Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
704 messages
starting Jan 01 07 and
ending Jan 31 07
Date index |
Thread index |
Author index
Monday, 01 January
Spooky Login Multiple HTML Injection Vulnerability DoZ
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow 76693223
Re: PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service Collin R. Mulliner
Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files gregory_panakkal
WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow Vulnerability 76693223
PHPIrc_bot <= Remote File Include zooz_998
vBulletin vCard PRO XSS exexp
Re: PlatinumFTP 1.0.18 remote DoS info
[NGSEC] ngGame #3 - BrainStorming labs@NGSEC
BattleBlog Database Download Vulnerability Advisory
Kerio Fake 'iphlpapi' DLL injection Vulnerability Matousec - Transparent security Research
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash
golden book XSS sn0oPy . team
rblog Database Download Vulnerability Advisory
ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution sapheal
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson
AShop Shopping Cart Multiple XSS Vulnerabilities DoZ
[OpenPKG-SA-2007.001] OpenPKG Security Advisory (cacti) OpenPKG GmbH
Mozilla Firefox 2.0 denial of service vulnerability sapheal
Re: Mozilla Firefox 2.0 denial of service vulnerability Jeroen Massar
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Tino Wildenhain
Re: Re: Mozilla Firefox 2.0 denial of service vulnerability sapheal
Re: XSS with Vbulletin (new idea !) marco . van . herwaarden
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Chad Maron
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison
Dailymotion password reset vulnerability daftrix
Welcome to Pwndertino... K F (lists)
Tuesday, 02 January
Re: [Full-disclosure] simplog 0.9.3.2 SQL injection str0ke
Re: [Full-disclosure] simplog 0.9.3.2 SQL injection Javor Ninov
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution sapheal
lblog Remote Password Disclosure Advisory
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson
Openforum Remote password Disclosure Advisory
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed
AspBB Remote Password Disclosure Advisory
Re: PHP as a secure language? PHP worms? Duncan Simpson
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison
RE: PHP as a secure language? PHP worms? Jim Harrison
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes
Windows Vista 64bits and unexported kernel symbols Matthieu Suiche
[ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities security
Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit kadaj-diabolik
rPSA-2006-0234-2 firefox thunderbird rPath Update Announcements
Windows NT Message Compiler 1.00.5239 arbitrary code execution sapheal
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed
[ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit wihl
Wednesday, 03 January
Whos Johny Pwnerseed? K F
Re: [USN-398-1] Firefox vulnerabilities Scott
Re: Windows Vista 64bits and unexported kernel symbols Rik van Riel
GuestBook v0.3a Remote Password Disclosure Advisory
Universal XSS with PDF files: highly dangerous pdp (architect)
Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution 3APA3A
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
openmedia local read file exe_crack
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous sven . vetsch
[USN-399-1] w3m vulnerabilities Kees Cook
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
Hacking AJAX DWR Applications shulman
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities Stefano Di Paola
Re: Universal XSS with PDF files: highly dangerous ascii
WineGlass "data.mdb" Remote Password Disclosure Advisory
OpenPinboard <= Remote File Include zooz_998
Black Hat New Years Updates (Free Stuff, too!) Jeff Moss
[USN-398-1] Firefox vulnerabilities Kees Cook
WineGlass "data.mdb" Remote Password Disclosure Advisory
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access Cisco Systems Product Security Incident Response Team
Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution 3APA3A
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution chinese soup
Simple Web Content Management System SQL Injection Exploit gmdarkfig
[USN-398-2] Firefox vulnerabilities Kees Cook
Re: OpenPinboard <= Remote File Include Stefano Zanero
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Dave Ferguson
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jean-Jacques Halans
jgbbs dr . t3rr0r1st
a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Larry Seltzer
Thursday, 04 January
Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr.
Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski
CFP for RAID 2007 Jeffrey Horton
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous Juha-Matti Laurio
Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski
Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr.
Re: OpenSER OSP Module remote code execution bogdan
Re: SMS handling OpenSER remote code executing bogdan
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous bugtraq
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico
23C3 - Bluetooth hacking revisted [Summary and Code] Thierry Zoller
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake
MkPortal "All Guests are Admin" Exploit info
LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability advisories
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
Re: a cheesy Apache / IIS DoS vuln (+a question) Pieter de Boer
[vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability vulnpost-remove
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous HASEGAWA Yosuke
Re: a cheesy Apache / IIS DoS vuln (+a question) Siim Põder
Universal PDF XSS After Party pdp (architect)
RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous Larry Seltzer
Re: Universal XSS with PDF files: highly dangerous Thierry Zoller
Re: RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous Juha-Matti Laurio
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Lawrence Paul MacIntyre
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison
Re: [Full-disclosure] Universal PDF XSS After Party(posible solution) Darren Bounds
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash
SAP Security Contact Mark Litchfield
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Ronald Chmara
[ GLSA 200701-01 ] DenyHosts: Denial of Service Raphael Marichez
Re: [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution) RSnake
Wordpress <= 2.x dictionnary & Bruteforce attack kadaj-diabolik
Re: [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous RSnake
Re: a cheesy Apache / IIS DoS vuln (+a question) Rob Sherwood
[ GLSA 200701-02 ] Mozilla Firefox: Multiple vulnerabilities Raphael Marichez
Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites) NGSSoftware Insight Security Research
[ GLSA 200701-03 ] Mozilla Thunderbird: Multiple vulnerabilities Raphael Marichez
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites Florian Weimer
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Rude Yak
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites David Litchfield
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake
High Risk Vulnerability in the OpenOffice and StarOffice Suites NGSSoftware Insight Security Research
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Martin O'Neal
Concurrency strikes MSIE (potentially exploitable msxml3 flaws) Michal Zalewski
DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' K F (lists)
Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski
RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) Larry Seltzer
RE: Universal PDF XSS After Party(posible solution) Noe Espinoza M.
[USN-398-3] Firefox theme regression Kees Cook
Perforce client: security hole by design Ben Bucksch
SAP Security Mark Litchfield
Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous rudeyak
CMS Made Simple non-permanent XSS nanoymaster
RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) Michal Zalewski
Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites Pete Connolly
Friday, 05 January
[USN-401-1] D-Bus vulnerability Kees Cook
[USN-400-1] Thunderbird vulnerabilities Kees Cook
MkPortal Admin XSS info
IG Shop remote code execution asdfj38
IG Calendar SQL Injection asdfj38
Uber Uploader 4.2 Arbitrary File Upload Vulnerability null_hack
Intranet Open Source Remote Password Disclosure "intranet.mdb" Advisory
Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability Stefan Esser
Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit gmdarkfig
iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability iDefense Labs
[DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue Uwe Hermann
[DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue Uwe Hermann
RI Blog 1.3 XSS Vuln. ShaFuq31
Re: SAP Security Contact Fritz . Bauspiess
Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability Stefan Esser
Multiple bugs in EditTag nj
[USN-402-1] Avahi vulnerability Kees Cook
Flog 1.1.2 Remote Admin Password Disclosure corrado . liotta
iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability iDefense Labs
Kolayindir Download (Yenionline) (tr) SqL Injection Vuln. ShaFuq31
[OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2) OpenPKG GmbH
ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability zdi-disclosures
Saturday, 06 January
iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability iDefense Labs
Re: SAP Security Contact Thor (Hammer of God)
[OpenPKG-SA-2007.003] OpenPKG Security Advisory (drupal) OpenPKG GmbH
fetchmail security announcement 2006-03 (CVE-2006-5974) Matthias Andree
fetchmail security announcement 2006-02 (CVE-2006-5867) Matthias Andree
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Systems Product Security Incident Response Team
ohhASP Remote Password Disclosure Advisory
Yet Another Link Directory v1.0 lunY
[OpenPKG-SA-2007.004] OpenPKG Security Advisory (fetchmail) OpenPKG GmbH
Fix & Chips CMS v1.0 luny
shopstorenow (orange.asp) sql injection emel_gw_ini
FON Router allows anonymous web access l . friedrichs
[OpenPKG-SA-2007.005] OpenPKG Security Advisory (wordpress) OpenPKG GmbH
Monday, 08 January
Re: OpenPinboard <= Remote File Include jgraef
0trace - traceroute on established connections Michal Zalewski
Re: [Full-disclosure] 0trace - traceroute on established connections Michal Zalewski
@lex Guestbook <= 4.0.2 Remote Command Execution Exploit gmdarkfig
AJLogin v3.5 Remote Password Disclosure Vulnerability beks
EMembersPro 1.0 Remote Password Disclosure Vulnerability beks
MitiSoft Remote Password Disclosure Vulnerability beks
M-Core Remote Password Disclosure Vulnerability beks
HarikaOnline v2.0 Remote Password Disclosure Vulnerability beks
Webulas Remote Password Disclosure Vulnerability beks
Uguestbook Remote Password Disclosure Vulnerability beks
NUNE News Script (custom_admin_path) Remote File Include Vulnerablity xorontr
[SECURITY] [DSA 1245-1] New proftpd packages fix denial of service Moritz Muehlenhoff
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Dayfox Blog Remote File Include Vuln. ShaFuq31
Re: Perforce client: security hole by design The Fungi
GeoBB Georgian Bulletin Board Remote File Include Vuln. ShaFuq31
Re: SAP Security Contact Ansgar -59cobalt- Wiechers
TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling Lolek of TK53
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Martin O'Neal
MKPortal Full Path Disclosure info
Re: Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous rudeyak
HP Multiple Products PML Driver Local Privilege Escalation Sowhat
magic photo storage website Remote File Inclusion k1tk4t
QASEC Announcement: Writing Software Security Test Cases bugtraq
Packeteer PacketWise CLI overflow DoS kian . mohageri
Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous pdp (architect)
[SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution Martin Schulze
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect)
rPSA-2007-0001-1 openoffice.org rPath Update Announcements
Re: Universal XSS with PDF files: highly dangerous Jeff Williams
[SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service Noah Meyerhans
Re: Sun java System Messenger Express XSS b2wang
cisco nac bypass vulnerability - cisco trust agent thorben schroeder
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Martin O'Neal
Vendor guidelines regarding security contacts Steven M. Christey
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
createauction (cats.asp) Remote SQL Injection Vulnerability emel_gw_ini
Re: cisco nac bypass vulnerability - cisco trust agent Stefano Zanero
GForge Cross Site Scripting vulnerability jose . palanco
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Manico
Re: Vendor guidelines regarding security contacts security curmudgeon
[ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability security
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake
RFID open source library - RFIDIOt code release - version 0.1k Adam Laurie
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake
Cracking Steganography Application in less than ONE minute thesinoda
Re: a cheesy Apache / IIS DoS vuln (+a question) Gadi Evron
Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) socket69
Re: SAP Security Contact Nicob
Re: FON Router allows anonymous web access Thierry Zoller
Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Guy Podjarny
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein
Tuesday, 09 January
[ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability security
[KDE Security Advisory] ksirc Denial of Service vulnerability Dirk Mueller
Re: OpenPinboard <= Remote File Include Steven M. Christey
Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability recklessb
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Tom Stripling
Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit yorn
ppc engine Multiple file inclusion emel_gw_ini
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Brian Eaton
Re: SAP Security Contact Stan Bubrouski
Sina UC ActiveX Multiple Remote Stack Overflow Sowhat
Re: Universal XSS with PDF files: highly dangerous The Anarcat
Re: [Full-disclosure] 0trace - traceroute on established connections Alessandro Dellavedova
magic photo storage website Multiple Remote File Inclusion emel_gw_ini
Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr.
Re: [Full-disclosure] 0trace - traceroute on established connections Michal Zalewski
rPSA-2007-0003-1 fetchmail rPath Update Announcements
Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico
[USN-403-1] X.org vulnerabilities Kees Cook
Re: [DCC SPAM] 0trace - traceroute on established connections Lance James
MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer Tom Yu
MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers Tom Yu
Re: Cracking Steganography Application in less than ONE minute Michal Spadlinski
iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability iDefense Labs
iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability iDefense Labs
[USN-404-1] MadWifi vulnerability Kees Cook
Easy Banner Pro Version 2.8 <= Remote File Inclusion stormhacker
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Tom Spector
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Marvin Simkin
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice Williams, James K
Circumventing CSFR Form Token Defense Jim Manico
rPSA-2007-0004-1 bzip2 rPath Update Announcements
rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements
iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability iDefense Labs
[ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities security
iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability iDefense Labs
iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability iDefense Labs
edit-x ecommerce (include_dir) Remote File include emel_gw_ini
Wednesday, 10 January
iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability iDefense Labs
slocate leaks filenames of protected directories steven
Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite Piotr Bania
[OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos) OpenPKG GmbH
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Ralph Angenendt
Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: DLSw Vulnerability Cisco Systems Product Security Incident Response Team
iDefense Q-1 2007 Challenge contributor
[ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability security
A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) thesinoda
Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability null_hack
Re: [Full-disclosure] 0trace - traceroute on established connections Jon Oberheide
VLC Format String Vulnerability also in XINE Sven . Czaja
[ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities Raphael Marichez
Re: slocate leaks filenames of protected directories Dennis Jackson
CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability ahmed_labib_hilmy
Re: SAP Security Contact Nick Boyce
Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq
Re: Circumventing CSFR Form Token Defense Florian Weimer
Re: SAP Security Contact Thor (Hammer of God)
A Major design Bug in Camouflage 1.2.1 (latest) thesinoda
sazcart v1.5 (cart.php) Remote File include emel_gw_ini
Re: Circumventing CSFR Form Token Defense bugtraq
Re: Circumventing CSFR Form Token Defense Peter Watkins
Re: Vendor guidelines regarding security contacts Chris Wysopal
VMware ESX server security updates VMware Security team
Thursday, 11 January
DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS K F (lists)
Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) Dave "No, not that one" Korn
[ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability security
[ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability security
Re: Vendor guidelines regarding security contacts Juha-Matti Laurio
[ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability security
Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability advisories
WMF CreateBrushIndirect vulnerability (DoS) Alexander Sotirov
Xine-ui format string Vulnerabilties. saik0pod
Jshop Server 1.3 irvian
Re: SAP Security Contact Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) hlangos-bugtraq
phpBB (privmsg.php) XSS Exploit info
RE: Circumventing CSFR Form Token Defense James C. Slora Jr.
Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability Calyptix Advisories
Re: slocate leaks filenames of protected directories Ben Wheeler
FreeBSD Security Advisory FreeBSD-SA-07:01.jail FreeBSD Security Advisories
rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements
ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability zdi-disclosures
ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability zdi-disclosures
[security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files security-alert
LayerOne 2007 CFP Announced Layer One
ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability zdi-disclosures
easy-content filemanager hackerbinhphuoc
[USN-405-1] fetchmail vulnerability Kees Cook
Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability info
[ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities security
[security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code security-alert
Re: Perforce client: security hole by design Crispin Cowan
LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability advisories
Nwom topsites v3.0 lunY
Friday, 12 January
LunarPoll (PollDir) Remote File Include Vulnerabilities ilkerKandemir
Ezboxx multiple vulnerabilities. Info
xss in phpmyadmin <= 2.8.1 alfa
[ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities security
[USN-406-1] OpenOffice.org vulnerability Kees Cook
Re (3): Circumventing CSFR Form Token Defense bugtraq
Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue advisories
Web Honeynet Project: announcement, exploit URLs this Wednesday Gadi Evron
Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability] Lubomir Kundrak
Re: Vendor guidelines regarding security contacts Ben Bucksch
Re: [Full-disclosure] Web Honeynet Project: announcement, bugtraq
Micro CMS <= 3.5 Remote File Include Exploit ilkerKandemir
Re: slocate leaks filenames of protected directories Dave Moore
[CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities Williams, James K
Re: xss in phpmyadmin <= 2.8.1 alfa
Re: phpBB (privmsg.php) XSS Exploit neothermic
Re: [Full-disclosure] Web Honeynet Project: announcement, Gadi Evron
Wordpress disclosure of Table Prefix Weakness process
seeking comments on disclosure articles smcalearney
Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue Jim Manico
[ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Re: slocate leaks filenames of protected directories Ben Wheeler
AIOCP SQL Injection Vulnerability coloss7
AIOCP Login Bypass Vulnerability coloss7
Naig <= 0.5.2 (this_path) Remote File Include Vulnerability me you
[ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service Raphael Marichez
[ GLSA 200701-06 ] w3m: Format string vulnerability Raphael Marichez
[ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities Raphael Marichez
[ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities Raphael Marichez
Re: Vendor guidelines regarding security contacts Steven M. Christey
[SECURITY] [DSA 1248-1] New libsoup packages fix denial of service Moritz Muehlenhoff
[ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability security
Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability sapheal
Saturday, 13 January
Re: phpBB (privmsg.php) XSS Exploit neothermic
Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability maxpost
PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability paisterist
RE: seeking comments on disclosure articles Michael Scheidell
Trevorchan <= v0.7 Remote File Include Vulnerability ilkerkandemir
Monday, 15 January
Ovidentia 5.6x Series Remote File İnclude hotturk
Re: [Full-disclosure] 0trace - traceroute on established connections Robert Święcki
London DC4420 meet - Wednesday 17th January, 2007 Major Malfunction
[USN-407-1] libgtop2 vulnerability Martin Pitt
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability 3APA3A
Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability ilkerkandemir
Oracle Passwords and OraBrute paulw
Remedy Action Request System 5.01.02 - User Enumeration Davide Del Vecchio
Re: Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability recklessb
[USN-408-1] krb5 vulnerability Martin Pitt
Outpost Bypassing Self-Protection using file links Vulnerability Matousec - Transparent security Research
Jax Petition Book (languagepack) Remote File Include Vulnerabilities ilkerkandemir
wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity ilkerkandemir
InstantForum.NET Multiple Cross-Site Scripting Vulnerability DoZ
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities bmatheny
Uninformed Journal Release Announcement: Volume 6 H D Moore
[USN-409-1] ksirc vulnerability Martin Pitt
liens_dynamiques xss and admin authentification sn0oPy . team
Tuesday, 16 January
[ GLSA 200701-10 ] WordPress: Multiple vulnerabilities Raphael Marichez
Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability me you
PHPATM Remote Password Disclosure Vulnerablity nightmare
MS07-004 VML Integer Overflow Exploit LifeAsaGeek
[ MDKSA-2007:017 ] - Updated wget packages fix ftp vulnerability security
[ MDKSA-2007:015 ] - Updated cacti packages SQL injection vulnerability security
[KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability Dirk Mueller
[ MDKSA-2007:016 ] - Updated fetchmail packages fix vulnerability security
dt_guestbook version 1.0f XSS vulnerability jesper . jurcenoks
rPSA-2007-0007-1 kdenetwork rPath Update Announcements
Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability Chris Kelly
[x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit corrado . liotta
Announcement: The Cross-site Request Forgery FAQ bugtraq
Re: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability krasza
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities John McGuire
Re: Remedy Action Request System 5.01.02 - User Enumeration Davide Del Vecchio
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith
[ GLSA 200701-09 ] oftpd: Denial of Service Raphael Marichez
Re: [Full-disclosure] iDefense Q-1 2007 Challenge K F (lists)
vulnerability script indexu all versions gamr-14
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Blue Boar
rPSA-2007-0008-1 gd rPath Update Announcements
Re: [Full-disclosure] iDefense Q-1 2007 Challenge K F (lists)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Eliah Kagan
[ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability security
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability HACKPL - bugtraq/sapheal
[ GLSA 200701-11 ] Kronolith: Local file inclusion Raphael Marichez
[ GLSA 200701-12 ] Mono: Information disclosure Raphael Marichez
Re: Trevorchan <= v0.7 Remote File Include Vulnerability Stefano Zanero
SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal research
Re: WMF CreateBrushIndirect vulnerability (DoS) temp0_123
Wednesday, 17 January
ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability zdi-disclosures
Re: MS07-004 VML Integer Overflow Exploit lifeasageek
Windows logoff bug possible security vulnerability and exploit. Rage Coder
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Blue Boar
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Jim Manico
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Simon Smith
[SECURITY] [DSA 1250-1] New cacti packages fix arbitrary code execution Moritz Muehlenhoff
[ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS ISecAuditors Security Advisories
Re: [Full-disclosure] iDefense Q-1 2007 Challenge Tim Newsham
[x0n3-h4ck] myBloggie 2.1.5 XSS exploit corrado . liotta
Microsoft Help Workshop .CNT contents files buffer overflow vulnerability porkythepig
Re: Windows logoff bug possible security vulnerability and exploit. 3APA3A
Thursday, 18 January
[security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS) security-alert
[security bulletin] HPSBST02184 SSRT071296 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-001 Through MS07-004 security-alert
Multiple OS kernel insecure handling of stdio file descriptor XFOCUS Security Team
FW: [cacti-announce] Cacti 0.8.6j Released Warner Moore
CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow CYBSEC Advisories
[USN-410-1] poppler vulnerability Martin Pitt
Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability Cisco Systems Product Security Incident Response Team
Re: FW: [cacti-announce] Cacti 0.8.6j Released Steve Friedl
Re: Multiple OS kernel insecure handling of stdio file descriptor 3APA3A
[security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS) security-alert
Directory Traversal in ArsDigita Community System Elliot Kendall
[ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability security
[ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability security
[ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability security
[ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability security
Re: Multiple OS kernel insecure handling of stdio file descriptor Peter Jeremy
[ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability security
[x0n3-h4ck] sabros.us 1.7 XSS Exploit corrado . liotta
[ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability security
Re: [_SUSPEKT] - Re: [Full-disclosure] iDefense Q-1 2007 Challenge - Bayesian Filter detected spam Simon Smith
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith
Re: Windows logoff bug possible security vulnerability and exploit. Rage Coder
Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez
Friday, 19 January
EUSecWest 2007 Papers Dragos Ruiu
Re: CMS Made Simple non-permanent XSS ted
MyShoutBox Multiple Cross-Site Scripting Vulnerability DoZ
Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability dh
TSLSA-2007-0003 - multi Trustix Security Advisor
DoS against AVM Fritz!Box 7050 (and others) collin
Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop porkythepig
Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass advisory07
WzdFTPD < 8.1 Denial of service S21sec Labs
DIMVA 2007: Final Call for Papers Robin Sommer
[RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability RISE Security
Saturday, 20 January
a-forum xss sn0oPy
Re: Multiple OS kernel insecure handling of stdio file descriptor Shiva Persaud
Login Manager Multiple HTML Injections DoZ
Paypal Subscription Manager Multiple HTML Injections DoZ
SMF "index.php?action=pm" Cross Site-Scripting Advisory
Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability info
Monday, 22 January
XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ) xx_hack_xx_2004
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit luoluonet
Wiki-how path disclosure iamtheevil1
Re: [Full-disclosure] Check Point Connectra End Point security bypass Felix Lindner
Re: SMF "index.php?action=pm" Cross Site-Scripting lfx4sodas
FishCart [injection sql] saps . audit
Re: Multiple OS kernel insecure handling of stdio file descriptor Carson Gaspar
FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability me you
Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass jn
[SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution Steve Kemp
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor Troy Bollinger
XMB "U2U Instant Messenger" Cross-Site Scripting Advisory
Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass security () yospot de
XSS in Guestbook ( v.4.00 beta ) xx_hack_xx_2004
SQL Injection in Unique Ads ( UDS ) xx_hack_xx_2004
cmsimple 2.7 Remote File Include mr alkomandoz
Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability porkythepig
phpAdsNew 2.0.7 Remote File Include mr alkomandoz
PHP Link Directory XSS Vulnerability version <= 3.0.6 jussi . vuokko
Full Path Disclosure in Open-Realty ( v2.3.4 ) xx_hack_xx_2004
Fantastic News <=- (news.php) Remote File Include Vulnerability me you
Check Point Connectra End Point security bypass Roni Bachar
Re: Re: SMF "index.php?action=pm" Cross Site-Scripting alexbove
[x0n3-h4ck] bitweaver 1.3.1 XSS Exploit corrado . liotta
UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability me you
Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability me you
[ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure Matthias Geerdsen
Re: FishCart [injection sql] Michael Brennen
SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before Rolf Huisman
[ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service Raphael Marichez
[ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities Raphael Marichez
Tuesday, 23 January
[ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities Raphael Marichez
rPSA-2007-0011-1 wget rPath Update Announcements
Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting Outlaw
Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jose Avila III
Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again Mailinglists Address
[ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability security
AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability C0r3 1mp4ct
Bluetooth DoS by obex push hornung
Bluetooth DoS by obex push Armin Hornung
rPSA-2007-0012-1 ed rPath Update Announcements
xss filter to protect from xss attacks Anurag Agarwal
Re: Multiple OS kernel insecure handling of stdio file descriptor eugeny gladkih
Re: Bluetooth DoS by obex push [readable] hornung
Adobe ColdFusion Information Disclosure zck zck
[ GLSA 200701-17 ] libgtop: Privilege escalation Matthias Geerdsen
Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability nospam
Re: phpAdsNew 2.0.7 Remote File Include l . d . 0
rPSA-2007-0015-1 libsoup rPath Update Announcements
Re: Windows logoff bug possible security vulnerability and exploit. Bart ....
[ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion y3dips
rPSA-2007-0014-1 libgtop rPath Update Announcements
[ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Re: Multiple SQL injections and XSS in FishCart 3.1 michael
SUSE Security Announcement: squid (SUSE-SA:2007:012) Thomas Biege
RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur the . tiger100
Re: DoS against AVM Fritz!Box 7050 (and others) Matthias Wenzel
[ GLSA 200701-18 ] xine-ui: Format string vulnerabilities Raphael Marichez
[ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities security
[ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation Raphael Marichez
subscribe (pwd.txt) Remote Password Disclosur the . tiger100
rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements
[USN-411-1] libsoup vulnerability Kees Cook
PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability ProCheckUp Research
Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability me you
SUSE Security Announcement: xine (SUSE-SA:2007:013) Thomas Biege
Wednesday, 24 January
[ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities security
[ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling Raphael Marichez
[USN-412-1] GeoIP vulnerability Kees Cook
[USN-413-1] BlueZ vulnerability Kees Cook
Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Robert Tasarz
[Aria-Security Team] MyBB Cross-Site Scripting Advisory
Toxiclab Shoutbox Password Disclosure Vulnerability beks
Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow Secunia Research
Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow Secunia Research
[CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities Williams, James K
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability mail
ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability me you
Maxtricity Tagger Password Disclosure Vulnerability beks
Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability Stefano Zanero
Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability Stefano Zanero
Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow Secunia Research
Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: IPv6 Routing Header Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Crafted IP Option Vulnerability Cisco Systems Product Security Incident Response Team
[OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed Matteo Beccati
Re: phpAdsNew 2.0.7 Remote File Include matteo
Weaknesses in Pingback Design bmatheny
[ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution Matthias Geerdsen
DoS against Telligent Community Server bmatheny
[security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access security-alert
ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability zdi-disclosures
Multiple Remote Vulnerabilities in Wordpress bmatheny
Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT Team SHATTER
Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE Team SHATTER
Thursday, 25 January
Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME Team SHATTER
Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY Team SHATTER
Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD Team SHATTER
[CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities Williams, James K
Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL Team SHATTER
[USN-414-1] Squid vulnerabilities Kees Cook
Remove all admin->root authorization prompts from OSX K F (lists)
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability bounce
rPSA-2007-0019-1 gtk rPath Update Announcements
ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability ajannhwt
Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity xorontr
uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability ajannhwt
EzDatabase Multiple Cross-Site Scripting Vulnerability DoZ
ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability ajannhwt
Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability str0ke
makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability ajannhwt
BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.] Lebbeous Weekley
Aztek Forum 4.1 Multiple Vulnerabilities Exploit gmdarkfig
phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability me you
[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability corrado . liotta
[x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability corrado . liotta
GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability ajannhwt
[NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery] Netragard Security Advisories
Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL Steven M. Christey
[ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities Matthias Geerdsen
The certification password of Internet Explorer 7 and operation of auto complete support
Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux Sebastian Wolfgarten
high5 Review script Security Risk anon
RE: Remove all admin->root authorization prompts from OSX Marvin Simkin
Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability C0r3 1mp4ct
Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit gmdarkfig
Re: Remove all admin->root authorization prompts from OSX A. Shaw
Vulnerability disclosure comments Shawna McAlearney
Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME Steven M. Christey
Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities DoZ
Re: [Full-disclosure] 0trace - traceroute on established connections Jon Oberheide
Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability anonym
RubyGems 0.9.0 and earlier installation exploit Eric Hodel
Medium Risk Vulnerability in PGP Desktop NGSSoftware Insight Security Research
Re: [Full-disclosure] rPSA-2007-0011-1 wget Ron DuFresne
Friday, 26 January
[USN-410-2] teTeX vulnerability Kees Cook
[ GLSA 200701-24 ] VLC media player: Format string vulnerability Matthias Geerdsen
[OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed Matteo Beccati
Movable Type <= 3.33 XSS Exploit teracci2002
Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting sirdarckcat
[ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities security
Re: SMF "index.php?action=pm" Cross Site-Scripting Lise Moorveld
[ GLSA 200701-23 ] Cacti: Command execution and SQL injection Matthias Geerdsen
Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger hainamluke
PHP Membership Manager Cross-Site Scripting Vulnerability DoZ
FdScript <= v1.3.2 Remote File Disclosure Vulnerability ajannhwt
S21sec-034-en: Cisco VTP DoS vulnerability S21sec Labs
iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability iDefense Labs
Re: Remove all admin->root authorization prompts from OSX Baptiste Malguy
Re: Remove all admin->root authorization prompts from OSX Ben Bucksch
Re: Remove all admin->root authorization prompts from OSX John Smith
rPSA-2007-0021-1 bind bind-utils rPath Update Announcements
rPSA-2007-0020-1 rmake rPath Update Announcements
Dexia website security alert Jos Kirps
Saturday, 27 January
WS_FTP 2007 Professional SCP handling format string vulnerability Michal Bucko
Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed Matteo Beccati
[ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability security
stompy the session stomper - tool availability Michal Zalewski
Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872 Chris Travers
[USN-398-4] Firefox regression Kees Cook
Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger Outlaw
Open Conference Systems = 2.8.2 Remote File Inclusion trzindan
[ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability security
AdMentor (banners) admin SQL injection sn0oPy . team
local Calendar System v1.1 (lcStdLib.inc) Remote File Include trzindan
RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger Ahmed Sheipani
[SECURITY] [DSA 1252-1] New vlc packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
Monday, 29 January
Re: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski
[OpenPKG-SA-2007.007] OpenPKG Security Advisory (bind) OpenPKG GmbH
[SECURITY] [DSA 1254-1] New bind9 packages fix denial of service Moritz Muehlenhoff
MDPro 1.0.76 - Multiple Remote Vulnerabilities adexior
Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) Alexander Sotirov
[OpenPKG-SA-2007.008] OpenPKG Security Advisory (cvstrac) OpenPKG GmbH
Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities h4cked . eg
Re: Dexia website security alert Thierry Zoller
Fake: Open Conference Systems = 2.8.2 Remote File Inclusion bzhbfzj3001
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include Stefano Zanero
CVSTrac 2.0.0 Denial of Service (DoS) vulnerability Ralf S. Engelschall
Defeating CAPTCHAs via Averaging noreply9871234
Phorum HTML Injection Vulnerability DoZ
Re: stompy the session stomper - tool availability Rogan Dawes
gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability trzindan
AdMentor (banners) admin SQL injection sn0oPy . team
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski
Re: Phorum HTML Injection Vulnerability brian
Re: Windows logoff bug possible security vulnerability and exploit. Rage Coder
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include Gadi Evron
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects Chris Travers
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include Stefano Zanero
[ GLSA 200701-25 ] X.Org X server: Multiple vulnerabilities Matthias Geerdsen
Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL shatter
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include Simple Nomad
Re: stompy the session stomper - tool availability Michal Zalewski
Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger 3B.Security Researcher
Re: Open Conference Systems = 2.8.2 Remote File Inclusion Stefano Zanero
VII National Computer and Information Security Conference ACIS 2007 - COLOMBIA Jeimy Cano
RBL - ASP (scripts with db) SQL injection sn0oPy . team
Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases David Litchfield
Tuesday, 30 January
[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue Uwe Hermann
rPSA-2007-0020-2 rmake rPath Update Announcements
COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched) Coseinc
Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability Clay Seaman-Kossmeyer
RBL - ASP (scripts with db) SQL injection sn0oPy . team
Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability Francesco Laurita
PhP Generic library & framework (include_path) Remote File Include Exploit umutc4n
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion bzhbfzj3001
EncapsCMS 0.3.6 (common_foot.php) Remote File Include trzindan
Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include trzindan
Re: Defeating CAPTCHAs via Averaging Alexander Klimov
[ MDKSA-2007:030 ] - Updated bind packages fix DoS vulnerabilities security
Re: BOGUS: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include Mailinglists Address
Wednesday, 31 January
Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup NGS Software Insight Security Research
Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops NGS Software Insight Security Research
OWASP JBroFuzz 0.4 Fuzzer Released! subere
Remote DOS BrightStor ARCserve Backup for Laptops & Desktops NGS Software Insight Security Research
Remote Unauthenticated Resource Exhaustion CA Mobile BackupService NGS Software Insight Security Research
Oracle 10g R2 Enterprise Manager Directory Traversal NGS Software Insight Security Research
2007 Security OPUS CFP: Closed (Agenda included) Sharkey
Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP Cisco Systems Product Security Incident Response Team
[ECHO_ADV_63$2007] Cadre remote file inclusion y3dips
Re: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include Casey Marshall
Re: Defeating CAPTCHAs via Averaging Fred Leeflang
Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include Gadi Evron
[SECURITY] [DSA 1255-1] New libgtop2 packages fix arbitrary code execution Moritz Muehlenhoff
Windows Vista and unexported kernel symbols (Part II, 32bits version) Matthieu Suiche
[ GLSA 200701-27 ] ELinks: Arbitrary Samba command execution Raphael Marichez
[ GLSA 200701-28 ] thttpd: Unauthenticated remote file access Raphael Marichez
BBED - Oracle Block Browser and Editor pete
[ GLSA 200701-26 ] KSirc: Denial of Service vulnerability Raphael Marichez
[SECURITY] [DSA 1256-1] New gtk+2.0 packages fix denial of service Moritz Muehlenhoff
Re: stompy the session stomper - tool availability Michal Zalewski
Technika - Attack Scripting Environment pdp (architect)
Re: Defeating CAPTCHAs via Averaging Lou Katz