Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

400 messages starting Mar 01 08 and ending Mar 31 08
Date index | Thread index | Author index

• Mambo com_Musica "id" Remote SQL Injection no-reply (Mar 01)
• Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability sys-project (Mar 01)
• h2desk helpdesk path disclosure vulnerability joseph . giron13 (Mar 01)
• PHP-Nuke Copyright 2005 SQL turkish-warriorr (Mar 01)
• Livebox Router vulnerability to REMOTE BUFFER OVERFLOW DoS (FTPD)_ 0in . email (Mar 01)
• The Router Hacking Challenge is Over! Petko D. Petkov (Mar 01)
• Dynamic photo gallery V1.02 SQL Injection no-reply (Mar 03)
• [ GLSA 200803-02 ] Firebird: Multiple vulnerabilities Pierre-Yves Rofes (Mar 03)
• kcwiki 1.0 multiple remote file inclusion vulnerabilities. muuratsalo experimental hack lab (Mar 03)
• XSS in XP Book version 3.0 xx_hack_xx_2004 (Mar 03)
• [ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities Pierre-Yves Rofes (Mar 03)
• Squid Analysis Report Generator <= 2.2.3.1 buffer overflow L4teral (Mar 03)
• Recon 2008 - Call For Paper Recon (Mar 03)
• [ GLSA 200803-03 ] Audacity: Insecure temporary file creation Pierre-Yves Rofes (Mar 03)
• Re: Crafty Syntax Xss Vulnerability erics (Mar 03)
  • <Possible follow-ups>
  • Re: Crafty Syntax Xss Vulnerability cmzs (Mar 04)
• [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities Digital Security Research Group (Mar 03)
• CSRF in joomla 1.0.11 stable version vivek_infosec (Mar 03)
  • <Possible follow-ups>
  • Re: CSRF in joomla 1.0.11 stable version zinho (Mar 03)
• DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability vulnerabilityresearch (Mar 03)
• Multiple integer overflows in Borland StarTeam server 10.0.0.57 Luigi Auriemma (Mar 03)
• Cross-site Scripting and CSRF in TorrentTrader Classic v1.08 Valery Marchuk (Mar 03)
• LayerOne 2008 Update Layer One (Mar 03)
• DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability vulnerabilityresearch (Mar 03)
• [ GLSA 200803-05 ] SplitVT: Privilege escalation Pierre-Yves Rofes (Mar 03)
• [SECURITY] [DSA 1511-1] New libicu packages fix multiple problems Steve Kemp (Mar 03)
• [ GLSA 200803-06 ] SWORD: Shell command injection Pierre-Yves Rofes (Mar 03)
• [ GLSA 200803-07 ] Paramiko: Information disclosure Pierre-Yves Rofes (Mar 03)
• [ GLSA 200803-04 ] Mantis: Cross-Site Scripting Pierre-Yves Rofes (Mar 03)
• Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities Seth Fogie (Mar 03)
• VMSA-2008-0004 Low: Updated e2fsprogs service console package VMware Security team (Mar 04)
• [ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities security (Mar 04)
• PHP-Nuke Module eGallery "pid" Remote SQL Injection no-reply (Mar 04)
• PHP-Nuke Module "seminar" Local FIle Inclusion no-reply (Mar 04)
• SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit nyubicrew (Mar 04)
• [ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities Pierre-Yves Rofes (Mar 04)
• [ GLSA 200803-09 ] Opera: Multiple vulnerabilities Pierre-Yves Rofes (Mar 04)
• Minigal 2 critical XSS jose (Mar 04)
• Dovecot mail_extra_groups setting is often used insecurely Timo Sirainen (Mar 04)
• CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK Core Security Technologies Advisories (Mar 04)
• Arbitrary commands execution in Versant Object Database 7.0.1.3 Luigi Auriemma (Mar 04)
• [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution Thijs Kinkhorst (Mar 05)
• Firewire Attack on Windows Vista Bernhard Mueller (Mar 05)
  • Re: Firewire Attack on Windows Vista Thierry Zoller (Mar 05)
  • RE: Firewire Attack on Windows Vista Roger A. Grimes (Mar 05)
    • Re: Firewire Attack on Windows Vista Peter Watkins (Mar 06)
      • RE: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
      • Message not available
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 08)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 10)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 10)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 11)
      • Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
      • RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista Ansgar -59cobalt- Wiechers (Mar 10)
      • Re: Firewire Attack on Windows Vista Steve Shockley (Mar 11)
      • Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 13)
      • Re: [Full-disclosure] Firewire Attack on Windows Vista FD (Mar 11)
      • RE: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
    • Re: Firewire Attack on Windows Vista Daniel O'Connor (Mar 06)
    • Re: Firewire Attack on Windows Vista Tonnerre Lombard (Mar 06)
    • RE: Firewire Attack on Windows Vista bzhbfzj3001 (Mar 06)
      • Re: Firewire Attack on Windows Vista Tonnerre Lombard (Mar 07)
      • Re: Firewire Attack on Windows Vista Nathanael Hoyle (Mar 07)
• Multiple vulnerabilities in Perforce Server 2007.3/143793 Luigi Auriemma (Mar 05)
• [ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities Pierre-Yves Rofes (Mar 05)
• ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities Robert Buchholz (Mar 05)
• [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability security (Mar 05)
• [ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities security (Mar 05)
• [USN-583-1] Evolution vulnerability Kees Cook (Mar 05)
• [ GLSA 200803-12 ] Evolution: Format string vulnerability Pierre-Yves Rofes (Mar 06)
• [ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities security (Mar 06)
• [USN-584-1] OpenLDAP vulnerabilities Jamie Strandboge (Mar 06)
• [ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation Pierre-Yves Rofes (Mar 06)
• [SECURITY] [DSA 1503-2] New Linux kernel 2.4.27 packages fix several issues dann frazier (Mar 06)
• [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability Alexandr Polyakov (Mar 06)
  • Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability H D Moore (Mar 06)
• Checkpoint VPN-1 UTM Edge cross-site scripting Henri Lindberg - Smilehouse Oy (Mar 06)
• Sun JDK image parsing vulnerabilities Chris Evans (Mar 06)
• PHP-Nuke KutubiSitte "kid" SQL Injection lovebug (Mar 06)
• Directory traversal in MicroWorld eScan Server 9.0.742.98 Luigi Auriemma (Mar 06)
• [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure Steve Kemp (Mar 06)
• [ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities security (Mar 06)
• Re: Multiple vulnerabilities in Double-Take 5.0.0.2865 Steve Shockley (Mar 06)
• [USN-582-2] Thunderbird vulnerabilities Jamie Strandboge (Mar 06)
• [ MDVSA-2008:062 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Mar 07)
• WordPress Multiple Cross-Site Scripting Vulnerabilities DoZ (Mar 07)
• [ MDVSA-2008:063 ] - Updated Evolution packages fix critical vulnerability security (Mar 07)
• Horde Webmail file inclusion proof of concept & patch. ppelanne (Mar 07)
  • Re: Horde Webmail file inclusion proof of concept & patch. Ben Klang (Mar 08)
    • Re: Horde Webmail file inclusion proof of concept & patch. David Morton (Mar 21)
• RE: [Full-disclosure] Firewire Attack on Windows Vista Glenn.Everhart (Mar 07)
  • Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)
• PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding r080cy90r (Mar 07)
• Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13 Luigi Auriemma (Mar 07)
• rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11 rPath Update Announcements (Mar 07)
• [ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling security (Mar 07)
• XSS in Neptune Web Server nima_501 (Mar 07)
• [ GLSA 200803-13 ] VLC: Multiple vulnerabilities Pierre-Yves Rofes (Mar 07)
• [ GLSA 200803-14 ] Ghostscript: Buffer overflow Pierre-Yves Rofes (Mar 08)
• F5 BIG-IP Web Management Console XSS nnposter (Mar 08)
• Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure nnposter (Mar 08)
• [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability Tobias Klein (Mar 08)
• WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability nbbn (Mar 08)
• [SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities Moritz Muehlenhoff (Mar 10)
• [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability Pierre-Yves Rofes (Mar 10)
• [security bulletin] HPSBUX02306 SSRT071463 rev.2 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) security-alert (Mar 10)
• VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit gmdarkfig (Mar 10)
  • Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit Maximiliano Müller (Mar 12)
  • <Possible follow-ups>
  • Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit app (Mar 13)
  • Re: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit sad_wabi_user (Mar 13)
• [ MDVSA-2008:065 ] - Updated pulseaudio packages fix denial of service vulnerabilities security (Mar 10)
• PHP-Nuke SQL injection Module "Hadith" [cat] lovebug (Mar 10)
• Firebird remote BOF POC underwater (Mar 10)
• Summer Camp 2008 - La Garrotxa Gerardo García Peña (Mar 10)
• [ GLSA 200803-16 ] MPlayer: Multiple buffer overflows Pierre-Yves Rofes (Mar 10)
• Invalid memory access in Acronis True Image Group Server 1.5.19.191 Luigi Auriemma (Mar 10)
• [ GLSA 200803-17 ] PDFlib: Multiple buffer overflows Pierre-Yves Rofes (Mar 10)
• Denial of Service in PacketTrap TFTP server 2.0.3901.0 Luigi Auriemma (Mar 10)
• NULL pointer in Remotely Anywhere 8.0.668 Luigi Auriemma (Mar 10)
• Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076 Luigi Auriemma (Mar 10)
• iDefense Security Advisory 03.10.08: SAP MaxDB Signedness Error Heap Corruption Vulnerability iDefense Labs (Mar 10)
• Vulnerabilities in Timbuktu Pro 8.6.5 Luigi Auriemma (Mar 10)
• Multiple vulnerabilities in ASG-Sentry 7.0.0 Luigi Auriemma (Mar 10)
• iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability iDefense Labs (Mar 10)
• NULL pointer in Acronis True Image Windows Agent 1.0.0.54 Luigi Auriemma (Mar 10)
• Directory traversal in Argon Client Management Services 1.31 Luigi Auriemma (Mar 10)
• [ GLSA 200803-18 ] Cacti: Multiple vulnerabilities Pierre-Yves Rofes (Mar 10)
• [security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code security-alert (Mar 11)
• [USN-585-1] Python vulnerabilities Kees Cook (Mar 11)
• Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5 titon (Mar 11)
  • Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5 Luigi Auriemma (Mar 11)
• Advisory: SQL-Injections in Mapbender RedTeam Pentesting GmbH (Mar 11)
• Mambo Components ensenanzas "id" Remote SQL Injection no-reply (Mar 11)
• PHP-Nuke Module NukeC30 sql injection houssamix (Mar 11)
  • <Possible follow-ups>
  • Re: PHP-Nuke Module NukeC30 sql injection my_msn_my_msn_my (Mar 13)
• [security bulletin] HPSBUX02313 SSRT080015 rev.2 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) security-alert (Mar 11)
• Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer patrick (Mar 11)
• ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2) ACROS Security (Mar 11)
• ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1) ACROS Security (Mar 11)
• CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection Core Security Technologies Advisories (Mar 11)
• ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability zdi-disclosures (Mar 11)
• Advisory Adobe LiveCycle Workflow XSS Vulnerability Liquidmatrix Security Digest (Mar 11)
• PHP-Nuke Module ZClassifieds [cat] SQL Injection lovebug (Mar 11)
• [ GLSA 200803-19 ] Apache: Multiple vulnerabilities Pierre-Yves Rofes (Mar 11)
• [ GLSA 200803-20 ] International Components for Unicode: Multiple vulnerabilities Pierre-Yves Rofes (Mar 11)
• TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability DVLabs (Mar 11)
• iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability iDefense Labs (Mar 12)
• uberghey cms 0.3.1 multiple local file inclusion vulnerabilities muuratsalo experimental hack lab (Mar 12)
• [SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities Florian Weimer (Mar 12)
• travelsized cms 0.4.1 multiple local file inclusion vulnerabilities muuratsalo experimental hack lab (Mar 12)
• iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability iDefense Labs (Mar 12)
• iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection iDefense Labs (Mar 12)
• Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities Cisco Systems Product Security Incident Response Team (Mar 12)
• hacking a pacemaker Gadi Evron (Mar 12)
• Cisco ACS UCP Remote Pre-Authentication Buffer Overflows Felix 'FX' Lindner (Mar 12)
• rPSA-2008-0106-1 lighttpd rPath Update Announcements (Mar 12)
• ZDI-08-010: Java Web Start encoding Stack Buffer Overflow zdi-disclosures (Mar 12)
• ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow zdi-disclosures (Mar 12)
• Powered by phpBB 2001, 2006 (SQL) turkish-warriorr (Mar 12)
• [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code Raphael Marichez (Mar 12)
• Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) Luigi Auriemma (Mar 12)
  • <Possible follow-ups>
  • Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) neodwija (Mar 17)
• rPSA-2008-0108-1 dovecot rPath Update Announcements (Mar 12)
• Re: Directory traversal and DoS in WinIPDS G52-33-021 ph (Mar 13)
• XSS in PHP-Nuke (eWeather module) nima_501 (Mar 13)
• Directory traversal in EdiorCMS V3.0 wsn1983 (Mar 13)
• Zabbix (zabbix_agentd) denial of service Milen Rangelov (Mar 13)
• Rise of the spammers vulns (Mar 13)
• Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability kralor (Mar 13)
• Update+Errata: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability" Amit Klein (Mar 13)
• PR08-02: Plone CMS Security Research - the Art of Plowning ProCheckUp Research (Mar 13)
• Office XP Remote SQL Injection no-reply (Mar 13)
  • Re: Office XP Remote SQL Injection Steve Shockley (Mar 14)
• [ MDVSA-2008:066 ] - Updated gcc packages fix directory traversal vulnerability in fastjar security (Mar 13)
• ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability zdi-disclosures (Mar 13)
• ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability zdi-disclosures (Mar 13)
• Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 14)
• [ GLSA 200803-22 ] LIVE555 Media Server: Denial of Service Pierre-Yves Rofes (Mar 14)
• Airspan WiMAX ProST Authentication Bypass Vulnerability admin (Mar 14)
• EasyGallery <= 5.0tr - Multiple Remote Vulnerabilities sys-project (Mar 14)
• Black Hat Announcements: New CFP system and Japan '08 confirmed jmoss (Mar 15)
• Local persistent DoS in Windows XP SP2 Taskmgr SkyOut (Mar 15)
  • Re: Local persistent DoS in Windows XP SP2 Taskmgr paraw (Mar 17)
  • RE: Local persistent DoS in Windows XP SP2 Taskmgr Thor (Hammer of God) (Mar 17)
• [SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation Florian Weimer (Mar 15)
• Troopers08 Security Conference, April 23/24 (Munich/Germany) Enno Rey (Mar 15)
• [USN-586-1] mailman vulnerability Kees Cook (Mar 15)
• Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow opexoc (Mar 15)
  • <Possible follow-ups>
  • Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow david130490 (Mar 17)
  • Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow opexoc (Mar 18)
  • Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow opexoc (Mar 18)
• XNview 1.92.1 Long Filename Overflow Sylvain (Mar 15)
• [SECURITY] [DSA 1517-1] New ldapscripts packages fix information disclosure Thijs Kinkhorst (Mar 17)
• [SECURITY] [DSA 1518-1] New backup-manager packages fix information disclosure Thijs Kinkhorst (Mar 17)
• [SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure Thijs Kinkhorst (Mar 17)
• Joomla components com_guide "category" Remote SQL Injection [Aria-Security] no-reply (Mar 17)
• [SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution Thijs Kinkhorst (Mar 17)
• [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage Pierre-Yves Rofes (Mar 17)
• [SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure Steve Kemp (Mar 17)
• vuln in snewscms Rus v 2.3 www . yo . by (Mar 17)
• EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities sys-project (Mar 17)
• Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities sys-project (Mar 17)
• Security Advisory on RSA Web ID (XSS) quentin . berdugo (Mar 17)
• raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition) Collin R. Mulliner (Mar 17)
• [SECURITY] [DSA 1493-2] New sdl-image1.2 packages fix arbitrary code execution Thijs Kinkhorst (Mar 17)
• Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) greentea-lemon (Mar 17)
• VLC highlander bug Luigi Auriemma (Mar 17)
• Multiple vulnerabilities in Net Inspector 6.5.0.828 Luigi Auriemma (Mar 17)
• Buffer-overflow in BootManage TFTPD 1.99 Luigi Auriemma (Mar 17)
• Home FTP Server DoS 0in . email (Mar 17)
• Agile Hacking Petko D. Petkov (Mar 17)
• [SECURITY] [DSA 1485-2] New icedove packages fix regression Moritz Muehlenhoff (Mar 18)
• Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125 Hanno Böck (Mar 18)
• [SECURITY] [DSA 1522-1] New unzip packages fix potential code execution Florian Weimer (Mar 18)
• [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting Florian Weimer (Mar 18)
• eForum 0.4 XSS omnipresent (Mar 18)
• VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues VMware Security team (Mar 18)
• [ GLSA 200803-25 ] Dovecot: Multiple vulnerabilities Robert Buchholz (Mar 18)
• Internet Explorer 7.0 crash jplopezy (Mar 18)
• [security bulletin] HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-014 to MS08-017 security-alert (Mar 18)
• cPanel 11.x => List Directories and Folders xx_hack_xx_2004 (Mar 18)
• [ GLSA 200803-24 ] PCRE: Buffer overflow Tobias Heinlein (Mar 18)
• MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc raeburn (Mar 18)
  • <Possible follow-ups>
  • MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc raeburn (Mar 18)
• [ GLSA 200803-26 ] Adobe Acrobat Reader: Insecure temporary file creation Robert Buchholz (Mar 18)
• Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit info (Mar 18)
• MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject) raeburn (Mar 18)
• CORE-2008-0123: Leopard Server Remote Path Traversal Core Security Technologies Advisories (Mar 18)
• [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities Noah Meyerhans (Mar 18)
• iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability iDefense Labs (Mar 18)
• [ MDVSA-2008:067 ] - Updated nagios packages fix multiple vulnerabilities security (Mar 18)
• [ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities Pierre-Yves Rofes (Mar 19)
• AST-2008-005: HTTP Manager ID is predictable Asterisk Security Team (Mar 19)
• phpBB 2.0.23 Session Hijacking Vulnerability nbbn () gmx net (Mar 19)
• [USN-587-1] Kerberos vulnerabilities Kees Cook (Mar 19)
• Mambo/joomla com_intellect "page" LFI [Aria-Security] no-reply (Mar 19)
• AST-2008-004: Format String Vulnerability in Logger and Manager Asterisk Security Team (Mar 19)
• AST-2008-003: Unauthenticated calls allowed from SIP channel driver Asterisk Security Team (Mar 19)
• [ MDVSA-2008:068 ] - Updated unzip packages vulnerability security (Mar 19)
• AST-2008-002: Two buffer overflows in RTP Codec Payload Handling Asterisk Security Team (Mar 19)
• Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats? James Connery (Mar 19)
• HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access security-alert (Mar 19)
• CS-Cart XSS swhite (Mar 19)
• IBM Rational ClearQuest Web Multiple XSS Vulnerabilities swhite (Mar 19)
• [ GLSA 200803-28 ] OpenLDAP: Denial of Service vulnerabilities Pierre-Yves Rofes (Mar 20)
• [ MDVSA-2008:069 ] - Updated Kerberos packages fix multiple vulnerabilities security (Mar 20)
• [ MDVSA-2008:070 ] - Updated Kerberos packages fix multiple vulnerabilities security (Mar 20)
• [ MDVSA-2008:071 ] - Updated Kerberos packages fix multiple vulnerabilities security (Mar 20)
• rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Mar 20)
• [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure Robert Buchholz (Mar 20)
• [SECURITY] [DSA 1506-2] New iceape packages fix regression Moritz Muehlenhoff (Mar 20)
• Pizco vulnerable to buffer overflow in activex david130490 (Mar 20)
• Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability info (Mar 20)
• [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities Tobias Heinlein (Mar 20)
• [SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities Moritz Muehlenhoff (Mar 20)
• [USN-588-1] MySQL vulnerabilities Jamie Strandboge (Mar 20)
• KAPhotoservice (album.asp) Remote SQL Injection Exploit sys-project (Mar 20)
• [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities Steve Kemp (Mar 20)
• Note about recently publicized CA BrightStor ActiveX exploit code Williams, James K (Mar 20)
• [ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability security (Mar 20)
• Multiple heap overflows in xine-lib 1.1.11 Luigi Auriemma (Mar 20)
• [USN-589-1] unzip vulnerability Kees Cook (Mar 20)
• [ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability security (Mar 20)
• [ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation security (Mar 21)
• CanSecWest 2008 PWN2OWN - Mar 26-28 Dragos Ruiu (Mar 21)
• [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. Minded Security Research Labs (Mar 21)
• [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow infocus (Mar 21)
• MS08-014 Anonymous (Mar 21)
• [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling. Minded Security Research Labs (Mar 21)
• DotNetNuke Default Machine Key Exposure labs (Mar 21)
• webutil.pl is still vulnerable against Remote Command Execution. zero-x (Mar 21)
• {securityreason.com}PHP 5 *printf() - Integer Overflow cxib (Mar 21)
• XSS in cPanel 11.x xx_hack_xx_2004 (Mar 22)
  • <Possible follow-ups>
  • Re: XSS in cPanel 11.x morin . josh (Mar 24)
• Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS vermsky (Mar 22)
• Safari 3.1 for windows download bug jplopezy (Mar 22)
• Buffer-overflow in ASUS Remote Console 2.0.0.24 Luigi Auriemma (Mar 22)
• rPSA-2008-0116-1 unzip rPath Update Announcements (Mar 22)
• rPSA-2008-0118-1 bzip2 rPath Update Announcements (Mar 22)
• Fedora, Ubuntu publish wrong advisories for CVE-2007-6318 Abel Cheung (Mar 22)
• hacking the mitsubishi GB-50A Chris Withers (Mar 22)
  • RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)
    • RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
      • Re: hacking the mitsubishi GB-50A Vincent Archer (Mar 25)
      • Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A Joe (Mar 25)
    • Re: hacking the mitsubishi GB-50A Chris Withers (Mar 25)
  • <Possible follow-ups>
  • Re: hacking the mitsubishi GB-50A Steven M. Christey (Mar 26)
    • Re: hacking the mitsubishi GB-50A Chris Withers (Mar 26)
• phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities Guns (Mar 22)
• Google SoC 2008: Security Projects jkouns (Mar 22)
• Safari browser 3.1 (525.13) spoofing jplopezy (Mar 22)
• EfesTech E-Kontr (id) Remote SQL INJECTION dj_remix_20 (Mar 24)
• F5 BIG-IP Web Management Audit Log XSS nnposter (Mar 24)
• Re: Potential SQL injection vulnerability in Apache::AuthCAS dcastro (Mar 24)
• [ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability security (Mar 24)
• Linksys phone adapter denial of service sipherr (Mar 24)
  • Re: Linksys phone adapter denial of service J. Oquendo (Mar 24)
    • Re: Linksys phone adapter denial of service orsino (Mar 24)
      • Re: Linksys phone adapter denial of service J. Oquendo (Mar 24)
      • Re: Linksys phone adapter denial of service Michael VERGOZ (Mar 25)
  • <Possible follow-ups>
  • Re: Re: Linksys phone adapter denial of service sipherr (Mar 24)
• Alkacon OpenCms users_list.jsp searchfilter XSS nnposter (Mar 24)
• ircu/snircd remote crash vulnerability Chris Porter (Mar 24)
• [SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation Thijs Kinkhorst (Mar 24)
• [DSECRG-08-019] LFI in PowerBook 1.21 Digital Security Research Group (Mar 24)
• [DSECRG-08-020] RFI-LFI in PowerClan 1.14a Digital Security Research Group (Mar 24)
• [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b Digital Security Research Group (Mar 24)
• Hamachi Password Disclosure Vulnerability evilcry (Mar 24)
• HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de) zero-x (Mar 24)
• [SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting Thijs Kinkhorst (Mar 24)
• [USN-591-1] libicu vulnerabilities Jamie Strandboge (Mar 24)
• [USN-590-1] bzip2 vulnerability Kees Cook (Mar 24)
• [ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities Robert Buchholz (Mar 24)
• [ GLSA 200803-32 ] Wireshark: Denial of Service Pierre-Yves Rofes (Mar 24)
• aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection arsalan1991 (Mar 25)
• [SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities Noah Meyerhans (Mar 25)
• e107 My_Gallery Plugin Arbitrary File Download Vulnerability Jerome Athias (Mar 25)
• rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements (Mar 25)
• Cuteflow Bin v1.5.0 Local File Inclusion Vuln r57blg (Mar 25)
• rPSA-2008-0123-1 ruby rPath Update Announcements (Mar 25)
• [DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1 Digital Security Research Group (Mar 25)
• CORE-2007-1212: SILC pkcs_decode buffer overflow Core Security Technologies Advisories (Mar 25)
• phpBB PJIRC mod LFI 0in . email (Mar 25)
• Blackboard Academic Suite Multiple XSS Vulnerabilities knight4vn (Mar 26)
• [security bulletin] HPSBTU02322 SSRT080011 rev.1 - HP Tru64 UNIX running SSH/SFTP Server, Remote Execution of Arbitrary Code or Denial of Service (DoS) security-alert (Mar 26)
• Aztech ADSL2/2+ 4 Port remote root sipherr (Mar 26)
• php-addressbook v2.0 SQL Injection Vulnerbility hadihadi_zedehal_2006 (Mar 26)
• Re: Logaholic Web Analytics Software andre (Mar 26)
• Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS Cisco Systems Product Security Incident Response Team (Mar 26)
• Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak Cisco Systems Product Security Incident Response Team (Mar 26)
• [USN-592-1] Firefox vulnerabilities Jamie Strandboge (Mar 26)
• Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers Cisco Systems Product Security Incident Response Team (Mar 26)
• Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 Cisco Systems Product Security Incident Response Team (Mar 26)
• Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
• ZDI-08-013: Novell eDirectory for Linux Stack Overflow zdi-disclosures (Mar 26)
• Invision Power Board <=2.3.x iFrame Vuln shaheemirza (Mar 26)
• Multiple vulnerabilities in solidDB 06.00.1018 Luigi Auriemma (Mar 26)
• [ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities security (Mar 26)
• [USN-593-1] Dovecot vulnerabilities Kees Cook (Mar 27)
• Multiple XSS in DigiDomain xx_hack_xx_2004 (Mar 27)
• [ MDVSA-2008:077 ] - Updated perl-Tk packages fix GIF processing vulnerability security (Mar 27)
• [SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities Moritz Muehlenhoff (Mar 27)
• [USN-596-1] Ruby vulnerabilities Kees Cook (Mar 27)
• [USN-594-1] libnet-dns-perl vulnerability Kees Cook (Mar 27)
• TopperMod 2.0 Remote SQL Injection Vulnerability r57blg (Mar 27)
• [ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking security (Mar 27)
• [securityreason] *BSD libc (strfmon) Multiple vulnerabilities cxib (Mar 27)
  • Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities Christos Zoulas (Mar 27)
• [USN-595-1] SDL_image vulnerabilities Kees Cook (Mar 27)
• JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities r57blg (Mar 27)
  • Re: JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities str0ke (Mar 27)
• [SECURITY] [DSA 1531-1] New policyd-weight packages fix insecure temporary files Thijs Kinkhorst (Mar 27)
• rPSA-2008-0128-1 firefox rPath Update Announcements (Mar 27)
• [SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Mar 28)
• [ MDVSA-2008:079 ] - Updated sarg packages fix multiple vulnerabilities security (Mar 28)
• [SECURITY] [DSA 1533-1] New exiftags packages fix several vulnerabilities Devin Carraway (Mar 28)
• Smf 1.1.4 Remote File Inclusion Vulnerabilities sibertrwolf (Mar 28)
  • Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities Jindrich Kubec (Mar 28)
    • Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities Mike Duncan (Mar 28)
  • <Possible follow-ups>
  • Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities fake (Mar 28)
• Re: Heap overflow in Sybase MobiLink 10.0.1.3629 jsavill (Mar 28)
• [security bulletin] HPSBGN02305 SSRT080004 rev.1 - HP Compaq Business Notebook PC BIOS, Local Denial of Service (DoS) security-alert (Mar 28)
• [security bulletin] HPSBGN02319 SSRT080027 rev.1 - HP Compaq Notebook PC BIOS, Local Unauthorized Access security-alert (Mar 28)
• [security bulletin] HPSBOV02278 SSRT071479 rev.1 - HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access security-alert (Mar 28)
• CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability Williams, James K (Mar 28)
• XChat 2.8.4-1 - Multiple Vulnerabilities evilcry (Mar 28)
  • <Possible follow-ups>
  • Re: XChat 2.8.4-1 - Multiple Vulnerabilities fabio (Mar 28)
  • Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities omnipresent (Mar 31)
• [SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff (Mar 28)
• Immunity Debugger 1.5 Nicolas Waisman (Mar 28)
• Internet explorer 7.0 spoofing jplopezy (Mar 28)
  • <Possible follow-ups>
  • Re: Internet explorer 7.0 spoofing w0lfd33m (Mar 29)
    • Re: Internet explorer 7.0 spoofing mouss (Mar 31)
• [ MDVSA-2008:080 ] - Updated Firefox packages fix multiple vulnerabilities security (Mar 29)
• VMSA-2008-0006 Updated libxml2 service console package VMware Security team (Mar 29)
• CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities hadihadi_zedehal_2006 (Mar 29)
• Proviso SiteKiosk File Download Vulnerability nebelfrost23 (Mar 31)
• Efestech Video v5,0 (id) Remote Sql Injection dj_remix_20 (Mar 31)
• [SECURITY] [DSA 1531-2] New policyd-weight packages fix insecure temporary files Thijs Kinkhorst (Mar 31)
• PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit r57blg (Mar 31)
• London DEFCON meet - DC4420 - New Venue - Wednesday 2nd April, 2008 Major Malfunction (Mar 31)
• [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption Tobias Klein (Mar 31)
• rPSA-2008-0132-1 lighttpd rPath Update Announcements (Mar 31)
• Directory traversal in 2X ThinClientServer v5.0_sp1-r3497 Luigi Auriemma (Mar 31)
• [SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff (Mar 31)
• Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]" Amit Klein (Mar 31)

Previous period

Next period