Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

699 messages starting May 26 06 and ending May 12 06
Date index | Thread index | Author index

3APA3A

Re[2]: [Full-disclosure] ASLR now built into Vista 3APA3A (May 26)
Re: Circumventing quarantine control in Windows 2003 and ISA 2004 3APA3A (May 23)
Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. 3APA3A (May 26)
Re: LM hashes in a hot-desking environment 3APA3A (May 27)
Backdoor in RelevantKnowledge adware (What are we fighting for?) 3APA3A (May 30)
ICQ Client Cross-Application Scripting (XAS) 3APA3A (May 09)

48Bits.com [I+D Team]

[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL 48Bits.com [I+D Team] (May 10)

ACROS Security

ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service ACROS Security (May 22)

Adam Shostack

Re: How secure is software X? Adam Shostack (May 12)

addmimistrator

[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack addmimistrator (May 08)

ad () heapoverflow com

VNC_bypauth: vnc scanner multithreaded linux & windows ad () heapoverflow com (May 17)
Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2 ad () heapoverflow com (May 26)

admin

[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability admin (May 26)
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability admin (May 08)
AngelineCMS Multiple Vulnerabilities admin (May 08)
sBlog SQL Injection and Path Disclosure Vulnerability admin (May 02)
geoBlog Mutiple XSS Vulnerability admin (May 02)

advisories

VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow advisories (May 25)

advisory

Caucho Resin Windows Directory Traversal Vulnerability advisory (May 16)

ahariri

Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. ahariri (May 26)

ajannhwt

Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit ajannhwt (May 27)
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities ajannhwt (May 26)
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!) ajannhwt (May 23)
Hackernetwork Mail Xss[Search] Vulnerability ajannhwt (May 25)
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities ajannhwt (May 26)
qjForum(member.asp) SQL Injection Vulnerability ajannhwt (May 26)
Toasts Forums 1.6.44 in Xss ajannhwt (May 26)
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities ajannhwt (May 26)

Alexander Klimov

Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. Alexander Klimov (May 26)

Alexander Klink

JSBoard XSS vulnerability Alexander Klink (May 02)

Alexey Biznya

Re: FTP Fuzzer Alexey Biznya (May 03)

Alex Park

BankTown's ActiveX Buffer Overflow Vulnerability Alex Park (May 03)

a_linuxer

Diesel Joke Site SQL INJECTION a_linuxer (May 24)

alireza hassani

[KAPDA::#45] - geeklog multiple vulnerabilities alireza hassani (May 29)
[KAPDA::#43] - phpwcms multiple vulnerabilities alireza hassani (May 22)

alp_eren

Phil's Bookmark script admin By-pass alp_eren (May 08)
plaNetStat Admin ByPass alp_eren (May 09)
JMK's Picture Gallery admin login alp_eren (May 01)
X-POLL admin By-Pass alp_eren (May 08)
singapore v0.9.7 XSS Vulnerabilities alp_eren (May 08)
phpjobboard Authecnical admin byPass alp_eren (May 26)

AminRayden

I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N AminRayden (May 01)
Fast Click <= 2.3.8 Remote File Inclusion Aminrayden (May 04)
CoolMenus Event Remote File Inclusion exploit AminRayden (May 01)
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion Aminrayden (May 04)

Amit Klein (AKsecurity)

Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 Amit Klein (AKsecurity) (May 22)
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)" Amit Klein (AKsecurity) (May 24)

an0n

Re: Re: Invision Gallery 2.0.6 ( SQL Injection ) an0n (May 06)

Andrea Rimicci

Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities Andrea Rimicci (May 09)

Andreas Beck

Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING Andreas Beck (May 29)
Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Andreas Beck (May 24)
Re: On the Recent PGP and Truecrypt Posting Andreas Beck (May 30)

anoni . mouse

Re: Fire fox dos exploit anoni . mouse (May 31)

Ansgar -59cobalt- Wiechers

Re: Default Screen Saver Vulnerability in Microsoft Windows Ansgar -59cobalt- Wiechers (May 24)
Re: LM hashes in a hot-desking environment Ansgar -59cobalt- Wiechers (May 27)

Arnold Grossmann

vulnerability details Arnold Grossmann (May 16)

aura

vbulletin security Alert aura (May 10)

austin best

RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability austin best (May 29)

Avert

Apple QuickDraw/QuickTime Multiple Vulnerabilities Avert (May 12)
Microsoft MSDTC NdrAllocate Validation Vulnerability avert (May 11)

beford

JetBox CMS Remote File Include beford (May 06)
V-Webmail 1.6.4 Remote File Include beford (May 26)
Dokeos Learning Management System 1.6.4 Remote File Include beford (May 08)
DMCounter Remote File Include beford (May 01)
Claroline Open Source e-Learning 1.7.5 Remote File Include beford (May 08)
Plume CMS Remote File Include beford (May 26)
Docebo LMS 2.05 Remote File Include beford (May 26)

Bernhard Mueller

SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure Bernhard Mueller (May 12)

beSIRT

Re: ISA Server 2004 Log Manipulation beSIRT (May 05)
ISA Server 2004 Log Manipulation beSIRT (May 04)

black-cod3

Xss exploit in Photoalbum B&W v1.3 black-cod3 (May 29)
sql injection in PHPcafe.net Tutorial Manager black-cod3 (May 27)
Xss exploit in Chipmunk guestbook black-cod3 (May 27)
Multiple Xss exploits in ar-blog v 5.2 black-cod3 (May 27)
Critical sql injection in saphplesson 2.0 black-cod3 (May 27)
multiple file include exploits in EzUpload Pro v2.10 black-cod3 (May 29)

black code

Xss exploit in Chipmunk directory black code (May 30)
multiple Xss exploits in : vCard 2.9 black code (May 29)
RE: Multiple Xss exploits in coolphp magazine black code (May 29)
file include exploit in Support Cards v1 black code (May 31)
Multiple Xss exploits in Chipmunk Board black code (May 29)

blwood

Multiple XSS Vulnerabilities in Tikiwiki 1.9.x blwood (May 26)

Bojan Zdrnja

Re: Checkpoint SYN DoS Vulnerability Bojan Zdrnja (May 17)
Re: Checkpoint SYN DoS Vulnerability Bojan Zdrnja (May 22)

bonsite

XSS in FreeTextBox and FCKEditor Basic Toolbar Selection bonsite (May 15)

BoNy-m

tseekdir.cgi<--Local File Include BoNy-m (May 09)

botan

[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB) botan (May 08)
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB] botan (May 12)
[Kurdish Security # 5] phpRaid Remote File Include [SMF] botan (May 08)

Breeeeh

YLZH(right.php)Cross Site Scripting Breeeeh (May 24)
mybb v1.1.1(rss.php) SQL Injection Exploit Breeeeh (May 22)
mybb v1.1.1(showthread.php) SQL Injection Exploit Breeeeh (May 10)

Brett Moore

Skype - URI Handler Command Switch Parsing Brett Moore (May 22)

Brian Gallagher

Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code Brian Gallagher (May 10)

Brian L. Walche

Re[2]: The Weakness of Windows Impersonation Model Brian L. Walche (May 17)
Re[2]: The Weakness of Windows Impersonation Model Brian L. Walche (May 17)
The Weakness of Windows Impersonation Model Brian L. Walche (May 16)

buggy

Re: Apple Mac OS X Safari 2.0.3 Vulnerability buggy (May 01)

bug . registrator

Kaspersky antivirus 6: POP3 state machine error bug . registrator (May 25)

bugtraq

[BuHa-Security] DoS Vulnerability in MS IE 6 SP2 bugtraq (May 26)
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2 bugtraq (May 26)

c0ntex

Re: [Full-disclosure] ASLR now built into Vista c0ntex (May 26)

c0redump

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw c0redump (May 06)
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw c0redump (May 03)

Cemil Degirmenci

Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password Cemil Degirmenci (May 27)

Cesar

Re: [Full-disclosure] RE: Oracle, where are the patches??? Cesar (May 04)
Re: Re[2]: The Weakness of Windows Impersonation Model Cesar (May 31)

chris

UBBThreads 5.x,6.x md5 hash disclosure chris (May 29)

Chris Brenton

Re: Checkpoint SYN DoS Vulnerability Chris Brenton (May 16)

Chris Horry

Re: Firefox 1.5.0.3 - DoS Chris Horry (May 10)

CIRT.DK Advisory

Cryptomathic ActiveX Buffer Overflow (TDC Digital signature) CIRT.DK Advisory (May 05)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation Cisco Systems Product Security Incident Response Team (May 02)
Cisco Security Advisory: AVS TCP Relay Vulnerability Cisco Systems Product Security Incident Response Team (May 10)
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (May 24)

c . j . schmitz

Remote Code Execution in artmedic Newsletter 4.1 [log.php] c . j . schmitz (May 22)

ck

OpenEngine (PHP CMS) ck (May 08)

cmertes

Image file crashes Finder, Safari and other apps cmertes (May 01)

co296

Fire fox dos exploit co296 (May 30)

CodeScan Labs

Multiple Vulnerabilities In IdealBB ASP Bulletin Board CodeScan Labs (May 08)
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload CodeScan Labs (May 18)

craziest

PHP Easy Galerie Index.PHP Remote File Include Vulnerability craziest (May 22)

CrAzY . CrAcKeR

NorthStudio Cross Site Scripting Vulnerability CrAzY . CrAcKeR (May 30)
4nNukeWare<--V 0.91 SQL Injection exploits CrAzY . CrAcKeR (May 30)
WBB<--v2.3.4"misc.php" SQL injection Vulnerability CrAzY . CrAcKeR (May 30)
Bratpack Cross Site Scripting Vulnerability CrAzY . CrAcKeR (May 30)
VARIOMAT(advanced cms tool)SQL injection/XSS CrAzY . CrAcKeR (May 29)
4images<-- 1.7.1 SQL Injection CrAzY . CrAcKeR (May 01)

Crispin Cowan

Re: How secure is software X? Crispin Cowan (May 23)

c-w-m

Hackmaster Group DMCounter Remote File Include c-w-m (May 10)

cxib

Maksymilian Arciemowicz cxib (May 17)
phpBB 2.0.20 Full Path Disclosure and SQL Errors cxib (May 06)
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4 cxib (May 27)

d4igoro

321soft PhP Gallery 0.9 - directory travel & XSS d4igoro (May 04)

dan

Gmail/Gtalk web client DoS dan (May 18)

Daniel Veditz

Re: Firefox 1.5.0.3 code execution exploit Daniel Veditz (May 10)

darkgod . xsf

phpMyDesktop|arcade 1.0 FINAL Code Execution darkgod . xsf (May 30)

Davide Denicolo

libero.it XSS vulnerability - HTML injection Davide Denicolo (May 04)

David F. Skoll

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw David F. Skoll (May 03)

David Litchfield

Re: [Full-disclosure] How secure is software X? David Litchfield (May 12)
Oracle, where are the patches??? David Litchfield (May 02)
Oracle - the last word David Litchfield (May 10)
Re: How secure is software X? David Litchfield (May 13)
How secure is software X? David Litchfield (May 12)
ASLR now built into Vista David Litchfield (May 26)
Re: The Weakness of Windows Impersonation Model David Litchfield (May 17)

David Maciejak

WebCalendar User Account Enumeration Weakness David Maciejak (May 05)
Re: WebCalendar User Account Enumeration Weakness David Maciejak (May 05)
Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9 David Maciejak (May 15)
Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass David Maciejak (May 18)
Ipswitch WhatsUp Professional multiple flaws David Maciejak (May 12)

Debasis Mohanty

Firefox (with IETab Plugin) Null Pointer Dereferences Bug Debasis Mohanty (May 17)

denisov_vit

Re: Kaspersky antivirus 6: POP3 state machine error denisov_vit (May 26)
Re: Kaspersky antivirus 6: HTTP monitor bypassing denisov_vit (May 26)

Dj_ReMix_20

# MHG Security Team --- DuGallery V2.x SQL Injection Dj_ReMix_20 (May 09)
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities Dj_ReMix_20 (May 09)
# MHG Security Team --- OzzyWork Gallery SQL Injection Dj_ReMix_20 (May 09)
# MHG Security Team --- Gallery Upload Vulnerabilities Dj_ReMix_20 (May 12)

dmitryp . spm

Re: Kaspersky antivirus 6: HTTP monitor bypassing dmitryp . spm (May 26)

Doug Hughes

Re: Sun single-CPU DOS Doug Hughes (May 26)
Re: Sun single-CPU DOS Doug Hughes (May 23)
Sun single-CPU DOS Doug Hughes (May 18)
Re: Sun single-CPU DOS Doug Hughes (May 26)

doz

Gphotos Directory Traversal and Cross Site Scripting doz (May 13)

Duncan Simpson

Re: How secure is software X? Duncan Simpson (May 24)

Dusty

Wargamming Network.. Dusty (May 17)

eEye Advisories

[EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow eEye Advisories (May 09)
[EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service eEye Advisories (May 09)
[EEYEB-20060307] Apple QuickTime FPX Integer Overflow eEye Advisories (May 12)

Egg

RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities Egg (May 29)

EitanCaspi () yahoo com

Novell Client login form enables reading and writing from and to the clipboard of the logged-in user EitanCaspi () yahoo com (May 22)

Eliah Kagan

Re: Default Screen Saver Vulnerability in Microsoft Windows Eliah Kagan (May 24)

enji

Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities enji (May 30)

ennead () truecrypt org

Addendum ennead () truecrypt org (May 26)
RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. ennead () truecrypt org (May 26)

Erick Mechler

Re: Checkpoint SYN DoS Vulnerability Erick Mechler (May 18)

erne

# MHG Security Team --- PHP NUKE All version Remote File Inc. erne (May 31)

Evans, Arian

RE: modules name(Sections)SQL Injection Exploit Evans, Arian (May 25)

Fabian Becker

Re: How secure is software X? Fabian Becker (May 15)

farhadkey

[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie farhadkey (May 25)
Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability farhadkey (May 22)
[KAPDA::#46] - Nukedit Unauthorized Admin Add farhadkey (May 29)

feedb4ck

LM hashes in a hot-desking environment feedb4ck (May 26)

Felipe openglx

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Felipe openglx (May 12)

Ferguson, Justin (IARC)

RE: How secure is software X? Ferguson, Justin (IARC) (May 13)

Flavio Visentin

Re: Firefox 1.5.0.3 - DoS Flavio Visentin (May 12)
Re: Firefox 1.5.0.3 code execution exploit Flavio Visentin (May 10)

frantisek holop

Re: Maksymilian Arciemowicz frantisek holop (May 18)

fredck

Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC fredck (May 20)
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2 fredck (May 20)

g30rg3x

Re: phpBB "charts.php" XSS and SQL-Injection g30rg3x (May 12)

gdehanot

Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication. gdehanot (May 03)

geinblues

Azboard <= 1.0 Multiple Sql Injections geinblues (May 15)
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability geinblues (May 15)

Gerardo Richarte

New SMB and DCERPC features on Impacket released with doc Gerardo Richarte (May 29)

Giancarlo Razzolini

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw Giancarlo Razzolini (May 10)

Gogi The Georgian

Multiple Vulns in Bitrix CMS Gogi The Georgian (May 18)

Google Security Team

Re: XSS in orkut.com Google Security Team (May 20)

Greg owens

Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure Greg owens (May 10)

GulfTech Security Research

Re: [Info Disclosure] Diesel PHP Job Site Latest Version GulfTech Security Research (May 31)

gyzmo77

Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability gyzmo77 (May 18)

h4cky0u . org

HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection h4cky0u . org (May 17)

H Alsaleh

RE: Poll: Emerging Threats H Alsaleh (May 01)

Hayes, Bill

RE: Is MS06-018 a DoS or a system compromise ? Hayes, Bill (May 15)

h e

BitZipper Archive Extraction Directory traversal h e (May 22)

help-users

sql injection in phpWebSite 0.8.3 help-users (May 25)

hessamx

OaBoard 1.0 Remote File inclusion hessamx (May 30)

Hugo van der Kooij

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Hugo van der Kooij (May 10)

Hussain Salim

RadLance Local Inclusion Exploit Hussain Salim (May 17)

i6d

cPanel OpenBaseDir Bypass i6d (May 20)
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability i6d (May 20)
phpBazar <= 2.1.0 Multiple vulnerabilites i6d (May 20)
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability i6d (May 20)

Iggy E

RE: Oracle - the last word Iggy E (May 15)

info

NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability info (May 24)

infocus

INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities infocus (May 08)
FTP Fuzzer infocus (May 02)

innate

[cosmoshop again] sql injection + view all files as admin user innate (May 18)

interact

Re: DB_eSession deleteSession() SQL injection interact (May 06)

Ismail Donmez

Re: Firefox 1.5.0.3 code execution exploit Ismail Donmez (May 10)

jaime . blasco

Mobotix IP Network Cameras Multiple XSS jaime . blasco (May 17)
D-Link DSA-3100 Cross-Site Scripting jaime . blasco (May 27)
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting jaime . blasco (May 24)

Jain, Siddhartha

RE: Microsoft Internet Explorer - Crash on mouse button click Jain, Siddhartha (May 25)

James Evans

RealVNC 4.1.1 Remote Compromise James Evans (May 15)

James_gmail-ij

Re: Firefox 1.5.0.3 code execution exploit James_gmail-ij (May 10)

jason . gerfen

Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability jason . gerfen (May 12)

Jason V. Miller

Re: Default Screen Saver Vulnerability in Microsoft Windows Jason V. Miller (May 25)

Javor Ninov

bigwebmaster guestbook multiply XSS Javor Ninov (May 04)

Jim Clausing

Re: Checkpoint SYN DoS Vulnerability Jim Clausing (May 22)

Joachim Schipper

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw Joachim Schipper (May 04)
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Joachim Schipper (May 18)

Joel Jose

Idle scan rediscovered!!! Joel Jose (May 06)

john

Kaspersky antivirus 6: HTTP monitor bypassing john (May 23)
SOE's implementation of Lithium Forums Software allows users to log on as each other. john (May 22)

John Pettitt

Re: On the Recent PGP and Truecrypt Posting John Pettitt (May 27)

John Richard Moser

Buffer overflow in QuickTime 7.0.4? John Richard Moser (May 29)

John Stuppi (jstuppi)

RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure John Stuppi (jstuppi) (May 11)

jon

On the Recent PGP and Truecrypt Posting jon (May 26)

Jon Callas

Re: On the Recent PGP and Truecrypt Posting Jon Callas (May 30)
Re: On the Recent PGP and Truecrypt Posting Jon Callas (May 29)

Jon R. Kibler

Poll: Emerging Threats Jon R. Kibler (May 01)

Joseph Pierini

ScanAlert Security Advisory Joseph Pierini (May 16)

Josh Zlatin-Amishav

Re: Fire fox dos exploit Josh Zlatin-Amishav (May 31)

Joxean Koret

Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)

jrh57

Re: Re: Checkpoint SYN DoS Vulnerability jrh57 (May 18)

Juha-Matti Laurio

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Juha-Matti Laurio (May 15)
Re: Firefox 1.5.0.3 code execution exploit Juha-Matti Laurio (May 10)

Julien L.

Ejabberd : Symlink vulnerability during installation process Julien L. (May 02)

Justin M. Forbes

rPSA-2006-0084-1 fetchmail Justin M. Forbes (May 27)
rPSA-2006-0083-1 enscript Justin M. Forbes (May 27)
rPSA-2006-0087-1 kernel Justin M. Forbes (May 31)
rPSA-2006-0080-1 postgresql postgresql-server Justin M. Forbes (May 26)
rPSA-2006-0082-1 vixie-cron Justin M. Forbes (May 25)

k4p0k4p0

CuteNews 1.4.1 Multiple vulnerabilities k4p0k4p0 (May 05)
PunBB 1.2.11 Cross site scripting k4p0k4p0 (May 22)

Kamil Sienicki

Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln. Kamil Sienicki (May 22)
zawhttpd - Buffer Overflow Kamil Sienicki (May 04)
OpenFAQ - HTML injection and XSS (Cross Site Scripting) Kamil Sienicki (May 06)

Kenneth F. Belva

What's Up Professional Spoofing Authentication Bypass Kenneth F. Belva (May 17)

KF (lists)

DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop' KF (lists) (May 15)
Non eXecutable Stack Lovin on OSX86 KF (lists) (May 23)

kingofska

DeluxeBB 1.06 Remote SQL Injection Exploit kingofska (May 15)

king_purba

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING king_purba (May 12)
XINE format string bugs when handling non existen file king_purba (May 01)
IGNORING SSH CONNECTION USES ARP CACHE POISSONING king_purba (May 09)

Konstantin V. Gavrilenko

Quagga RIPD unauthenticated route table broadcast Konstantin V. Gavrilenko (May 03)
Quagga RIPD unauthenticated route injection Konstantin V. Gavrilenko (May 03)

Kornbrust, Alexander

RE: Oracle, where are the patches??? Kornbrust, Alexander (May 02)

Krpata, Tyler

RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Krpata, Tyler (May 19)
RE: Realty Pro One Property Listing Script Krpata, Tyler (May 26)

kubasx

toendaCMS 0.7.0 Cross Site Scripting kubasx (May 31)

Kurt Seifried

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw Kurt Seifried (May 05)

labs-no-reply () idefense com

iDefense Q2 2006 Vulnerability Challenge labs-no-reply () idefense com (May 17)

Leandro Meiners

CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector) Leandro Meiners (May 15)
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector) Leandro Meiners (May 15)
CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command Leandro Meiners (May 19)

Lee Kelly

RE: Oracle - the last word Lee Kelly (May 12)

Leif Erik Andersen (at Seven)

Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space Leif Erik Andersen (at Seven) (May 18)

leonleon77

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk leonleon77 (May 04)

LiNuX_rOOt1

IceWarp Cross-Site Scripting(XSS) LiNuX_rOOt1 (May 16)
OpenWiki<--v0.78 Cross-Site Scripting LiNuX_rOOt1 (May 17)

lkh1348

Re: BankTown's ActiveX Buffer Overflow Vulnerability lkh1348 (May 08)

Ludwig Nussel

SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023) Ludwig Nussel (May 03)

Luigi Auriemma

Multiple vulnerabilities in Raydium rev 309 Luigi Auriemma (May 13)
Two heap overflow in libextractor 0.5.13 (rev 2832) Luigi Auriemma (May 17)
Server crash in Empire 4.3.2 Luigi Auriemma (May 13)
Server termination in netPanzer 0.8 (rev 952) Luigi Auriemma (May 24)
Buffer-overflow and NULL pointer crash in Genecys 0.2 Luigi Auriemma (May 13)
Multiple vulnerabilities in Outgun 1.0.3 bot 2 Luigi Auriemma (May 13)
Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229) Luigi Auriemma (May 24)
Socket unreachable in GNUnet rev 2780 Luigi Auriemma (May 13)

luny

Yourfreeworld.com Short Url & Url Tracker Script luny (May 19)
iBoutique.MALL - Directory Traversal luny (May 26)
AZ Photo Album Script Pro luny (May 25)
Pre Shopping Mall v1.0 luny (May 25)
Xtremescripts Topsites v1.1 luny (May 20)
DGbook v1.0 - XSS luny (May 23)
iFdate v1.2 luny (May 25)
Destiney Rated Images Script v0.5.0 - XSS Vulnv luny (May 22)
AlstraSoft E-Friends - XSS luny (May 23)
Pretty Guestbook v1 luny (May 26)
Myspace Friend Train v2.8 luny (May 18)
Super Link Exchange Script v1.0 luny (May 26)
AlstraSoft Web Host Directory v1.2 luny (May 24)
Captivate 1.0 - XSS Vuln luny (May 22)
Smile Guestbook v1 luny (May 26)
Realty Pro One Property Listing Script luny (May 25)
Morris Guestbook v1 luny (May 26)
Bulletin Board Elite-Board v.1.1 luny (May 25)
Hiox Guestbook 3.1 luny (May 22)
GuestbookXL 1.3 luny (May 25)
Destiney Links Script v2.1.2 luny (May 22)
Pre News Manager v1.0 luny (May 25)
PHPSimple Choose v0.3 luny (May 26)
QontentOneCMS v1.0 luny (May 31)
MyYearBook.com - XSS luny (May 26)
ChatPat v1.0 luny (May 25)
Alstrasoft Article Manager Pro v1.6 luny (May 23)
Jemscripts Download Control v1.0 luny (May 19)
Publicist v0.95 - XSS And Full Path Errors luny (May 24)
iFlance v1.1 luny (May 25)
Yourfreeworld Styleish Text Ads Script luny (May 19)
Vacation Retal Script v1.0 luny (May 26)
CMS Mundo V1.0 luny (May 25)

mac68k

Microsoft Internet Explorer - Crash on mouse button click mac68k (May 22)
Re: Microsoft Internet Explorer - Crash on mouse button click mac68k (May 26)

mail

Seditio Cross Site Scripting Vulnerability mail (May 26)
Boastmachine Cross Site Scripting Vulnerability mail (May 17)

Maksymilian Arciemowicz

Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors Maksymilian Arciemowicz (May 10)

Marc Deslauriers

[FLSA-2006:152868] Updated tetex packages fix security issues Marc Deslauriers (May 13)
[FLSA-2006:164512] Updated fetchmail packages fix security issues Marc Deslauriers (May 13)
[FLSA-2006:152923] Updated xloadimage package fixes security issues Marc Deslauriers (May 13)
[FLSA-2006:185355] Updated gnupg package fixes security issues Marc Deslauriers (May 13)
[FLSA-2006:152904] Updated ncpfs package fixes security issues Marc Deslauriers (May 13)
[FLSA-2006:152898] Updated emacs packages fix a security issue Marc Deslauriers (May 13)

Marc Fossi

Re: New SecurityFocus mailing list: Focus-Apple Marc Fossi (May 31)
New SecurityFocus mailing list: Focus-Apple Marc Fossi (May 31)

marco . correnti

Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption marco . correnti (May 12)

Marc Schoenefeld

Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06 Marc Schoenefeld (May 22)
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space Marc Schoenefeld (May 15)

Mark Senior

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Mark Senior (May 24)

marrob

Re: Firefox 1.5.0.3 - DoS marrob (May 12)

Martin Pitt

[USN-285-1] awstats vulnerability Martin Pitt (May 23)
[USN-286-1] Dia vulnerabilities Martin Pitt (May 25)
[USN-277-1] TIFF library vulnerabilities Martin Pitt (May 03)
[USN-282-1] Nagios vulnerability Martin Pitt (May 08)
[USN-274-2] MySQL vulnerability Martin Pitt (May 15)
[USN-283-1] MySQL vulnerabilities Martin Pitt (May 08)
[USN-288-1] PostgreSQL server/client vulnerabilities Martin Pitt (May 29)
[USN-279-1] libnasl/nessus vulnerability Martin Pitt (May 03)
[USN-287-1] Nagios vulnerability Martin Pitt (May 29)
[USN-284-1] Quagga vulnerabilities Martin Pitt (May 15)
[USN-280-1] X.org server vulnerability Martin Pitt (May 04)
[USN-281-1] Linux kernel vulnerabilities Martin Pitt (May 04)
[USN-276-1] Thunderbird vulnerabilities Martin Pitt (May 03)
[USN-278-1] gdm vulnerability Martin Pitt (May 03)

Martin Schulze

[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution Martin Schulze (May 08)
[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution Martin Schulze (May 31)
[SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting Martin Schulze (May 15)
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service Martin Schulze (May 26)
[SECURITY] [DSA 1078-1] New tiff packages fix denial of service Martin Schulze (May 27)
[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities Martin Schulze (May 22)
[SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution Martin Schulze (May 11)
[SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution Martin Schulze (May 01)
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak Martin Schulze (May 15)
[SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution Martin Schulze (May 29)
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities Martin Schulze (May 19)
[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service Martin Schulze (May 26)
[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution Martin Schulze (May 09)
[SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access Martin Schulze (May 01)
[SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities Martin Schulze (May 02)
[SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution Martin Schulze (May 03)
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (May 04)
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution Martin Schulze (May 22)
[SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities Martin Schulze (May 29)
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution Martin Schulze (May 18)
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution Martin Schulze (May 26)
[SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution Martin Schulze (May 09)
[SECURITY] [DSA 1074-1] New mpg123 packages fix arbitrary code execution Martin Schulze (May 24)
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities Martin Schulze (May 22)

Matt . Carpenter

Re: How secure is software X? Matt . Carpenter (May 15)

Matt Gibson

[Info Disclosure] Diesel PHP Job Site Latest Version Matt Gibson (May 18)

Matthew Cerha

VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices Matthew Cerha (May 08)
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure Matthew Cerha (May 08)

mattmecham

Re: Invision Community Blog .. Bugs mattmecham (May 08)
Re: Invision Gallery 2.0.6 ( SQL Injection ) mattmecham (May 04)
Re: Invision Power Board v2.1.5 Remote SQL Injection mattmecham (May 04)

Matt Venzke

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Matt Venzke (May 20)

Maxime Ducharme

RE: Is MS06-018 a DoS or a system compromise ? Maxime Ducharme (May 15)

mcdanielar

FrontRange iHeat Vulnerability mcdanielar (May 18)

MC Iglo

XSS in Omegasoft's Insel MC Iglo (May 26)

Memet Anwar

Re: Circumventing quarantine control in Windows 2003 and ISA 2004 Memet Anwar (May 25)
Circumventing quarantine control in Windows 2003 and ISA 2004 Memet Anwar (May 22)

Michael Scheidell

Symantec antivirus software exposes computers Michael Scheidell (May 27)

Michael Schlenker

Re: Dynamic Evaluation Vulnerabilities in PHP applications Michael Schlenker (May 04)

Michael Shigorin

foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???) Michael Shigorin (May 04)

Michael Silk

Re: [Full-disclosure] How secure is software X? Michael Silk (May 12)

mickael . remond

Re: Ejabberd : Symlink vulnerability during installation process mickael . remond (May 03)

Mike O'Connor

Re: Sun single-CPU DOS Mike O'Connor (May 26)
Re: Sun single-CPU DOS Mike O'Connor (May 24)
Re: Sun single-CPU DOS Mike O'Connor (May 26)
Re: Sun single-CPU DOS Mike O'Connor (May 22)

milw0rm

Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions milw0rm (May 22)

Moritz Muehlenhoff

[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities Moritz Muehlenhoff (May 20)
[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution Moritz Muehlenhoff (May 20)
[SECURITY] [DSA 1061-1] New popfile packages fix denial of service Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 1062-1] New kphone packages fix information disclosure Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service Moritz Muehlenhoff (May 20)
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities Moritz Muehlenhoff (May 29)
[SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code Moritz Muehlenhoff (May 20)
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service Moritz Muehlenhoff (May 20)
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation Moritz Muehlenhoff (May 19)

Mr . Niega

Internet explorer Vulnerbility Mr . Niega (May 31)

Mster-X

RaceEventManagement <--v0.7.6 SQL injection & XSS Mster-X (May 20)
modules name(Sections)SQL Injection Exploit Mster-X (May 05)
PHP Live Helper ASP(chat.php) XSS mster-X (May 12)
modules name(Downloads)SQL Injection Exploit Mster-X (May 05)
Interlink "news_information.php" XSS Mster-X (May 20)

mtoren

Code Injection via Hidden Form Field Manipulation mtoren (May 18)

Mustafa Can Bjorn IPEKCI

Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities Mustafa Can Bjorn IPEKCI (May 29)
Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability Mustafa Can Bjorn IPEKCI (May 29)
Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities Mustafa Can Bjorn IPEKCI (May 29)
Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability. Mustafa Can Bjorn IPEKCI (May 17)
Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities Mustafa Can Bjorn IPEKCI (May 29)
Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities. Mustafa Can Bjorn IPEKCI (May 29)
Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability Mustafa Can Bjorn IPEKCI (May 29)

mx

phpFoX All Version Login Exploit mx (May 25)

newsportal

Newsportal: code injection vulnerability newsportal (May 16)

Nick Boyce

Is MS06-018 a DoS or a system compromise ? Nick Boyce (May 15)
Re: Is MS06-018 a DoS or a system compromise ? Nick Boyce (May 18)

Niranjan S Patil

Re: Checkpoint SYN DoS Vulnerability Niranjan S Patil (May 24)

noreply

Re: Zen Cart login.php SQL Injection Vulnerability noreply (May 17)

not

Re: PhpListPro 2.01 Remote File Include Vulnerability not (May 26)

omnipresent

CuteGuestbook XSS attack omnipresent (May 04)
CANews Multiple Vulnerabilities omnipresent (May 22)

OpenPKG

[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils) OpenPKG (May 26)
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap) OpenPKG (May 23)

outlaw

Thyme 1.3 Cross Site Scripting outlaw (May 01)
VHCS --- Virtual Hosting Control System Cross Site Scripting outlaw (May 02)
Beoped Portal XSS outlaw (May 22)

o . y . 6

OpenBB 1.0.8 Full Path Disclosure o . y . 6 (May 01)
PunBB 1.2.11 Cross-Site Scripting o . y . 6 (May 04)
SaPHPLesson 3.0 Multbugs o . y . 6 (May 05)
Invision Community Blog .. Bugs o . y . 6 (May 05)
Invision Gallery 2.0.6 ( SQL Injection ) o . y . 6 (May 02)
Invision Power Board v2.1.5 Remote SQL Injection o . y . 6 (May 01)

p4 . werterxyz

Firefox 1.5.0.3 - DoS p4 . werterxyz (May 10)

Paul B. Saitta

Re: How secure is software X? Paul B. Saitta (May 15)

Paul Jakma

Re: Quagga RIPD unauthenticated route injection Paul Jakma (May 03)

Paul Laudanski

Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors Paul Laudanski (May 10)
Re: modules name(Downloads)SQL Injection Exploit Paul Laudanski (May 10)
Re: PHPBB 2.0.20 persistent issues with avatars Paul Laudanski (May 20)
Re: PHPBB 2.0.20 persistent issues with avatars Paul Laudanski (May 15)
Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors Paul Laudanski (May 12)

Pawel Worach

Re: Checkpoint SYN DoS Vulnerability Pawel Worach (May 16)

Pedro Andújar

Several flaws in e-business designer (eBD) Pedro Andújar (May 12)

philipp . niedziela

Newsportal <= 0.36 Remote File Inclusion Vulnerability philipp . niedziela (May 17)

phpbb

Re: phpBB "charts.php" XSS and SQL-Injection phpbb (May 18)

phpnuke

Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 phpnuke (May 25)

phugo

RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. phugo (May 27)

pieisgdvgd

html Guest Gear pieisgdvgd (May 27)

plato

re: RealVNC 4.1.1 Remote Compromise plato (May 16)

pokley

Re: Wordpress <=2.0.2 'cache' shell injection pokley (May 26)

PostgreSQL Security

PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15 PostgreSQL Security (May 25)

putosoft softputo

RE: Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo (May 01)

qex

Blog Mod <= 0.2.x SQL Injection qex (May 01)

raphael . huck

WikiNi Persistent Cross Site Scripting Vulnerability raphael . huck (May 29)
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities raphael . huck (May 02)

RedTeam Pentesting

Prodder Remote Arbitrary Command Execution RedTeam Pentesting (May 22)
Perlpodder Remote Arbitrary Command Execution RedTeam Pentesting (May 22)

research

SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure research (May 08)

Reversemode

Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption Reversemode (May 12)
[Reversemode] Microsoft Infotech Storage library Heap Corruption Reversemode (May 09)

rewterz

[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability rewterz (May 04)
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability rewterz (May 04)

rgod

DeluxeBB <= v1.06 attachment mod_mime exploit rgod (May 16)
Wordpress <=2.0.2 'cache' shell injection rgod (May 25)
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure rgod (May 16)
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit rgod (May 22)
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion rgod (May 11)
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit rgod (May 15)
PHPBB 2.0.20 persistent issues with avatars rgod (May 12)
Drupal <= 4.7 attachment/mod_mime remote code execution rgod (May 25)
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities rgod (May 08)
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid) rgod (May 15)
Nucleus CMS <= 3.22 arbitrary remote inclusion rgod (May 23)
X7 Chat <=2.0 remote commands execution rgod (May 02)
Mambo <= 4.6. RC1 xss rgod (May 24)
pppBlog <= 0.3.8 administrative credentials/system disclosure rgod (May 31)

Robert

Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions. Robert (May 30)

Roger A. Grimes

RE: LM hashes in a hot-desking environment Roger A. Grimes (May 27)
RE: Circumventing quarantine control in Windows 2003 and ISA 2004 Roger A. Grimes (May 23)

Rohin Koul

XSS in orkut.com Rohin Koul (May 18)

Roman Daszczyszak

Re: Firefox (with IETab Plugin) Null Pointer Dereferences Bug Roman Daszczyszak (May 19)

Roman Drahtmueller

Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user Roman Drahtmueller (May 22)

Ronald

Re: Re: Firefox 1.5.0.3 - DoS Ronald (May 15)

Ronald van den Blink

Re: Firefox 1.5.0.3 - DoS Ronald van den Blink (May 15)

rootter

Gawab.com Register Xss Bugtraq rootter (May 17)

RSnake

Re: Firefox 1.5.0.3 - DoS RSnake (May 12)

ruben

Intel wireless service s24evmon.exe confidential information disclosure. ruben (May 06)

ryan

Re: WebsiteBaker CMS lack of sanitizing ryan (May 22)

Ryan Smith

Novell NDPS Remote Vulnerability (Server & Client) Ryan Smith (May 15)

s3rv3r_hack3r

Foing Remote File Include Vulnerability [PHPBB] s3rv3r_hack3r (May 29)
my Web Server << v-1.0 Denial of Service Exploit s3rv3r_hack3r (May 26)

s89df987 s9f87s987f

Re: PHPBB 2.0.20 persistent issues with avatars s89df987 s9f87s987f (May 18)

sanjay naik

Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 16)
Checkpoint SYN DoS Vulnerability sanjay naik (May 16)
Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 18)
Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 18)
Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 17)

Sanjay Rawat

Re: POC exploit for freeFTPd 1.0.10 Sanjay Rawat (May 22)

scott

Re: vbulletin security Alert scott (May 11)

Secunia Research

Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 01)
Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities Secunia Research (May 31)
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 17)
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability Secunia Research (May 15)
Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability Secunia Research (May 31)
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 17)
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability Secunia Research (May 08)
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 11)
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability Secunia Research (May 19)
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 08)
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 15)
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability Secunia Research (May 09)

security

[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption security (May 24)
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc security (May 24)
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities security (May 10)
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability security (May 03)
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities. security (May 30)
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability security (May 24)
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities security (May 11)
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities security (May 19)
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities security (May 03)
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability security (May 02)
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability security (May 24)
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability. security (May 26)
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability security (May 10)
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability security (May 05)
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities security (May 25)

security-alert

[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation security-alert (May 23)
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS) security-alert (May 19)
[security bulletin] HPSBUX02122 SSRT061158 rev.1 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (May 31)
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) security-alert (May 22)
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS) security-alert (May 22)
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege security-alert (May 23)
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code security-alert (May 19)
[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access security-alert (May 23)
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code security-alert (May 04)
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS) security-alert (May 19)
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution security-alert (May 23)

security curmudgeon

Re: modules name(Sections)SQL Injection Exploit security curmudgeon (May 22)
Re: tseekdir.cgi<--Local File Include security curmudgeon (May 22)

securityfocus

Verizon Voicewing and Linksys PAP2-VN securityfocus (May 11)

sehato

InternerExplorer error: ECMAScript interpreter stack overflow sehato (May 27)

Shaun Colley

Re: ISA Server 2004 Log Manipulation Shaun Colley (May 06)

sirdarckcat

Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln. sirdarckcat (May 22)
90% of programs made in PHP5 and prior Full Path Disclosure vuln. sirdarckcat (May 15)

skinnypuppy

Alexadex.com players.py XSS Exploit skinnypuppy (May 06)

sn4k3 . 23

phpBB "charts.php" XSS and SQL-Injection sn4k3 . 23 (May 11)

Snake_23

Confixx 3.1.2 <= Code Injection Snake_23 (May 15)

SnoBmsn

IBM Websphere Application Server Multiple Vulnerabilities SnoBmsn (May 09)
PhpListPro 2.01 Remote File Include Vulnerability SnoBMSN (May 10)
Limbo CMS (option=weblinks) SQL injection exploit SnoBMSN (May 08)
UBlog Remote XSS Exploit SnoBMSN (May 10)
Kerio WinRoute Firewall Protocol Inspection Denial SnoBMSN (May 10)

socsam

SQL-Injection in e107 allows attacker to become a site admininstrator socsam (May 13)
WebCalendar-1.0.3 reading of any files socsam (May 30)

Soothackers

PhpRemoteView Multiple Xss Vulnerabilities Soothackers (May 16)
Sphider Multiple Xss Vulnerabilities Soothackers (May 16)

Sowhat

Apple QuickTime udta ATOM Heap Overflow Sowhat (May 12)

spymeta

XSS Vulnerability on www.my6d.com Connection Work System spymeta (May 26)
URL Bug On 1ASPHost and DomainDLX Hosting Services spymeta (May 06)

Stefan Cornelius

[ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows Stefan Cornelius (May 22)
[ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities Stefan Cornelius (May 22)
[ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability Stefan Cornelius (May 30)
[ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities Stefan Cornelius (May 30)

Stefano Di Paola

Re: Oracle - the last word Stefano Di Paola (May 12)
MySQL Anonymous Login Handshake - Information Leakage. Stefano Di Paola (May 02)
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution. Stefano Di Paola (May 02)

Sterling, Chuck

RE: Checkpoint SYN DoS Vulnerability Sterling, Chuck (May 18)

Steve Kemp

[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal Steve Kemp (May 29)
[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution Steve Kemp (May 31)

Steven M. Christey

Re: CoolMenus Event Remote File Inclusion exploit Steven M. Christey (May 01)
Re: tseekdir.cgi<--Local File Include Steven M. Christey (May 10)
Re: ISA Server 2004 Log Manipulation Steven M. Christey (May 05)
Re: mybb v1.1.1(rss.php) SQL Injection Exploit Steven M. Christey (May 25)
Re: Phil's Bookmark script admin By-pass Steven M. Christey (May 09)
Re: ISA Server 2004 Log Manipulation Steven M. Christey (May 09)
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv Steven M. Christey (May 26)
Dynamic Evaluation Vulnerabilities in PHP applications Steven M. Christey (May 03)
Re: Oracle - the last word Steven M. Christey (May 11)

str0ke

Re: my Web Server << v-1.0 Denial of Service Exploit str0ke (May 26)

Sune Kloppenborg Jeppesen

[ GLSA 200605-07 ] Nagios: Buffer overflow Sune Kloppenborg Jeppesen (May 08)
[ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow Sune Kloppenborg Jeppesen (May 01)
ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow Sune Kloppenborg Jeppesen (May 16)
[ GLSA 200605-13 ] MySQL: Information leakage Sune Kloppenborg Jeppesen (May 11)
[ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200605-11 ] Ruby: Denial of Service Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200605-04 ] phpWebSite: Local file inclusion Sune Kloppenborg Jeppesen (May 02)
UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage Sune Kloppenborg Jeppesen (May 16)
[ GLSA 200605-05 ] rsync: Potential integer overflow Sune Kloppenborg Jeppesen (May 06)
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension Sune Kloppenborg Jeppesen (May 02)
[ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam Sune Kloppenborg Jeppesen (May 02)

support

Re: [Info Disclosure] Diesel PHP Job Site Latest Version support (May 30)
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other. support (May 25)

susam . pal

Default Screen Saver Vulnerability in Microsoft Windows susam . pal (May 24)

Tauqeer Ahmad

POC exploit for freeSSHd version 1.0.9 Tauqeer Ahmad (May 15)
POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 18)
Re: POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 22)
Re:POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 18)

TeufeL Online

Hackernetwork.Com Mail XSS Vulnerability TeufeL Online (May 22)
AspBB Forum "profile.asp & default.asp" XSS Vulnerability TeufeL Online (May 18)
phpRaid "view.php" XSS Vulnerability TeufeL Online (May 22)

The Little Prince

Re: LM hashes in a hot-desking environment The Little Prince (May 29)

theproffx

Re: Re: Phil's Bookmark script admin By-pass theproffx (May 12)

thesinoda

RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. thesinoda (May 27)
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. thesinoda (May 25)
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING thesinoda (May 27)

Thierry Carrez

[ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution Thierry Carrez (May 06)
[ GLSA 200605-08 ] PHP: Multiple vulnerabilities Thierry Carrez (May 08)
[ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities Thierry Carrez (May 08)

Thierry Zoller

Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Thierry Zoller (May 09)
[TZO-042006] Insecure Auto-Update and File execution (2) Thierry Zoller (May 11)
[TZO-042006] Insecure Auto-Update and File execution Thierry Zoller (May 10)
[TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart Thierry Zoller (May 22)

Thilo Schulz

Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games Thilo Schulz (May 09)

Thomas Biege

DIMVA 2006 - Call For Participation Thomas Biege (May 17)
SUSE Security Announcement: rug (SUSE-SA:2006:029) Thomas Biege (May 31)

thomas . depraetere

Dokeos LDAP hole fixed thomas . depraetere (May 12)

Thor (Hammer of God)

Re: ISA Server 2004 Log Manipulation Thor (Hammer of God) (May 06)

thrasher . basher

Re: IpLogger <= 1.7 XSS thrasher . basher (May 25)

Tim Newsham

Re: How secure is software X? Tim Newsham (May 12)

Timo Sirainen

Dovecot IMAP: Mailbox names list disclosure with mboxes Timo Sirainen (May 12)

Tonnerre Lombard

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Tonnerre Lombard (May 06)

Trustix Security Advisor

TSLSA-2006-0028 - multi Trustix Security Advisor (May 22)
TSLSA-2006-0030 - multi Trustix Security Advisor (May 26)
TSLSA-2006-0026 - kernel Trustix Security Advisor (May 12)
TSLSA-2006-0024 - multi Trustix Security Advisor (May 05)

try_og

XSS Vulnerability on Vodafone try_og (May 26)
Vodafone.de XSS Vulnerability try_og (May 24)

tugr

free-php.net Poll 1.0 admin login tugr (May 01)
planetGallery admin login tugr (May 01)

tyree

tyree[at]users.sourceforge.net tyree (May 15)

unknown user

Re: Microsoft Internet Explorer - Crash on mouse button click unknown user (May 26)
Re: Microsoft Internet Explorer - Crash on mouse button click unknown user (May 26)
Re: Microsoft Internet Explorer - Crash on mouse button click unknown user (May 24)
Re: Microsoft Internet Explorer - Crash on mouse button click unknown user (May 26)

V8f3

XSS in Monster Top List | MTL 1.4 V8f3 (May 26)

Ventsislav Genchev

Re: V-Webmail 1.6.4 Remote File Include Ventsislav Genchev (May 30)

visitbipin

Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. visitbipin (May 27)

VSR Advisories

VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices VSR Advisories (May 08)

webmaster

Re: Milliscript 1.4 Multiple Vulnerabilities webmaster (May 10)
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv webmaster (May 24)

Williams, James K

CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability Williams, James K (May 08)

William Starling

Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space William Starling (May 18)

y3dips

JAMES 2.2.0 <-- Denial Of Service y3dips (May 29)

yesn

Firefox 1.5.0.3 code execution exploit yesn (May 06)

Zaninotti, Thiago

Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 Zaninotti, Thiago (May 08)

zdi-disclosures

ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability zdi-disclosures (May 08)
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability zdi-disclosures (May 22)
ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability zdi-disclosures (May 09)
ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability zdi-disclosures (May 12)
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability zdi-disclosures (May 10)

zerogue

Cmscout <= V1.10 multiple XSS attack vectors zerogue (May 02)
Russcom PHPImages lack of validation zerogue (May 23)
IpLogger <= 1.7 XSS zerogue (May 23)
FileProtection Express <= 1.0.1 authentification bypass zerogue (May 02)
QBv14 XSS zerogue (May 23)
SF-Users V1.0 XSS injection zerogue (May 02)
PHP AGTC-Membership system <= v1.1a XSS zerogue (May 26)
myBloggie <= 2.1.3 XSS zerogue (May 06)
WebsiteBaker CMS lack of sanitizing zerogue (May 06)
DSChat <= 1.0 XSS zerogue (May 23)
X7Chat <= 2.0.2 avatar XSS injection zerogue (May 06)
PHPResidence <= 0.6 XSS zerogue (May 26)
Chatty improper input sanitizing zerogue (May 23)
TyroCms beta V1.0 multiple XSS injections zerogue (May 02)
Russcom Ping Remote code execution zerogue (May 23)
ByteHoard <= 2.1 multiple vulnerabilities zerogue (May 26)
Russcom.net Loginphp multiple vulnerabilties zerogue (May 02)
Assetman <= 2.4a XSS zerogue (May 26)
SkyeShoutbox <= v.1.2.0 XSS zerogue (May 23)
ChipmunkBoard Multiple Attack vectors zerogue (May 06)
PassMasterFlex (and PassMasterFlex+) XSS injection zerogue (May 06)
VisionSource CMS <= 0.6 XSS vectors zerogue (May 06)
ChipmunkBlogger improper input sanitizing zerogue (May 06)
FlexCustomer <= 0.0.4 sql injection zerogue (May 06)

znx

Re: modules name(Downloads)SQL Injection Exploit znx (May 12)

zuxncwaruio

yet more XSS in older versions of ColdFusion zuxncwaruio (May 12)

Previous period

Next period