Bugtraq: by thread
443 messages
starting Jan 01 08 and
ending Jan 31 08
Date index |
Thread index |
Author index
- Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search Audun Larsen (Jan 01)
- MODx CMS Source code disclosure, local file inclusion admin (Jan 02)
- XSS Vulnerabilities in Common Shockwave Flash Files rich cannings (Jan 02)
- Buffer-overflow and format string in White_Dune 0.29beta791 Luigi Auriemma (Jan 02)
- phpBB2 2.0.22 Cross Site Scripting Vulnerability bugtraq (Jan 02)
- <Possible follow-ups>
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic (Jan 03)
- Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability admin (Jan 03)
- Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic (Jan 03)
- AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability Aufmuth Andreas (Jan 04)
- Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 Luigi Auriemma (Jan 02)
- AST-2008-001: Crash from transfer using BYE with Also header Asterisk Security Team (Jan 02)
- Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra (Jan 03)
- [security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert (Jan 03)
- xss in w3-msql error page vivek_infosec (Jan 03)
- [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities security (Jan 03)
- Re: Cryptome: NSA has real-time access to Hushmail servers John Simpson (Jan 03)
- <Possible follow-ups>
- Re: Cryptome: NSA has real-time access to Hushmail servers Lee Dilkie (Jan 03)
- RE: Re: Cryptome: NSA has real-time access to Hushmail servers M. Burnett (Jan 03)
- RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras (Jan 03)
- RE: Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf (Jan 03)
- Re: Latest round of web hacking incidents for 2007 & Project news Peter Watkins (Jan 03)
- Re: Latest round of web hacking incidents for 2007 & Project news s f (Jan 04)
- rPSA-2008-0001-1 dovecot rPath Update Announcements (Jan 03)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 03)
- <Possible follow-ups>
- Re: rPSA-2008-0001-1 dovecot Steven M. Christey (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves (Jan 04)
- Re: rPSA-2008-0001-1 dovecot Jonathan Smith (Jan 04)
- [SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service Moritz Muehlenhoff (Jan 03)
- multiple CAPTCHA automation test bypass digest 3APA3A (Jan 03)
- [SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 03)
- securityvulns.com russian vulnerabilities digest 3APA3A (Jan 03)
- [SECURITY] [DSA 1446-1] New wireshark packages fix denial of service Moritz Muehlenhoff (Jan 03)
- [SECURITY] [DSA 1445-1] New maradns packages fix denial of service Moritz Muehlenhoff (Jan 03)
- [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 03)
- rPSA-2008-0004-1 tshark wireshark rPath Update Announcements (Jan 03)
- FortiGuard: URL Filtering Application Bypass Vulnerability Danux (Jan 04)
- Re: FortiGuard: URL Filtering Application Bypass Vulnerability 3APA3A (Jan 04)
- Multiple vulnerabilities in yaSSL 1.7.5 Luigi Auriemma (Jan 04)
- SinFP fingerprinting tool online demo GomoR (Jan 18)
- Some DoS in some telnet servers Luigi Auriemma (Jan 04)
- Pre-auth buffer-overflow in mySQL through yaSSL Luigi Auriemma (Jan 04)
- iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability iDefense Labs (Jan 04)
- rPSA-2008-0006-1 libexif rPath Update Announcements (Jan 05)
- INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT underwater (Jan 05)
- NetRisk 1.9.7 Remote File Inclusion Vulnerability erne (Jan 05)
- [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error Steve Kemp (Jan 05)
- [ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service security (Jan 05)
- rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (Jan 05)
- [SECURITY] [DSA 1450-1] New util-linux packages fix programming error Steve Kemp (Jan 05)
- [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code Steve Kemp (Jan 05)
- rPSA-2008-0008-1 cups rPath Update Announcements (Jan 05)
- [SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution Steve Kemp (Jan 05)
- Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 Robbie Gill (Jan 05)
- vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn (Jan 07)
- Re: vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn (Jan 07)
- eTicket 1.5.5.2 Multiple Vulnerabilities L4teral (Jan 07)
- [HSC] Snitz Forums Multiple Vulnerabilities DoZ (Jan 07)
- RE: [HSC] Snitz Forums Multiple Vulnerabilities Aaron Cake (Jan 07)
- netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 (Jan 07)
- OneCMS Vulnerabilities admin (Jan 07)
- <Possible follow-ups>
- Re: OneCMS Vulnerabilities webmaster (Jan 28)
- [Reversemode Paper] Exploiting WDM Audio Drivers Reversemode (Jan 07)
- New Web Hacking Incidents at WHID Ofer Shezaf (Jan 07)
- [SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 07)
- Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 07)
- Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer (Jan 11)
- RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
- Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo (Jan 14)
- Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp (Jan 15)
- Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks (Jan 15)
- RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz (Jan 14)
- <Possible follow-ups>
- Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber (Jan 15)
- SocialURL Login Page Cross-Site Scripting morin . josh (Jan 07)
- PostgreSQL 2007-01-07 Cumulative Security Release Josh Berkus (Jan 07)
- [SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service Steve Kemp (Jan 07)
- [SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities Moritz Muehlenhoff (Jan 07)
- LayerOne 2008 - CFP Released Layer One (Jan 07)
- Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. p4imi0 (Jan 07)
- CORE-2007-1106: SynCE Remote Command Injection CORE Security Technologies Advisories (Jan 07)
- [SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution Moritz Muehlenhoff (Jan 07)
- PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes. Reed Arvin (Jan 07)
- PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes Reed Arvin (Jan 07)
- iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability iDefense Labs (Jan 07)
- VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team (Jan 08)
- [ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities security (Jan 08)
- [USN-560-1] Tomboy vulnerability Jamie Strandboge (Jan 08)
- sysHotel On Line Remote File Disclosure Vulnerability. p4imi0 (Jan 08)
- Level-One WBR-3460A Grants Root Access anastasiosm (Jan 08)
- VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 VMware Security team (Jan 08)
- Corsaire Security Advisory: Sun J2RE DoS issue advisories (Jan 08)
- HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert (Jan 08)
- HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert (Jan 08)
- Joomla 1.0.13 CSRF J. Carlos Nieto (Jan 08)
- Re: Joomla 1.0.13 CSRF J. Carlos Nieto (Jan 08)
- [SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems Steve Kemp (Jan 08)
- ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow Robert Buchholz (Jan 08)
- LFI in Tuned Studios Templates Digital Security Research Group [DSecRG] (Jan 09)
- [security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution security-alert (Jan 09)
- First (Major) web hacking incidents for 2008. Sign of the year to come? Ofer Shezaf (Jan 09)
- Re: First (Major) web hacking incidents for 2008. Sign of the year to come? Paul Schmehl (Jan 09)
- [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS infocus (Jan 09)
- [USN-562-1] opal vulnerability Kees Cook (Jan 09)
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security (Jan 09)
- <Possible follow-ups>
- [ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security (Jan 09)
- [ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities security (Jan 09)
- Privileg escalation in Omegasoft Insel 7 MC Iglo (Jan 09)
- [ GLSA 200801-01 ] unp: Arbitrary command execution Robert Buchholz (Jan 09)
- [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected infocus (Jan 09)
- Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 Luigi Auriemma (Jan 09)
- [USN-561-1] pwlib vulnerability Kees Cook (Jan 09)
- [USN-564-1] Net-SNMP vulnerability Jamie Strandboge (Jan 09)
- [USN-563-1] CUPS vulnerabilities Kees Cook (Jan 09)
- [ GLSA 200801-02 ] R: Multiple vulnerabilities Pierre-Yves Rofes (Jan 09)
- iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability iDefense Labs (Jan 09)
- [ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation Pierre-Yves Rofes (Jan 09)
- [SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service Thijs Kinkhorst (Jan 09)
- [ GLSA 200801-05 ] Squid: Denial of Service Pierre-Yves Rofes (Jan 09)
- [USN-565-1] Squid vulnerability Kees Cook (Jan 09)
- [ GLSA 200801-04 ] OpenAFS: Denial of Service Pierre-Yves Rofes (Jan 09)
- [SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure Thijs Kinkhorst (Jan 09)
- [ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities security (Jan 09)
- uCon 2008 call for participation - Recife, Brazil ucon (Jan 10)
- Simple Machines Forum Cross-Site Scripting Vulnerabilities DoZ (Jan 10)
- <Possible follow-ups>
- Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities dev (Jan 28)
- PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ProCheckUp Research (Jan 10)
- [USN-566-1] OpenSSH vulnerability Kees Cook (Jan 10)
- Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit info (Jan 10)
- [ GLSA 200801-06 ] Xfce: Multiple vulnerabilities Robert Buchholz (Jan 10)
- BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP Adrian P (Jan 10)
- Word 2007 Email as PDF path disclosure flaw ebk_lists (Jan 10)
- Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 10)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) (Jan 10)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 11)
- Message not available
- Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 14)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) (Jan 14)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 11)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma (Jan 14)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void) (Jan 10)
- <Possible follow-ups>
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 none (Jan 11)
- Re: Buffer-overflow in Quicktime Player 7.3.1.70 str0ke (Jan 11)
- Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 snagg (Jan 14)
- Re: At long last -- Extra Outlooks! Alexander Bochmann (Jan 11)
- Re: At long last -- Extra Outlooks! Casper . Dik (Jan 14)
- RE: At long last -- Extra Outlooks! Thor (Hammer of God) (Jan 14)
- Re: At long last -- Extra Outlooks! Francois Labreque (Jan 14)
- <Possible follow-ups>
- Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge (Jan 18)
- <Possible follow-ups>
- Re: Garment Center (index.cgi) Local File Inclusion Smasher (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- Re: what is this? Robert McArdle (Jan 14)
- Re: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: what is this? Jose Nazario (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- RE: what is this? Mario Contestabile (Jan 14)
- Re[2]: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Message not available
- Re: what is this? Robert McArdle (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 15)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 15)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
- Re: [Full-disclosure] what is this? Gadi Evron (Jan 15)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 15)
- Re[2]: what is this? none (Jan 15)
- RE: what is this? Memisyazici, Aras (Jan 15)
- Re[2]: what is this? Denis (Jan 15)
- Re: what is this? Jamie Riden (Jan 15)
- Re[2]: what is this? Denis (Jan 15)
- Re: Defeating audio captcha systems 3APA3A (Jan 16)
- Message not available
- Re: Country by Country ISA Computer Sets The Fungi (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- Re: Country by Country ISA Computer Sets Richard Powell (Jan 18)
- Re: Country by Country ISA Computer Sets The Fungi (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 21)
- RE: Country by Country ISA Computer Sets Jim Harrison (Jan 22)
- <Possible follow-ups>
- Re: Article DashBoard all version SQL Injection Vulnerability hey (Jan 18)
- <Possible follow-ups>
- Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split mparker (Jan 21)
- <Possible follow-ups>
- Re: mcGuestbook v1.2 Remote File Inc. the . tiger100 (Jan 18)
- <Possible follow-ups>
- Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma (Jan 25)
- <Possible follow-ups>
- Re: Re: Utimaco Safeguard Easy vulnerability joachim . schneider (Jan 18)
- Re: common dns misconfiguration can lead to "same site" scripting Kurt Grutzmacher (Jan 19)
- Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer (Jan 21)
- Re: common dns misconfiguration can lead to "same site" scripting David Malone (Jan 22)
- Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer (Jan 22)
- Re: common dns misconfiguration can lead to "same site" scripting David Malone (Jan 22)
- <Possible follow-ups>
- Re: PR07-38: XSS on sIFR bugs+securityfocus (Jan 22)
- RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Eric Davis (Jan 23)
- Re: PIX Privilege Escalation Vulnerability Eloy Paris (Jan 24)
- <Possible follow-ups>
- Re: Re: PIX Privilege Escalation Vulnerability tbbunn (Jan 25)
- Re: PIX Privilege Escalation Vulnerability Aaron Collins (Jan 25)
- <Possible follow-ups>
- Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow pete . sage (Jan 29)
- <Possible follow-ups>
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution pete . sage (Jan 29)
- <Possible follow-ups>
- Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability pete . sage (Jan 29)
- Re: Exploit in IE6,7 Nick FitzGerald (Jan 28)
- Re: Remote File Disclosure in phpCMS 1.2.2 3APA3A (Jan 29)
- RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik (Jan 30)
- Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group (Jan 31)