Bugtraq: by date

PreviousPrevious period
Next periodNext

559 messages starting Feb 01 06 and ending Feb 28 06
Date index | Thread index | Author index

Wednesday, 01 February

[eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities alex
Blackboard Authentication Error jdo24
[eVuln] SZUserMgnt Authentication Bypass alex
ZRCSA-200601: SPIP - Multiple Vulnerabilities research
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution Martin Schulze
[security bulletin] SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access security-alert
Re: Winamp 5.12 - 0day exploit - code execution through playlist bart sikkes
DISIT - OPEN SOURCE DISASSEMBLER ENGINE Piotr Bania
Re: Workaround for unpatched Oracle PLSQL Gateway flaw x
Internet Explorer remotely exploitable vulnerability in JScript's document.write() method porkythepig
Database Manager Default pass fireboynet
iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability labs-no-reply () idefense com
Re: Blackboard Authentication Error George
RE: Buffer Overflow /Font on mIRC Krpata, Tyler
iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability labs-no-reply () idefense com
Re: Verified evasion in Snort Thierry Zoller
Re: MyCO multiple vulnerabilities office
Re: Verified evasion in Snort mwatchinski
FreeBSD Security Advisory FreeBSD-SA-06:08.sack FreeBSD Security Advisories
Fcrontab - memory corruption on heap. pi3ki31ny

Thursday, 02 February

[ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities security
[SECURITY] [DSA 963-1] New mydns packages fix denial of service Martin Schulze
Black Hat USA CFP opens, Europe early bird reminder, Federal news Jeff Moss
Re: Buffer Overflow /Font on mIRC D.C. van Moolenbroek
Re: Blackboard Authentication Error Johan A . van Zanten
SoftMaker Shop is vulnerable to XSS preben
Re: Blackboard Authentication Error Joshua Ogle
Re: Blackboard Authentication Error security-alerts
Re: Blackboard Authentication Error jeremy
Bug for libs in php link directory 2.0 Mario Oyorzabal Salgado
CyberShop Ultimate E-commerce Script Cross Site Scripting B3g0k
CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities Williams, James K
security contact @lycos.com Spiros Antonatos
The History of the Oracle PLSQL Gateway Flaw David Litchfield
More on the workaround for the unpatched Oracle PLSQL Gateway flaw David Litchfield
[SLAB] NetBSD / OpenBSD kernfs_xread patch evasion SecurityLab Research
[ MDKSA-2006:030 ] - Updated poppler packages fixes heap-based buffer overflow vulnerability security
[ MDKSA-2006:029 ] - Updated libast packages fixes buffer overflow vulnerability security
Re: Re: Verified evasion in Snort anonpoet
[ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability security
[ MDKSA-2006:032 ] - Updated xpdf packages fixes heap-based buffer overflow vulnerability security

Friday, 03 February

Re: New worm crawling trough blogs?! Nick FitzGerald
[ MDKSA-2006:033 ] - Updated OpenOffice.org packages fix issue with disabled hyperlinks security
Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. Mert Sarıca
Re: Re: Verified evasion in Snort Dave Korn
[KDE Security Advisory] kpdf/xpdf heap based buffer overflow Dirk Mueller
IronMail-5.0.1-Denial of-Service-Protection-Lets-Remote-Users-Deny-Service mark
Re: Cross Site Cooking Yngve Nysaeter Pettersen
Neomail Cross Site Scripting Vulnerability simo
cPanel Multiple Cross Site Scripting Vulnerability simo
[SECURITY] [DSA 964-1] New gnocatan packages fix denial of service Martin Schulze
Exchangepop3 rcpt buffer overflow vulnerability securma
AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability shell
Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. Henrik Krohns
Blacklist defenses as a breeding ground for vulnerability variants Steven M. Christey
Outblaze Cross Site Scripting Vulnerability simo
Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. Hugo van der Kooij
Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability Stan Bubrouski
[eVuln] MyQuiz Arbitrary Command Execution Vulnerability alex

Saturday, 04 February

LoudBlog <= 0.4 arbitrary remote inclusion rgod
sql injection in ASP Survey mfoxhacker
[KAPDA::#26] - MyTopix Sql Injection & Path Disclosure alireza hassani
PluggedOut Blog SQL injection and XSS h e
VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability VSR Advisories
Issues with security software: orbicule.com "Undercover" Maximillian Dornseif
Re: Workaround for unpatched Oracle PLSQL Gateway flaw ad () heapoverflow com
[eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities alex
Re: security contact @lycos.com while
mwcollect Alliance Launch Georg Wicherski
cleartext passwords get into log files innate
Re: Cross Site Cooking Glynn Clements
Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability Stan Bubrouski
ProtoVer LDAP vs CommuniGate Pro 5.0.7 Evgeny Legerov

Monday, 06 February

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. chinchilla
[ GLSA 200602-01 ] GStreamer FFmpeg plugin: Heap-based buffer overflow Stefan Cornelius
DarkStarlings.com XSS Vulnerability Will Boyce
[SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service Martin Schulze
Announcement: Domain Contamination By Amit Klein contact
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability XFOCUS Security Team
PeopleSoft (Oracle) PSCipher Encryption Weakness info
Re: [KDE Security Advisory] kpdf/xpdf heap based buffer overflow Dirk Mueller
SECURITY.NNOV: The Bat! 2.x message headers spoofing 3APA3A
[ GLSA 200602-02 ] ADOdb: PostgresSQL command injection Sune Kloppenborg Jeppesen
[ GLSA 200602-03 ] Apache: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC Research Infratech
[ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer Research Infratech
[ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones Research Infratech
CAIDA analysis on CME-24/BlackWorm Gadi Evron
Re: cleartext passwords get into log files Ben Wheeler
cPanel 10 handle.html XSS Vulnerability shell
RE: cPanel Multiple Cross Site Scripting Vulnerability Hamish Stanaway
Re: cleartext passwords get into log files Damien Miller
Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). h . z
mailback script exploit coderpunk
(OLD) Eudora WorldMail 3.0 Windows 2000 Remote System Exploit markus magnus
RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. Prashant Meswani
[ MDKSA-2006:034 ] - Updated openssh packages fix vulnerability security
Re: Cross Site Cooking Tim Nelson
Re: security contact @lycos.com sheeponhigh

Tuesday, 07 February

Re: CAIDA analysis on CME-24/BlackWorm Nick FitzGerald
Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability XFOCUS Security Team
crypt_blowfish 1.0 Solar Designer
MyQuiz Arbitrary Command Execution Exploit (perl) irc0d3r
High Risk Vulnerability in Lexmark Printer Sharing Service NGSSoftware Insight Security Research
Re: High Risk Vulnerability in Lexmark Printer Sharing Service KF (lists)
Arbitrary code execution via OProfile Luís Miguel Silva
[ MDKSA-2006:035 ] - Updated php packages fix vulnerability security
eyeOS <= 0.8.9 Remote Code Execution GulfTech Security Research
Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). Paul Laudanski
Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). Paul Laudanski
Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). scott
[myimei]MyBB 1.0.2 XSS attack in search.php addmimistrator
[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts addmimistrator

Wednesday, 08 February

[ MDKSA-2006:037 ] - Updated mozilla-firefox packages to address DoS vulnerability security
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS su Command Buffer Overflow labs-no-reply () idefense com
Re: [myimei]MyBB 1.0.2 XSS attack in search.php Steven M. Christey
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phfont Race Condition Vulnerability labs-no-reply () idefense com
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS fontsleuth Command Format String Vulnerability vendor-disclosure
iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 Local Denial of Service Vulnerability labs-no-reply () idefense com
Re: Workaround for unpatched Oracle PLSQL Gateway flaw a
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libph PHOTON_PATH Buffer Overflow Vulnerability labs-no-reply () idefense com
Whomp Real Estate Manager XP 2005 Sql Injection night_warrior771
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libAp ABLPATH Buffer Overflow Vulnerability vendor-disclosure
Re: Workaround for unpatched Oracle PLSQL Gateway flaw David Litchfield
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS crttrap Arbitrary Library Loading Vulnerability vendor-disclosure
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phgrafx Command Buffer Overflow labs-no-reply () idefense com
[eVuln] PHP iCalendar File Inclusion Vulnerability alex
Re: Re: EasyCMS vulnerable to XSS injection. kim
WiredRed EPOP XSS Vulnerability Adrian Castro
[ MDKSA-2006:036 ] - Updated mozilla packages to address DoS vulnerability security
iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability labs-no-reply () idefense com
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS passwd Command Buffer Overflow labs-no-reply () idefense com

Thursday, 09 February

CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion rgod
[ MDKSA-2006:038 ] - Updated groff packages fix temporary file vulnerabilities security
ProtoVer SSL: GnuTLS Evgeny Legerov
John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 Solar Designer
[SECURITY] [DSA 966-1] New adzapper packages fix denial of service Martin Schulze
[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion eufrato
[security bulletin] SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access security-alert
Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan. Mert SARICA
What can a Remote Vulnerability Scanner do in Future? Alice Bryson
Re: security contact @lycos.com Greg Rubin

Friday, 10 February

Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow Secunia Research
Secunia Research: IBM Lotus Domino iNotes Client Script Insertion Vulnerabilities Secunia Research
[security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol security-alert
Re: CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion noreply
ProtoVer Sample LDAP testsuite release Evgeny Legerov
Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 Solar Designer
Secunia Research: Lotus Notes TAR Reader File Extraction Buffer Overflow Secunia Research
CPAINT AJAX Library Cross Site Scripting GulfTech Security Research
iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability labs-no-reply () idefense com
[eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities alex
[ Secuobs - Advisory ] Bluetooth : DoS on Nokia cell phones Infratech Research
Re: mailback script exploit erik
LayerOne 2006 - Event Update and Announcement Layer One
RE: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 Amin Tora
Secunia Research: Lotus Notes UUE File Handling Buffer Overflow Secunia Research
[SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution Martin Schulze
TSLSA-2006-0006 - multi Trustix Security Advisor
runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package rgod
Secunia Research: Lotus Notes HTML Speed Reader Link Buffer Overflows Secunia Research
[eVuln] GuestBookHost Authentication Bypass alex
FarsiNews 2.5 Multiple Vulnerabilities h e

Saturday, 11 February

Secunia Research: Lotus Notes Multiple Archive Handling Directory Traversal Secunia Research
SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007) Ludwig Nussel
[security bulletin] SSRT061108 rev.2 - HP Systems Insight Manager Remote Unauthorized Access - Directory Traversal security-alert
HiveMail <= 1.3 Multiple Vulnerabilities GulfTech Security Research
Corrupt Word file may cause buffer overflow in the Blackberry Attachment Service lukew
Linpha <= 1.0 multiple arbitrary local inclusion rgod
[eVuln] phphg Guestbook Multiple Vulnerabilities alex
[eVuln] phpht Topsites Multiple Vulnerabilities alex
[USN-247-1] Heimdal vulnerability Martin Pitt
imageVue16.1 upload vulnerability zjieb

Monday, 13 February

RS-2006-1: Multiple flaws in VHCS 2.x Roman Medina-Heigl Hernandez
DocMGR <= 0.54.2 arbitrary remote inclusion rgod
[ GLSA 200602-04 ] Xpdf, Poppler: Heap overflow Thierry Carrez
DB_eSession deleteSession() SQL injection GulfTech Security Research
[eVuln] phphd Multiple Vulnerabilities alex
[eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities alex
Re: Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution: please-use-the-support-forum
[ GLSA 200602-05 ] KPdf: Heap based overflow Thierry Carrez
[eVuln] phpstatus Authentication Bypass alex
Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit unsecure
Everyone's loginName variable Cross Site Scripting Vulnerability simo
[SECURITY] [DSA 968-1] New noweb packages fix insecure temporary file creation Martin Schulze
Latest wu-ftpd exploit :-s Mark Heiligen
Folder Guard password protection bypass ShadowBeast
Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability federico . alice
Bypass Fortinet anti-virus using FTP Mathieu Dessus
URL filter bypass in Fortinet Mathieu Dessus
[SECURITY] [DSA 969-1] New scponly packages fix potential root vulnerability Martin Schulze
Internet Explorer drag&drop 0day Gadi Evron
Re: [Full-disclosure] Internet Explorer drag&drop 0day Thierry Zoller
XSS vulnerability in guestbook-php-script Micha Borrmann
Re: Folder Guard password protection bypass Stan Bubrouski
New winamp m3u/pls .WMA & .M3U Extension overflows b0fnet
EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution rgod

Tuesday, 14 February

Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd) Matthew Murphy
Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd) Matthew Murphy
eStara SIP softphone several message-processing vulnerabilities zwell
[ MDKSA-2006:039 ] - Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities security
[SECURITY] [DSA 970-1] New kronolith packages fix cross-site scripting Martin Schulze
On the "0-day" term Steven M. Christey
Re: [Full-disclosure] On the "0-day" term Jason Coombs
Re: Latest wu-ftpd exploit :-s Marco Monicelli
[SECURITY] [DSA 971-1] New xpdf packages fix denial of service Martin Schulze
[ GLSA 200602-06 ] ImageMagick: Format string vulnerability Thierry Carrez
Re: On the "0-day" term Gadi Evron
SQL injection in PHP Classifieds 6.20 audun . larsen
[waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions come2waraxe
dotproject <= 2.0.1 remote code execution r . verton
XSS bugs and SQL injection in sNews Alexander Hristov
memory leak in IE? David Cross
MyBB 1.03 Multible xss and sql injections s2b
iDefense Security Advisory 02.14.06: Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability labs-no-reply () idefense com
[EEYEB-20051017] Windows Media Player BMP Heap Overflow eEye Advisories

Wednesday, 15 February

[ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation Stefan Cornelius
[SECURITY] [DSA 975-1] New nfs-user-server packages fix arbitrary code execution Martin Schulze
PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14 PostgreSQL Security
[SECURITY] [DSA 976-1] New libast packages fix arbitrary code execution Martin Schulze
Cisco Security Advisory: TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products Cisco Systems Product Security Incident Response Team
[myimei]WordPress2.0.0~autorswebsite~XSS attack addmimistrator
[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4 bugtraq
CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC Leandro Meiners
iDefense Labs Quarterly Hacking Challenge labs-no-reply () idefense com
Vulnerabilites in new laws on computer hacking self-destruction
CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC Leandro Meiners
Re: Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). sudd3n_death
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Cristian Stoica
Re: Latest wu-ftpd exploit :-s Ragnar Paulson
Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution info
[USN-250-1] Linux kernel vulnerability Martin Pitt
Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT edubp2002
[USN-248-2] unzip regression fix Martin Pitt
XMB Forums Multiple Vulnerabilities GulfTech Security Research
Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 Rainer Duffner
[security bulletin] SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal security-alert
[eVuln] My Blog BBCode XSS Vulnerabilities alex
[security bulletin] SSRT051045 rev.2 - HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access security-alert
[SECURITY] [DSA 974-1] New gpdf packages fix denial of service Martin Schulze
[eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities alex
Re: John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0 Aaron
[USN-248-1] unzip vulnerability Martin Pitt
Re: What can a Remote Vulnerability Scanner do in Future? Tim Nelson
MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS addmimistrator
honeyd security advisory: remote detection Niels Provos
[eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities alex
Re: dotproject <= 2.0.1 remote code execution Adam Donnison
[myimei]MyBB 1.0.3~private.php~multiple SqlInjection addmimistrator
[USN-249-1] xpdf/poppler/kpdf vulnerabilities Martin Pitt
[SECURITY] [DSA 973-1] New OTRS packages fix several vulnerabilities Martin Schulze
[ Secuobs - Advisory ] Another kind of DoS on Nokia cell phones Infratech Research
Re: Everyone's loginName variable Cross Site Scripting Vulnerability btn
[SECURITY] [DSA 972-1] New pdfkit.framework packages fix denial of service Martin Schulze
Kadu Remote Denial Of Service Fun Piotr Bania
Security advisory: Windows IME Vulnerability (MS06-009) Ryan Lee
[myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS addmimistrator

Thursday, 16 February

Openwall GNU/*/Linux (Owl) 2.0 release Solar Designer
Windows Media Player BMP Heap Overflow (MS06-005) atmaca
Re: Vulnerabilites in new laws on computer hacking Paul Schmehl
Re: MyBB 1.03 Multible xss and sql injections security
What is the state of vulnerability research? Steven M. Christey
[SECURITY] [DSA 977-1] New heimdal packages fix several vulnerabilities Martin Schulze
Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović
RE: Vulnerabilites in new laws on computer hacking Marcus J. Ranum
D-Link DWL-G700AP httpd DoS innate
Critical SQL Injection PHPNuke <= 7.8 - Your_Account module sp3x
[eVuln] PHP Event Calendar XSS & User's Data Corruption Vulnerabilities alex
Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability federico . alice
Winamp .m3u fun again ;) Sowhat
First WMF mass mailer ItW (phishing Trojan) Gadi Evron
PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions) rgod
[USN-251-1] libtasn vulnerability Martin Pitt
[ GLSA 200602-09 ] BomberClone: Remote execution of arbitrary code Thierry Carrez
Re: Vulnerabilites in new laws on computer hacking Glynn Clements
RE: Vulnerabilites in new laws on computer hacking Craig Wright
[ GLSA 200602-08 ] libtasn1, GNU TLS: Security flaw in DER decoding Thierry Carrez

Friday, 17 February

Re: Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4). Paul Laudanski
[eVuln] Scriptme products BBCode 'url' XSS Vulnerability alex
Soldier of Fortune II format string through PunkBuster 1.180 Luigi Auriemma
Re: Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability federico . alice
SNORT Incorrect fragmented packet reassembly siouxsie
[USN-252-1] gnupg vulnerability Martin Pitt
False positive signature verification in GnuPG Werner Koch
[USN-253-1] heimdal vulnerability Martin Pitt
RUNCMS 1.3a SQL injection h e
Bugs/Security issues with PatchLink's Update Server Brian Boner
Internet Explorer Phishing mouseover issue gandalf
[SECURITY] [DSA 979-1] New pdfkit.framework packages fix several vulnerabilities Martin Schulze
Re: memory leak in IE? bcrawfordjr
Password disclosure and remote access in Netcool/NeuSecure Security information management platform D.Snezhkov
[security bulletin] SSRT051023 rev.6 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access security-alert
Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution Bharat Mediratta
Re: dotproject <= 2.0.1 remote code execution Adam Donnison
[SECURITY] [DSA 978-1] New GnuPG packages fix invalid success return Martin Schulze
[eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities alex
[eVuln] SmE GB Host Authentication Bypass Vulnerability alex
[OpenPKG-SA-2006.001] OpenPKG Security Advisory (gnupg) OpenPKG
Sending exact replicas of Distributed.net's worked OGR project files could increase individual's stats. spoilt . jesus
Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability pagvac
[eVuln] CALimba Authentication Bypass Vulnerability alex
BCS Asia 2006 - Call for Papers Jim Geovedi
Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines. porkythepig
[ MDKSA-2006:040 ] - Updated kernel packages fix multiple vulnerabilities security
Java script exploit gandalf

Saturday, 18 February

Re: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines. 3APA3A
Re: Java script exploit 3APA3A
Re: Java script exploit Jose Nazario
Re: Java script exploit Jose Nazario
Re: dotproject <= 2.0.1 remote code execution milw0rm Inc.
[ MDKSA-2006:041 ] - Updated bluez-hcidump packages fix buffer overflow vulnerability security
[ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability security
[ MDKSA-2006:043 ] - Updated gnupg packages fix signature file verification vulnerability security
Re: Internet Explorer Phishing mouseover issue Paul Szabo
Coppermine Photo Gallery <=1.4.3 remote code execution rgod
e107 CMS 0.7.2 Chatbox plugin XSS vulnerability ssteam . pl
Tasarim Rehberi Index.PHP Remote Command Exucetion botan
[OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo) OpenPKG
[OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh) OpenPKG
RCblog exploit [fun] hessam
ADOdb Library Cross Site Scripting GulfTech Security Research
[waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9 come2waraxe
SLQ Injection vulnerability in WPCeasy murfie
[ GLSA 200602-10 ] GnuPG: Incorrect signature verification Thierry Carrez
[FLSA-2006:168935] Updated openssh packages fix security issues Marc Deslauriers
[FLSA-2006:152809] Updated squid package fixes security issues Marc Deslauriers
[FLSA-2006:175406] Updated Apache httpd packages fix security issues Marc Deslauriers
[operational update] Looking behind the smoke screen of the Internet Gadi Evron
Malware that breaks SSL via Pharming {Emerging Threat} Lance James
Re: Vulnerabilites in new laws on computer hacking Jon Gucinski
Vulnerability in WinRAR - Phishing based preben
Re: Vulnerabilites in new laws on computer hacking Max Ashton
Re: Vulnerabilites in new laws on computer hacking Sysmin Sys73m47ic
Re: Vulnerabilites in new laws on computer hacking dave
RE: Vulnerabilites in new laws on computer hacking Anthony Cicalla
Re: Vulnerabilites in new laws on computer hacking Seth Breidbart
Re: Vulnerabilites in new laws on computer hacking ArkanoiD
Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers
Re: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method temp
Re: First WMF mass mailer ItW (phishing Trojan) Lance James

Monday, 20 February

[OpenPKG-SA-2006.005] OpenPKG Security Advisory (tin) OpenPKG
new linux malware Gadi Evron
[OpenPKG-SA-2006.004] OpenPKG Security Advisory (postgresql) OpenPKG
update on the linux worm Gadi Evron
[eVuln] Magic Calendar Lite Authentication Bypass alex
More info: gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities mkproductions
Guestbox XSS/an admin bypass innate
Secunia Research: NJStar Word Processor Font Name Buffer Overflow Secunia Research
Re: First WMF mass mailer ItW (phishing Trojan) Lance James
[TZO-062006] Safe'nVulnerable Thierry Zoller
[eVuln] Time Tracking Software Multiple Vulnerabilities alex
Geeklog Remote Code Execution GulfTech Security Research
Re: Vulnerability in WinRAR - Phishing based Andreas Beck
[waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8 come2waraxe

Tuesday, 21 February

SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009) Marcus Meissner
[BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4 mkanat
Re: Not completely fixed? Werner Koch
[AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability João Antunes
[USN-255-1] openssh vulnerability Martin Pitt
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Crispin Cowan
grab cookie information with Melange Chat Server 1.10 Nexus
[BuHa-Security] DoS Vulnerability in Firefox <= 1.0.7 bugtraq
how to crash apache/php in cpanel Ed Wiget
Whitepaper by Amit Klein: "HTTP Response Smuggling" Amit Klein (AKsecurity)
[eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification alex
Re: new linux malware Christine Kronberg
MiniNuke CMS System all versions (pages.asp) SQL Injection nukedx
Re: new linux malware Marco Monicelli
Mozila Thunderbird 1.5 Address Book DoS Javor Ninov
[eVuln] Magic Downloads Unauthorized Data Modification alex
[ GLSA 200602-12 ] GPdf: Heap overflows in included Xpdf code Thierry Carrez
[USN-256-1] bluez-hcidump vulnerability Martin Pitt
[myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack addmimistrator
The New Face of Phishing Gadi Evron
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Angelos D. Keromytis
[ MDKSA-2006:044 ] - Updated kernel packages fix multiple vulnerabilities security
[eVuln] BirthSys SQL Injection Vulnerability alex
PunBB 1.2.10 Multiple DoS Vulnerabilities k4p0k4p0
Re: [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8 sp3x
[USN-254-1] noweb vulnerability Martin Pitt
Not completely fixed? (was: False positive signature verification in GnuPG) Marcus Meissner
Re: Vulnerabilites in new laws on computer hacking ArkanoiD
RE: Vulnerabilites in new laws on computer hacking Bigby Findrake
Re: Vulnerabilites in new laws on computer hacking ArkanoiD
Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović
RE: Vulnerabilites in new laws on computer hacking Craig Wright
Amazon phishing scam on Yahoo servers Paul Laudanski
Re: Vulnerabilites in new laws on computer hacking Crispin Cowan
RE: Vulnerabilites in new laws on computer hacking Benson, Sean M
H&R Block contact Fixer
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Christine Kronberg
RE: First WMF mass mailer ItW (phishing Trojan) - think singularities Ken Kousky
RE: Vulnerabilites in new laws on computer hacking Craig Wright
PEAR LiveUser File Access Vulnerabilities GulfTech Security Research
Re: First WMF mass mailer ItW (phishing Trojan) - think singularities Lance James
Quarantine your infected users spreading malware Gadi Evron
Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers
RE: Vulnerabilites in new laws on computer hacking Craig Wright
Re: Java script exploit Andreas Beck
Re: Vulnerabilites in new laws on computer hacking FocusHacks

Wednesday, 22 February

[ GLSA 200602-11 ] OpenSSH, Dropbear: Insecure use of system() call Thierry Carrez
Invision Power Board 2.1.4 Multiple Vulnerabilities paisterist . nst
Re: new linux malware Gadi Evron
PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron
IRM 017: Multiple Vulnerabilities in Infovista Portal SE Advisories
[ MDKSA-2006:046 ] - Updated tar packages fix vulnerability security
IpSwitch WhatsUp Professional 2006 DoS Josh Zlatin
[KAPDA::#29]Noah's classifieds multiple vulnerabilities alireza hassani
[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability roozbeh_afrasiabi
Mozilla Thunderbird : Remote Code Execution & Denial of Service Renaud Lifchitz
[INetCop Security Advisory] Global Hauri Virobot cookie exploit dong-hun you
Re: update on the linux worm Stephen J. Smoogen
[SECURITY] [DSA 980-1] New tutos packages fix multiple vulnerabilities Michael Stone
InqTana Through the eyes of Dr. Frankenstein. KF (lists)
Multiple Injection Vulnerabilities in PHP PEAR::Auth Module Matt Van Gundy
South River WebDrive Buffer Overflow Vulnerability Adrian Castro
Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module Matt Van Gundy
Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module Benjamin R. Ginter
[ MDKSA-2006:045 ] - Updated MySQL packages fix temporary file vulnerability security

Thursday, 23 February

DEF CON 14 is now in effect! The Call for Papers is open. The Dark Tangent
Re: Internet Explorer Phishing mouseover issue Steven M. Christey
[ MDKSA-2006:047 ] - Updated metamail packages fix vulnerability security
zoo contains exploitable buffer overflows Jean-Sébastien Guay-Leroux
NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability NSFOCUS Security Team
NOCC Webmail <= 1.0 multiple vulnerabilities rgod
Secunia Research: Visnetic AntiVirus Plug-in for MailServer Privilege Escalation Secunia Research
[eVuln] Teca Diary PE SQL Injection Vulnerability alex
Secunia Research: WinACE ARJ Archive Handling Buffer Overflow Secunia Research
[USN-257-1] tar vulnerability Martin Pitt
ZDI-06-002: Adobe Macromedia ShockWave Code Execution zdi-disclosures
Re: new linux malware Jamie Riden
Re: Amazon phishing scam on Yahoo servers Steve Friedl
Re: H&R Block contact Rory A. Savage
Re: H&R Block contact Fixer
RE: Amazon phishing scam on Yahoo servers Geoff Vass
Re: Amazon phishing scam on Yahoo servers Paul Laudanski
RE: Amazon phishing scam on Yahoo servers Paul Laudanski
Event Speaker Pete Herzog
HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection h4cky0u . org
NSA Group Security Advisory NSAG-№197-23.02.2006 Vulnerability CubeCart 3.0.0 – 3.0.6 NSA Group
NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2 NSA Group
NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07 NSA Group
RE: Amazon phishing scam on Yahoo servers Alex Eckelberry
Administrivia: New Bugtraq moderator David Ahmad

Friday, 24 February

NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC NSA Group
Vulnerability in Crypt::CBC Perl module, versions <= 2.16 Lincoln Stein
NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability ArGoSoft Mail Server Pro NSA Group
NSA Group Security Advisory NSAG-№200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP NSA Group
[eVuln] Guestex Shell Command Execution Vulnerability alex
Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal h e
WinAce Archiver v2.6 Directory traversal h e
StuffIt and ZipMagic Family of products Directory traversal h e
SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal h e
[FLSA-2006:180036-1] Updated mozilla packages fix security issues Marc Deslauriers
[FLSA-2006:180036-2] Updated firefox package fixes security issues Marc Deslauriers
Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability nukedx
[FLSA-2006:162750] Updated sudo packages fix security issue Marc Deslauriers
Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities nukedx
Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities nukedx
Re: Vulnerabilites in new laws on computer hacking Casper . Dik
IRM 018: Winamp 5.13 m3u Playlist Buffer Overflow Advisories
Re: Vulnerabilites in new laws on computer hacking Davi Anabuki
SuSE Security Announcement: heimdal (SUSE-SA:2006:010) Thomas Biege
Re: Vulnerabilites in new laws on computer hacking Casper . Dik
Re: Quarantine your infected users spreading malware Marcus Aurelius
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson
The Domain Name Service as an IDS Gadi Evron
TSLSA-2006-0008 - multi Trustix Security Advisor
TSLSA-2006-0010 - multi Trustix Security Advisor
Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers
Mambo Multiple Vulnerabilities GulfTech Security Research
[eVuln] Guestex XSS Vulnerability alex
RE: Vulnerabilites in new laws on computer hacking dave
Re: Quarantine your infected users spreading malware Bob Beck
fwd: SuSE Security Announcement: heimdal (SUSE-SA:2006:011) Dave McKinney
iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability labs-no-reply

Saturday, 25 February

[ MDKSA-2005:048 ] - Updated mplayer packages fix integer overflow vulnerabilities security
NSA Group Security Advisory NSAG-№201-25.02.2006 Vulnerability SPiD v1.3.1 NSA Group
Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability nukedx
Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability nukedx
Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability nukedx
NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3 NSA Group
[FLSA-2006:138098] Updated nfs-utils package fixes security issues Marc Deslauriers
[FLSA-2006:158543] Updated gaim package fixes security issues Marc Deslauriers
[FLSA-2006:176731] Updated perl packages fix security issue Marc Deslauriers
ArGoSoft FTP server remote heap overflow Jerome Athias
[waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 come2waraxe
PwsPHP Injection SQL on Index.php papipsycho
SQL Injection in DCI-Taskeen xx_hack_xx_2004

Sunday, 26 February

Re: Amazon phishing scam on Yahoo servers Vincent Archer
announcement: reporting and mitigating botnets Gadi Evron
Re: DarkStarlings.com XSS Vulnerability webmaster
Re: Amazon phishing scam on Yahoo servers Stefan Kelm
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Thomas M. Payerle
RE: Vulnerabilites in new laws on computer hacking Craig Wright
Re: H&R Block contact Stan Bubrouski
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jamie Riden
Re: Amazon phishing scam on Yahoo servers Elizabeth Zwicky
Re: Vulnerabilites in new laws on computer hacking Jure Koren
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros
Research paper on covert channels matthijs
Re: [Full-disclosure] Quarantine your infected users spreading malware 499nag

Monday, 27 February

[ GLSA 200602-13 ] GraphicsMagick: Format string vulnerability Thierry Carrez
[ GLSA 200602-14 ] noweb: Insecure temporary file creation Thierry Carrez
[USN-258-1] PostgreSQL vulnerability Martin Pitt
Archive_Zip (Zip file management class) Directory traversal h e
Norton Monitoring Systems funny problems Alexander Hristov
Re: PwsPHP Injection SQL on Index.php zeta_2_
Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion kingofska
Thomson SpeedTouch 500 modems vulnerable to XSS preben
[eVuln] Quirex Arbitrary File Disclosure Vulnerability alex
Mail Transport System Professional--Open Relay Hole Craig Morrison
phpRPC Library Remote Code Execution GulfTech Security Research
[SECURITY] [DSA 982-1] New gpdf packages fix several vulnerabilities Martin Schulze
2 SQL Injection in Fantastic News S3ude
2 SQL Injection in d3jeeb S3ude
CGI Calendar XSS Vulnerability revnic
Re: [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities tachyon
Secunia Research: ArGoSoft Mail Server Pro viewheaders Script Insertion Secunia Research
Knowledgebases Remote Command Exucetion botan
[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail ISecAuditors Security Advisories
PixelArtKingdom TopSites Remote Command Exucetion botan
directory traversal in DirectContact 0.3b Donato Ferrante
NETGEAR WGT624 Wireless DSL router default user name/password vulnerability info
Re: Bypass Fortinet anti-virus using FTP VulnWatch
[eVuln] PerlBlog Multiple Vulnerabilities alex
[ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities security
NETGEAR WGT624 Wireless DSL Firewall/Router vulnerability info
Re: URL filter bypass in Fortinet VulnWatch

Tuesday, 28 February

[FLSA-2006:177326] Updated mod_auth_pgsql package fixes security issue Marc Deslauriers
[ MDKSA-2005:050 ] - Updated unzip packages fix vulnerabilities security
[FLSA-2006:177694] Updated auth_ldap package fixes security issue Marc Deslauriers
[SECURITY] [DSA 983-1] New pdftohtml packages fix several vulnerabilities Martin Schulze
[FLSA-2006:157366] Updated PostgreSQL packages fix security issues Marc Deslauriers
WordPress 2.0.1 Multiple Vulnerabilities k4p0k4p0
[FLSA-2006:175818] Updated udev packages fix a security issue Marc Deslauriers
Sourceforge XSS liz0
Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability James Garrison
Fedex Kinkos Smart Card Authentication Bypass Lance James
[FLSA-2006:181014] Updated gnutls packages fix a security issue Marc Deslauriers
FarsiNews 2.5Pro Exploit hessamx
EJ3 TOPo - Cross Site Scripting Vulnerability mail
MyBB 1.3 NewSQL Injection o . y . 6
QwikiWiki v1.4 XSS Vulnerability drdeath_2006
(PHP) imap functions bypass safemode and open_basedir restrictions ced . clerget
(PHP) mb_send_mail security bypass ced . clerget
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Renaud Lifchitz
[security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access security-alert
Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability Adam Chesnutt
Virex on-access scanning unreliable hahn
[ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities security
PEHEPE Membership Management System Multiple Vulnerabilities mail
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Renaud Lifchitz
recursive DNS servers DDoS as a growing DDoS problem Gadi Evron
bttlxeForum 2.* XSS Vulnerability stormhacker
Re: Bypass Fortinet anti-virus using FTP Mathieu Dessus
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Daniel Veditz
PreviousPrevious period
Next periodNext