2000AP+ remote DoS poplix (Dec 11)
[ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez (Dec 11)
- <Possible follow-ups>
- [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow Raphael Marichez (Dec 12)
[SBDA] - ColdFusion MX7 - Multiple Vulnerabilities Brett Moore (Dec 11)
Unauthenticated access to IBM Host On-Demand administration pages Ferguson, David (Kansas City) (Dec 11)
[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities security (Dec 11)
RFIDIOt release - version 0.1i Adam Laurie (Dec 11)
Firefox 2.0 security bug: Extensions can hide themself azurIt (Dec 11)
ERRATA: [ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez (Dec 11)
Multiple vulnerabilities in Winamp Web Interface 7.5.13 Luigi Auriemma (Dec 11)
[ GLSA 200612-08 ] SeaMonkey: Multiple vulnerabilities Raphael Marichez (Dec 11)
Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document Juha-Matti Laurio (Dec 11)
Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio (Dec 11)
- <Possible follow-ups>
- Re: Another, different MS Word 0-day vulnerability reported Juha-Matti Laurio (Dec 11)
looking for security community input Gadi Evron (Dec 11)
shopsite advisory DoZ (Dec 11)
- <Possible follow-ups>
- Re: shopsite advisory bugtraq (Dec 12)
[ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities Raphael Marichez (Dec 11)
Secunia Research: MailEnable IMAP Service Buffer Overflow Vulnerability Secunia Research (Dec 11)
Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup Williams, James K (Dec 11)
[ GLSA 200612-10 ] Tar: Directory traversal vulnerability Matthias Geerdsen (Dec 11)
The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 11)
- Re: The newest Word flaw is due to malformed data structure handling Alexander Sotirov (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Dave "No, not that one" Korn (Dec 12)
- <Possible follow-ups>
- Re: Re: The newest Word flaw is due to malformed data structure handling test (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Steven M. Christey (Dec 14)
- Re: The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 14)
Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup Williams, James K (Dec 11)
[ GLSA 200612-03 ] GnuPG: Multiple vulnerabilities Raphael Marichez (Dec 11)
RFID access control tokens widely open to cloning Adam Laurie (Dec 11)
[ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities Raphael Marichez (Dec 11)
Secunia Research: AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow Secunia Research (Dec 11)
[ GLSA 200612-05 ] KOffice shared libraries: Heap corruption Sune Kloppenborg Jeppesen (Dec 11)
[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability security (Dec 11)
[ MDKSA-2006:228 ] - Updated gnupg packages fix vulnerability security (Dec 12)
OpenLDAP kbind authentication buffer overflow Solar Eclipse (Dec 12)
[SBDA] SiteKiosk - FileSystem Access Brett Moore (Dec 12)
Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability rko . thelegendkiller (Dec 12)
rPSA-2006-0230-1 evince rPath Update Announcements (Dec 12)
rPSA-2006-0231-1 squirrelmail rPath Update Announcements (Dec 12)
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 12)
Re: [fuzzing] OWASP Fuzzing page Joxean Koret (Dec 12)
- NOT a 0day! Re: [fuzzing] [Full-disclosure] OWASP Fuzzing page Gadi Evron (Dec 14)
  - Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Jerome Athias (Dec 14)
    - Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Gadi Evron (Dec 14)
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability zdi-disclosures (Dec 12)
BLOG:CMS Remote file include Vulnerability security (Dec 12)
Secunia Research: Internet Explorer Script Error Handling Memory Corruption Secunia Research (Dec 12)
[ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Dec 12)
ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability zdi-disclosures (Dec 12)
[ GLSA 200612-13 ] libgsf: Buffer overflow Sune Kloppenborg Jeppesen (Dec 12)
[ GLSA 200612-14 ] Trac: Cross-site request forgery Sune Kloppenborg Jeppesen (Dec 12)
ZDI-06-046: Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability zdi-disclosures (Dec 12)
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability iDefense Labs (Dec 12)
iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability iDefense Labs (Dec 12)
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service Steve Kemp (Dec 13)
Re: worksystem => Remote File Include Vulnerability Exploit Laurent . van_den_reysen (Dec 13)
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service Steve Kemp (Dec 13)
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks Steve Kemp (Dec 13)
ASP Cmd Shell On IIS 5.1 Brett Moore (Dec 13)
IBM DB2 Remote DoS during CONNECT processing Team SHATTER (Dec 13)
ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability zdi-disclosures (Dec 13)
ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability zdi-disclosures (Dec 13)
CORE-2006-1127: ProFTPD Controls Buffer Overflow CORE Security Technologies Advisories (Dec 13)
Call for papers and presenters - Dec. 15th deadline Mike Allgeier (Dec 14)
The (in)security of Xorg and DRI Darren Reed (Dec 14)
- Re: The (in)security of Xorg and DRI Nicolas RUFF (Dec 15)
  - Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
  - Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
- Re: The (in)security of Xorg and DRI Pavel Kankovsky (Dec 27)
[ GLSA 200612-16 ] Links: Arbitrary Samba command execution Raphael Marichez (Dec 14)
GenesisTrader v1.0 - Multiple Vulnerabilities mr_kaliman (Dec 14)
HyperAccess - Multiple Vulnerabilities Brett Moore (Dec 14)
[USN-380-2] avahi regression Martin Pitt (Dec 14)
rPSA-2006-0232-1 libgsf rPath Update Announcements (Dec 14)
[ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability security (Dec 14)
[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability security (Dec 14)
[CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities Williams, James K (Dec 14)
[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security (Dec 14)
iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Labs (Dec 14)
- Re: iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Labs (Dec 14)
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Juha-Matti Laurio (Dec 14)
[ GLSA 200612-17 ] GNU Radius: Format string vulnerability Raphael Marichez (Dec 14)
Kerio MailServer < 6.3.1 remote Denial of Service research (Dec 14)
[ GLSA 200612-15 ] McAfee VirusScan: Insecure DT_RPATH Sune Kloppenborg Jeppesen (Dec 14)
CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th) Dragos Ruiu (Dec 14)
Top 10 Real Computer Crimes for 2007 Pete Herzog (Dec 14)
[ MDKSA-2006:231 ] - Updated gdm packages fix string vulnerability security (Dec 15)
BitDefender AV Packed PE File Parsing Engine Heap Overflow security (Dec 15)
TSLSA-2006-0072 - clamav Trustix Security Advisor (Dec 15)
Windows Explorer WMV File Denial Of Service Vulnerability sehato (Dec 15)
- RE: Windows Explorer WMV File Denial Of Service Vulnerability Ulises Cuñé (Dec 16)
[USN-396-1] gdm vulnerability Kees Cook (Dec 15)
Windows Media MID File Denial Of Service Vulnerability sehato (Dec 15)
[security bulletin] HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access security-alert (Dec 15)
Project Server 2003 - Credential Disclosure Brett Moore (Dec 15)
Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit (Dec 15)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Bruno Lustosa (Dec 15)
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Dragos Ruiu (Dec 16)
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! George Yobst (Dec 16)
  - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Kamchybek Jusupov (Dec 18)
    - Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Marcus Meissner (Dec 18)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Josh Bressers (Dec 15)
- <Possible follow-ups>
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! gplit (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! willysr (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! bastyaelvtars (Dec 16)
  - Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! Hunger (Dec 16)
- Re: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! ox90x86 (Dec 16)
- Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! p . kerr (Dec 18)
Bypassing process identification of several personal firewalls and HIPS Matousec - Transparent security Research (Dec 15)
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Dec 15)
[OpenPKG-SA-2006.039] OpenPKG Security Advisory (proftpd) OpenPKG GmbH (Dec 15)
Drone Armies C&C Report - 15 Dec 2006 c2report (Dec 16)
XSS in gmial google gamr-14 (Dec 16)
Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln. ShaFuq31 (Dec 16)
Odysseus 2.0 / Telemachus 1.0 (Beta) Dave (Dec 16)
Contra Haber Sistemi v1.0 SqL Injection Vuln. ShaFuq31 (Dec 16)
[HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities DoZ (Dec 16)
Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs. Pasi Sjoholm (Dec 16)
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities Dann Frazier (Dec 18)
[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution Moritz Muehlenhoff (Dec 18)
Cisco not honoring update promises? Michael Scheidell (Dec 18)
- <Possible follow-ups>
- Re: Cisco not honoring update promises? rsmoak (Dec 18)
- RE: Cisco not honoring update promises? Michael Scheidell (Dec 19)
HyperVM Cross-Site Scripting Advisory (Dec 18)
RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability saudi (Dec 18)
SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response research (Dec 18)
Secunia Research: MailEnable POP Service "PASS" Command Buffer Overflow Secunia Research (Dec 18)
Checkpoint NG3 ICMP Flood bdmoraes (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Michael Schwartzkopff (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Hugo van der Kooij (Dec 18)
[ GLSA 200612-18 ] ClamAV: Denial of Service Sune Kloppenborg Jeppesen (Dec 18)
[security bulletin] HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS) security-alert (Dec 18)
[ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability security (Dec 19)
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability security (Dec 19)
HITBSecConf2007 - Dubai - Call for Papers now open! Praburaajan (Dec 19)
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities 7all7 (Dec 19)
Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo. filip . palian (Dec 19)
New Skype Worm Christopher Mosby (Dec 19)
- RE: [BULK] - New Skype Worm Hubbard, Dan (Dec 19)
HP Printers FTP Server Denial Of Service Joxean Koret (Dec 19)
Trend Micro's Vista "0day exploit auction" claim Ryan Meyer (Dec 19)
- RE: Trend Micro's Vista "0day exploit auction" claim Roger A. Grimes (Dec 20)
  - RE: Trend Micro's Vista "0day exploit auction" claim Simple Nomad (Dec 20)
    - Message not available
    - Re: Trend Micro's Vista "0day exploit auction" claim Simple Nomad (Dec 21)
- <Possible follow-ups>
- Re: RE: Trend Micro's Vista "0day exploit auction" claim agoodhez1 (Dec 21)
xss in Support Cards v1 ( oSTicket ) l . d . 0 (Dec 19)
Burak Yilmaz Download Portal Sql Injection Vuln. ShaFuq31 (Dec 19)
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit none (Dec 19)
Oracle <= 9i / 10g File System Access via utl_file Exploit none (Dec 19)
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit sumit kumar soni (Dec 20)
- <Possible follow-ups>
- Re: Oracle <= 9i / 10g File System Access via utl_file Exploit Marco Ivaldi (Dec 21)
Multiple Bugs in MINI WEB SHOP xx_hack_xx_2004 (Dec 19)
MkPortal Urlobox Cross Site Request Forgery info (Dec 19)
- <Possible follow-ups>
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)
- Re: MkPortal Urlobox Cross Site Request Forgery securityfocus (Dec 21)
ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability zdi-disclosures (Dec 20)
SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability SEC Consult Research (Dec 20)
Oracle Portal 10g HTTP Response Splitting putosoft softputo (Dec 20)
- Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting Brian Eaton (Dec 20)
- <Possible follow-ups>
- Re: Oracle Portal 10g HTTP Response Splitting majororacle (Dec 21)
NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory security (Dec 20)
Mono XSP ASP.NET Server sourcecode disclosure vulnerability jose . palanco (Dec 20)
[security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege security-alert (Dec 20)
[security bulletin] HPSBST02180 SSRT061288 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-072 Through MS06-078 security-alert (Dec 20)
[ GLSA 200612-19 ] pam_ldap: Authentication bypass vulnerability Raphael Marichez (Dec 20)
[ GLSA 200612-20 ] imlib2: Multiple vulnerabilities Raphael Marichez (Dec 20)
[ GLSA 200612-21 ] Ruby: Denial of Service vulnerability Raphael Marichez (Dec 20)
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip quincy (Dec 20)
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip 3APA3A (Dec 21)
- <Possible follow-ups>
- Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Juha-Matti Laurio (Dec 21)
  - Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Thierry Zoller (Dec 22)
[USN-397-1] mono vulnerability Kees Cook (Dec 20)
[CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability Williams, James K (Dec 21)
[OpenPKG-SA-2006.041] OpenPKG Security Advisory (dbus) OpenPKG GmbH (Dec 21)
NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory security (Dec 21)
Fun with event logs (semi-offtopic) 3APA3A (Dec 21)
- Re: [Full-disclosure] Fun with event logs (semi-offtopic) endrazine (Dec 21)
Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)
  - Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov (Dec 21)
    - Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Pukhraj Singh (Dec 21)
    - Message not available
    - RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Michele Cicciotti (Dec 22)
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution Steve Kemp (Dec 21)
[ MDKSA-2006:234 ] - Updated mono packages fix vulnerability security (Dec 21)
RE: [Full-disclosure] Fun with event logs (semi-offtopic) Michele Cicciotti (Dec 21)
- Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) 3APA3A (Dec 21)
- Message not available
  - RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic) Michele Cicciotti (Dec 21)
Ixprim CMS 1.2 Remote Blind SQL Injection Exploit gmdarkfig (Dec 21)
SQID v0.1 - SQL Inhection Digger. contact (Dec 21)
Re: Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images matthieu . paineauSTOPSPAM (Dec 21)
[TOOL] untidy - XML Fuzzer Andres Riancho (Dec 21)
[OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby) OpenPKG GmbH (Dec 21)
OpenSER 1.1.0 parse_config buffer overflow vulnerability sapheal (Dec 21)
PWDumpX updated (includes CacheDump functionality) Reed Arvin (Dec 21)
Xt-News 0.1 : SQL Injection Vulnerability & XSS mr_kaliman (Dec 22)
rPSA-2006-0234-1 firefox rPath Update Announcements (Dec 22)
Oracle Applications/Portal 9i/10g Cross Site Scripting putosoft softputo (Dec 22)
TSLSA-2006-0074 - multi Trustix Security Advisor (Dec 22)
Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting putosoft softputo (Dec 22)
Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Mike (Dec 22)
SQID v0.2 - SQL Injection Digger. contact (Dec 22)
Re: Multiple Remote Vulnerabilities in KISGB 3APA3A (Dec 23)
- <Possible follow-ups>
- Re: Multiple Remote Vulnerabilities in KISGB str0ke (Dec 23)
ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability zdi-disclosures (Dec 23)
ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability zdi-disclosures (Dec 23)
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability zdi-disclosures (Dec 23)
Efkan Forum v1.0 SqL Inj. Vuln. ShaFuq31 (Dec 23)
Multiple Bugs in Future Internet ( XSS & SQL Injection ) xx_hack_xx_2004 (Dec 23)
iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability iDefense Labs (Dec 25)
iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability iDefense Labs (Dec 25)
Okul Merkezi Portal v1.0 Remote File IncLude Vuln. ShaFuq31 (Dec 25)
Chatwm V1.0 SqL Injection Vuln. ShaFuq31 (Dec 25)
Fishyshoop Security Vulnerability James Gray (Dec 25)
TimberWolf 1.2.2 vulnerable to XSS corrado . liotta (Dec 25)
Forum AnyBoard - Sql Inyection By Firewall Firewall1954 (Dec 25)
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure") Amit Klein (Dec 25)
- Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure") Martin Johns (Dec 26)
XSS with Vbulletin (new idea !) ashraf1984 (Dec 25)
- <Possible follow-ups>
- Re: XSS with Vbulletin (new idea !) bas (Dec 27)
- Re: XSS with Vbulletin (new idea !) l . d . 0 (Dec 28)
- Re: XSS with Vbulletin (new idea !) micmast (Dec 28)
[SECURITY] [DSA 1241-1] New squirrelmail packages fix cross-site scripting Moritz Muehlenhoff (Dec 25)
PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities DoZ (Dec 25)
Cahier de texte V2.2 Bypass general access protection exploit gmdarkfig (Dec 26)
phpcms <=- 1.1.7 Remote File Inclusion Zarloule04 (Dec 26)
- Re: phpcms <=- 1.1.7 Remote File Inclusion Hugo van der Kooij (Dec 27)
- <Possible follow-ups>
- Re: phpcms <=- 1.1.7 Remote File Inclusion Stuart Moore (Dec 26)
PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability xorontr (Dec 26)
LuckyBot v3 Remote File Include i-k-t (Dec 26)
- <Possible follow-ups>
- Re: LuckyBot v3 Remote File Include Stuart Moore (Dec 27)
HLStats Remote SQL Injection Exploit nospam (Dec 26)
XSS - CMS Made Simple v1.0.2 Curtis Zimmerman (Dec 26)
- <Possible follow-ups>
- Re: XSS - CMS Made Simple v1.0.2 nanoymaster (Dec 28)
logahead UNU edition 1.0 Remote File Upload & code execution corrado . liotta (Dec 26)
[OpenPKG-SA-2006.042] OpenPKG Security Advisory (openser) OpenPKG GmbH (Dec 26)
[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links) OpenPKG GmbH (Dec 26)
Host directory full disclosure and input error hack2prison (Dec 27)
Secure Login Manager Multiple Input Validation Vulnerabilities DoZ (Dec 27)
Re: Cross site scripting & fullpath disclosure james . brown (Dec 27)
NtRaiseHardError Csrss.exe memory Disclosure exploit Reversemode (Dec 27)
ShmooCon Announcement B Potter (Dec 27)
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution Moritz Muehlenhoff (Dec 28)
Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities xorontr (Dec 28)
[SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution Moritz Muehlenhoff (Dec 28)
OpenSER OSP Module remote code execution sapheal (Dec 28)
SMS handling OpenSER remote code executing sapheal (Dec 28)
[OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m) OpenPKG GmbH (Dec 28)
[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution Moritz Muehlenhoff (Dec 28)
[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff (Dec 28)
XSS in script Mobilelib GOLD v2 gamr-14 (Dec 29)
- <Possible follow-ups>
- Re: XSS in script Mobilelib GOLD v2 gamr-14 (Dec 29)
XSS with default page parameter in Oracle Portal 10g duchaikhtn (Dec 29)
QuickCam linux device driver allows arbitrary code execution sapheal (Dec 29)
LDU <= 8.x (journal.php) SQL Injection Vulnerability starext (Dec 29)
DoceboLMS Xss Vuln. starext (Dec 29)
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit Reversemode (Dec 30)
MythControl (MythTV remote control) arbitrary code execution sapheal (Dec 30)
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit inge_eivind . henriksen (Dec 30)
[vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability vulnpost-remove (Dec 30)
Enigma Coppermine Bridge (boarddir) Remote File Include xorontr (Dec 30)
Enigma WordPress Bridge (boarddir) Remote File Include xorontr (Dec 30)

Previous period

Next period