Bugtraq: by date

PreviousPrevious period
Next periodNext

599 messages starting Nov 01 06 and ending Nov 30 06
Date index | Thread index | Author index

Wednesday, 01 November

iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability iDefense Labs
iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability iDefense Labs
iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability iDefense Labs
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0 security
Re: Re: Simple Machines Forum (SMF) XSS issue oldiesmann
Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A
[USN-370-1] screen vulnerability Kees Cook
[USN-371-1] Ruby vulnerability Kees Cook
Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" LegendaryZion
Re: phpLedAds 2.0(dir) File Include Stefano Zanero
Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass Cisco Systems Product Security Incident Response Team
[USN-373-1] mutt vulnerabilities Kees Cook
Asterisk Local and Remote Denial of Service vulnerability sil
tikiwiki 1.9.5 mysql password disclosure & xss securfrog
rPSA-2006-0202-1 tshark wireshark rPath Update Announcements
[security bulletin] HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access security-alert
Re: PLS-Bannieres 1.21 (bannieres.php) File Include Stefano Zanero
[security bulletin] HPSBUX02164 SSRT061265 rev.1 - HP-UX VirtualVault Running Apache 1.3.X Remote Denial of Service (DoS) and Arbitrary Code Execution security-alert
[security bulletin] HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access security-alert
Outpost Insufficient validation of 'SandBox' driver input buffer Matousec - Transparent security Research
[USN-374-1] wvWare vulnerability Kees Cook
[security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege security-alert

Thursday, 02 November

Internet Explorer 7 - Still Spyware Writers' Heaven avivra
Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00 Nicob
how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] securfrog
Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability Stefan Esser
Firefox 1.5.0.7 Exploit koenig
iodine client 0.3.2 buffer overflow poplix
[SECURITY] [DSA 1203-1] New libpam-ldap packages fix access control bypass Moritz Muehlenhoff
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS) security-alert
[USN-375-1] PHP vulnerability Martin Pitt
Educational write-up by Amit Klein: "A Refreshing Look at Redirection" Amit Klein
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Taneli Leppä
Re: Firefox 1.5.0.7 Exploit Robert McGrew
RE: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Richard Stanway
Re: Firefox 1.5.0.7 Exploit Bram Dumolin
RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes
Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability Stefan Esser

Friday, 03 November

EUSecWest/London CFP extended to Nov. 7 Dragos Ruiu
Re: phpMyConferences <= 8.0.2 Remote File Inclusion Steven M. Christey
[ MDKSA-2006:196 ] - Updated php packages to address buffer overflow issue security
[ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities security
Re: Firefox 1.5.0.7 Exploit Martin Pitt
Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution 3APA3A
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability sales
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 harrisonholland
[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability Matthias Geerdsen
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation Steve Kemp
SIMPLOG 0.9.3 injection sql & multiple xss saps . audit
[ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
XSS in script Mobile m-0-t
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability zdi-disclosures

Saturday, 04 November

[USN-376-1] imlib2 vulnerabilities Kees Cook
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby) OpenPKG
Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan
MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues admin
Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)] Paul Laudanski
[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php) OpenPKG
Web Directory Pro bypass Vulnerabilities hack2prison
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind) OpenPKG
[USN-378-1] RPM vulnerability Kees Cook
[MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues admin
[USN-377-1] NVIDIA vulnerability Kees Cook
Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues saps . audit
IF-CMS multiples XSS vunerabilities saps . audit
Re: Internet Explorer 7 - Still Spyware Writers' Heaven Thierry Zoller

Monday, 06 November

@cid stats v2.3 File Include mahmood ali
Article Script v1.*and v1.6.3 Sql injection liz0
Stanford university SCARF user editing navairum
PHP Rapid Kill All Version File Injection null_hack
Mail Drives Security Considerations darkz . gsa
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jan Heisterkamp
[ECHO_ADV_57_2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability erdc
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability erdc
Re: @cid stats v2.3 File Include Heiko Wundram
[ECHO_ADV_59_2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability erdc
[ECHO_ADV_60_2006] OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability erdc
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Jerome Athias
AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss] saps . audit
Joomla 1.0.11 Remote File Include root
MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability -= SHELL =- -= SHELL =-
Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server ProCheckUp Research
TSLSA-2006-0061 - multi Trustix Security Advisor
[ GLSA 200611-02 ] Qt: Integer overflow Matthias Geerdsen
Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities(New) ajannhwt
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues admin
Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan
RE: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes
[SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution Moritz Muehlenhoff
XSS Vulnerability in Zend Framework Preview 0.2.0 security
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities Moritz Muehlenhoff
Hotmail and Windows Live Mail XSS Vulnerabilities applesoup
Advanced Guestbook 2.3.1 (Admin.php) Remote File Include broken-proxy
VulnDisco Pack for Metasploit Evgeny Legerov
Re: Firefox 1.5.0.7 Exploit Lubomir Kundrak
Re: Firefox 1.5.0.7 Exploit OOZIE
ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability zdi-disclosures
IE7 website security certificate discrediting exploit inge_eivind . henriksen

Tuesday, 07 November

Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob
Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include simo64
GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability skulmatic
[USN-376-2] imlib2 regression fix Kees Cook
[ MDKSA-2006:199 ] - Updated libx11 packages fix file descriptor leak vulnerability security
[ MDKSA-2006:198 ] - Updated imlib2 packages fix several vulnerabilities security
News publication system remote File include navairum
Re: IE7 website security certificate discrediting exploit inge_eivind . henriksen
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php jesper . jurcenoks
[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability security
Minimizing error cascades in vulnerability information management Steven M. Christey
WarFTPd 1.82.00-RC11 Remote Denial Of Service Joxean Koret
XSS in Kayako SupportSuite v3.00.32 hacker hackers
[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez
DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Jesper Jurcenoks
WFTPD Pro Server 3.23 Buffer Overflow Joxean Koret

Wednesday, 08 November

[ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error security
[OpenPKG-SA-2006.032] OpenPKG Security Advisory (openssh) OpenPKG
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006 Manh Tho
[ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop Cisco Systems Product Security Incident Response Team
Y.A.N.S sql injection navairum
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities ajannhwt
PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability ajannhwt
[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability security
Lotus Notes pre-login User.ID key leak Andrew Christensen
iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities iDefense Labs Security Advisories
Portix-PHP [login bypass & xss (post)] saps . audit
phpsatk => Remote File Include Vulnerability EXploit h4ck3riran
TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability TSRT
Re: Hotmail and Windows Live Mail XSS Vulnerabilities HASEGAWA Yosuke
Abarcar Realty Portal [injection sql] saps . audit
iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability iDefense Labs
knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability h4ck3riran
Speedwiki 2.0 Arbitrary File Upload Vulnerability saps . audit
[ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities security
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie ProCheckUp Research
FreeWebshop <=2.2.2 [local file include & xss] saps . audit
FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive FreeBSD Security Advisories
Antwort: Joomla 1.0.11 Remote File Include srunschke

Thursday, 09 November

omnistar article manager [multiples injection sql] saps . audit
[ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability security
bitweaver <=1.3.1 [injection sql (post) & xss (post)] saps . audit
GNU gv Stack Overflow Vulnerability Renaud Lifchitz
[SECURITY] [DSA 1207-1] New phpmyadmin packages fix several vulnerabilities Moritz Muehlenhoff
LandShop Real Estate [multiple injection sql & xss] saps . audit
[USN-379-1] texinfo vulnerability Kees Cook
Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00 Nicob
Wheatblog [multiple xss (post) & full path disclosure] saps . audit
[security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) security-alert
[ GLSA 200611-04 ] Bugzilla: Multiple Vulnerabilities Matthias Geerdsen

Friday, 10 November

rPSA-2006-0204-1 kernel rPath Update Announcements
rPSA-2006-0205-1 php php-mysql php-pgsql rPath Update Announcements
rPSA-2006-0206-1 firefox thunderbird rPath Update Announcements
rPSA-2006-0207-1 openssh openssh-client openssh-server rPath Update Announcements
[ MDKSA-2006:205 ] - Updated Firefox packages fix multiple vulnerabilities security
[ MDKSA-2006:206 ] - Updated Thunderbird packages fix multiple vulnerabilities security
[OpenPKG-SA-2006.033] OpenPKG Security Advisory (openldap) OpenPKG
[ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation Raphael Marichez
[x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow corrado . liotta
[x0n3-h4ck]Drake CMS v 0.2 XSS exploit corrado . liotta
ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability zdi-disclosures

Monday, 13 November

encapscms 0.3.6 - Remote File Include by Firewall firewall1954
Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt
Mega Mall [ multiples injection sql & full path disclosure ] saps . audit
MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] benjilenoob
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit philipp . niedziela
TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability stormhacker
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery Moritz Muehlenhoff
Exophpdesk V1.2 - Remote File Include firewall1954
Wordpress File Inclusion vannovax
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue admin
phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit ajannhwt
AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit ajannhwt
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability ajannhwt
NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit ajannhwt
Re: feedsplitter considered harmful wmodes
NuRems 1.0 Remote XSS/SQL Injection Exploit ajannhwt
Re: Wordpress File Inclusion emc3
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce
NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability ajannhwt
NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit ajannhwt
[SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities Moritz Muehlenhoff
XSS in Email Signature Script miladkaleh
infinicart [ multiples injection sql & xss (post) ] saps . audit
shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit crackers_child
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow zdi-disclosures
Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" rvirtue
Web Interface remote file inclusion navairum
VBulletin DoS Exploit [ all Versions ] root
Digipass Go3 Token Dumper (at least for 2006) fcollyer
Phpjobscheduler 3.0 - Multiple Remote File Include Firewall1954
Phpdebug 1.1.0 - Remote File Include by Firewall Firewall1954
ELOG Web Logbook Remote Denial of Service Vulnerability OS2A BTO
UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability ajannhwt
Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability ajannhwt
CPanel Multiple Cross Site Scription Advisory
Old SAP exploits Nicob
Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability ajannhwt
Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow Noam Rathaus
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit ajannhwt
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability ajannhwt
[FLSA-2006:211760] Updated gzip package fixes security issues David Eisenstein
[SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery Moritz Muehlenhoff
SinFP 2.04 release, works under Windows GomoR
Challenges faced by automated web application security assessment tools bugtraq
DirectAdmin Multiple Cross Site Scription Advisory
[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows Raphael Marichez
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 VMware Security team
[ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities Raphael Marichez
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez
iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Labs
[ GLSA 200611-08 ] RPM: Buffer overflow Raphael Marichez
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 VMware Security team
New Bug MiniBB Forum <= 2 Remote File Include (index.php) philip anselmo
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 VMware Security team
Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit ajannhwt
VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue VMware Security team
VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 VMware Security team
Re: Wordpress File Inclusion Expanders
Re: GNU gv Stack Overflow Vulnerability Noam Rathaus

Tuesday, 14 November

[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
Real Estate Listing System SQL Injection Advisory
ASPintranet SQL Injection Advisory
SiteXpress SQL Injection Advisory
WWWeb Cocepts SQL Injection Advisory
Ustore SQL Injection Advisory
eShopping SQL Injection Advisory
Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Stefan Esser
ECommerce Store Shop Builder Advisory
Engine Manager SQL Injection Advisory
BPG Content Management System SQL Injection Advisory
Apple Safari "match" Buffer Overflow Vulnerability jbh_cg
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements
Evolve Merchant[ injection sql ] saps . audit
Car Site Manager [injection sql & xss (get)] saps . audit
Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php) navairum
FunkyASP Glossary v1.0 [injection sql] saps . audit
Blogme v3 [admin login bypass & xss (post)] saps . audit
Property Site Manager [login bypass ,multiples injection sql & xss (get)] saps . audit
[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'] K F (lists)
Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner
[Fwd: OpenBase SQL multiple vulnerabilities Part Deux] K F (lists)
EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow eEye Advisories
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability zdi-disclosures
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability zdi-disclosures
A+ Store E-Commerce[ injection sql & xss (post) ] saps . audit
A-Cart pro[ injection sql (post&get)] saps . audit
Inventory Manager [injection sql & xss (get)] saps . audit

Wednesday, 15 November

hpecs shopping cart[login bypass & injection sql (post)] saps . audit
Dragon calendar [ login bypass & injection sql ] saps . audit
[SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution Moritz Muehlenhoff
NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
MultiCalendars [ multiples injection sql ] saps . audit
[OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo) OpenPKG
DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
TSLSA-2006-0063 - multi Trustix Security Advisor
[ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability security
[SECURITY] [DSA 1212-1] New openssh packages fix denial of service Noah Meyerhans
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability Matousec - Transparent security Research
E-Calendar Pro 3.0 [ login bypass & injection sql (post)] saps . audit
Helm Cross-Site Scripting (XSS) Advisory
FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rodrigo Rubira Branco (BSDaemon)
[ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability security

Thursday, 16 November

Bloo => 1.00 Cross Site Scripting the_3dit0r
E-commerce Kit 1 PayPal Edition [ injection sql ] saps . audit
MetaCart e-Shop [multiples injection sql (get & post)] saps . audit
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection Advisory
discloser => 0.0.4 Remote File Include Vulnerabilities the_3dit0r
Hot Links download backup authorized vulnerabilities hack2prison
PhpMyAdmin all version [multiples vulnerability] saps . audit
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues admin
OdysseusBlog => 1.0.0 Cross Site Scripting the_3dit0r
Bloo => 1.00 Remote File Include Vulnerability the_3dit0r
Team Evil - Incident #2 beSIRT
Chetcpasswd 2.x: multiple vulnerabilities riclem
Secunia Research: MDaemon Insecure Default Directory Permissions Secunia Research
Re: Apple Safari "match" Buffer Overflow Vulnerability J. Oquendo
Kerio WebSTAR local privilege escalation K F (lists)
dev_wms => 1.5 Remote File Include Vulnerabilities the_3dit0r
discloser => 0.0.4 Remote File Include Vulnerability Exploit the_3dit0r
Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) revenge
eShopping Cart [injection sql] saps . audit
Whitepaper: Implementing and Detecting a PCI Rootkit John Heasman
Vulnerabilities in Client Service for NetWare Avert
CandyPress Store[ multiples injection sql ] saps . audit
BaalAsp forum [login bypass ,injections sql(post), xss(post)] saps . audit
ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability zdi-disclosures
Helm Cross Site Scripting Advisory
Myphotos => Remote File Include Vulnerability Exploit the_3dit0r
i-Gallery 3.4 Cross Site Scripting Advisory
Sphpblog => 0.8 Cross Site Scripting the_3dit0r
BlogTorrent-preview => 0.92 Cross Site Scripting the_3dit0r
Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include AG- Spider
ASP Cart [multiples injection sql (post & get)] saps . audit
worksystem => Remote File Include Vulnerability Exploit the_3dit0r
Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Lucas Holt
Hot Links download backup authorized vulnerabilities (re-post with some edit) hack2prison
eggblog=> 3.1.0 Cross Site Scripting the_3dit0r
Secunia Research: Panda ActiveScan Multiple Vulnerabilities Secunia Research
RE: VBulletin DoS Exploit [ all Versions ] Bart Seresia
UK Security Convention - Continuity 2006 Manchester 2600
Links smbclient command execution Teemu Salmela
rPSA-2006-0211-1 libpng rPath Update Announcements
My-BIC => 0.6.5 Remote File Include Vulnerability Exploit the_3dit0r
ASPintranet SQL Injection Advisory
blogcms => 4.0.0 Remote File Include the_3dit0r
RED Blog => Remote File Include Vulnerability Exploit the_3dit0r
Storystream => 4.0 Remote File Include Vulnerability Exploit the_3dit0r
Pilot Cart V.7.2 [ injection sql (post) ] saps . audit
[ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities security
[ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities security
[ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities security
Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability Marcello Barnaba
[OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) OpenPKG
[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities security
Active News Manager [ injection sql (post&get)] saps . audit

Friday, 17 November

Image gallery with Access Database SQL Injection Advisory
[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities security
[OpenPKG-SA-2006.036] OpenPKG Security Advisory (png) OpenPKG
[USN-383-1] libpng vulnerability Kees Cook
[security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS) security-alert
[ GLSA 200611-09 ] libpng: Denial of Service Sune Kloppenborg Jeppesen
TSLSA-2006-0065 - libpng Trustix Security Advisor
[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) dean
[Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory] Advisory
20/20 auto gallery [ multiples injection sql ] saps . audit
20/20 real estate [ multiples injection sql ] saps . audit
TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability liuqx
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Reversemode
Sphpblog => 0.8 Remote File Include Vulnerabilities the_3dit0r
Aspmforum [ multiples injection sql (get&post)] saps . audit
igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote info
Dating Site [ login bypass & xss] saps . audit
XSS vBulletin 3.6.X Admin Control Painel insanity
MosReporter Joomla Component Remote File Inclusion Exploi crackers_child
20/20 datashed [ multiples injection sql ] saps . audit
Re: blogcms => 4.0.0 Remote File Include Stefano Zanero
Re: Airmagnet management interfaces multiple vulnerabilities ckuan
Infinitytechs Restaurants CM saps . audit
[ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability security
Re: dev_wms => 1.5 Remote File Include Vulnerabilities Stefano Zanero

Saturday, 18 November

A-Cart PRO SQL Injection Advisory
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues admin
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING pagvac
PhpBB Module Dimension Remote File Include bluespy . ok
Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection gmdarkfig
[ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security
[Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite Advisory
Drone Armies C&C Report - 17 Nov 2006 c2report
Vikingboard (0.1.2) [ multiples vulnerability ] saps . audit
BLOG:CMS <= 4.1.3 XSS katatafish
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite Advisory
[MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues admin
linksys wrt54g v5 authentication bypass fixed Ginsu Rabbit
A-Cart 2.0 SQL Injection Advisory
Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite gmdarkfig
Re: Phpjobscheduler 3.0 - Multiple Remote File Include Stefano Zanero
Re: A-Cart PRO SQL Injection gmdarkfig
GPhotos 1.5 Multiple vulnerabilities tux025
Re: Phpjobscheduler 3.0 - Multiple Remote File Include str0ke
Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow security-list

Monday, 20 November

Dovecot IMAP/POP3 server: Off-by-one buffer overflow Timo Sirainen
LoudMouth => 2.4 Remote File Include Vulnerabilities the_3dit0r
Ixprim CMS 1.2 Remote File Include Vulnerability vitux . manis
Telaen <= 1.1.0 Remote File Include Exploit the_3dit0r
Rapid Classified v3.1 [multiple xss (get) & injection sql] saps . audit
Digital Armaments November-Decemberr Hacking Challenge: KERNEL info
[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities Moritz Muehlenhoff
PhpBB Module Dimension Remote File Include bluespy . ok
ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability ajannhwt
PhpQuickGallery <= 1.9 Remote File Inclusion Exploit the_3dit0r
ehomes [multiples injections sql] saps . audit
PHPOLL => 0.96 Cross Site Scripting the_3dit0r
Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
eClassifieds [injection sql] saps . audit
Rialto 1.6[admin login bypass & multiples injections sql] saps . audit
gNews Publisher SQL Injection Vulnerabilites Advisory
Shopping_Catalog Remote File Include exploit the_3dit0r
RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Rogier Mulhuijzen
dicshunary 0.1 alpha Remote File Inclusion Exploit the_3dit0r
klf-realty [injection sql] saps . audit
enomphp => 4.0 Remote Traversal Directory the_3dit0r
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit the_3dit0r
iPrimal Forums (index.php) Remote File Include Exploit the_3dit0r
mg.applanix <= 1.3.1 Remote File Include Exploit the_3dit0r
mxBB calsnails module 1.06 Remote File Inclusion Exploit the_3dit0r
Telaen => 1.1.0 Remote File Include Vulnerability the_3dit0r
[SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution Moritz Muehlenhoff
[ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities security
The Week of Oracle Database Bugs Cesar
[ GLSA 200611-13 ] Avahi: "netlink" message vulnerability Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass Moritz Muehlenhoff
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit the_3dit0r
[ GLSA 200611-12 ] Ruby: Denial of Service vulnerability Sune Kloppenborg Jeppesen
Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
[ GLSA 200611-14 ] TORQUE: Insecure temproary file creation Sune Kloppenborg Jeppesen
[SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service Moritz Muehlenhoff
[ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability security
BirdBlog => v1.4.0 Cross Site Scripting the_3dit0r
Wabbit PHP Gallery => 0.9 Remote Traversal Directory the_3dit0r
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code Moritz Muehlenhoff
mAlbum v0.3 Multiple vulnerabilitizzz tux025
Classified System [injection sql] saps . audit
my little weblog => Cross Site Scripting the_3dit0r
[ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: GPhotos 1.5 Multiple vulnerabilities packet
Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev
[SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression Moritz Muehlenhoff
ltwCalendar => 4.2.1 Remote File Include Vulnerabilities the_3dit0r

Tuesday, 21 November

[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability security
The Classified Ad System [multiple xss & injection sql] saps . audit
[USN-384-1] OpenLDAP vulnerability Kees Cook
Which is more secure? Oracle vs. Microsoft David Litchfield
Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Steve Friedl
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability advisories
[KAPDA]::Security analysis of cutenews 1.4.5 alireza hassani
New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix Omirjan Batyrbaev
[ GLSA 200611-15 ] qmailAdmin: Buffer overflow Sune Kloppenborg Jeppesen
Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities research
[ GLSA 200611-16 ] Texinfo: Buffer overflow Sune Kloppenborg Jeppesen
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities saps . audit
Secunia Research: My Firewall Plus Privilege Escalation Vulnerability Secunia Research
[SECURITY] [DSA 1218-1] New proftpd packages fix denial of service Moritz Muehlenhoff
aBitWhizzy [local file include] saps . audit
ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities revenge
[USN-382-1] Thunderbird vulnerabilities Kees Cook
Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include admin
Link Exchange Lite [injection sql] saps . audit
creadirectory [injection sql & xss] saps . audit
JiRos Links Manager[injection sql & xss permanent] saps . audit
Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI
Clarifying integer overflows vs. signedness errors Steven M. Christey
VMSA-2006-0010 - SSL sessions not authenticated by VC Clients VMware Security team
Vulnerability in PostNuke sni-labs
Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. Mustafa Can Bjorn IPEKCI
RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Williams, James K
[USN-381-1] Firefox vulnerabilities Kees Cook
Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities Chris Gianelloni

Wednesday, 22 November

RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability Williams, James K
*BSD banner INT overflow vulnerability Gruzicki Wlodek
Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions Secunia Research
Re: *BSD banner INT overflow vulnerability Steve Shockley
Re: Clarifying integer overflows vs. signedness errors Thiago Zaninotti
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
"Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Matthew Conover
Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability jim
Windows Media ASX PlayList File Denial Of Service Vulnerability sehato
[ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability security
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito
Re: Re: *BSD banner INT overflow vulnerability evilrabbi
Re: *BSD banner INT overflow vulnerability Bob Beck
Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito
Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords fash1on
CONFidence 2007 CFP andrzej . targosz
Perl proxy checker using samair.ru Iko Riyadi
XSS in scriptat support InverseFlow Help Desk v2.31 gamr-14

Thursday, 23 November

Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. Casper . Dik
[ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion erdc
NVIDIA nView (keystone) local Denial Of service no-reply
CFP - VII National Computer and Information Security Conference Jeimy Cano
Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Michael Scheidell
Re: tikiwiki 1.9.5 mysql password disclosure & xss FBI
Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords 3APA3A
Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords Juha-Matti Laurio
[ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability security
Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include webmaster
Re: *BSD banner INT overflow vulnerability admin
LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability advisories
[ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection Matthias Geerdsen
Active PHP Bookmarks (apb.php) Remote file include philip anselmo
Cracking String Encryption in Java Obfuscated Bytecode subere

Friday, 24 November

Re: Cracking String Encryption in Java Obfuscated Bytecode Jim Manico
Cross site scripting & fullpath disclosure saudi
[Aria-Security Team] Ultimate Survey Pro SQL Injection Advisory
[ GLSA 200611-18 ] TIN: Multiple buffer overflows Sune Kloppenborg Jeppesen
[Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection Advisory
mmgallery Multiple vulnerabilities saudi
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities paisterist . nst
Re: Active PHP Bookmarks (apb.php) Remote file include Mefisto
Wolflab Burning Board Lite 1.0.2 two sql injections retrog
Re: Cracking String Encryption in Java Obfuscated Bytecode John GALLET
[Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection Advisory
[Aria-Security Team] ASP ListPics 5.0 SQL Injection Advisory
[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection Advisory
[Aria-Security Team] iNews News Manager SQL Injection Advisory
Re: Digipass Go3 Token Dumper (at least for 2006) Hugo van der Kooij
[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows Sune Kloppenborg Jeppesen
Cahier de texte V2.0 SQL Code Execution Exploit gmdarkfig
PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit crackers_child
CPanel 11 Multiple Cross-Site Scription Advisory
[ GLSA 200611-20 ] GNU gv: Stack overflow Sune Kloppenborg Jeppesen
WebHost Manager (WHM) Multiple Cross-Site Scripting Advisory
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) stopmakingnoise
DoS in Microsoft Windows Live Messenger <= 8.0 dragonjar
New Windows tool - NBTEnum 3.3 Reed Arvin

Saturday, 25 November

Re: tikiwiki 1.9.5 mysql password disclosure & xss drunken_chin
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God)
Siap Cms Sql Injection (login.asp) nagazakig74
Wisi Portal [Sql Injection By Jesus Tovar] nagazakig74
AttackAPI 2.0 alpha pdp (architect)
Re: DoS in Microsoft Windows Live Messenger <= 8.0 astralbabz
Free tool for pattern identification (for researchers) Gary Golomb
Re: Re: Digipass Go3 Token Dumper (at least for 2006) fcollyer
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steve Friedl
Re: Clarifying integer overflows vs. signedness errors Pavel Kankovsky
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Thor (Hammer of God)
mAlbum v0.3 local file inclusion tux025

Monday, 27 November

[Aria-Security Team] Evolve shopping cart SQL Injection Vulnerability Advisory
[Aria-Security Team] General Shopping Cart SQL Injection Vulnerability Advisory
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution Moritz Muehlenhoff
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Tim Newsham
Clickblog Sql Injection Advisory
ClickGallery Sql Injection Advisory
TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename) liuqx
iDefense Security Advisory 11.26.06: Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability iDefense Labs
VMware 5.5.1 Local Buffer Overflow (HTML Exploit) NormandiaN_MailID
[SECURITY] [DSA 1219-1] New texinfo packages fix multiple vulnerabilities Noah Meyerhans
CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo
rPSA-2006-0218-1 ImageMagick rPath Update Announcements
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) liuqx
Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit) str0ke
rPSA-2006-0219-1 info install-info texinfo rPath Update Announcements
PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity x___ . _
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Francesco Laurita
MHL-2006-003 Public Advisory: "mboard" file creation issue Mayhemic Labs Security
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability iDefense Labs
[ GLSA 200611-21 ] Kile: Incorrect backup file permission Sune Kloppenborg Jeppesen
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution sflist
RE: Cracking String Encryption in Java Obfuscated Bytecode Jeremy Epstein
2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (AT)
Cursor snarfing - a new class of vulnerability and attack in Oracle David Litchfield
AIDE problem handling symlinks fryxar fryxar
ClickContact SQL Injection Advisory
CVE-2006-5815: remote code execution in ProFTPD John Morrissey
SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal research
GnuPG 1.4 and 2.0 buffer overflow Werner Koch
[ GLSA 200611-22 ] Ingo H3: Folder name shell command injection Sune Kloppenborg Jeppesen
uPhotoGallery (v 1.1) SQL Injection Advisory

Tuesday, 28 November

Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal Jon Hart
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Steven M. Christey
[USN-386-1] ImageMagick vulnerability Kees Cook
evince buffer overflow exploit (gv) kspecial
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
TSLSA-2006-0066 - multi Trustix Security Advisor
ProFTPD mod_tls pre-authentication buffer overflow research
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity Mefisto
[USN-385-1] tar vulnerability Kees Cook
b2evolution XSS Vulnerabilities tarkus
[USN-387-1] Dovecot vulnerability Kees Cook
[ GLSA 200611-23 ] Mono: Insecure temporary file creation Raphael Marichez
[ GLSA 200611-24 ] LHa: Multiple vulnerabilities Raphael Marichez
[ GLSA 200611-25 ] OpenLDAP: Denial of Service vulnerability Raphael Marichez
Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity yalnifj

Wednesday, 29 November

New report on Teredo security Jim Hoagland
Multiple Vulnerabilities in AlternC version 0.9.5 Vincent A . Menard
Re: [Full-disclosure] New report on Teredo security Jeroen Massar
b2evolution Remote File inclusion Vulnerability tarkus
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability raven
Re: [WEB SECURITY] The state of JavaScript Hacking bugtraq
PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability philip anselmo
Re: ProFTPD mod_tls pre-authentication buffer overflow Mark Wadham
ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability zdi-disclosures
iDefense Security Advisory 11.29.06: Horde Kronolith Arbitrary Local File Inclusion Vulnerability iDefense Labs
Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) David Litchfield
REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability jesper . jurcenoks
[ MDKSA-2006:219 ] - Updated tar packages fix vulnerability security
Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability Secunia Research
SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability Mike Prosser
OWASP JBroFuzz 0.3 Fuzzer Released! subere
RE: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Shawn Fitzgerald
New Windows tool - PWDumpX v1.0 Reed Arvin
Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities jesper . jurcenoks
[Aria-Security Team] FipsSHOP SQL Injection Advisory
Potentially OT: AJAX article clappymonkey
Re: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability Stuart Moore
[USN-388-1] KOffice vulnerability Kees Cook
[USN-389-1] GnuPG vulnerability Kees Cook

Thursday, 30 November

[SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities Moritz Muehlenhoff
[ MDKSA-2006:217-1 ] - Updated proftpd packages fix vulnerabilities security
Secunia Research: MailEnable IMAP Service Two Vulnerabilities Secunia Research
[security bulletin] HPSBUX02153 SSRT061181 rev.2 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert
[USN-390-1] evince vulnerability Kees Cook
Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION blueshisha
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS mr_kaliman
Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability ajannhwt
Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability infection
[ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code Raphael Marichez
Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability Dude VanWinkle
safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow) Solar Designer
contentserv 4.x capt . nem0
LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability ajannhwt
iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability iDefense Labs
LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities jesper . jurcenoks
PreviousPrevious period
Next periodNext