Mail Thread Index
- Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038),
Jan Wrobel
- CA BrightStor ARCserve Backup Mediasvr.exe vulnerability,
Williams, James K
- On-going Internet Emergency and Domain Names,
Gadi Evron
- Windows .ANI Stack Overflow Exploit,
devcode29
- PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC,
UniquE
- Remot File Include In SLAED_CMS_2,
RaeD Hasadya
- Remot File Include In Shop-SCRIPT FREE,
RaeD Hasadya
- Remot File Include In Aardvark Topsites PHP 5,
RaeD Hasadya
- Re: Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC,
vaughan . montgomery
- MS announces out-of-band patch for ANI 0day,
Gadi Evron
- 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability,
BorN To K!LL BorN To K!LL
- [SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution,
Noah Meyerhans
- [ GLSA 200703-27 ] Squid: Denial of Service,
Raphael Marichez
- [security bulletin] HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Access,
security-alert
- [ GLSA 200703-28 ] CUPS: Denial of Service,
Raphael Marichez
- Re: Drake CMS v0.3.2 < = RFi Vulnerabilities,
legolas558
- DirectAdmin persistant XSS [takeover an Administrator`s account],
Kanedaaa Bohater
- Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability,
Matousec - Transparent security Research
- Re: Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180),
Pavel Kankovsky
- 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA,
Andrea \"bunker\" Purificato
- Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch),
jamikazu
- Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability,
mufti . rizal
- iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities,
iDefense Labs
- More information on ZERT patch for ANI 0day,
Gadi Evron
- WOVB #01: Bypassing Vista Firewall, Flying over obstructive line,
TWOVB Team
- Re: AIX 4.3 lsmcode local root command execution,
Shiva Persaud
- APOP vulnerability,
Gaëtan LEURENT
- iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability,
iDefense Labs
- [CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007,
rd
- [ GLSA 200704-01 ] Asterisk: Two SIP Denial of Service vulnerabilities,
Sune Kloppenborg Jeppesen
- iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities,
iDefense Labs
- [SECURITY] [DSA 1275-1] New zope2.7 packages fix cross-site scripting flaw,
Noah Meyerhans
- TWOVB][ The Week Of Vista Bugs: the truth is out there,
TWOVB Team
- Re: Exploiting Microsoft dynamic Dns updates,
Denis Jedig
- [MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue,
SecurityAudit
- MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit,
gmdarkfig
- Remote File Include In Script stat12,
RaeD
- MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957],
Tom Yu
- MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216],
Tom Yu
- FLEA-2007-0006-2: ImageMagick,
Foresight Linux Essential Announcement Service
- iDefense Security Advisory 04.03.07: Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability,
iDefense Labs
- MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956],
Tom Yu
- iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability,
iDefense Labs
- FLEA-2007-0007-1: nas,
Foresight Linux Essential Announcement Service
- ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow,
zdi-disclosures
- FLEA-2007-0006-1: ImageMagick,
Foresight Linux Essential Announcement Service
- [SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ GLSA 200704-02 ] MIT Kerberos 5: Arbitrary remote code execution,
Sune Kloppenborg Jeppesen
- Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation,
Jim Hoagland
- [ GLSA 200704-05 ] zziplib: Buffer Overflow,
Raphael Marichez
- [ MDKSA-2007:075 ] - Updated qt4 packages to address utf8 decoder bug,
security
- iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability,
iDefense Labs
- [ GLSA 200704-03 ] OpenAFS: Privilege escalation,
Raphael Marichez
- Three New Papers on Oracle Forensics,
David Litchfield
- rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
rPath Update Announcements
- CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure,
CYBSEC Advisories
- iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability,
iDefense Labs
- CYBSEC Security Pre-Advisory: SAP RFC_START_PROGRAM RFC Function Multiple Vulnerabilities,
CYBSEC Advisories
- lite-cms-0.2.1 Remote File Include Vulnerabilities,
the_3dit0r
- CYBSEC Security Pre-Advisory: SAP RFC_START_GUI RFC Function Buffer Overflow,
CYBSEC Advisories
- CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow,
CYBSEC Advisories
- CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service,
CYBSEC Advisories
- [USN-449-1] krb5 vulnerabilities,
Kees Cook
- CYBSEC Release: SAP Security - Paper & Tool release,
Mariano Nuñez Di Croce
- rPSA-2007-0064-1 ImageMagick,
rPath Update Announcements
- [MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues,
Securityaudit
- [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug,
security
- Remot File Include In phpexplorator_2_0,
RaeD
- [USN-448-1] X.org vulnerabilities,
Kees Cook
- iXon_CMS 0.30 Remote File Include Vulnerabilities,
the_3dit0r
- rPSA-2007-0067-1 nas,
rPath Update Announcements
- K-CMS v1.0 Remote File Include Vulnerabilities,
the_3dit0r
- rPSA-2007-0066-1 kdelibs qt-x11-free,
rPath Update Announcements
- Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy,
the_3dit0r
- phpechocms v.2 Cross-Site Scripting Vulnerabilitiy,
the_3dit0r
- iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability,
iDefense Labs
- phpechocms2 Remote File Include Vulnerabilities,
the_3dit0r
- rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
- MyBlog: PHP and MySQL Blog/CMS software Cross-Site Scripting Vulnerabilitiy,
the_3dit0r
- MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy,
the_3dit0r
- [ MDKSA-2007:076 ] - Updated kdelibs packages to address UTF8 issue in KJS,
security
- Mozilla Firefox Insecure Element Stealth Injection Vulnerability,
Michal Majchrowicz
- rPSA-2007-0062-1 firefox,
rPath Update Announcements
- High Risk Vulnerability in OpenOffice,
NGSSoftware Insight Security Research
- Several Windows image viewers vulnerabilities,
Ivan Fratric
- [SECURITY] [DSA 1277-1] New XMMS packages fix arbitrary code execution,
Noah Meyerhans
- Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection,
r00t-balance
- [ MDKSA-2007:077 ] - Updated krb5 packages fix vulnerabilities,
security
- Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug,
pdp (architect)
- VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates,
VMware Security team
- [ MDKSA-2007:078 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- [ MDKSA-2007:079 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
- LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589,
Chris Travers
- [ MDKSA-2007:080 ] - Updated tightvnc packages fix integer overflow vulnerabilities,
security
- [ MDKSA-2007:081 ] - Updated freetype2 packages fix vulnerability,
security
- iDefense Security Advisory 04.04.07: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability,
iDefense Labs
- iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability,
iDefense Labs
- Microsoft .NET request filtering bypass vulnerability (BID 20753),
research
- iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability,
iDefense Labs
- FLEA-2007-0008-1: krb5,
Foresight Linux Essential Announcement Service
- FLEA-2007-0009-1: xorg-x11 freetype,
Foresight Linux Essential Announcement Service
- Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service,
UniquE
- FLEA-2007-0010-1: evolution,
Foresight Linux Essential Announcement Service
- [security bulletin] HPSBUX02204 SSRT071341 rev.1 - HP-UX Running CIFS Server (Samba), Remote Denial of Service (DoS),
security-alert
- ACLS ineffective in SQL-Ledger and LedgerSMB,
Chris Travers
- ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity,
zdi-disclosures
- phpContact Multiple Remote File Inclusion Vulnerabilities,
rko . thelegendkiller
- [MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue,
Securityaudit
- ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability,
zdi-disclosures
- [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue,
Securityaudit
- [MajorSecurity Advisory #41]onelook courts online - Session fixation Issue,
Securityaudit
- livor 2.5 Cross-Site Scripting Vulnerability,
rko . thelegendkiller
- AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero),
Piotr Bania
- AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption,
Piotr Bania
- AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption,
Piotr Bania
- [SECURITY] [DSA 1278-1] New man-db packages fix arbitrary code execution,
Noah Meyerhans
- LayerOne 2007 - Speaker Line up Announced,
Layer One
- [ GLSA 200704-06 ] Evince: Stack overflow in included gv code,
Raphael Marichez
- [ GLSA 200704-07 ] libwpd: Multiple vulnerabilities,
Raphael Marichez
- PHP <= 5.2.1 wbmp file handling integer overflow,
Ivan Fratric
- [MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues,
Securityaudit
- CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit,
ajannhwt
- witshare 0.9 Remote File Include Vulnerabilitiy,
the_3dit0r
- UBB.threads (<= 6.1.1) SQL Injection Vulnerability,
john
- Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit,
k4rtal
- Gsylvain35 Portail Web Remote File Include Vulnerabilities,
the_3dit0r
- Take Control In Script Jeebles Directory,
RaeD
- phpMyAdmin 2.6.1 Local Cross Site Scripting,
the_3dit0r
- Remot File Include In Script Lore v1,
RaeD
- DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability,
john
- Request It : Song Request System 1.0b - remote file inclusion,
mail
- QuizShock 1.6.1 - Cross-Site Scripting Vulnerability,
john
- Mybb Hot Editor Plugin Local File Inclusion,
liz0
- Hot Editor v4.0 Local File Inclusion,
liz0
- xodagallery Remote Code Execution Vulnerability,
the_3dit0r
- rPSA-2007-0070-1 openoffice.org,
rPath Update Announcements
- iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability,
iDefense Labs
- [USN-450-1] ipsec-tools vulnerability,
Kees Cook
- phpGalleryScript 1.0 - File Inclusion Vulnerabilities,
z12xxa
- DEF CON One Five CfP in effect!,
The Dark Tangent
- EEYE: Windows VDM Zero Page Race Condition Privilege Escalation,
eEye Advisories
- EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation,
eEye Advisories
- Secunia Research: Microsoft Agent URL Parsing Memory Corruption Vulnerability,
Secunia Research
- PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities,
seko
- iDefense Security Advisory 04.10.07: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability,
iDefense Labs
- [ MDKSA-2007:077-1 ] - Updated krb5 packages fix vulnerabilities,
security
- Re: vbulletin admincp sql injection,
rjmjr69
- [ MDKSA-2007:081-1 ] - Updated freetype2 packages fix vulnerability,
security
- [USN-451-1] Linux kernel vulnerabilities,
Kees Cook
- webMethods Glue Management Console Directory Traversal,
Patrick Webster
- [ MDKSA-2007:080-1 ] - Updated tightvnc packages fix integer overflow vulnerabilities,
security
- nEw Bug :D,
asdasd asdsadas
- pL-PHP beta 0.9 - Multiple Vulnerabilities,
omnipresent
- New bug :),
asdasd asdsadas
- [MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue,
admin
- CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability,
john
- Cosign SSO Authentication Bypass,
Jon Oberheide
- Re: Latinchat Denial Of Service,
d4rksoft
- PunBB <= 1.2.14 Remote Code Execution (Exploit),
gmdarkfig
- PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory),
gmdarkfig
- Steganos Encrypted Safe NOT so safe,
frankrizzo604
- [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
- [ MDKSA-2007:083 ] - Updated apache-mod_perl packages fix DoS vulnerability,
security
- [ MDKSA-2007:075-1 ] - Updated qt4 packages to address utf8 decoder bug,
security
- iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities,
iDefense Labs
- [ MDKSA-2007:082 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities,
security
- E107 - (v0.7.8) Access Escalation Vulnerbility - PoC,
jd2k2000
- HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS),
security-alert
- CVE-2007-1871: Cross site scripting in chcounter 3.1.3,
Hanno Böck
- INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows,
infocus
- CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3,
Hanno Böck
- Critical phpwiki c99shell exploit,
rurban
- [security bulletin] HPSBST02206 SSRT071354 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-014,
security-alert
- [security bulletin] HPSBUX01137 SSRT5954 rev.9 - HP-UX Running TCP/IP (IPv4), Remote Denial of Service (DoS),
security-alert
- [ GLSA 200704-08 ] DokuWiki: Cross-site scripting vulnerability,
Matthias Geerdsen
- [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution,
security-alert
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System,
Cisco Systems Product Security Incident Response Team
- Cross site scripting in mephisto 0.7.3,
Hanno Böck
- [security bulletin] HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege,
security-alert
- TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy,
the_3dit0r
- phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites,
the_3dit0r
- Chatness <= 2.5.3 - Arbitrary Code Execution,
jd2k2000
- FAC GuestBook v2.0 remote database disclosure vulnerability,
the_3dit0r
- Aircrack-ng (airodump-ng) remote buffer overflow vulnerability,
jonny
- iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability,
iDefense Labs
- [USN-452-1] KDE library vulnerability,
Kees Cook
- [Argeniss] Hacking Databases for owning your data (paper),
Cesar
- [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed,
Matteo Beccati
- [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed,
Matteo Beccati
- [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue,
admin
- [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke,
come2waraxe
- TSRT-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability,
TSRT
- Vbulletin 3.6.5 Sql Injection ! [misc.php],
seko
- bloofoxCMS 0.2.2 Cross Site Scripting,
the_3dit0r
- VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit,
meftun
- Back-End CMS Database Tables v0.4.7 Cross Site Scripting,
the_3dit0r
- MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities,
the_3dit0r
- FloweRS v2.0 Cross Site Scripting,
the_3dit0r
- Maian Search v1.1,
k4rtal
- Maian Gallery v1.0,
k4rtal
- B2evolution 1.6 RFi,
k4rtal
- MySpeach v1.9,
k4rtal
- Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities,
the_3dit0r
- Flip-search-add-on 2.0,
k4rtal
- Maian Weblog v3.1,
k4rtal
- bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy,
the_3dit0r
- phpMyChat-0.14.5,
k4rtal
- Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability,
irvian_yoe
- Re: sitex multiple vulnerabilities,
Lostmon
- Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities,
?? ???? ??????
- [ GLSA 200704-09 ] xine-lib: Heap-based buffer overflow,
Raphael Marichez
- Re: [exploits] RPC vuln in DNS Server (fwd),
Gadi Evron
- LS simple guestbook - arbitrary code execution,
jd2k2000
- Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln.,
crazy_king
- [MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue,
admin
- ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability,
Matousec - Transparent security Research
- ActionPoll Script (actionpoll.php) Remote File Include // starhack.org,
seko
- MyBlog <= 0.9.8 Remote Command Execution Exploit,
BlackHawk
- Microsoft DNS Server Remote Code execution: Analysis and exploit,
mballano
- Windows DNS Cache Poisoning by Forwarder DNS Spoofing,
Makoto Shiotsuki
- [ GLSA 200704-10 ] Inkscape: Two format string vulnerabilities,
Matthias Geerdsen
- Persistent CSRF and The Hotlink Hell,
pdp (architect)
- iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability,
iDefense Labs
- Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit,
seko
- [ GLSA 200704-11 ] Vixie Cron: Denial of Service,
Matthias Geerdsen
- rPSA-2007-0071-1 kernel,
rPath Update Announcements
- Akamai Technologies Security Advisory 2007-0001,
Akamai Security Team
- [ MDKSA-2007:086 ] - Updated cups packages fix DoS vulnerability,
security
- [ MDKSA-2007:084 ] - Updated ipsec-tools packages fix DoS vulnerability,
security
- [ MDKSA-2007:085 ] - Updated freeradius packages fix DoS vulnerability,
security
- [ GLSA 200704-12 ] OpenOffice.org: Multiple vulnerabilities,
Raphael Marichez
- iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability,
iDefense Labs
- Netsprint Toolbar 1.1 arbitrary remote code vulnerability,
Michal Bucko
- PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities,
programmer
- Remot File Include In Script phphd_downloads,
RaeD
- Remot File Include download_engine_V1.4.3,
RaeD
- Wabbit PHP Gallery v0.9 Cross Site Scripting,
the_3dit0r
- my little weblog Cross Site Scripting,
the_3dit0r
- my little forum 1.7 Remote File Include Vulnerabilitiy,
the_3dit0r
- webMethods Security Advisory: Glue console directory traversal vu lnerability,
Jeremy Epstein
- Internet Explorer Crash,
J. Oquendo
- [security bulletin] HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS),
security-alert
- Multiple Ask IE Toolbar denial of service vulnerabilities,
Michal Bucko
- Gizzar <= (basePath) Remote File Include Vulnerability,
BorN To K!LL BorN To K!LL
- BlueArc Firmware 4.2.944b FTP bounce,
Tim Rupp
- SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass,
research
- ShoutPro 1.5.2 - arbitrary code execution,
jd2k2000
- WASC-Articles: 'The Importance of Application Classification in Secure Application Development',
contact
- Re: [Full-disclosure] A Botted Fortune 500 a Day,
Steven Adair
- n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability,
security
- Mambo/Joomla Component New Article Component RFI,
meftun
- Cross Domain XMLHttpRequest,
Michal Majchrowicz
- [ GLSA 200704-14 ] FreeRADIUS: Denial of Service,
Raphael Marichez
- NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections,
programmer
- Advisory: Bypass Oracle Logon Trigger,
ak
- Advisory: SQL Injection in package SYS.DBMS_AQADM_SYS,
ak
- iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow,
iDefense Labs
- Advisory: SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL,
ak
- Advisory: XSS Vulnerability in Oracle Secure Enterprise Search [SES01],
ak
- Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks,
Praburaajan
- Advisory: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01],
ak
- [ GLSA 200704-13 ] File: Denial of Service,
Raphael Marichez
- Analysis of the Oracle April 2007 Critical Patch Update,
David Litchfield
- iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability,
iDefense Labs
- rPSA-2007-0072-1 lighttpd,
rPath Update Announcements
- rPSA-2007-0073-1 php php-mysql php-pgsql,
rPath Update Announcements
- [ GLSA 200704-15 ] MadWifi: Multiple vulnerabilities,
Raphael Marichez
- rPSA-2007-0074-1 dovecot,
rPath Update Announcements
- MediaBeez Sql query Execution .. Wear isn't ?? :),
security
- Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL,
Team SHATTER
- FullyModdedphpBB2 Remote File Inclusion,
security
- Extreme PHPBB2 Remote File Inclusion,
security
- EclipseBB Remote File Inclusion,
security
- Re: Linksys WAG200G - Information disclosure,
no-mail
- [security bulletin] HPSBST02206 SSRT071354 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-017,
security-alert
- Re: [funsec] Re: [Full-disclosure] A Botted Fortune 500 a Day,
Fergie
- NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities,
john
- ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability,
zdi-disclosures
- ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability,
zdi-disclosures
- ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability,
zdi-disclosures
- ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability,
zdi-disclosures
- ZDI-07-019: BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability,
zdi-disclosures
- ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability,
zdi-disclosures
- [USN-453-1] X.org vulnerability,
Kees Cook
- [ MDKSA-2007:087 ] - Updated php packages fix multiple vulnerabilities,
security
- [ MDKSA-2007:088 ] - Updated php packages fix multiple vulnerabilities,
security
- [ MDKSA-2007:089 ] - Updated php packages fix multiple vulnerabilities,
security
- CfP Hack.lu 2007,
info
- IPB (Invision Power Board) Full Path Disclusure,
security
- [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20,
come2waraxe
- Winamp <= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY),
UniquE
- RaidenFTPd IXceedCompression multiple denial of service vulnerabilities,
Michal Bucko
- Yet another SQL injection framework,
Guillermo Marro
- [security bulletin] HPSBMA02133 SSRT061201 rev.4 - HP Oracle for OpenView (OfO) Critical Patch Update,
security-alert
- [ MDKSA-2007:090 ] - Updated php packages fix multiple vulnerabilities,
security
- [ MDKSA-2007:091 ] - Updated sqlite packages fix vulnerability,
security
- [security bulletin] HPSBST02208 SSRT071365 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-018 to MS07-022,
security-alert
- NeatUpload vulnerability and fix,
dean
- ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability,
zdi-disclosures
- Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org,
seko
- TSLSA-2007-0013 - multi,
Trustix Security Advisor
- iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability,
iDefense Labs
- FLEA-2007-0011-1: lighttpd,
Foresight Linux Essential Announcement Service
- UseBB Version 1.0.4 Path Disclosure Vulnerability,
securityresearch
- Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // starhack.org,
seko
- turbolence core 0.0.1 alpha Remote File Inclusion,
omnipresent
- WS_FTP Home 2007 NetscapeFTPHandler denial of service,
Michal Bucko
- Allfaclassfieds (level2.php dir) remote file inclusion,
asdasd asdsadas
- [ GLSA 200704-17 ] 3proxy: Buffer overflow,
Raphael Marichez
- [Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation,
Reversemode
- claroline <= Multiple Remote File Include Vulnerablitiy,
Mohandko
- lms 1.5.3 Remote File Inclusion,
InyeXion
- EsForum <= 3.0 SQL Injection Vulnerability,
ilkerkandemir
- PHPMyBibli <= Multiple Remote File Include,
Mohandko
- [ GLSA 200704-16 ] Aircrack-ng: Remote execution of arbitrary code,
Raphael Marichez
- File117 Remote File Inclusion,
InyeXion
- Ripe Website Manager (<= 0.8.4) - SQL Injection Vulnerability and Cross-Site Scripting Exploit,
john
- [SECURITY] [DSA 1279-1] New webcalendar packages fix cross-site scripting,
Moritz Muehlenhoff
- [ GLSA 200704-18 ] Courier-IMAP: Remote execution of arbitrary code,
Raphael Marichez
- Remote file inclusion in Joomla 1.5.0 Beta,
Omid
- c-arbre <= Multiple Remote File Include Vulnerablitiy,
Mohandko
- FLEA-2007-0013-1: xine-lib,
Foresight Linux Essential Announcement Service
- bibtex mase Remote File Inclusion,
InyeXion
- FLEA-2007-0012-1: madwifi,
Foresight Linux Essential Announcement Service
- WASC-Articles: 'The business case for security frameworks',
announcements
- Big Blue Guestbook HTML Injection Vulnerabilities,
seko
- 3proxy 0.5.3i bugfix release,
Vladimir Dubrovin
- TJSChat Version 0.95 Cross Site Scripting,
the_3dit0r
- [ MDKSA-2007:092 ] - Updated freeradius packages fix vulnerability,
security
- [ GLSA 200704-19 ] Blender: User-assisted remote execution of arbitrary code,
Raphael Marichez
- [security bulletin] HPSBUX02183 SSRT061243 rev.1 - HP-UX sendmail, Remote Denial of Service (DoS),
security-alert
- [ MDKSA-2007:093 ] - Updated zziplib packages fix vulnerability,
security
- [ GLSA 200704-20 ] NAS: Multiple vulnerabilities,
Raphael Marichez
- acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy,
Mohandko
- DmCMS Shell Uploading,
security
- phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit,
john
- Post Revolution Remote File Inclusion,
InyeXion
- rPSA-2007-0081-1 postgresql postgresql-server,
rPath Update Announcements
- [ GLSA 200704-21 ] ClamAV: Multiple vulnerabilities,
Matthias Geerdsen
- YA Book 0.98 Persistent XSS,
omnipresent
- gallery >> 1.5.6 Remote File Inclusion,
s433d_only_linux
- ImageProcessing ... Local (Denial of Service Exploit),
Dr . Ninux
- Security Advisory: CA CleverPath SQL Injection,
Irene Abezgauz
- [security bulletin] HPSBST02200 SSRT071330 rev.1 - HP StorageWorks Command View Advanced Edition for XP, Local Unauthorized Access,
security-alert
- Progress Webspeed exploit for all releases,
suresync
- [MajorSecurity Advisory #46]Plogger - Session fixation Issue,
admin
- [SECURITY] [DSA 1280-1] New aircrack-ng packages fix arbitrary code execution,
Moritz Muehlenhoff
- 3Com's TippingPoint Denial of Service,
mike20061005
- dcp-portal v611 >> RFi,
s433d_only_linux
- ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities,
zdi-disclosures
- Cisco Security Advisory: Default Passwords in NetFlow Collection Engine,
Cisco Systems Product Security Incident Response Team
- MyNewsGroups >> RFI in include.php,
alijsb
- HYIP Manager Pro Script >> Remote file Include,
alijsb
- WordPress v2.1.3 >> remote file include~,
s433d_only_linux
- HTMLeditbox & 2.2 >> RFI,
alijsb
- DynaTracker &v151>> RFI,
alijsb
- netbingo v 2000 >> RFI,
alijsb
- phpMYTGP v v1.4b >> RFI,
alijsb
- [SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities,
Moritz Muehlenhoff
- sunshop v4 >> RFI,
info
- Shop-Script v 2.0 >> RFI,
alijsb
- adrevenue script (CyKuH.com)>> RFI,
alijsb
- B2 Weblog and News Publishing Tool v0.6.1 >> RFI,
alijsb
- Searchactivity >> RFI,
alijsb
- Built2Go_PHP_Link_Portal_v1.79 >> RFI,
alijsb
- comus 2.0 Final >> RFI,
alijsb
- blogsystem 1.4 >> local & remote = -rfi & lfi & -xss,
info
- ASA-2007-010: Two stack buffer overflows in SIP channel's T.38 SDP parsing code,
Kevin P. Fleming
- ASA-2007-011: Multiple problems in SIP channel parser handling response codes,
Kevin P. Fleming
- nucleus 3.22 >> RFI,
alijsb
- download engine V1.4.1 >> RFI (local),
alijsb
- CFP: 3rd European Conference on Computer Network Defense (EC2ND),
Stefano Zanero
- Remote File Inclusion,
s433d_only_linux
- VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include,
s433d_only_linux
- IE 7 and Firefox Browsers Digest Authentication Request Splitting,
Stefano Di Paola
- ASA-2007-012: Remote Crash Vulnerability in Manager Interface,
Kevin P. Fleming
- :doruk100net >> RFI,
alijsb
- [CAID 35277]: CA CleverPath Portal SQL Injection Vulnerability,
Williams, James K
- [USN-453-2] rdesktop regression,
Martin Pitt
- [ MDKSA-2007:094 ] - Updated postgresql packages fix vulnerability,
security
- [CAID 35198, 35276]: CA BrightStor ARCserve Backup Media Server Vulnerabilities,
Williams, James K
- modbuild >> 4.1 Remote File Inclusion,
s433d_only_linux
- SineCMS,
nexus
- Re: Chicken of the VNC 2.0 remote DoS,
support
- Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability,
dj_remix_20
- [SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities,
Moritz Muehlenhoff
- iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability,
iDefense Labs
- TSLSA-2007-0015 - postgresql,
Trustix Security Advisor
- FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6,
FreeBSD Security Advisories
- [USN-455-1] PHP vulnerabilities,
Martin Pitt
- [USN-454-1] PostgreSQL vulnerability,
Martin Pitt
- iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability,
iDefense Labs
- Security Concerns in Web 2.0,
dharmeshmm
- AFFLIB(TM): Time-of-Check-Time-of-Use File Race,
VSR Advisories
- AFFLIB(TM): Multiple Buffer Overflows,
VSR Advisories
- AFFLIB(TM): Multiple Format String Injections,
VSR Advisories
- AFFLIB(TM): Multiple Shell Metacharacter Injections,
VSR Advisories
- [ GLSA 200704-23 ] capi4k-utils: Buffer overflow,
Raphael Marichez
- [ GLSA 200704-22 ] BEAST: Denial of Service,
Raphael Marichez
- Sphider Version 1.2.x (include_dir) file include,
1one1
- Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability,
ilkerkandemir
Mail converted by MHonArc