Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
443 messages
starting Jan 01 08 and
ending Jan 31 08
Date index |
Thread index |
Author index
Tuesday, 01 January
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search Audun Larsen
Wednesday, 02 January
MODx CMS Source code disclosure, local file inclusion admin
XSS Vulnerabilities in Common Shockwave Flash Files rich cannings
Buffer-overflow and format string in White_Dune 0.29beta791 Luigi Auriemma
phpBB2 2.0.22 Cross Site Scripting Vulnerability bugtraq
Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 Luigi Auriemma
AST-2008-001: Crash from transfer using BYE with Also header Asterisk Security Team
Thursday, 03 January
Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra
[security bulletin] HPSBGN02301 SSRT071508 rev.2 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication Michal Zalewski
Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication avivra
xss in w3-msql error page vivek_infosec
[ MDVSA-2008:1 ] - Updated wireshark packages fix multiple vulnerabilities security
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic
Re: Cryptome: NSA has real-time access to Hushmail servers John Simpson
Re: Cryptome: NSA has real-time access to Hushmail servers Lee Dilkie
RE: Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf
RE: Re: Cryptome: NSA has real-time access to Hushmail servers M. Burnett
RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras
rPSA-2008-0001-1 dovecot rPath Update Announcements
[SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service Moritz Muehlenhoff
Re: Latest round of web hacking incidents for 2007 & Project news Peter Watkins
multiple CAPTCHA automation test bypass digest 3APA3A
Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability admin
Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves
[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities Moritz Muehlenhoff
securityvulns.com russian vulnerabilities digest 3APA3A
[SECURITY] [DSA 1446-1] New wireshark packages fix denial of service Moritz Muehlenhoff
[SECURITY] [DSA 1445-1] New maradns packages fix denial of service Moritz Muehlenhoff
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability neothermic
rPSA-2008-0004-1 tshark wireshark rPath Update Announcements
Friday, 04 January
FortiGuard: URL Filtering Application Bypass Vulnerability Danux
Re: rPSA-2008-0001-1 dovecot Steven M. Christey
Re: Latest round of web hacking incidents for 2007 & Project news s f
AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability Aufmuth Andreas
Re: rPSA-2008-0001-1 dovecot Dominic Hargreaves
Re: rPSA-2008-0001-1 dovecot Jonathan Smith
Multiple vulnerabilities in yaSSL 1.7.5 Luigi Auriemma
Some DoS in some telnet servers Luigi Auriemma
Pre-auth buffer-overflow in mySQL through yaSSL Luigi Auriemma
Re: FortiGuard: URL Filtering Application Bypass Vulnerability 3APA3A
iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability iDefense Labs
Saturday, 05 January
rPSA-2008-0006-1 libexif rPath Update Announcements
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT underwater
NetRisk 1.9.7 Remote File Inclusion Vulnerability erne
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error Steve Kemp
[ MDVSA-2008:002 ] - Updated squid package fixes remote denial of service security
rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements
[SECURITY] [DSA 1450-1] New util-linux packages fix programming error Steve Kemp
[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code Steve Kemp
rPSA-2008-0008-1 cups rPath Update Announcements
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution Steve Kemp
Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 Robbie Gill
Monday, 07 January
vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn
eTicket 1.5.5.2 Multiple Vulnerabilities L4teral
[HSC] Snitz Forums Multiple Vulnerabilities DoZ
netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006
OneCMS Vulnerabilities admin
[Reversemode Paper] Exploiting WDM Audio Drivers Reversemode
New Web Hacking Incidents at WHID Ofer Shezaf
[SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff
Linksys WRT54 GL - Session riding (CSRF) tomaz . bratusa
SocialURL Login Page Cross-Site Scripting morin . josh
Re: vBulletin 3.6.8 XSRF/XSS Vulnerability nbbn
PostgreSQL 2007-01-07 Cumulative Security Release Josh Berkus
[SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service Steve Kemp
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities Moritz Muehlenhoff
LayerOne 2008 - CFP Released Layer One
Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. p4imi0
CORE-2007-1106: SynCE Remote Command Injection CORE Security Technologies Advisories
[SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution Moritz Muehlenhoff
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp
PWDumpX v1.4 - Dumps domain password cache, LSA secrets, password hashes, and password history hashes. Reed Arvin
RE: [HSC] Snitz Forums Multiple Vulnerabilities Aaron Cake
PWDumpX v1.0 and PWDumpX v1.1 updated - bug fixes Reed Arvin
iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability iDefense Labs
Tuesday, 08 January
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team
[ MDVSA-2008:001-1 ] - Updated wireshark packages fix multiple vulnerabilities security
[USN-560-1] Tomboy vulnerability Jamie Strandboge
sysHotel On Line Remote File Disclosure Vulnerability. p4imi0
Level-One WBR-3460A Grants Root Access anastasiosm
VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 VMware Security team
Corsaire Security Advisory: Sun J2RE DoS issue advisories
HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert
HPSBUX02156 SSRT061236 rev.4 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert
Joomla 1.0.13 CSRF J. Carlos Nieto
Re: Joomla 1.0.13 CSRF J. Carlos Nieto
[SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems Steve Kemp
ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow Robert Buchholz
Wednesday, 09 January
LFI in Tuned Studios Templates Digital Security Research Group [DSecRG]
[security bulletin] HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution security-alert
First (Major) web hacking incidents for 2008. Sign of the year to come? Ofer Shezaf
[INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS infocus
Re: First (Major) web hacking incidents for 2008. Sign of the year to come? Paul Schmehl
[USN-562-1] opal vulnerability Kees Cook
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security
[ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities security
Privileg escalation in Omegasoft Insel 7 MC Iglo
[ GLSA 200801-01 ] unp: Arbitrary command execution Robert Buchholz
[INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected infocus
Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 Luigi Auriemma
[USN-561-1] pwlib vulnerability Kees Cook
[USN-564-1] Net-SNMP vulnerability Jamie Strandboge
[USN-563-1] CUPS vulnerabilities Kees Cook
[ GLSA 200801-02 ] R: Multiple vulnerabilities Pierre-Yves Rofes
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues security
iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability iDefense Labs
[ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation Pierre-Yves Rofes
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service Thijs Kinkhorst
[ GLSA 200801-05 ] Squid: Denial of Service Pierre-Yves Rofes
[USN-565-1] Squid vulnerability Kees Cook
[ GLSA 200801-04 ] OpenAFS: Denial of Service Pierre-Yves Rofes
[SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure Thijs Kinkhorst
[ MDVSA-2008:005 ] - Updated libexif packages fix multiple vulnerabilities security
Thursday, 10 January
uCon 2008 call for participation - Recife, Brazil ucon
Simple Machines Forum Cross-Site Scripting Vulnerabilities DoZ
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ProCheckUp Research
[USN-566-1] OpenSSH vulnerability Kees Cook
Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit info
[ GLSA 200801-06 ] Xfce: Multiple vulnerabilities Robert Buchholz
BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP Adrian P
Word 2007 Email as PDF path disclosure flaw ebk_lists
Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma
MTCMS <=2.0 SQL Injection Vulnerbility hadihadi_zedehal_2006
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability Noah Meyerhans
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability security
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void)
[USN-567-1] Dovecot vulnerability Kees Cook
Friday, 11 January
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 none
re-resting of zzuf results Hanno Böck
At long last -- Extra Outlooks! Thor (Hammer of God)
[ MDVSA-2008:007 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities security
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability sp3x
Re: Linksys WRT54 GL - Session riding (CSRF) Florian Weimer
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability sp3x
ImageAlbum Remote SQL Injection Vulnerabilities db
Re: Buffer-overflow in Quicktime Player 7.3.1.70 str0ke
CFP: EuroSec Workshop (March 31st, 2008) Stefano Zanero
Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ship_nx
Naymz multiple XSS morin . josh
Re: At long last -- Extra Outlooks! Alexander Bochmann
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma
Saturday, 12 January
Cross site scripting (XSS) in Moodle 1.8.3 Hanno Böck
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability security
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities security
Safari 2 Denial of Service S21sec labs
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts configuration security
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs security
Monday, 14 January
Garment Center (index.cgi) Local File Inclusion Smasher
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation Moritz Muehlenhoff
what is this? crazy frog crazy frog
Re: what is this? crazy frog crazy frog
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts configuration security
RE: Linksys WRT54 GL - Session riding (CSRF) Tomaz
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities Moritz Muehlenhoff
Re: [Full-disclosure] what is this? 3APA3A
Re: [Full-disclosure] what is this? Nick FitzGerald
F5 BIG-IP Web Management List Search XSS nnposter
Re: [Full-disclosure] what is this? crazy frog crazy frog
SQID v0.3 - SQL Injection Digger. Metaeye SG
Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma
Re: At long last -- Extra Outlooks! Casper . Dik
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 snagg
RE: At long last - Extra Outlooks! Thor (Hammer of God)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Luigi Auriemma
RE: At long last -- Extra Outlooks! Thor (Hammer of God)
Re: At long last -- Extra Outlooks! Francois Labreque
Re: what is this? Jose Nazario
[SECURITY] [DSA 1459-1] New gforge packages fix SQL injection Thijs Kinkhorst
Re: what is this? Robert McArdle
Re: what is this? crazy frog crazy frog
Re: what is this? Robert McArdle
Re: what is this? admin
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily sys-project
Re: Garment Center (index.cgi) Local File Inclusion Smasher
Re: Linksys WRT54 GL - Session riding (CSRF) J. Oquendo
ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability zdi-disclosures
RE: what is this? Mario Contestabile
[SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service Moritz Muehlenhoff
Hacking The Interwebs pdp (architect)
Re: Buffer-overflow in Quicktime Player 7.3.1.70 Marcello Barnaba (void)
Re[2]: [Full-disclosure] what is this? 3APA3A
[USN-568-1] PostgreSQL vulnerabilities Jamie Strandboge
Re: what is this? Gadi Evron
Tuesday, 15 January
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002 security-alert
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities security
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in imageop module security
FreeBSD Security Advisory FreeBSD-SA-08:01.pty FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:02.libc FreeBSD Security Advisories
[USN-569-1] libxml2 vulnerability Kees Cook
Re: what is this? Denis
Re: Linksys WRT54 GL - Session riding (CSRF) Jan Heisterkamp
Defeating audio captcha systems José M. Palazón Romero
Country by Country ISA Computer Sets Thor (Hammer of God)
Exploiting the SpamBam plugin for wordpress José M. Palazón Romero
Re: what is this? crazy frog crazy frog
Re: [Full-disclosure] what is this? Nick FitzGerald
Re: [Full-disclosure] what is this? crazy frog crazy frog
Re[2]: what is this? Denis
Re[2]: what is this? Denis
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) sp3x
Article DashBoard all version SQL Injection Vulnerability xcross87
Max's File Uploader File Upload Vulnerability xcross87
RE: what is this? Memisyazici, Aras
MicroNews Admin Direct Access vulnerability xcross87
Pipe to FOR Crashes CMD James C. Slora Jr.
Re: what is this? Jamie Riden
Re: [Full-disclosure] what is this? Gadi Evron
Re: [Full-disclosure] what is this? crazy frog crazy frog
Re[2]: what is this? none
Re: Linksys WRT54 GL - Session riding (CSRF) Daniel Weber
Re: Linksys WRT54 GL - Session riding (CSRF) Valdis . Kletnieks
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities iDefense Labs
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities iDefense Labs
Wednesday, 16 January
Re: Defeating audio captcha systems 3APA3A
Re: what is this? Yousef Syed
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service Moritz Muehlenhoff
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities Digital Security Research Group [DSecRG]
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit sys-project
rPSA-2008-0015-1 cairo rPath Update Announcements
cPanel Hosting Manager (dohtaccess.html) no-reply
rPSA-2008-0016-1 postgresql postgresql-server rPath Update Announcements
rPSA-2008-0017-1 libxml2 rPath Update Announcements
[DSECRG-08-002] Local File Include in arias 0.99-6 Digital Security Research Group [DSecRG]
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability DVLabs
8e6 Technologies R3000 Internet Filter Bypass by Request Split nnposter
[Aria-Security.Net] Real Estate Web SQL Injection no-reply
iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability iDefense Labs
Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow Cisco Systems Product Security Incident Response Team
mcGuestbook v1.2 Remote File Inc. gokhankaya
Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma
Country by Country Computer Sets now available for ISA 2004 Thor (Hammer of God)
TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability DVLabs
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 come2waraxe
SQL scalar function to convert big int to dot notation Thor (Hammer of God)
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 come2waraxe
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit sys-project
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities security
[USN-570-1] boost vulnerabilities Jamie Strandboge
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities security
Thursday, 17 January
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution Steve Kemp
JoomlaFlash Component Multiple Remote File Inclusion Smasher
PHPEchoCMS Multible remote vulnerabilitis security
rPSA-2008-0018-1 mysql mysql-bench mysql-server rPath Update Announcements
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples linlei99
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities security
rPSA-2008-0021-1 kernel rPath Update Announcements
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution Steve Kemp
Re: Utimaco Safeguard Easy vulnerability benleavett
Clever Copy <=3.0 Multiple Remote Vulnerabilities hadihadi_zedehal_2006
[CSNC] OKI C5510MFP Printer Password Disclosure Adrian Leuenberger
RE: Skype videomood XSS avivra
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow CORE Security Technologies Advisories
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities iDefense Labs
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability iDefense Labs
Friday, 18 January
ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability zdi-disclosures
IMF 2008 - Call for Papers Oliver Goebel
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) Robert Scheck
[USN-571-1] X.org vulnerabilities Kees Cook
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities houssamix
New search engine for exploits Security Basic
common dns misconfiguration can lead to "same site" scripting Tavis Ormandy
Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge
SocksCap Stack Overflow (<= 2.40-051231) azizov
Making big money... jmacaranas
Re: Country by Country ISA Computer Sets The Fungi
Re: Country by Country ISA Computer Sets GomoR
SinFP fingerprinting tool online demo GomoR
RE: Country by Country ISA Computer Sets Thor (Hammer of God)
Re: mcGuestbook v1.2 Remote File Inc. the . tiger100
Re: Article DashBoard all version SQL Injection Vulnerability hey
RE: Country by Country ISA Computer Sets Thor (Hammer of God)
Re: Country by Country ISA Computer Sets Richard Powell
RE: Country by Country ISA Computer Sets Thor (Hammer of God)
Re: Re: Utimaco Safeguard Easy vulnerability joachim . schneider
Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm michael . lambie
MyBB 1.2.11 Multiple XSRF Vulnerabilities nbbn
Saturday, 19 January
[USN-572-1] apt-listchanges vulnerability Kees Cook
[USN-571-2] X.org regression Kees Cook
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression Moritz Muehlenhoff
[SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities Thijs Kinkhorst
BitDefender Update Server - Unauthorized Remote File Access Vulnerability oliver karow
Re: common dns misconfiguration can lead to "same site" scripting Kurt Grutzmacher
Monday, 21 January
RE: Country by Country ISA Computer Sets Thor (Hammer of God)
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure admin
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities Moritz Muehlenhoff
Php Search Remote Inclusion effectiveness63
AXIGEN 5.0.x AXIMilter Format String Exploit hempel
MegaBBS ASP Forum Cross-Site Scripting grossman
Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer
WifiZoo v1.3 released (minor release) Hernan Ochoa
Flaw in Alice gate2 pluswifi adsl modem wargame89
boastMachine <=3.1 SQL Injection Vulnerbility hadihadi_zedehal_2006
[ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Robert Buchholz
Call Jacking: Phreaking the BT Home Hub Adrian P
Pass-The-Hash Toolkit v1.2 released. Hernan Ochoa
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include رومانسي هكر
[ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code Robert Buchholz
[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service Moritz Muehlenhoff
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability gmdarkfig
[SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution Moritz Muehlenhoff
[ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities Robert Buchholz
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple vulnerabilities security
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 come2waraxe
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11 come2waraxe
[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution Moritz Muehlenhoff
Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split mparker
Tuesday, 22 January
PR07-38: XSS on sIFR ProCheckUp Research
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability security
Some hashes for the record Sergio 'shadown' Alvarez
Re: common dns misconfiguration can lead to "same site" scripting David Malone
Troopers 08 Security Conference, Call for Papers Enno Rey
RE: Country by Country ISA Computer Sets Jim Harrison
Re: common dns misconfiguration can lead to "same site" scripting Florian Weimer
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution Florian Weimer
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities security
PacerCMS Multiple Vulnerabilities (XSS/SQL) db
Belong Site Builder 0.1b Bypass Admincp رومانسي هكر
DeluxeBB 1.1 XSS Vulnerabilitie nbbn
Re: PR07-38: XSS on sIFR bugs+securityfocus
XSRF under Dean’s Permalinks Migration 1.0 g30rg3_x
Apache mod_negotiation Xss and Http Response Splitting Minded Security Research Labs
Wednesday, 23 January
SDL_Image 1.2.6 and prior GIF handling buffer overflow Gynvael Coldwind
PHP 5.2.5 cURL safe_mode bypass cxib
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) security-alert
UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages VMware Security team
Web Wiz Forums Directory traversal admin
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server admin
Web Wiz NewsPad Directory traversal admin
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code execution vulnerabilities security
Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Passwords in the Application Velocity System Cisco Systems Product Security Incident Response Team
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities Felipe M. Aragon
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Felipe M. Aragon
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability Felipe M. Aragon
RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability Eric Davis
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability nbbn
Thursday, 24 January
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1444-2] New php5 packages fix regression Moritz Muehlenhoff
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities Raphaël Marichez
PIX Privilege Escalation Vulnerability tbbunn
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple vulnerabilities security
ImageShack Toolbar FileUploader Class insecurities retrog
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple vulnerabilities security
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities security
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities security
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability security
Re: PIX Privilege Escalation Vulnerability Eloy Paris
Tiger PHP News System SQL Injection 0in . email
iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability iDefense Labs
rPSA-2008-0029-1 bind bind-utils rPath Update Announcements
rPSA-2008-0030-1 CherryPy rPath Update Announcements
iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability iDefense Labs
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability nbbn
Friday, 25 January
Re: Re: PIX Privilege Escalation Vulnerability tbbunn
Pre Hotel and Resorts reservation portal login bypass milad_sa2007
E-SMART CART bypass milad_sa2007
Pre Dynamic Institution bypass milad_sa2007
[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) Admin
gdb bug digit2004
C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow Eyal Udassin
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution Eyal Udassin
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability Eyal Udassin
Re: Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 Luigi Auriemma
[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities security
Re: PIX Privilege Escalation Vulnerability Aaron Collins
Two vulnerabilities for PatchLink Update Client for Unix. lcashdol
Saturday, 26 January
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability security
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting Thijs Kinkhorst
Tool availability - browser DOM Checker Michal Zalewski
F5 BIG-IP Web Management ASM Security Report XSS nnposter
PhPress-0.3.0 Read All Sql Information For Config r2t
Monday, 28 January
phpIP 4.3.2 - Numerous SQL Injection Vulnerablities Charles Hooper
Metasploit Framework v3.1 Released H D Moore
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation Moritz Muehlenhoff
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS admin
[ GLSA 200801-12 ] xine-lib: User-assisted execution of arbitrary code Robert Buchholz
[ GLSA 200801-14 ] Blam: User-assisted execution of arbitrary code Robert Buchholz
[ GLSA 200801-11 ] CherryPy: Directory traversal vulnerability Robert Buchholz
[ GLSA 200801-13 ] ngIRCd: Denial of Service Robert Buchholz
Facebook security contact Alexander Sotirov
ClanSphere 2007.4.4 Remote File Disclosure Vulnerability. p4imi0
[SECURITY] [DSA 1477-1] New yarssr packages fix arbitrary shell command execution Moritz Muehlenhoff
eTicket 'index.php' Cross Site Scripting Path Vulnerability Alessandro Tanasi
Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities dev
Re: OneCMS Vulnerabilities webmaster
ASPired2Protect bypass milad_sa2007
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability nbbn
CORE-2007-1219: Firebird Remote Memory Corruption Core Security Technologies Advisories
VB Marketing "tseekdir.cgi" Local File Inclusion Sw33t . h4cK3r
Uninformed Journal Release Announcement: Volume 9 Uninformed Journal
[SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Moritz Muehlenhoff
Exploit in IE6,7 r2t
Re: Exploit in IE6,7 Nick FitzGerald
Tuesday, 29 January
Advisory: Tripwire Enterprise/Server XSS Vulnerability Liquidmatrix Security Digest
Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow pete . sage
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution pete . sage
Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability pete . sage
[ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities Raphael Marichez
CSRF/XSS in Sungard Banner banner
Remote File Disclosure in phpCMS 1.2.2 Digital Security Research Group
Nucleus 3.31 XSS in path Digital Security Research Group
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities nbbn
[!!FIX Information ] Nucleus 3.31 XSS in path Digital Security Research Group
Re: Remote File Disclosure in phpCMS 1.2.2 3APA3A
AmpJuke-0.7.0 (index.php) Xss VuLn. g0rk3m-31
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340) Daniel Roethlisberger
Wednesday, 30 January
Recent Web Hacks: WHID update for Janury 30th 2008 Ofer Shezaf
tinyBB v0.2 Message Board Remote File Inc. g0rk3m-31
Webspell 4.01.02 2 Vulnerabilites nbbn
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 come2waraxe
[ GLSA 200801-16 ] MaraDNS: CNAME Denial of Service Raphael Marichez
[ GLSA 200801-17 ] Netkit FTP Server: Denial of Service Raphael Marichez
[ MDVSA-2008:028 ] - Updated MySQL packages fix multiple vulnerabilities security
Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj. g0rk3m-31
RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability Cisco Systems Product Security Incident Response Team
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU Pete Finnigan
rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements
[ GLSA 200801-18 ] Kazehakase: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200801-20 ] libxml2: Denial of Service Pierre-Yves Rofes
[ GLSA 200801-19 ] GOffice: Multiple vulnerabilities Pierre-Yves Rofes
Thursday, 31 January
[ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution Pierre-Yves Rofes
[ GLSA 200801-22 ] PeerCast: Buffer overflow Pierre-Yves Rofes
contactforms "cforms-css.php" Remote File Inclusion Sw33t . h4cK3r
[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack security
[DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 come2waraxe
Re: [DSECRG-08-007] OpenBSD BGPD daemon Web Interface XSS. Digital Security Research Group
Attackers can SkypeFind you avivra
sflog! 0.96 remote file disclosure vulnerabilities muuratsalo experimental hack lab
[USN-573-1] PulseAudio vulnerability Jamie Strandboge
nilson's blogger 0.11 remote file disclosure vulnerabilities muuratsalo experimental hack lab