Bugtraq
- Virex on-access scanning unreliable,
hahn
- [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access,
security-alert
- Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities,
Renaud Lifchitz
- (PHP) mb_send_mail security bypass,
ced . clerget
- (PHP) imap functions bypass safemode and open_basedir restrictions,
ced . clerget
- QwikiWiki v1.4 XSS Vulnerability,
drdeath_2006
- MyBB 1.3 NewSQL Injection,
o . y . 6
- EJ3 TOPo - Cross Site Scripting Vulnerability,
mail
- FarsiNews 2.5Pro Exploit,
hessamx
- [FLSA-2006:181014] Updated gnutls packages fix a security issue,
Marc Deslauriers
- Fedex Kinkos Smart Card Authentication Bypass,
Lance James
- Sourceforge XSS,
liz0
- [FLSA-2006:175818] Updated udev packages fix a security issue,
Marc Deslauriers
- WordPress 2.0.1 Multiple Vulnerabilities,
k4p0k4p0
- [FLSA-2006:157366] Updated PostgreSQL packages fix security issues,
Marc Deslauriers
- [SECURITY] [DSA 983-1] New pdftohtml packages fix several vulnerabilities,
Martin Schulze
- [FLSA-2006:177694] Updated auth_ldap package fixes security issue,
Marc Deslauriers
- [ MDKSA-2005:050 ] - Updated unzip packages fix vulnerabilities,
security
- [FLSA-2006:177326] Updated mod_auth_pgsql package fixes security issue,
Marc Deslauriers
- NETGEAR WGT624 Wireless DSL Firewall/Router vulnerability,
info
- NETGEAR WGT624 Wireless DSL router default user name/password vulnerability,
info
- [ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities,
security
- [eVuln] PerlBlog Multiple Vulnerabilities,
alex
- directory traversal in DirectContact 0.3b,
Donato Ferrante
- PixelArtKingdom TopSites Remote Command Exucetion,
botan
- 2 SQL Injection in d3jeeb,
S3ude
- [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail,
ISecAuditors Security Advisories
- Knowledgebases Remote Command Exucetion,
botan
- Secunia Research: ArGoSoft Mail Server Pro viewheaders Script Insertion,
Secunia Research
- CGI Calendar XSS Vulnerability,
revnic
- 2 SQL Injection in Fantastic News,
S3ude
- phpRPC Library Remote Code Execution,
GulfTech Security Research
- [SECURITY] [DSA 982-1] New gpdf packages fix several vulnerabilities,
Martin Schulze
- Mail Transport System Professional--Open Relay Hole,
Craig Morrison
- [eVuln] Quirex Arbitrary File Disclosure Vulnerability,
alex
- Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion,
kingofska
- Thomson SpeedTouch 500 modems vulnerable to XSS,
preben
- Norton Monitoring Systems funny problems,
Alexander Hristov
- Archive_Zip (Zip file management class) Directory traversal,
h e
- [USN-258-1] PostgreSQL vulnerability,
Martin Pitt
- [ GLSA 200602-14 ] noweb: Insecure temporary file creation,
Thierry Carrez
- [ GLSA 200602-13 ] GraphicsMagick: Format string vulnerability,
Thierry Carrez
- Research paper on covert channels,
matthijs
- announcement: reporting and mitigating botnets,
Gadi Evron
- SQL Injection in DCI-Taskeen,
xx_hack_xx_2004
- PwsPHP Injection SQL on Index.php,
papipsycho
- [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8,
come2waraxe
- ArGoSoft FTP server remote heap overflow,
Jerome Athias
- [FLSA-2006:176731] Updated perl packages fix security issue,
Marc Deslauriers
- [FLSA-2006:158543] Updated gaim package fixes security issues,
Marc Deslauriers
- [FLSA-2006:138098] Updated nfs-utils package fixes security issues,
Marc Deslauriers
- NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3,
NSA Group
- Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability,
nukedx
- Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability,
nukedx
- Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability,
nukedx
- NSA Group Security Advisory NSAG-№201-25.02.2006 Vulnerability SPiD v1.3.1,
NSA Group
- [ MDKSA-2005:048 ] - Updated mplayer packages fix integer overflow vulnerabilities,
security
- iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability,
labs-no-reply
- fwd: SuSE Security Announcement: heimdal (SUSE-SA:2006:011),
Dave McKinney
- [eVuln] Guestex XSS Vulnerability,
alex
- Mambo Multiple Vulnerabilities,
GulfTech Security Research
- TSLSA-2006-0010 - multi,
Trustix Security Advisor
- TSLSA-2006-0008 - multi,
Trustix Security Advisor
- The Domain Name Service as an IDS,
Gadi Evron
- IRM 018: Winamp 5.13 m3u Playlist Buffer Overflow,
Advisories
- SuSE Security Announcement: heimdal (SUSE-SA:2006:010),
Thomas Biege
- Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities,
nukedx
- Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities,
nukedx
- Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability,
nukedx
- [FLSA-2006:162750] Updated sudo packages fix security issue,
Marc Deslauriers
- [FLSA-2006:180036-2] Updated firefox package fixes security issues,
Marc Deslauriers
- [FLSA-2006:180036-1] Updated mozilla packages fix security issues,
Marc Deslauriers
- SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal,
h e
- StuffIt and ZipMagic Family of products Directory traversal,
h e
- WinAce Archiver v2.6 Directory traversal,
h e
- Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal,
h e
- [eVuln] Guestex Shell Command Execution Vulnerability,
alex
- NSA Group Security Advisory NSAG-№200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP,
NSA Group
- NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability ArGoSoft Mail Server Pro,
NSA Group
- Vulnerability in Crypt::CBC Perl module, versions <= 2.16,
Lincoln Stein
- Administrivia: New Bugtraq moderator,
David Ahmad
- NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC,
NSA Group
- NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07,
NSA Group
- NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2,
NSA Group
- NSA Group Security Advisory NSAG-№197-23.02.2006 Vulnerability CubeCart 3.0.0 – 3.0.6,
NSA Group
- HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection,
h4cky0u . org
- Event Speaker,
Pete Herzog
- ZDI-06-002: Adobe Macromedia ShockWave Code Execution,
zdi-disclosures
- [USN-257-1] tar vulnerability,
Martin Pitt
- Secunia Research: WinACE ARJ Archive Handling Buffer Overflow,
Secunia Research
- [eVuln] Teca Diary PE SQL Injection Vulnerability,
alex
- Secunia Research: Visnetic AntiVirus Plug-in for MailServer Privilege Escalation,
Secunia Research
- NOCC Webmail <= 1.0 multiple vulnerabilities,
rgod
- NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability,
NSFOCUS Security Team
- zoo contains exploitable buffer overflows,
Jean-Sébastien Guay-Leroux
- [ MDKSA-2006:047 ] - Updated metamail packages fix vulnerability,
security
- DEF CON 14 is now in effect! The Call for Papers is open.,
The Dark Tangent
- [ MDKSA-2006:045 ] - Updated MySQL packages fix temporary file vulnerability,
security
- South River WebDrive Buffer Overflow Vulnerability,
Adrian Castro
- [INetCop Security Advisory] Global Hauri Virobot cookie exploit,
dong-hun you
- Multiple Injection Vulnerabilities in PHP PEAR::Auth Module,
Matt Van Gundy
- InqTana Through the eyes of Dr. Frankenstein.,
KF (lists)
- [KAPDA::#29]Noah's classifieds multiple vulnerabilities,
alireza hassani
- [SECURITY] [DSA 980-1] New tutos packages fix multiple vulnerabilities,
Michael Stone
- Mozilla Thunderbird : Remote Code Execution & Denial of Service,
Renaud Lifchitz
- [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability,
roozbeh_afrasiabi
- IpSwitch WhatsUp Professional 2006 DoS,
Josh Zlatin
- [ MDKSA-2006:046 ] - Updated tar packages fix vulnerability,
security
- IRM 017: Multiple Vulnerabilities in Infovista Portal SE,
Advisories
- Invision Power Board 2.1.4 Multiple Vulnerabilities,
paisterist . nst
- [ GLSA 200602-11 ] OpenSSH, Dropbear: Insecure use of system() call,
Thierry Carrez
- Quarantine your infected users spreading malware,
Gadi Evron
- PEAR LiveUser File Access Vulnerabilities,
GulfTech Security Research
- H&R Block contact,
Fixer
- Amazon phishing scam on Yahoo servers,
Paul Laudanski
- [USN-254-1] noweb vulnerability,
Martin Pitt
- PunBB 1.2.10 Multiple DoS Vulnerabilities,
k4p0k4p0
- [eVuln] BirthSys SQL Injection Vulnerability,
alex
- [ MDKSA-2006:044 ] - Updated kernel packages fix multiple vulnerabilities,
security
- The New Face of Phishing,
Gadi Evron
- [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack,
addmimistrator
- [USN-256-1] bluez-hcidump vulnerability,
Martin Pitt
- [ GLSA 200602-12 ] GPdf: Heap overflows in included Xpdf code,
Thierry Carrez
- Mozila Thunderbird 1.5 Address Book DoS,
Javor Ninov
- [eVuln] Magic Downloads Unauthorized Data Modification,
alex
- MiniNuke CMS System all versions (pages.asp) SQL Injection,
nukedx
- [eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification,
alex
- Whitepaper by Amit Klein: "HTTP Response Smuggling",
Amit Klein (AKsecurity)
- how to crash apache/php in cpanel,
Ed Wiget
- [BuHa-Security] DoS Vulnerability in Firefox <= 1.0.7,
bugtraq
- grab cookie information with Melange Chat Server 1.10,
Nexus
- [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability,
João Antunes
- [USN-255-1] openssh vulnerability,
Martin Pitt
- [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4,
mkanat
- SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009),
Marcus Meissner
- [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8,
come2waraxe
- Geeklog Remote Code Execution,
GulfTech Security Research
- [eVuln] Time Tracking Software Multiple Vulnerabilities,
alex
- [TZO-062006] Safe'nVulnerable,
Thierry Zoller
- Secunia Research: NJStar Word Processor Font Name Buffer Overflow,
Secunia Research
- Guestbox XSS/an admin bypass,
innate
- More info: gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities,
mkproductions
- [eVuln] Magic Calendar Lite Authentication Bypass,
alex
- update on the linux worm,
Gadi Evron
- [OpenPKG-SA-2006.004] OpenPKG Security Advisory (postgresql),
OpenPKG
- new linux malware,
Gadi Evron
- [OpenPKG-SA-2006.005] OpenPKG Security Advisory (tin),
OpenPKG
- Vulnerability in WinRAR - Phishing based,
preben
- Malware that breaks SSL via Pharming {Emerging Threat},
Lance James
- [operational update] Looking behind the smoke screen of the Internet,
Gadi Evron
- [FLSA-2006:175406] Updated Apache httpd packages fix security issues,
Marc Deslauriers
- [FLSA-2006:152809] Updated squid package fixes security issues,
Marc Deslauriers
- [FLSA-2006:168935] Updated openssh packages fix security issues,
Marc Deslauriers
- [ GLSA 200602-10 ] GnuPG: Incorrect signature verification,
Thierry Carrez
- SLQ Injection vulnerability in WPCeasy,
murfie
- [waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9,
come2waraxe
- ADOdb Library Cross Site Scripting,
GulfTech Security Research
- RCblog exploit [fun],
hessam
- [OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh),
OpenPKG
- [OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo),
OpenPKG
- Tasarim Rehberi Index.PHP Remote Command Exucetion,
botan
- e107 CMS 0.7.2 Chatbox plugin XSS vulnerability,
ssteam . pl
- Coppermine Photo Gallery <=1.4.3 remote code execution,
rgod
- Re: Internet Explorer Phishing mouseover issue,
Paul Szabo
- [ MDKSA-2006:043 ] - Updated gnupg packages fix signature file verification vulnerability,
security
- [ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability,
security
- [ MDKSA-2006:041 ] - Updated bluez-hcidump packages fix buffer overflow vulnerability,
security
- Re: Java script exploit,
3APA3A
- [ MDKSA-2006:040 ] - Updated kernel packages fix multiple vulnerabilities,
security
- BCS Asia 2006 - Call for Papers,
Jim Geovedi
- Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines.,
porkythepig
- [eVuln] CALimba Authentication Bypass Vulnerability,
alex
- Uniden UIP1868P (VoIP phone/gateway) default easy-to-guess password vulnerability,
pagvac
- Sending exact replicas of Distributed.net's worked OGR project files could increase individual's stats.,
spoilt . jesus
- [OpenPKG-SA-2006.001] OpenPKG Security Advisory (gnupg),
OpenPKG
- [eVuln] SmE GB Host Authentication Bypass Vulnerability,
alex
- [eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities,
alex
- [SECURITY] [DSA 978-1] New GnuPG packages fix invalid success return,
Martin Schulze
- [security bulletin] SSRT051023 rev.6 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access,
security-alert
- Password disclosure and remote access in Netcool/NeuSecure Security information management platform,
D.Snezhkov
- [SECURITY] [DSA 979-1] New pdfkit.framework packages fix several vulnerabilities,
Martin Schulze
- Bugs/Security issues with PatchLink's Update Server,
Brian Boner
- RUNCMS 1.3a SQL injection,
h e
- [USN-253-1] heimdal vulnerability,
Martin Pitt
- False positive signature verification in GnuPG,
Werner Koch
- [USN-252-1] gnupg vulnerability,
Martin Pitt
- SNORT Incorrect fragmented packet reassembly,
siouxsie
- Soldier of Fortune II format string through PunkBuster 1.180,
Luigi Auriemma
- [eVuln] Scriptme products BBCode 'url' XSS Vulnerability,
alex
- [ GLSA 200602-08 ] libtasn1, GNU TLS: Security flaw in DER decoding,
Thierry Carrez
- [ GLSA 200602-09 ] BomberClone: Remote execution of arbitrary code,
Thierry Carrez
- [USN-251-1] libtasn vulnerability,
Martin Pitt
- PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions),
rgod
- First WMF mass mailer ItW (phishing Trojan),
Gadi Evron
- Winamp .m3u fun again ;),
Sowhat
- Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability,
federico . alice
- [eVuln] PHP Event Calendar XSS & User's Data Corruption Vulnerabilities,
alex
- Critical SQL Injection PHPNuke <= 7.8 - Your_Account module,
sp3x
- D-Link DWL-G700AP httpd DoS,
innate
- [SECURITY] [DSA 977-1] New heimdal packages fix several vulnerabilities,
Martin Schulze
- What is the state of vulnerability research?,
Steven M. Christey
- Windows Media Player BMP Heap Overflow (MS06-005),
atmaca
- Openwall GNU/*/Linux (Owl) 2.0 release,
Solar Designer
- [myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS,
addmimistrator
- Security advisory: Windows IME Vulnerability (MS06-009),
Ryan Lee
- Kadu Remote Denial Of Service Fun,
Piotr Bania
- [SECURITY] [DSA 972-1] New pdfkit.framework packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 973-1] New OTRS packages fix several vulnerabilities,
Martin Schulze
- [USN-249-1] xpdf/poppler/kpdf vulnerabilities,
Martin Pitt
- [myimei]MyBB 1.0.3~private.php~multiple SqlInjection,
addmimistrator
- [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities,
alex
- honeyd security advisory: remote detection,
Niels Provos
- [security bulletin] SSRT051045 rev.2 - HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote Unauthorized Privileged Access,
security-alert
- MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS,
addmimistrator
- [USN-248-1] unzip vulnerability,
Martin Pitt
- [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities,
alex
- [SECURITY] [DSA 974-1] New gpdf packages fix denial of service,
Martin Schulze
- [eVuln] My Blog BBCode XSS Vulnerabilities,
alex
- [security bulletin] SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal,
security-alert
- XMB Forums Multiple Vulnerabilities,
GulfTech Security Research
- [USN-248-2] unzip regression fix,
Martin Pitt
- Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT,
edubp2002
- [USN-250-1] Linux kernel vulnerability,
Martin Pitt
- Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution,
info
- CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC,
Leandro Meiners
- Vulnerabilites in new laws on computer hacking,
self-destruction
- Re: Vulnerabilites in new laws on computer hacking,
Radoslav Dejanović
- Re: Vulnerabilites in new laws on computer hacking,
Glynn Clements
- Re: Vulnerabilites in new laws on computer hacking,
Jon Gucinski
- <Possible follow-ups>
- RE: Vulnerabilites in new laws on computer hacking,
Craig Wright
- Re: Vulnerabilites in new laws on computer hacking,
ArkanoiD
RE: Vulnerabilites in new laws on computer hacking,
Anthony Cicalla
RE: Vulnerabilites in new laws on computer hacking,
Craig Wright
RE: Vulnerabilites in new laws on computer hacking,
Benson, Sean M
RE: Vulnerabilites in new laws on computer hacking,
Craig Wright
RE: Vulnerabilites in new laws on computer hacking,
Craig Wright
RE: Vulnerabilites in new laws on computer hacking,
dave
RE: Vulnerabilites in new laws on computer hacking,
Craig Wright
iDefense Labs Quarterly Hacking Challenge,
labs-no-reply@xxxxxxxxxxxx
CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC,
Leandro Meiners
[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4,
bugtraq
[myimei]WordPress2.0.0~autorswebsite~XSS attack,
addmimistrator
Cisco Security Advisory: TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products,
Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 976-1] New libast packages fix arbitrary code execution,
Martin Schulze
PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14,
PostgreSQL Security
[SECURITY] [DSA 975-1] New nfs-user-server packages fix arbitrary code execution,
Martin Schulze
[ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation,
Stefan Cornelius
[EEYEB-20051017] Windows Media Player BMP Heap Overflow,
eEye Advisories
iDefense Security Advisory 02.14.06: Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability,
labs-no-reply@xxxxxxxxxxxx
MyBB 1.03 Multible xss and sql injections,
s2b
memory leak in IE?,
David Cross
XSS bugs and SQL injection in sNews,
Alexander Hristov
dotproject <= 2.0.1 remote code execution,
r . verton
[waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions,
come2waraxe
SQL injection in PHP Classifieds 6.20,
audun . larsen
[SECURITY] [DSA 971-1] New xpdf packages fix denial of service,
Martin Schulze
On the "0-day" term,
Steven M. Christey
[SECURITY] [DSA 970-1] New kronolith packages fix cross-site scripting,
Martin Schulze
[ MDKSA-2006:039 ] - Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities,
security
eStara SIP softphone several message-processing vulnerabilities,
zwell
[ GLSA 200602-06 ] ImageMagick: Format string vulnerability,
Thierry Carrez
Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd),
Matthew Murphy
EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution,
rgod
New winamp m3u/pls .WMA & .M3U Extension overflows,
b0fnet
XSS vulnerability in guestbook-php-script,
Micha Borrmann
Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability,
federico . alice
Internet Explorer drag&drop 0day,
Gadi Evron
[SECURITY] [DSA 969-1] New scponly packages fix potential root vulnerability,
Martin Schulze
URL filter bypass in Fortinet,
Mathieu Dessus
Bypass Fortinet anti-virus using FTP,
Mathieu Dessus
Folder Guard password protection bypass,
ShadowBeast
Latest wu-ftpd exploit :-s,
Mark Heiligen
[SECURITY] [DSA 968-1] New noweb packages fix insecure temporary file creation,
Martin Schulze
Everyone's loginName variable Cross Site Scripting Vulnerability,
simo
Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit,
unsecure
[eVuln] phpstatus Authentication Bypass,
alex
[ GLSA 200602-05 ] KPdf: Heap based overflow,
Thierry Carrez
Re: Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:,
please-use-the-support-forum
[eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities,
alex
[eVuln] phphd Multiple Vulnerabilities,
alex
DB_eSession deleteSession() SQL injection,
GulfTech Security Research
[ GLSA 200602-04 ] Xpdf, Poppler: Heap overflow,
Thierry Carrez
DocMGR <= 0.54.2 arbitrary remote inclusion,
rgod
RS-2006-1: Multiple flaws in VHCS 2.x,
Roman Medina-Heigl Hernandez
imageVue16.1 upload vulnerability,
zjieb
[USN-247-1] Heimdal vulnerability,
Martin Pitt
[eVuln] phphg Guestbook Multiple Vulnerabilities,
alex
[eVuln] phpht Topsites Multiple Vulnerabilities,
alex
HiveMail <= 1.3 Multiple Vulnerabilities,
GulfTech Security Research
Linpha <= 1.0 multiple arbitrary local inclusion,
rgod
Corrupt Word file may cause buffer overflow in the Blackberry Attachment Service,
lukew
[security bulletin] SSRT061108 rev.2 - HP Systems Insight Manager Remote Unauthorized Access - Directory Traversal,
security-alert
SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007),
Ludwig Nussel
Secunia Research: Lotus Notes Multiple Archive Handling Directory Traversal,
Secunia Research
FarsiNews 2.5 Multiple Vulnerabilities,
h e
[eVuln] GuestBookHost Authentication Bypass,
alex
Secunia Research: Lotus Notes HTML Speed Reader Link Buffer Overflows,
Secunia Research
runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package,
rgod
TSLSA-2006-0006 - multi,
Trustix Security Advisor
[SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution,
Martin Schulze
Secunia Research: Lotus Notes UUE File Handling Buffer Overflow,
Secunia Research
LayerOne 2006 - Event Update and Announcement,
Layer One
[ Secuobs - Advisory ] Bluetooth : DoS on Nokia cell phones,
Infratech Research
[eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities,
alex
iDEFENSE Security Advisory 02.10.06: IBM Lotus Domino Server LDAP DoS Vulnerability,
labs-no-reply@xxxxxxxxxxxx
CPAINT AJAX Library Cross Site Scripting,
GulfTech Security Research
Secunia Research: Lotus Notes TAR Reader File Extraction Buffer Overflow,
Secunia Research
ProtoVer Sample LDAP testsuite release,
Evgeny Legerov
[security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol,
security-alert
Secunia Research: IBM Lotus Domino iNotes Client Script Insertion Vulnerabilities,
Secunia Research
Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow,
Secunia Research
What can a Remote Vulnerability Scanner do in Future?,
Alice Bryson
[security bulletin] SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access,
security-alert
[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion,
eufrato
[SECURITY] [DSA 966-1] New adzapper packages fix denial of service,
Martin Schulze
John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0,
Solar Designer
ProtoVer SSL: GnuTLS,
Evgeny Legerov
[ MDKSA-2006:038 ] - Updated groff packages fix temporary file vulnerabilities,
security
CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion,
rgod
iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability,
labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS passwd Command Buffer Overflow,
labs-no-reply@xxxxxxxxxxxx
[ MDKSA-2006:036 ] - Updated mozilla packages to address DoS vulnerability,
security
WiredRed EPOP XSS Vulnerability,
Adrian Castro
Re: Re: EasyCMS vulnerable to XSS injection.,
kim
[eVuln] PHP iCalendar File Inclusion Vulnerability,
alex
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS crttrap Arbitrary Library Loading Vulnerability,
vendor-disclosure
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phgrafx Command Buffer Overflow,
labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libAp ABLPATH Buffer Overflow Vulnerability,
vendor-disclosure
Whomp Real Estate Manager XP 2005 Sql Injection,
night_warrior771
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libph PHOTON_PATH Buffer Overflow Vulnerability,
labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 Local Denial of Service Vulnerability,
labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS fontsleuth Command Format String Vulnerability,
vendor-disclosure
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phfont Race Condition Vulnerability,
labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 02.07.06: QNX Neutrino RTOS su Command Buffer Overflow,
labs-no-reply@xxxxxxxxxxxx
[ MDKSA-2006:037 ] - Updated mozilla-firefox packages to address DoS vulnerability,
security
[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts,
addmimistrator
[myimei]MyBB 1.0.2 XSS attack in search.php,
addmimistrator
eyeOS <= 0.8.9 Remote Code Execution,
GulfTech Security Research
[ MDKSA-2006:035 ] - Updated php packages fix vulnerability,
security
Arbitrary code execution via OProfile,
Luís Miguel Silva
High Risk Vulnerability in Lexmark Printer Sharing Service,
NGSSoftware Insight Security Research
MyQuiz Arbitrary Command Execution Exploit (perl),
irc0d3r
crypt_blowfish 1.0,
Solar Designer
[ MDKSA-2006:034 ] - Updated openssh packages fix vulnerability,
security
[ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones,
Research Infratech
(OLD) Eudora WorldMail 3.0 Windows 2000 Remote System Exploit,
markus magnus
Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).,
h . z
mailback script exploit,
coderpunk
cPanel 10 handle.html XSS Vulnerability,
shell
CAIDA analysis on CME-24/BlackWorm,
Gadi Evron
[ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer,
Research Infratech
[ GLSA 200602-03 ] Apache: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC,
Research Infratech
[ GLSA 200602-02 ] ADOdb: PostgresSQL command injection,
Sune Kloppenborg Jeppesen
SECURITY.NNOV: The Bat! 2.x message headers spoofing,
3APA3A
PeopleSoft (Oracle) PSCipher Encryption Weakness,
info
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability,
XFOCUS Security Team
Announcement: Domain Contamination By Amit Klein,
contact
[SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service,
Martin Schulze
DarkStarlings.com XSS Vulnerability,
Will Boyce
[ GLSA 200602-01 ] GStreamer FFmpeg plugin: Heap-based buffer overflow,
Stefan Cornelius
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.,
chinchilla
ProtoVer LDAP vs Commu***te Pro 5.0.7,
Evgeny Legerov
cleartext passwords get into log files,
innate
mwcollect Alliance Launch,
Georg Wicherski
[eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities,
alex
Issues with security software: orbicule.com "Undercover",
Maximillian Dornseif
VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability,
VSR Advisories
PluggedOut Blog SQL injection and XSS,
h e
[KAPDA::#26] - MyTopix Sql Injection & Path Disclosure,
alireza hassani
sql injection in ASP Survey,
mfoxhacker
LoudBlog <= 0.4 arbitrary remote inclusion,
rgod
Internet Explorer remotely exploitable vulnerability in JScript's document.write() method,
porkythepig
CyberShop Ultimate E-commerce Script Cross Site Scripting,
B3g0k
[eVuln] MyQuiz Arbitrary Command Execution Vulnerability,
alex
Re: Winamp 5.12 - 0day exploit - code execution through playlist,
bart sikkes
Outblaze Cross Site Scripting Vulnerability,
simo
Blacklist defenses as a breeding ground for vulnerability variants,
Steven M. Christey
AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability,
shell
Exchangepop3 rcpt buffer overflow vulnerability,
securma
[SECURITY] [DSA 964-1] New gnocatan packages fix denial of service,
Martin Schulze
cPanel Multiple Cross Site Scripting Vulnerability,
simo
Neomail Cross Site Scripting Vulnerability,
simo
Re: Cross Site Cooking,
Yngve Nysaeter Pettersen
[KDE Security Advisory] kpdf/xpdf heap based buffer overflow,
Dirk Mueller
IronMail-5.0.1-Denial of-Service-Protection-Lets-Remote-Users-Deny-Service,
mark
Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.,
Mert Sarıca
[ MDKSA-2006:033 ] - Updated OpenOffice.org packages fix issue with disabled hyperlinks,
security
Re: New worm crawling trough blogs?!,
Nick FitzGerald
[ MDKSA-2006:029 ] - Updated libast packages fixes buffer overflow vulnerability,
security
[ MDKSA-2006:032 ] - Updated xpdf packages fixes heap-based buffer overflow vulnerability,
security
[ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability,
security
[ MDKSA-2006:030 ] - Updated poppler packages fixes heap-based buffer overflow vulnerability,
security
[SLAB] NetBSD / OpenBSD kernfs_xread patch evasion,
SecurityLab Research
The History of the Oracle PLSQL Gateway Flaw,
David Litchfield
security contact @lycos.com,
Spiros Antonatos
CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities,
Williams, James K
Bug for libs in php link directory 2.0,
Mario Oyorzabal Salgado
SoftMaker Shop is vulnerable to XSS,
preben
Black Hat USA CFP opens, Europe early bird reminder, Federal news,
Jeff Moss
[SECURITY] [DSA 963-1] New mydns packages fix denial of service,
Martin Schulze
[ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities,
security
Daffodil CRM - vulnerable to SQL-injection.,
preben
Fcrontab - memory corruption on heap.,
pi3ki31ny
FreeBSD Security Advisory FreeBSD-SA-06:08.sack,
FreeBSD Security Advisories
Re: MyCO multiple vulnerabilities,
office
iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability,
labs-no-reply@xxxxxxxxxxxx
RE: Buffer Overflow /Font on mIRC,
Krpata, Tyler
iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability,
labs-no-reply@xxxxxxxxxxxx
Database Manager Default pass,
fireboynet
Verified evasion in Snort,
at
Re: Workaround for unpatched Oracle PLSQL Gateway flaw,
x
DISIT - OPEN SOURCE DISASSEMBLER ENGINE,
Piotr Bania
[security bulletin] SSRT051007 rev.1 - HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access,
security-alert
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution,
Martin Schulze
[eVuln] SZUserMgnt Authentication Bypass,
alex
ZRCSA-200601: SPIP - Multiple Vulnerabilities,
research
Blackboard Authentication Error,
jdo24
[eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities,
alex
Windows Access Control Demystified,
sudhakar+bugtraq
