Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
364 messages
starting Dec 01 07 and
ending Dec 31 07
Date index |
Thread index |
Author index
Saturday, 01 December
rPSA-2007-0255-1 nss_ldap rPath Update Announcements
DC4420 - London DEFCON chapter Christmas Party - 11th December Major Malfunction
Realplayer 11 DOS attack when processing a malformed AU file on MS Vista and XP thesinoda
Monday, 03 December
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability research
[SECURITY] [DSA 1417-1] New asterisk packages fix SQL injection Moritz Muehlenhoff
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users research
[SECURITY] [DSA 1418-1] New cacti packages fix SQL injection Thijs Kinkhorst
PR06-09: BEA Plumtree portal full version disclosure vulnerability research
Re: SQL Injection in saphp "showcat.php" security curmudgeon
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps AKS aka (0kn0ck)
sing (debian) vunlerability? Milen Rangelov
Re: SQL Injection in SaphpLesson2.0 "show.php" security curmudgeon
Lotfian Brochure and cataloge Script XSS And SQL Injection noreply
McAfee SecurityCenter Privacy Service HTML Execution Vulnerability DoZ
Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability guiness.stout
Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability imipak
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software research
[USN-550-1] Cairo vulnerability Kees Cook
Tuesday, 04 December
Snitz2000 SQL Injection: A user can gain admin level admin
[MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets Thomas Roessler
[USN-551-1] OpenLDAP vulnerabilities Jamie Strandboge
SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability Bernhard Mueller
[ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability security
[USN-549-2] PHP regression Kees Cook
[ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities security
(Re-post) ATC-08 CFP atc08
The first release of SWFIntruder is out ! Stefano Di Paola
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd) Gadi Evron
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection research
CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability CORE Security Technologies Advisories
[security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access security-alert
Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets) Thomas Roessler
Re: Powerschool 404 Admin Exposure bob
TIBCO Rendezvous Exploitation Video IRM Research
RFI and Multiple XSS in PhpMyChat beenudel1986
[USN-546-2] Firefox regression Kees Cook
Re: sing (debian) vunlerability? Moritz Muehlenhoff
Wednesday, 05 December
The recent number of unpatched QuickTime flaws is: two Juha-Matti Laurio
[USN-553-1] Mono vulnerability Kees Cook
[ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability security
rPSA-2007-0257-1 rsync rPath Update Announcements
[ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability security
Blind Sql-Injection in Joomla 1.5 RC3 beenudel1986
[USN-552-1] Perl vulnerability Kees Cook
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Michal Bucko
Opera 9.50 beta and prior remote DoS (freeze) gynvael
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability erdc
Sql Injection in wordpress 2.3.1 beenudel1986
Advisory: Cross Site Scripting in CiscoWorks Liquidmatrix Security Digest
[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution Martin Schulze
[ELEYTT] Public Advisory 05-12-2007 Michal Bucko
[SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation Thijs Kinkhorst
Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team
Re: Sql Injection in wordpress 2.3.1 alan
Re: Sql Injection in wordpress 2.3.1 shino
Firefox 2.0.0.11 INPUT Denial Of Service azizov
[ GLSA 200712-02 ] Cacti: SQL injection Pierre-Yves Rofes
ezContents Version 1.4.5 Remote File Disclosure Vulnerability. p4imi0
SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. kingoftheworld92
[ GLSA 200712-01 ] Hugin: Insecure temporary file creation Pierre-Yves Rofes
Thursday, 06 December
Aria-Security.Net: PenPals Login and search page SQL Injection no-reply
Avast! AntiVirus TAR Processing Remote Heap Corruption Sowhat
[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code security-alert
[UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability cocoruder
[SECURITY] [DSA 1421-1] New wesnoth packages fix arbitrary file disclosure Martin Schulze
SQUID-2007:2, Dec 4, 2007 Adrian Chadd
NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability NSFOCUS Security Team
Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection NetAuctionHelp Support
HITBSecConf2007 Malaysia Videos Now Available Praburaajan
[XSS] OpenNewsletter v2.5 Multipe XSS Attacks bugtraq
UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code Pierre-Yves Rofes
[Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks Sarasa
[ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow security
[USN-554-1] teTeX and TeX Live vulnerabilities Jamie Strandboge
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows zdi-disclosures
ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability zdi-disclosures
Friday, 07 December
TCP Port randomization paper Fernando Gont
[CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities Williams, James K
Potential SQL injection vulnerability in Apache::AuthCAS Matthias Bethke
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution Steve Kemp
[ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability security
Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability security curmudgeon
Re: Friend Script 2.5 - 2.4 Remote File İnclude security curmudgeon
rPSA-2007-0260-1 firefox rPath Update Announcements
Re: BellaBiblio Admin Login Bypass security curmudgeon
Re: Phorm v3.0 Remote File Upload Vulnerability security curmudgeon
[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS ISecAuditors Security Advisories
R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities advisory
[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities Steve Kemp
Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability jaakkoNOSPAM
[ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw security
Two vulnerabilities in Simple HTTPD 1.38 Luigi Auriemma
Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) Luigi Auriemma
Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Luigi Auriemma
Upload directory traversal in Easy File Sharing 4.5 Luigi Auriemma
Saturday, 08 December
Nullsoft Winamp MP4 tags Stack Overflow gforce
Windows media player 6.4 MP4 Stack Overflow 0-day gforce
[SECURITY] [DSA 1425-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
Media Player Classic 6.4.9 MP4 Stack Overflow 0-day gforce
[USN-555-1] e2fsprogs vulnerability Kees Cook
[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities Moritz Muehlenhoff
Monday, 10 December
Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection no-reply
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability brainheadbrainhead
[ GLSA 200712-09 ] Ruby-GNOME2: Format string error Pierre-Yves Rofes
Call for Papers - Security and High Performance Computing System 2008 shpcs08
Two vulnerabilities in SquirrelMail GPG plugin Tomas Kuliavas
The Cookie Tools v0.3 -- first public release michele dallachiesa
Unsanitized scripting in RoundCube webmail Tomas Kuliavas
[ GLSA 200712-06 ] Firebird: Multiple buffer overflows Pierre-Yves Rofes
CVE-2007-6205 Hanno Böck
Flat PHP Board <= 1.2 Multiple Vulnerabilities kingoftheworld92
Bitweaver XSS & SQL Injection Vulnerability DoZ
Security and hacking papers Ork
[ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities Pierre-Yves Rofes
bttlxeForum Multiple SQL Injection And Cross Site Scripting noreply
[ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code Pierre-Yves Rofes
Falt4 CMS Security Report/Advisory Mesut Timur
Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability Secunia Research
[ GLSA 200712-05 ] PEAR::MDB2: Information disclosure Pierre-Yves Rofes
[ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities Pierre-Yves Rofes
SQL injection - GestDownV1.00Beta bebe
squids ICAP implementation lacks a defer check when reading from ICAP server Martin Huter
[ GLSA 200712-07 ] Lookup: Insecure temporary file creation Pierre-Yves Rofes
Advisory: Websense XSS Vulnerability Liquidmatrix Security Digest
[SECURITY] Buffer overrun in send_mailslot() Gerald (Jerry) Carter
Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953) Stefan Kanthak
rPSA-2007-0261-1 samba samba-swat rPath Update Announcements
WordPress Charset SQL injection vulnerability (re-resend) Abel Cheung
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Rob Thompson
Multiple vulnerabilities in BarracudaDrive 3.7.2 Luigi Auriemma
Multiple vulnerabilities in BadBlue 2.72b Luigi Auriemma
Filesystem access in DOSBox 0.72 Luigi Auriemma
[USN-550-2] Cairo regression Kees Cook
[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution Moritz Muehlenhoff
WASC Announcement: The Script Mapping Project Results and Call for Participation announcements
[ GLSA 200712-10 ] Samba: Execution of arbitrary code Pierre-Yves Rofes
Dell / Dell Financial Services - Contact Justin@InfoTek
Re: Dell / Dell Financial Services - Contact Juha-Matti Laurio
ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities zdi-disclosures
Tuesday, 11 December
[ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability security
RE: TCP Port randomization paper Amit Klein
[ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities security
[SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
[ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities security
rPSA-2007-0262-1 e2fsprogs rPath Update Announcements
SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS imei Addmimistrator
PGMfuzz - a tool for testing Pragmatic General Multicast protocol implementations IRM Research
HP notebooks remote code execution vulnerability (multiple series) porkythepig
Black Hat Briefings Call for Papers jmoss
Meridian Prolog Manager Username and Plain Text Password Disclosure Prolog Error
ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability zdi-disclosures
ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption zdi-disclosures
[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting Steve Kemp
ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability zdi-disclosures
ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability zdi-disclosures
[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service Steve Kemp
[SECURITY] [DSA 1431-1] New ruby-gnome2 packages fix execution of arbitrary code Steve Kemp
Wednesday, 12 December
[ MDKSA-2007:244 ] - Updated samba packages fix vulnerability security
[SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
Cpanel Vulnerability? Francisco Pecorella
Re: TCP Port randomization paper Fernando Gont
Re: Cpanel Vulnerability? Charles Hardin
MS Office 2007: Digital Signature does not protect Meta-Data poehls
Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Matthew Leeds
iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability iDefense Labs
rPSA-2007-0264-1 mod_dav_svn subversion rPath Update Announcements
iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability iDefense Labs
Re: Re: Cpanel Vulnerability? gdfuego
Thursday, 13 December
QK SMTP Server 3 - Denial of service jplopezy
Hosting Controller - Multiple Security Bugs (Extremely Critical) admin
[security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert
RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass Hubbard, Dan
OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents poehls
[USN-550-3] Cairo regression Kees Cook
[security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) security-alert
SQL MKPortal M1.1 Rc1 Sw33t . h4cK3r
Fwd: Websense 6.3.1 Filtering Bypass The Security Community
MS Office 2007: Target of Hyperlinks not covered by Digital Signatures poehls
AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar
SECURITY: 1.4.12 Package Compromise Jon Angliss
[ GLSA 200712-11 ] Portage: Information disclosure Pierre-Yves Rofes
[ GLSA 200712-12 ] IRC Services: Denial of Service Pierre-Yves Rofes
[ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service security
+ Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 swhite
Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data webmaster () networkdefense biz
Friday, 14 December
PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991
Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls
HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert
AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar
[ISR] - Novell Groupwise client remote stack overflow silently patched. ISR-noreply
[ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities security
ANNOUNCE: SquirrelMail 1.4.13 Released Jon Angliss
POC for samba send_mailslot() x 86
Saturday, 15 December
Phpay - Local File Inclusion th3 . r00k . nospam
[security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert
Anon Proxy Server - Remote Code Execution th3 . r00k . nospam
Oreon/Centreon - Multiple Remote File Inclusion th3 . r00k . nospam
PHP RPG - Sql Injection and Session Information Disclosure. th3 . r00k . nospam
Wordpress - Broken Access Control th3 . r00k . nospam
ClubHack2007: Presentation are online now `ClubHack `
Monday, 17 December
neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006
Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug theredc0ders
ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler
Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler
PHP Security Framework: Vuln and Security Bypass gmdarkfig
jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow gforce
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code Steve Kemp
[SECURITY] [DSA 1433-1] New centericq packages fix execution of code Steve Kemp
[SECURITY] [DSA 1434-1] New mydns packages fix denial of service Thijs Kinkhorst
release uhooker v1.3 Hernan Ochoa
Re: Wordpress - Broken Access Control otto
Heap overflow in PeerCast 0.1217 Luigi Auriemma
rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements
RaidenHTTPD 2.0.19 ulang cmd exec poc exploit retrog
SurgeMail v.38k4 webmail Host header crash retrog
Uber Uploader <= 5.3.6 Remote File Upload Vulnerability sys-project
Apple OS X Software Update Remote Command Execution Moritz Jodeit
rPSA-2007-0268-1 kdebase rPath Update Announcements
Tuesday, 18 December
Re: Wordpress - Broken Access Control th3 . r00k . nospam
Rosoft Media Player 4.1.7 crash jplopezy
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability zdi-disclosures
Multiple xss in mambo 4.6.2 beenudel1986
ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability zdi-disclosures
iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit retrog
ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability zdi-disclosures
SyScan'08 Call For Paper/Training organiser () syscan org
Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991
Re: RE: TCP Port randomization paper Amit Klein
Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. carlo . feller
[security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069 security-alert
[USN-556-1] Samba vulnerability Kees Cook
iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability iDefense Labs
rPSA-2007-0269-1 kernel rPath Update Announcements
iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability iDefense Labs
Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow
AST-2007-027 - Database matching order permits host-based authentication to be ignored Security Officer
Google Toolbar Dialog Spoofing Vulnerability avivra
Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability recklessb
[ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows Robert Buchholz
[ GLSA 200712-14 ] CUPS: Multiple vulnerabilities Robert Buchholz
Wednesday, 19 December
Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls
[USN-557-1] GD library vulnerability Jamie Strandboge
smbfs and apache+php source code disclosure Maciej Gąsiorowski
Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module Cisco Systems Product Security Incident Response Team
SYMSA-2007-015 research
Array overflow in id3lib (devel CVS) Luigi Auriemma
[SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff
HP laptops Software Update tool vulnerability porkythepig
Re: Wordpress - Broken Access Control Abel Cheung
Re: Wordpress - Broken Access Control otto
xeCMS 1.x.x Remote File Disclosure Vulnerability. p4imi0
Thursday, 20 December
Black Hat Briefings Call for Papers and Happy Happy Joy Joy jmoss
[security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS) security-alert
iSupport v1.8 Local file include vulnerability ahcrew
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability mj
[Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection The-0utl4w-noreply
[security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos) security-alert
SiteScape Forum TCL injection lolo lolo
PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability sys-project
[security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access security-alert
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio
Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability nbbn
[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
Re: Design flaw in AS3 socket handling allows port probing fukami
Friday, 21 December
CFP CISIS '08 hjan
[USN-559-1] MySQL vulnerabilities Jamie Strandboge
Moodle SQL Injection root
Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio
RE: Cryptome: NSA has real-time access to Hushmail servers Jim Harrison
RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God)
Buffer-overflow in WinUAE 1.4.4 Luigi Auriemma
[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability Williams, James K
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert
Word 2003 denial of service jplopezy
America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution evanchik
Saturday, 22 December
Microsoft Office Publisher jplopezy
Re: Moodle SQL Injection foo
My Blog Rfi beenudel1986
[HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities DoZ
Re: Re: Moodle SQL Injection bar
Monday, 24 December
pdflib long filename multiple bufferoverflows poplix
Logaholic Web Analytics Software malibu . r
[CVE-2007-5342] Apache Tomcat's default security policy is too open Mark Thomas
[ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack ISecAuditors Security Advisories
Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability Mesut Timur
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 come2waraxe
Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities yannick . warnier
PHP <= 5.2.5 Safe Mode Bypass admin
Jupiter Cms Multiple Vulnerabilities admin
Buffer-overflow and format string in VideoLAN VLC 0.8.6d Luigi Auriemma
SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability sys-project
Double directory traversal in ImgSvr 0.6.21 Luigi Auriemma
Update: Clients buffer-overflow in Live for Speed 0.5X10 Luigi Auriemma
Re: PHP <= 5.2.5 Safe Mode Bypass shsuff
Unicode buffer-overflow in Zoom Player 6.00b2 Luigi Auriemma
Tuesday, 25 December
Multiple vulnerabilities in RUNCMS 1.6 by DSecRG Digital Security Research Group
TotalPlayer 3.0 .m3u crash david130490
Wednesday, 26 December
Confixx Professional RFİ erne
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities Moritz Muehlenhoff
Re: Re: PHP <= 5.2.5 Safe Mode Bypass Alireza Hassani
Re: Microsoft Office Publisher fagian
Bid 24744 ? balrog
RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio
RE: Cryptome: NSA has real-time access to Hushmail servers M. Burnett
Thursday, 27 December
Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection sys-project
XZero Community Classifieds <= v4.95.11 LFI & SQL Injection office
IPortalX Forums Cross-Site Scripting Vulnerability DoZ
Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma
[security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert
Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma
Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf
PHP -> set_time_limit brancohat
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow
Re: Multiple xss in mambo 4.6.2 Hanno Böck
Re: Cryptome: NSA has real-time access to Hushmail servers Valdis . Kletnieks
Re: Re: TotalPlayer 3.0 .m3u crash david130490
Multiple vulnerabilities in Feng 0.1.15 Luigi Auriemma
Multiple vulnerabilities in libnemesi 0.6.4-rc1 Luigi Auriemma
Re: Re: Re: TotalPlayer 3.0 .m3u crash david130490
Buffer-overflow in Extended Module Player 2.5.1 Luigi Auriemma
Re: Cryptome: NSA has real-time access to Hushmail servers Kurt Buff
Re: Cryptome: NSA has real-time access to Hushmail servers Steve Shockley
Friday, 28 December
OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities Juan Galiana
FAQMasterFlexPlus multiple vulnerabilities Juan Galiana
2z-project 0.9.6.1 Multiple Security Vulnerabilities Digital Security Research Group [DSecRG]
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities Florian Weimer
[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression Thijs Kinkhorst
[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection Thijs Kinkhorst
[SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution Thijs Kinkhorst
Buffer-overflow in CoolPlayer 217 Luigi Auriemma
Saturday, 29 December
[SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution Moritz Muehlenhoff
[ GLSA 200712-15 ] libexif: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200712-16 ] Exiv2: Integer overflow Pierre-Yves Rofes
[ GLSA 200712-17 ] exiftags: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities Robert Buchholz
[ GLSA 200712-19 ] Syslog-ng: Denial of Service Robert Buchholz
[ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities Robert Buchholz
[ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities Robert Buchholz
TK53 Advisory #2: Multiple vulnerabilities in ClamAV Lolek of TK53
CuteNews Arbitrary File Download AllVersion pawel2827
CCMS v3.1 Demo <= SQL Injection Vulnerability 0day pawel2827
Monday, 31 December
[ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities Robert Buchholz
[ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code Robert Buchholz
[ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution Pierre-Yves Rofes
Bitweaver source code disclosure, arbitrary file upload admin
Fingerprints in Astaro Security Gateway v7.1 morin . josh
[ GLSA 200712-22 ] Opera: Multiple vulnerabilities Pierre-Yves Rofes
milliscripts (dir.php) Cross-Site Scripting Vulnerability sys-project
Re: Re: Cryptome: NSA has real-time access to Hushmail servers gb
LiveCart Multiple Cross-Site Scripting Vulnerabilities DoZ
Instant Softwares DatingSite SQL Injection The-0utl4w-noreply
RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio
RE: Cryptome: NSA has real-time access to Hushmail servers Kevin Reiter
Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities oldguy
Re: Cryptome: NSA has real-time access to Hushmail servers Seth
Re: Cryptome: NSA has real-time access to Hushmail servers J. Oquendo
Re: Cryptome: NSA has real-time access to Hushmail servers mark seiden-via mac
RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God)
[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise zinho
RE: Cryptome: NSA has real-time access to Hushmail servers Craig Wright
Re: Cryptome: NSA has real-time access to Hushmail servers Rob Thompson
Re: Cryptome: NSA has real-time access to Hushmail servers Jay Hennigan