Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

435 messages starting May 25 07 and ending May 16 07
Date index | Thread index | Author index

242th section

Pligg critical vulnerability 242th section (May 25)

3APA3A

Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) 3APA3A (May 16)
Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability 3APA3A (May 16)
Re[2]: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
Re[2]: Medium security hole affecting DSL-G624T 3APA3A (May 04)
Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)
Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
Re: Exim 4.66 in conjunction with spamd Overflow issues 3APA3A (May 15)

abbasi

Post Nuke v4bJournal Module Sql Inject abbasi (May 02)

absamu

fotolog xss absamu (May 11)

ACROS Security

ACROS Security: Session Fixation Vulnerability in HP SIM 5.0 ACROS Security (May 18)

Adam Laurie

ANNOUNCE: RFIDIOt version 0.1m released (May 16th 2007) Adam Laurie (May 16)

aditya kuppa

Defeating Citibank Virtual Keyboard protection using screenshot method aditya kuppa (May 17)

admin

[MajorSecurity Advisory #48]eggblog - Session fixation Issue admin (May 29)
[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue admin (May 05)

aeroxteam_PLEASEDONTSPAMUS

Re: NPDS <= 5.10 - Multiple SQL injections aeroxteam_PLEASEDONTSPAMUS (May 05)
NPDS <= 5.10 - Multiple SQL injections aeroxteam_PLEASEDONTSPAMUS (May 04)

ALEMIN KRALI

W1L3D4 Philboard v0.2 sql injection ALEMIN KRALI (May 11)

Alexander Sotirov

Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) Alexander Sotirov (May 09)

announcements

WASC Announcement: Distributed Open Proxy Honeypot Project Data Released announcements (May 08)

Ansgar -59cobalt- Wiechers

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Ansgar -59cobalt- Wiechers (May 10)

balazs . zolika

Re: RE: Defeating Citibank Virtual Keyboard protection using screenshot method balazs . zolika (May 10)
Re: Re: Defeating Citibank Virtual Keyboard protection using screenshot method balazs . zolika (May 18)

bendeniz_avci

Webspeed OpenEdge Dos exploit bendeniz_avci (May 12)

binagres

Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability binagres (May 11)

BlackHawk

Inout Meta Searh engine Remote Code Execution BlackHawk (May 28)

Blazej Miga

Apache httpd vulenrabilities Blazej Miga (May 29)

Bojan Zdrnja

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Bojan Zdrnja (May 17)
Re: Defeating Citibank Virtual Keyboard protection using screenshot method Bojan Zdrnja (May 16)

bugtraq

[tool] Etherbat - Ethernet topology discovery bugtraq (May 30)

c0ntexb

Re: Magic iso heap over flow <Help> c0ntexb (May 23)

calcite

Exim 4.66 in conjunction with spamd Overflow issues calcite (May 14)

chiweeman

Re: fx-APP Version 0.0.8.1 chiweeman (May 28)

ciri

OTRS <= 2.0.x XSS/XSRF ciri (May 07)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Vulnerability In Crypto Library Cisco Systems Product Security Incident Response Team (May 22)
Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server Cisco Systems Product Security Incident Response Team (May 09)
Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances Cisco Systems Product Security Incident Response Team (May 02)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets Cisco Systems Product Security Incident Response Team (May 22)

come2waraxe

[waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5 come2waraxe (May 23)
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 come2waraxe (May 22)

Cornelius Riemenschneider

SQL-Injection in IP-TRACKING Mod for phpBB2.0.x Cornelius Riemenschneider (May 22)

corrado . liotta

Mini Web Shop v.2 Vulnerable to XSS corrado . liotta (May 07)
GMTT Music Distro 1.2 XSS Exploit corrado . liotta (May 22)

crazy frog crazy frog

Re: Pligg critical vulnerability crazy frog crazy frog (May 26)

crossbower

I, Bot. Taking advantage of robots power (Article) crossbower (May 16)

Daniele Calore

Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation Daniele Calore (May 09)

Dann Frazier

[SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities Dann Frazier (May 02)

David Cantrell

Re: Apple Safari on MacOSX may reveal user's saved passwords David Cantrell (May 16)
Re: Apple Safari on MacOSX may reveal user's saved passwords David Cantrell (May 17)

Davide Del Vecchio

Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) Davide Del Vecchio (May 16)
Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) Davide Del Vecchio (May 15)

David Gillett

RE: Defeating Citibank Virtual Keyboard protection using screenshot method David Gillett (May 10)

David Litchfield

Oracle Forensics Part 4: Live Response David Litchfield (May 22)

Debasis Mohanty

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Debasis Mohanty (May 10)

diabol the japanophile

Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) diabol the japanophile (May 25)

DoZ

Aardvark Topsites PHP Directory Disclosure Vulnerability DoZ (May 03)

e1c4

Kayako eSupport v3.00.90 Cross Site Scripting (XSS) e1c4 (May 07)

Eduardo Tongson

Re: [Full-disclosure] Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) Eduardo Tongson (May 22)

Eli Dart

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Eli Dart (May 10)

erdc

[ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (wpPATH) Remote File Inclusion Vulnerability erdc (May 02)
[ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclusion Vulnerability erdc (May 02)

expw0rm

ifdate 2.* unauthorized administrative access bug expw0rm (May 14)

Fatih Ozavci

GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability Fatih Ozavci (May 15)

Florian Weimer

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Florian Weimer (May 10)

Foresight Linux Essential Announcement Service

FLEA-2007-0022-1: file Foresight Linux Essential Announcement Service (May 24)
FLEA-2007-0018-1: libpng Foresight Linux Essential Announcement Service (May 17)
FLEA-2007-0017-1: samba Foresight Linux Essential Announcement Service (May 15)
FLEA-2007-0020-1: freetype Foresight Linux Essential Announcement Service (May 24)
FLEA-2007-0019-1: python Foresight Linux Essential Announcement Service (May 22)
FLEA-2007-0023-1: firefox Foresight Linux Essential Announcement Service (May 31)
FLEA-2007-0016-1: kernel Foresight Linux Essential Announcement Service (May 08)
FLEA-2007-0021-1: madwifi Foresight Linux Essential Announcement Service (May 24)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-07:04.file FreeBSD Security Advisories (May 23)

g0rk3m-31

Zindizayn Okul Web Sistemi v1.0 Sql VulnZ. g0rk3m-31 (May 26)

Gadi Evron

Re: Broadband routers and botnets - being proactive Gadi Evron (May 15)
Re: Defeating Citibank Virtual Keyboard protection using screenshot method Gadi Evron (May 09)
Broadband routers and botnets - being proactive Gadi Evron (May 12)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Gadi Evron (May 09)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Gadi Evron (May 10)

Gerald (Jerry) Carter

[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability Gerald (Jerry) Carter (May 14)
[SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation Gerald (Jerry) Carter (May 14)
[SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution Gerald (Jerry) Carter (May 14)

Glynn Clements

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Glynn Clements (May 15)

gmdarkfig

Nuked-klaN 1.7.6 Remote Code Execution Exploit gmdarkfig (May 05)

gobbles_fo_evar

AP Newspower software <=4.0.1 allows remote data manipulation gobbles_fo_evar (May 08)

graham . coles

Re: Apple Safari on MacOSX may reveal user's saved passwords graham . coles (May 16)
Re: Apple Safari on MacOSX may reveal user's saved passwords graham . coles (May 17)

hack2prison

eSyndiCat Input Validation Error Vulnerability hack2prison (May 18)

Hugo van der Kooij

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Hugo van der Kooij (May 12)

Ian Ward Comfort

Re: Apple Safari on MacOSX may reveal user's saved passwords Ian Ward Comfort (May 16)

iDefense Labs

iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability iDefense Labs (May 09)
iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities iDefense Labs (May 25)
iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability iDefense Labs (May 09)
iDefense Security Advisory 05.08.07: Microsoft Excel Filter Record Code Execution Vulnerability iDefense Labs (May 09)
iDefense Security Advisory 05.24.07: Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability iDefense Labs (May 24)
iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability iDefense Labs (May 09)
iDefense Security Advisory 05.10.07: Novell NetMail NMDMC Buffer Overflow Vulnerability iDefense Labs (May 10)
iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability iDefense Labs (May 02)
iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability iDefense Labs (May 07)
iDefense Security Advisory 05.23.07: Opera Software Opera Web Browser Transfer Item Pop-up Menu Stack Overflow Vulnerability iDefense Labs (May 23)
iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities iDefense Labs (May 01)
iDefense Security Advisory 05.08.07: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability iDefense Labs (May 09)
iDefense Security Advisory 05.10.07: Apple Darwin Streaming Proxy Multiple Vulnerabilities iDefense Labs (May 11)
iDefense Security Advisory 05.10.07: Sun Microsystems Solaris SRS Proxy Core srsexec Arbitrary File Read Vulnerability iDefense Labs (May 10)
iDefense Security Advisory 05.14.07: Samba SAMR Change Password Remote Command Injection Vulnerability iDefense Labs (May 14)
iDefense Security Advisory 05.09.07: Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability iDefense Labs (May 10)

ilkerkandemir

fipsCMS v2.1 Remote SQL injection Vulnerability ilkerkandemir (May 07)
pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability ilkerkandemir (May 07)
PHPHtmlLib <= 2.4.0 Remote File Include Exploit ilkerkandemir (May 07)
phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability ilkerkandemir (May 07)
SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability ilkerkandemir (May 03)
PHPSecurityAdmin Remote File Include Exploit ilkerkandemir (May 04)

imipak

Re: Defeating Citibank Virtual Keyboard protection using screenshot method imipak (May 15)

info

Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability info (May 09)
Re: 12All File Upload Vulnerability info (May 07)
Digital Armaments May-June-2007 Hacking Challenge: VMware info (May 09)

ISecAuditors Security Advisories

[ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass ISecAuditors Security Advisories (May 22)

Ismael Briones

NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities Ismael Briones (May 22)
Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities Ismael Briones (May 24)

jadoba

Vulnerability - cpCommerce - XSS jadoba (May 25)

James C. Slora Jr.

RE: Defeating Citibank Virtual Keyboard protection using screenshot method James C. Slora Jr. (May 11)

James Youngman

GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun) James Youngman (May 31)

Jan Heisterkamp

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Jan Heisterkamp (May 11)

jcarlos . norte

Wordpress All versions XSS jcarlos . norte (May 02)

Jean-Sébastien Guay-Leroux

Multiple vendors ZOO file decompression infinite loop DoS Jean-Sébastien Guay-Leroux (May 04)

Jeremy Epstein

Updated: webMethods Security Advisory: Glue console directory traversal vulnerability Jeremy Epstein (May 07)

Jerome Athias

Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit. Jerome Athias (May 23)

Jim Harrison

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Jim Harrison (May 09)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Jim Harrison (May 09)
RE: XSS in Microsoft SharePoint Jim Harrison (May 05)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Jim Harrison (May 09)

Johannes Greil

SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express Johannes Greil (May 09)

john

RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3 john (May 22)
VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability john (May 17)
ACP3 (v4.0b3) - Multiple Vulnerabilities john (May 05)
RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability john (May 22)
SunShop (v4) Multiple Vulnerabilities john (May 07)
UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability john (May 07)
RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities john (May 22)
RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included) john (May 17)
Bradford CampusManager v3.1(6) Sensitive Data Disclosure john (May 03)
Drake CMS (v0.4.0) - CRLF Injection Vulnerability john (May 07)
RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2 john (May 22)
RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2 john (May 19)
RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability john (May 22)
Podium CMS - Cookie Manipulation Exploit john (May 07)
RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability john (May 29)
RedLevel Advisory #016 - HLstats v1.35 Cross-Site Scripting Vulnerability john (May 19)

John McGuire

12All File Upload Vulnerability John McGuire (May 03)

Josh Zlatin-Amishav

Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 10)
Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 12)

KaCo678

Magic iso heap over flow <Help> KaCo678 (May 22)

Kees Cook

[USN-462-1] PHP vulnerabilities Kees Cook (May 23)
[USN-436-2] KTorrent vulnerability Kees Cook (May 18)
[USN-467-1] Gimp vulnerability Kees Cook (May 31)
[USN-465-1] PulseAudio vulnerability Kees Cook (May 26)
[USN-463-1] vim vulnerability Kees Cook (May 23)
[USN-460-2] Samba regression Kees Cook (May 22)
[USN-457-1] elinks vulnerability Kees Cook (May 07)
[USN-460-1] Samba vulnerabilities Kees Cook (May 16)
[USN-459-2] pptpd regression Kees Cook (May 22)
[USN-461-1] Quagga vulnerability Kees Cook (May 18)
[USN-466-1] freetype vulnerability Kees Cook (May 31)
[USN-458-1] MoinMoin vulnerabilities Kees Cook (May 08)
[USN-459-1] pptpd vulnerability Kees Cook (May 15)
[USN-456-1] net-snmp vulnerability Kees Cook (May 02)

kepledehlah

american cart 3.* (abs_path) remote file include kepledehlah (May 07)

Kevin Finisterre (lists)

Re: Apple Safari on MacOSX may reveal user's saved passwords Kevin Finisterre (lists) (May 18)

kimhm682000

Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit. kimhm682000 (May 22)

kingcope

RE: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)

lagged2hell

Re: sunshop v4 >> RFI lagged2hell (May 04)

laurent . gaffie

cpcommerce < v1.1.0 [sql injection] laurent . gaffie (May 29)
vbulletin < 3.6.6 [permanent xss] laurent . gaffie (May 16)
Re: DGNews version 2.1 SQL Injection Vulnerability laurent . gaffie (May 29)
PHP JackKnife [multiple vulnerabilities] laurent . gaffie (May 31)
Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability laurent . gaffie (May 15)

lists

Re: Mac OS X vpnd local format string lists (May 29)

ls

MyBloggie 2.1.6 SQL Injection ls (May 31)
Practicle Gallery 1.0.1 XSS ls (May 30)
Particle Blogger 1.2.1 SQL Injection ls (May 30)

Lucas, Mark J.

RE: Apple Safari on MacOSX may reveal user's saved passwords Lucas, Mark J. (May 14)

mailbox () martinelli com

Re: RFI In Script FlashChat_v479 mailbox () martinelli com (May 30)
Re: Defeating Citibank Virtual Keyboard protection using screenshot method mailbox () martinelli com (May 17)
RE: Apple Safari on MacOSX may reveal user's saved passwords mailbox () martinelli com (May 14)

Mark-David McLaughlin (marmclau)

RE: Cisco CallManager 4.1 Input Validation Vulnerability Mark-David McLaughlin (marmclau) (May 23)

Mark Senior

Re: Apple Safari on MacOSX may reveal user's saved passwords Mark Senior (May 17)

Mark Thomas

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities Mark Thomas (May 19)

Martin Schulze

[SECURITY] [DSA 1293-1] New quagga packages fix denial of service Martin Schulze (May 17)

Marvin Frick

Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities Marvin Frick (May 04)

Matousec - Transparent security Research

ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability Matousec - Transparent security Research (May 01)
Bypassing PFW/HIPS open process control with uncommon identifier Matousec - Transparent security Research (May 15)

matrix

NASA Site Bug ( Check URI Input ) matrix (May 19)

Matthew Leeds

Re[2]: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) Matthew Leeds (May 16)

M. Burnett

RE: RDP TLS downgrade M. Burnett (May 09)

Michael Domberg

Cross-Site Scripting in Adobe RoboHelp 6, Server 6 and X5 Michael Domberg (May 11)
Design Flaw in Deutsche Telekom Speedport w700v broadband router Michael Domberg (May 11)

Michal Bucko (hackpl)

Multiple vulnerabilities Michal Bucko (hackpl) (May 09)
Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability Michal Bucko (hackpl) (May 15)
Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability Michal Bucko (hackpl) (May 16)

michele dallachiesa

rtpBreak - detects, reconstructs and analyzes any RTP session michele dallachiesa (May 25)

Moritz Muehlenhoff

[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution Moritz Muehlenhoff (May 24)
[SECURITY] [DSA 1295-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 1296-1] New php4 packages fix privilege escalation Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 1284-1] New qemu packages fix several vulnerabilities Moritz Muehlenhoff (May 01)
[SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities Moritz Muehlenhoff (May 14)
[SECURITY] [DSA 1290-1] New squirrelmail packages fix cross-site scripting Moritz Muehlenhoff (May 14)
[SECURITY] [DSA 1291-3] New samba packages fix regression Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 1298-1] New otrs2 packages fix cross-site scripting Moritz Muehlenhoff (May 28)
[SECURITY] [DSA 1288-1] New pptpd packages fix denial of service Moritz Muehlenhoff (May 08)

Morning Wood

Re: [Full-disclosure] Vulnerabilities Hashes DB needed Morning Wood (May 09)

myucebox

Vulnerability in Credant Mobile Guardian Shield for Windows myucebox (May 24)

newbinaryfile

BoastMachine index.php Cross Site Scripting Vulnerability newbinaryfile (May 25)

NGSSoftware Insight Security Research

Mac OS X vpnd local format string NGSSoftware Insight Security Research (May 29)

Nick FitzGerald

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Nick FitzGerald (May 10)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Nick FitzGerald (May 11)

nnposter

Predictable TCP ISN in Packeteer PacketShaper nnposter (May 18)

Noah Meyerhans

[SECURITY] [DSA 1281-2] New clamav packages fix denial of service vulnerability Noah Meyerhans (May 22)
[SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilities Noah Meyerhans (May 01)
[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities Noah Meyerhans (May 17)
[SECURITY] [DSA 1287-1] New ldap-account-manager packages fix multiple vulnerabilities Noah Meyerhans (May 07)
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability Noah Meyerhans (May 16)
[SECURITY] [DSA 1291-1] New samba packages fix multiple vulnerabilities Noah Meyerhans (May 15)

no-reply

Radware Security Advisory - Yate 1.1.0 Denial of Service Vulnerability no-reply (May 01)

Ofer Shezaf

2nd OWASP Israel mini conference at the Interdisciplinary Center Herzliya (IDC), Monday, May 21st, 13:30 Ofer Shezaf (May 09)

Oliver Goebel

IMF 2007 - Deadline Extension Oliver Goebel (May 14)

Omar A. Herrera

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Omar A. Herrera (May 11)

OpenPKG GmbH

[OpenPKG-SA-2007.012] OpenPKG Security Advisory (samba) OpenPKG GmbH (May 17)
[OpenPKG-SA-2007.017] OpenPKG Security Advisory (ratbox) OpenPKG GmbH (May 18)
[OpenPKG-SA-2007.015] OpenPKG Security Advisory (quagga) OpenPKG GmbH (May 18)
[OpenPKG-SA-2007.013] OpenPKG Security Advisory (png) OpenPKG GmbH (May 17)
[OpenPKG-SA-2007.019] OpenPKG Security Advisory (php) OpenPKG GmbH (May 25)
[OpenPKG-SA-2007.018] OpenPKG Security Advisory (freetype) OpenPKG GmbH (May 24)

organiser () syscan org

Training Classes in SyScan'07 organiser () syscan org (May 09)

p3rlhax

squirrelmail CSRF vulnerability p3rlhax (May 10)

Paul Böhm

FINAL Call For Papers: Chaos Communication Camp 2007, Berlin Paul Böhm (May 22)

Paul Foote

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Paul Foote (May 14)

Pavel Kankovsky

Re: squirrelmail CSRF vulnerability Pavel Kankovsky (May 14)

Piotr Bania

POC CODE - TI89 Titanium Resident EPO Calculator Virus (T89.GAARA) Piotr Bania (May 22)

pito pito

Web Directory / Search Engine v2.0 Authentication Bypass/Database Download Vulne pito pito (May 25)

poplix

safari's saved password at risk poplix (May 04)
Apple Safari on MacOSX may reveal user's saved passwords poplix (May 14)
Re: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 18)
RE: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 16)
Re: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 19)
Re: RE: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 15)

preth00nker

Atomix Mp3 Buffer Overflow preth00nker (May 02)

RaeD

Remote File Include In Script impex RaeD (May 04)
RFI In Script FlashChat_v479 Raed (May 28)

Raphael Marichez

[ GLSA 200705-21 ] MPlayer: Two buffer overflows Raphael Marichez (May 30)
[ GLSA 200705-02 ] FreeType: User-assisted execution of arbitrary code Raphael Marichez (May 01)
[ GLSA 200705-17 ] Apache mod_security: Rule bypass Raphael Marichez (May 17)
[ GLSA 200705-06 ] X.Org X11 library: Multiple integer overflows Raphael Marichez (May 07)
[ GLSA 200705-22 ] FreeType: Buffer overflow Raphael Marichez (May 30)
[ GLSA 200705-01 ] Ktorrent: Multiple vulnerabilities Raphael Marichez (May 01)
[ GLSA 200705-08 ] GIMP: Buffer overflow Raphael Marichez (May 07)
[ GLSA 200705-10 ] LibXfont, TightVNC: Multiple vulnerabilities Raphael Marichez (May 08)
[ GLSA 200705-07 ] Lighttpd: Two Denials of Service Raphael Marichez (May 07)
[ GLSA 200705-25 ] file: Integer overflow Raphael Marichez (May 31)
[ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation Raphael Marichez (May 26)
[ GLSA 200705-09 ] IPsec-Tools: Denial of Service Raphael Marichez (May 08)
[ GLSA 200705-24 ] libpng: Denial of Service Raphael Marichez (May 31)
[ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilities Raphael Marichez (May 08)
[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities Raphael Marichez (May 31)
[ GLSA 200705-16 ] PhpWiki: Remote execution of arbitrary code Raphael Marichez (May 17)
[ GLSA 200705-19 ] PHP: Multiple vulnerabilities Raphael Marichez (May 26)
[ GLSA 200705-14 ] XScreenSaver: Privilege escalation Raphael Marichez (May 14)
[ GLSA 200705-03 ] Tomcat: Information disclosure Raphael Marichez (May 01)

rd

Remider: VNSECON 07 Call for Papers ends on June 08 rd (May 22)

retrog

IE 6 / Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) remote buffer overflow retrog (May 25)
Dart Communications PowerTCP Service Control (DartService.dll 3.1.3.3) remote buffer overflow retrog (May 24)
RunCms <= 1.5.2 debug_show.php sql injection retrog (May 04)

Reversemode

[Reversemode Advisory] VMware Products - GPF Denial of Service Reversemode (May 07)
Re: Defeating Citibank Virtual Keyboard protection using screenshot method Reversemode (May 11)
Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities Reversemode (May 04)
Re: Defeating Citibank Virtual Keyboard protection using screenshot method Reversemode (May 09)

rewterz security team

REWTERZ-20070518 - Authentication Bypass in Rational Soft's Hidden Administrator rewterz security team (May 18)

Richard Moore

Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? Richard Moore (May 23)

Robin Sommer

[Call for Participation] DIMVA 2007 Robin Sommer (May 22)

robpaveza

Windows Vista: Non-privileged code can redirect shortcuts to intercept privilege elevation requests robpaveza (May 14)

Rogan Dawes

Re: WebScarab <= 20060621-0003 cross site scripting Rogan Dawes (May 05)

Roger A. Grimes

RE: RDP TLS downgrade Roger A. Grimes (May 10)

Rogier Mulhuijzen

RE: Defeating Citibank Virtual Keyboard protection using screenshot method Rogier Mulhuijzen (May 10)
RE: Defeating Citibank Virtual Keyboard protection using screenshot method Rogier Mulhuijzen (May 16)

rPath Update Announcements

rPSA-2007-0096-1 shadow rPath Update Announcements (May 11)
rPSA-2007-0112-1 firefox thunderbird rPath Update Announcements (May 31)
rPSA-2007-0102-1 libpng rPath Update Announcements (May 17)
rPSA-2007-0094-1 cpio rPath Update Announcements (May 08)
rPSA-2007-0084-1 kernel rPath Update Announcements (May 02)
rPSA-2007-0108-1 freetype rPath Update Announcements (May 24)
rPSA-2007-0098-1 samba samba-swat rPath Update Announcements (May 15)
rPSA-2007-0092-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (May 08)
rPSA-2007-0090-1 gimp rPath Update Announcements (May 03)
rPSA-2007-0088-1 xscreensaver rPath Update Announcements (May 03)
rPSA-2007-0109-1 file rPath Update Announcements (May 24)
rPSA-2007-0085-1 lftp rPath Update Announcements (May 03)
rPSA-2007-0107-1 mysql mysql-bench mysql-server rPath Update Announcements (May 23)
rPSA-2007-0089-1 net-snmp net-snmp-utils rPath Update Announcements (May 03)
rPSA-2007-0104-1 idle python rPath Update Announcements (May 18)

samelinux

RE: Apple Safari on MacOSX may reveal user's saved passwords samelinux (May 15)

sapheal-hack.pl

Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies) sapheal-hack.pl (May 07)

sauge

Re: Progress Webspeed exploit for all releases sauge (May 31)

Secunia Research

Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability Secunia Research (May 10)
Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow Secunia Research (May 10)
Secunia Research: eScan Products Agent Service Command Decryption Buffer Overflow Secunia Research (May 23)

secure

Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability secure (May 16)

security

[ MDKSA-2007:102 ] - Updated php packages fix multiple vulnerabilities security (May 11)
[ MDKSA-2007:104 ] - Updated samba packages fix multiple vulnerabilities security (May 15)
n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service security (May 30)
[ MDKSA-2007:096 ] - Updated quagga packages fix DoS vulnerability security (May 02)
[ MDKSA-2007:106 ] - Updated squirrelmailpackages fix vulnerabilities security (May 19)
[ MDKSA-2007:098 ] - Updated clamav packages fix vulnerabilities security (May 09)
[ MDKSA-2007:108 ] - Updated gimp packages fix stack overflow in sunras plugin security (May 23)
n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbitrary Code Execution Advisory security (May 24)
[ MDKSA-2007:104-1 ] - Updated samba packages fix multiple vulnerabilities security (May 24)
n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory security (May 25)
[ MDKSA-2007:109 ] - Updated tetex packages fix vulnerabilities security (May 24)
n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory security (May 28)
[ MDKSA-2007:097 ] - Updated xscreensaver packages fix vulnerability security (May 03)
[ MDKSA-2007:099 ] - Updated python packages fix vulnerabilities security (May 09)
[ MDKSA-2007:100 ] - Updated bind packages fix vulnerability security (May 09)
[ MDKSA-2007:101 ] - Updated bind packages fix vulnerability security (May 10)
n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory security (May 29)
[ MDKSA-2007:105 ] - Updated fetchmail packages fix potential APOP vulnerabilities security (May 17)
[ MDKSA-2007:095 ] - Updated ktorrent packages fix vulnerability security (May 02)
[ MDKSA-2007:103 ] - Updated php packages fix multiple vulnerabilities security (May 11)
[ MDKSA-2007:107 ] - Updated evolution packages fix APOP weakness security (May 22)

security-alert

[security bulletin] HPSBTU02179 SSRT061256 rev.1 - HP Tru64 UNIX Running the ps command, Local Disclosure of Sensitive Information security-alert (May 03)
[security bulletin] HPSBGN02189 SSRT071297 rev.3 - ServiceGuard for Linux, Remote Unauthorized Access security-alert (May 14)
[security bulletin] HPSBTU02209 SSRT071323 rev.1 - HP Tru64 UNIX Running Secure Shell (SSH), Remote Unauthorized Identification of Valid Users security-alert (May 17)
[security bulletin] HPSBST02214 SSRT071422 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-023 to MS07-029 security-alert (May 17)
[security bulletin] HPSBTU02116 SSRT061135 rev.3 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS) security-alert (May 03)
[security bulletin] HPSBUX02087 SSRT4728 rev.5 - HP-UX running TCP/IP Remote Denial of Service (DoS) security-alert (May 29)
[security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation security-alert (May 08)
[security bulletin] HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution security-alert (May 08)
[security bulletin] HPSBUX01137 SSRT5954 rev.10 - HP-UX Running TCP/IP (IPv4), Remote Unauthorized Denial of Service (DoS) security-alert (May 03)
[security bulletin] HPSBMI02210 SSRT071396 rev.2 - ProCurve Series 9300m Switches, Remote Denial of Service (DoS) security-alert (May 14)
[security bulletin] HPSBMA02213 SSRT061214 rev.1 - HP Systems Insight Manager (SIM) for Windows, Remote Privileged Access and Arbitrary Code Execution security-alert (May 17)
[security bulletin] HPSBUX02217 SSRT071337 rev.1 - HP-UX running Kerberos, Remote Arbitrary Code Execution security-alert (May 22)
[security bulletin] HPSBMI02210 SSRT071396 rev.1 - ProCurve Series 9300m Switches, Remote Denial of Service (DoS) security-alert (May 03)
[security bulletin] HPSBPI02185 SSRT071290 rev.2 - HP Jetdirect Running ftp, Remote Denial of Service (DoS) security-alert (May 03)

security curmudgeon

Re: nucleus 3.22 >> RFI security curmudgeon (May 07)

securityresearch

Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities securityresearch (May 08)
SonicBB version 1.0 Multiple SQL Injection Vulnerabilities securityresearch (May 14)
SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities securityresearch (May 14)
MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities securityresearch (May 14)
Jetbox CMS version 2.1 XSS Attack Vulnerability securityresearch (May 22)
DGNews version 2.1 XSS Attack Vulnerability securityresearch (May 28)
Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability securityresearch (May 08)
Jetbox CMS version 2.1 E-Mail Injection Vulnerability securityresearch (May 15)
myEvent version 1.6 Multiple Path Disclosure Vulnerabilities securityresearch (May 28)
Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities securityresearch (May 22)
DGNews version 2.1 Path Disclosure Vulnerability securityresearch (May 28)
DGNews version 2.1 SQL Injection Vulnerability securityresearch (May 28)
SonicBB version 1.0 XSS Attack Vulnerabilities securityresearch (May 14)
Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities securityresearch (May 22)
Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities securityresearch (May 08)

Seth

Re: Defeating Citibank Virtual Keyboard protection using screenshot method Seth (May 15)

sethb

Re: Defeating Citibank Virtual Keyboard protection using screenshot method sethb (May 17)

sflist

Uninformed Journal Release Announcement: Volume 7 sflist (May 14)

shadown

Re: [Dailydave] Vulnerabilities Hashes DB needed shadown (May 09)

skillTube.com

Vulnerability in InterVations' MailCopa skillTube.com (May 02)

software

RDP TLS downgrade software (May 09)

Solarius

Re: XSS in Microsoft SharePoint Solarius (May 14)

spriteversus

ImI image file inclusion in script upload spriteversus (May 15)

Stefan Friedli

Cisco CallManager 4.1 Input Validation Vulnerability Stefan Friedli (May 23)

Stefano

Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Stefano (May 10)

stephen joseph butler

Re: Apple Safari on MacOSX may reveal user's saved passwords stephen joseph butler (May 16)

Steven M. Christey

Re: Podium CMS - Cookie Manipulation Exploit Steven M. Christey (May 09)

Sune Kloppenborg Jeppesen

[ GLSA 200705-15 ] Samba: Multiple vulnerabilities Sune Kloppenborg Jeppesen (May 15)
[ GLSA 200705-13 ] ImageMagick: Multiple buffer overflows Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200705-04 ] Apache mod_perl: Denial of Service Sune Kloppenborg Jeppesen (May 02)
[ GLSA 200705-12 ] PostgreSQL: Privilege escalation Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200705-18 ] PPTPD: Denial of Service attack Sune Kloppenborg Jeppesen (May 22)
[ GLSA 200705-05 ] Quagga: Denial of Service Sune Kloppenborg Jeppesen (May 02)

suresync

response Progress: Denial of Service attack against WebSpeed possible suresync (May 02)
Disable website access for sites running Webspeed suresync (May 02)
Multiple Denial of Service attacks possible for Webspeed OpenEdge suresync (May 11)

tchouamou

Remedy for: Remot File Include In phpexplorator_2_0 tchouamou (May 22)

technocrat

Re: NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections technocrat (May 07)

test

RE: DDOS abuse contacts test (May 22)

the_3dit0r

Simple Accessible XHTML Online News v4.6 Remote File Include Exploit the_3dit0r (May 22)
SimpGB v1.46.0 Remote File Include Exploit the_3dit0r (May 22)
webCMS_1.00 Database Disclosure Vulnerabilitiy the_3dit0r (May 25)
ABC Excel Parser Pro v4.0 Remote File Include Exploit the_3dit0r (May 22)
phpMUR Cross Site Scripting the_3dit0r (May 10)
RMForum Database Disclosure Vulnerabilitiy the_3dit0r (May 26)
phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy the_3dit0r (May 22)

thejus_mb

Security Videos thejus_mb (May 22)

the . tiger100

Re: RFI In Script FlashChat_v479 the . tiger100 (May 28)

Thierry Zoller

BTCrack 1.1 Heisec Release Thierry Zoller (May 14)

Tim Brown

Medium security hole affecting DSL-G624T Tim Brown (May 03)
Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)

Tim Newsham

Re: squirrelmail CSRF vulnerability Tim Newsham (May 11)

Tom Stracener

Q1 2007 Application Security Trends Report (Corrected Link) Tom Stracener (May 23)
Q1 2007 Application Security Trends Report Tom Stracener (May 22)

Trustix Security Advisor

TSLSA-2007-0019 - multi Trustix Security Advisor (May 25)
TSLSA-2007-0017 - multi Trustix Security Advisor (May 17)

TSRT

TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities TSRT (May 02)
TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability TSRT (May 11)
TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption TSRT (May 02)

Ulrich Keil

XSS vulnerability on various german online banking sites (sparkasse) Ulrich Keil (May 17)
Re: XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION Ulrich Keil (May 18)

v9

notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit. v9 (May 14)
Re: Magic iso heap over flow <Help> v9 (May 23)
Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities v9 (May 23)

vagrant - e-hack.org

GTP 3G © Gnuturk Portal System year=**&month= Cross-Site Scripting Vulnerability vagrant - e-hack.org (May 25)
WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW) vagrant - e-hack.org (May 24)

vagrant Pest

BoastMachine v3.0 platinum - Session İd Hacking vagrant Pest (May 22)

ville . solarius

XSS in Microsoft SharePoint ville . solarius (May 05)

VMware Security team

VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability VMware Security team (May 18)
VMSA-2007-0004 Multiple Denial-of-Service issues fixed VMware Security team (May 08)

VulnerabilityResearch

TFTPdWin 0.4.2 Server Directory Traversal Vulnerability VulnerabilityResearch (May 11)
eFileCabinet Authentication Bypass VulnerabilityResearch (May 11)

vulnpost-remove

[vuln.sg] yEnc32 Decoder Long Filename Buffer Overflow Vulnerability vulnpost-remove (May 12)

webmaster

Re: Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot - webmaster (May 22)

Williams, James K

CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe Vulnerabilities Williams, James K (May 16)
[CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities Williams, James K (May 11)

XFOCUS Security Team

XCon2007 Call For Paper XFOCUS Security Team (May 17)

xx_hack_xx_2004

Full Path Disclosure in Almnzm xx_hack_xx_2004 (May 29)
Multiple XSS in Digirez xx_hack_xx_2004 (May 25)

yashks

Defeating Citibank Virtual Keyboard protection using screenshot method yashks (May 09)
Re: Re: Defeating Citibank Virtual Keyboard protection using screenshot method yashks (May 09)

zdi-disclosures

ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability zdi-disclosures (May 15)
ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability zdi-disclosures (May 15)
ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability zdi-disclosures (May 08)
ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability zdi-disclosures (May 15)
ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability zdi-disclosures (May 08)
ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability zdi-disclosures (May 15)
ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability zdi-disclosures (May 08)
ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability zdi-disclosures (May 08)
ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability zdi-disclosures (May 11)
ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability zdi-disclosures (May 01)
ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability zdi-disclosures (May 15)

Zhihao

RE: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) Zhihao (May 16)

Previous period

Next period