Bugtraq

Date Index

New SecurityFocus mailing list: Focus-Apple, Marc Fossi
Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities, Secunia Research
file include exploit in Support Cards v1, black code
toendaCMS 0.7.0 Cross Site Scripting, kubasx
[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution, Martin Schulze
QontentOneCMS v1.0, luny
# MHG Security Team --- PHP NUKE All version Remote File Inc., erne
pppBlog <= 0.3.8 administrative credentials/system disclosure, rgod
Xss exploit in Chipmunk directory, black code
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities, enji
WebCalendar-1.0.3 reading of any files, socsam
[ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities, Stefan Cornelius
[ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities., security
[ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability, Stefan Cornelius
Fire fox dos exploit, co296
- Re: Fire fox dos exploit, Josh Zlatin-Amishav
Backdoor in RelevantKnowledge adware (What are we fighting for?), 3APA3A
OaBoard 1.0 Remote File inclusion, hessamx
WBB<--v2.3.4"misc.php" SQL injection Vulnerability, CrAzY . CrAcKeR
NorthStudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
Bratpack Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
phpMyDesktop|arcade 1.0 FINAL Code Execution, darkgod . xsf
4nNukeWare<--V 0.91 SQL Injection exploits, CrAzY . CrAcKeR
Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., Robert
[KAPDA::#46] - Nukedit Unauthorized Admin Add, farhadkey
multiple Xss exploits in : vCard 2.9, black code
RE: Multiple Xss exploits in coolphp magazine, black code
Multiple Xss exploits in Chipmunk Board, black code
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities, Moritz Muehlenhoff
WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck
New SMB and DCERPC features on Impacket released with doc, Gerardo Richarte
Foing Remote File Include Vulnerability [PHPBB], s3rv3r_hack3r
UBBThreads 5.x,6.x md5 hash disclosure, chris
[KAPDA::#45] - geeklog multiple vulnerabilities, alireza hassani
Xss exploit in Photoalbum B&W v1.3, black-cod3
VARIOMAT(advanced cms tool)SQL injection/XSS, CrAzY . CrAcKeR
Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability, Mustafa Can Bjorn IPEKCI
- RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability, austin best
Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
- RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities, Egg
Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities, Mustafa Can Bjorn IPEKCI
Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities., Mustafa Can Bjorn IPEKCI
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability, Mustafa Can Bjorn IPEKCI
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
JAMES 2.2.0 <-- Denial Of Service, y3dips
multiple file include exploits in EzUpload Pro v2.10, black-cod3
Buffer overflow in QuickTime 7.0.4?, John Richard Moser
[USN-288-1] PostgreSQL server/client vulnerabilities, Martin Pitt
[USN-287-1] Nagios vulnerability, Martin Pitt
[SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal, Steve Kemp
[SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities, Martin Schulze
html Guest Gear, pieisgdvgd
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda
- Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, Andreas Beck
D-Link DSA-3100 Cross-Site Scripting, jaime . blasco
[SECURITY] [DSA 1078-1] New tiff packages fix denial of service, Martin Schulze
Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit, ajannhwt
sql injection in PHPcafe.net Tutorial Manager, black-cod3
Multiple Xss exploits in ar-blog v 5.2, black-cod3
Xss exploit in Chipmunk guestbook, black-cod3
Critical sql injection in saphplesson 2.0, black-cod3
InternerExplorer error: ECMAScript interpreter stack overflow, sehato
Symantec antivirus software exposes computers, Michael Scheidell
rPSA-2006-0083-1 enscript, Justin M. Forbes
Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password, Cemil Degirmenci
rPSA-2006-0084-1 fetchmail, Justin M. Forbes
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib
LM hashes in a hot-desking environment, feedb4ck
- Re: LM hashes in a hot-desking environment, 3APA3A
- Re: LM hashes in a hot-desking environment, Ansgar -59cobalt- Wiechers
  - Re: LM hashes in a hot-desking environment, The Little Prince
- RE: LM hashes in a hot-desking environment, Roger A. Grimes
[ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability., security
Morris Guestbook v1, luny
Smile Guestbook v1, luny
Pretty Guestbook v1, luny
MyYearBook.com - XSS, luny
Vacation Retal Script v1.0, luny
Super Link Exchange Script v1.0, luny
PHPSimple Choose v0.3, luny
iBoutique.MALL - Directory Traversal, luny
XSS Vulnerability on Vodafone, try_og
rPSA-2006-0080-1 postgresql postgresql-server, Justin M. Forbes
On the Recent PGP and Truecrypt Posting, jon
- Re: On the Recent PGP and Truecrypt Posting, John Pettitt
  - Re: On the Recent PGP and Truecrypt Posting, Jon Callas
    - Message not available
    - Re: On the Recent PGP and Truecrypt Posting, Jon Callas
    - Re: On the Recent PGP and Truecrypt Posting, Andreas Beck
[OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils), OpenPKG
XSS Vulnerability on www.my6d.com Connection Work System, spymeta
Seditio Cross Site Scripting Vulnerability, mail
Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities, ajannhwt
Assetman <= 2.4a XSS, zerogue
ByteHoard <= 2.1 multiple vulnerabilities, zerogue
PHP AGTC-Membership system <= v1.1a XSS, zerogue
PHPResidence <= 0.6 XSS, zerogue
Plume CMS Remote File Include, beford
Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood
my Web Server << v-1.0 Denial of Service Exploit, s3rv3r_hack3r
- Re: my Web Server << v-1.0 Denial of Service Exploit, str0ke
Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities, ajannhwt
[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability, admin
qjForum(member.asp) SQL Injection Vulnerability, ajannhwt
phpjobboard Authecnical admin byPass, alp_eren
Toasts Forums 1.6.44 in Xss, ajannhwt
Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities, ajannhwt
XSS in Monster Top List | MTL 1.4, V8f3
Docebo LMS 2.05 Remote File Include, beford
XSS in Omegasoft's Insel, MC Iglo
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution, Martin Schulze
ASLR now built into Vista, David Litchfield
- Re: [Full-disclosure] ASLR now built into Vista, c0ntex
  - Re[2]: [Full-disclosure] ASLR now built into Vista, 3APA3A
[BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2, bugtraq
[BuHa-Security] DoS Vulnerability in MS IE 6 SP2, bugtraq
- Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2, ad@xxxxxxxxxxxxxxxx
V-Webmail 1.6.4 Remote File Include, beford
- Re: V-Webmail 1.6.4 Remote File Include, Ventsislav Genchev
[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service, Martin Schulze
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service, Martin Schulze
TSLSA-2006-0030 - multi, Trustix Security Advisor
Addendum, ennead@xxxxxxxxxxxxx
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie, farhadkey
Pre Shopping Mall v1.0, luny
CMS Mundo V1.0, luny
iFdate v1.2, luny
sql injection in phpWebSite 0.8.3, help-users
A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., 3APA3A
- Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., Alexander Klimov
- RE: [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., phugo
- <Possible follow-ups>
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ennead@xxxxxxxxxxxxx
- Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ahariri
- RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., thesinoda
- Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin
ChatPat v1.0, luny
[CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other., support
Wordpress <=2.0.2 'cache' shell injection, rgod
- Re: Wordpress <=2.0.2 'cache' shell injection, pokley
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15, PostgreSQL Security
Hackernetwork Mail Xss[Search] Vulnerability, ajannhwt
iFlance v1.1, luny
rPSA-2006-0082-1 vixie-cron, Justin M. Forbes
Drupal <= 4.7 attachment/mod_mime remote code execution, rgod
Pre News Manager v1.0, luny
GuestbookXL 1.3, luny
[USN-286-1] Dia vulnerabilities, Martin Pitt
Bulletin Board Elite-Board v.1.1, luny
Realty Pro One Property Listing Script, luny
- <Possible follow-ups>
- RE: Realty Pro One Property Listing Script, Krpata, Tyler
Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, phpnuke
phpFoX All Version Login Exploit, mx
Kaspersky antivirus 6: POP3 state machine error, bug . registrator
- <Possible follow-ups>
- Re: Kaspersky antivirus 6: POP3 state machine error, denisov_vit
VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow, advisories
[ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities, security
[ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability, security
[ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc, security
[ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability, security
[ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption, security
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1074-1] New mpg123 packages fix arbitrary code execution, Martin Schulze
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting, jaime . blasco
Diesel Joke Site SQL INJECTION, a_linuxer
NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability, info
Vodafone.de XSS Vulnerability, try_og
Default Screen Saver Vulnerability in Microsoft Windows, susam . pal
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Eliah Kagan
- Re: Default Screen Saver Vulnerability in Microsoft Windows, Ansgar -59cobalt- Wiechers
  - Re: Default Screen Saver Vulnerability in Microsoft Windows, Jason V. Miller
YLZH(right.php)Cross Site Scripting, Breeeeh
Mambo <= 4.6. RC1 xss, rgod
Publicist v0.95 - XSS And Full Path Errors, luny
AlstraSoft Web Host Directory v1.2, luny
Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229), Luigi Auriemma
Server termination in netPanzer 0.8 (rev 952), Luigi Auriemma
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation, security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert
[USN-285-1] awstats vulnerability, Martin Pitt
DGbook v1.0 - XSS, luny
[security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access, security-alert
Alstrasoft Article Manager Pro v1.6, luny
AlstraSoft E-Friends - XSS, luny
phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!), ajannhwt
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege, security-alert
Nucleus CMS <= 3.22 arbitrary remote inclusion, rgod
Non eXecutable Stack Lovin on OSX86, KF (lists)
[OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap), OpenPKG
Kaspersky antivirus 6: HTTP monitor bypassing, john
- <Possible follow-ups>
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, denisov_vit
- Re: Kaspersky antivirus 6: HTTP monitor bypassing, dmitryp . spm
SkyeShoutbox <= v.1.2.0 XSS, zerogue
Russcom Ping Remote code execution, zerogue
Russcom PHPImages lack of validation, zerogue
QBv14 XSS, zerogue
IpLogger <= 1.7 XSS, zerogue
- <Possible follow-ups>
- Re: IpLogger <= 1.7 XSS, thrasher . basher
DSChat <= 1.0 XSS, zerogue
Chatty improper input sanitizing, zerogue
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability, zdi-disclosures
Circumventing quarantine control in Windows 2003 and ISA 2004, Memet Anwar
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, 3APA3A
- RE: Circumventing quarantine control in Windows 2003 and ISA 2004, Roger A. Grimes
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Mark Senior
- Re: Circumventing quarantine control in Windows 2003 and ISA 2004, Andreas Beck
Hackernetwork.Com Mail XSS Vulnerability, TeufeL Online
Microsoft Internet Explorer - Crash on mouse button click, mac68k
- <Possible follow-ups>
- Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
    - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
  - Message not available
    - Re: Microsoft Internet Explorer - Crash on mouse button click, unknown user
- RE: Microsoft Internet Explorer - Crash on mouse button click, Jain, Siddhartha
- Re: Microsoft Internet Explorer - Crash on mouse button click, mac68k
Remote Code Execution in artmedic Newsletter 4.1 [log.php], c . j . schmitz
TSLSA-2006-0028 - multi, Trustix Security Advisor
phpRaid "view.php" XSS Vulnerability, TeufeL Online
Beoped Portal XSS, outlaw
SOE's implementation of Lithium Forums Software allows users to log on as each other., john
CANews Multiple Vulnerabilities, omnipresent
mybb v1.1.1(rss.php) SQL Injection Exploit, Breeeeh
- <Possible follow-ups>
- Re: mybb v1.1.1(rss.php) SQL Injection Exploit, Steven M. Christey
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution, Martin Schulze
ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service, ACROS Security
[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities, Martin Schulze
[security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS), security-alert
BitZipper Archive Extraction Directory traversal, h e
Prodder Remote Arbitrary Command Execution, RedTeam Pentesting
Perlpodder Remote Arbitrary Command Execution, RedTeam Pentesting
[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities, Martin Schulze
Skype - URI Handler Command Switch Parsing, Brett Moore
[KAPDA::#43] - phpwcms multiple vulnerabilities, alireza hassani
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06, Marc Schoenefeld
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, EitanCaspi@xxxxxxxxx
- Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user, Roman Drahtmueller
[ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities, Stefan Cornelius
[ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows, Stefan Cornelius
[TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart, Thierry Zoller
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit, rgod
Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions, milw0rm
PHP Easy Galerie Index.PHP Remote File Include Vulnerability, craziest
Captivate 1.0 - XSS Vuln, luny
[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities, Moritz Muehlenhoff
Destiney Links Script v2.1.2, luny
Destiney Rated Images Script v0.5.0 - XSS Vulnv, luny
- <Possible follow-ups>
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, webmaster
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, Steven M. Christey
PunBB 1.2.11 Cross site scripting, k4p0k4p0
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities, Moritz Muehlenhoff
- <Possible follow-ups>
- [SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities, Moritz Muehlenhoff
Hiox Guestbook 3.1, luny
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service, Moritz Muehlenhoff
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, i6d
- <Possible follow-ups>
- Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability, farhadkey
cPanel OpenBaseDir Bypass, i6d
[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff
Re: NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2, fredck
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities, Moritz Muehlenhoff
Xtremescripts Topsites v1.1, luny
RaceEventManagement <--v0.7.6 SQL injection & XSS, Mster-X
Interlink "news_information.php" XSS, Mster-X
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability, i6d
[SECURITY] [DSA 1065-1] New hostapd packages fix denial of service, Moritz Muehlenhoff
Re: NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC, fredck
phpBazar <= 2.1.0 Multiple vulnerabilites, i6d
[SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code, Moritz Muehlenhoff
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code, Moritz Muehlenhoff
CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command, Leandro Meiners
Jemscripts Download Control v1.0, luny
[SECURITY] [DSA 1061-1] New popfile packages fix denial of service, Moritz Muehlenhoff
Yourfreeworld.com Short Url & Url Tracker Script, luny
[SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation, Moritz Muehlenhoff
[SECURITY] [DSA 1062-1] New kphone packages fix information disclosure, Moritz Muehlenhoff
Yourfreeworld Styleish Text Ads Script, luny
[SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities, Martin Schulze
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities, security
Sun single-CPU DOS, Doug Hughes
- Re: Sun single-CPU DOS, Mike O'Connor
  - Re: Sun single-CPU DOS, Doug Hughes
    - Re: Sun single-CPU DOS, Mike O'Connor
    - Re: Sun single-CPU DOS, Doug Hughes
    - Re: Sun single-CPU DOS, Mike O'Connor
    - Re: Sun single-CPU DOS, Mike O'Connor
    - Re: Sun single-CPU DOS, Doug Hughes
Code Injection via Hidden Form Field Manipulation, mtoren
Myspace Friend Train v2.8, luny
Re: MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability, gyzmo77
POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
- Re: POC exploit for freeFTPd 1.0.10, Sanjay Rawat
- <Possible follow-ups>
- Re:POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
- Re: POC exploit for freeFTPd 1.0.10, Tauqeer Ahmad
FrontRange iHeat Vulnerability, mcdanielar
XSS in orkut.com, Rohin Koul
- Re: XSS in orkut.com, Google Security Team
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution, Martin Schulze
Gmail/Gtalk web client DoS, dan
AspBB Forum "profile.asp & default.asp" XSS Vulnerability, TeufeL Online
[Info Disclosure] Diesel PHP Job Site Latest Version, Matt Gibson
- <Possible follow-ups>
- Re: [Info Disclosure] Diesel PHP Job Site Latest Version, support
  - Re: [Info Disclosure] Diesel PHP Job Site Latest Version, GulfTech Security Research
[cosmoshop again] sql injection + view all files as admin user, innate
Multiple Vulns in Bitrix CMS, Gogi The Georgian
CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload, CodeScan Labs
Wargamming Network.., Dusty
Gawab.com Register Xss Bugtraq, rootter
RadLance Local Inclusion Exploit, Hussain Salim
HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, h4cky0u . org
OpenWiki<--v0.78 Cross-Site Scripting, LiNuX_rOOt1
Boastmachine Cross Site Scripting Vulnerability, mail
Mobotix IP Network Cameras Multiple XSS, jaime . blasco
Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Two heap overflow in libextractor 0.5.13 (rev 2832), Luigi Auriemma
DIMVA 2006 - Call For Participation, Thomas Biege
Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Debasis Mohanty
- <Possible follow-ups>
- Re: Firefox (with IETab Plugin) Null Pointer Dereferences Bug, Roman Daszczyszak
What's Up Professional Spoofing Authentication Bypass, Kenneth F. Belva
- Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass, David Maciejak
VNC_bypauth: vnc scanner multithreaded linux & windows, ad@xxxxxxxxxxxxxxxx
Re: Zen Cart login.php SQL Injection Vulnerability, noreply
Newsportal <= 0.36 Remote File Inclusion Vulnerability, philipp . niedziela
iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@xxxxxxxxxxxx
Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability., Mustafa Can Bjorn IPEKCI
Maksymilian Arciemowicz, cxib
- Re: Maksymilian Arciemowicz, frantisek holop
ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen
DeluxeBB <= v1.06 attachment mod_mime exploit, rgod
UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen
PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure, rgod
vulnerability details, Arnold Grossmann
The Weakness of Windows Impersonation Model, Brian L. Walche
- Re: The Weakness of Windows Impersonation Model, David Litchfield
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche
  - Re[2]: The Weakness of Windows Impersonation Model, Brian L. Walche
    - Re: Re[2]: The Weakness of Windows Impersonation Model, Cesar
Caucho Resin Windows Directory Traversal Vulnerability, advisory
Checkpoint SYN DoS Vulnerability, sanjay naik
- Re: Checkpoint SYN DoS Vulnerability, Pawel Worach
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik
    - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja
    - Re: Checkpoint SYN DoS Vulnerability, Jim Clausing
    - Re: Checkpoint SYN DoS Vulnerability, Erick Mechler
    - Re: Checkpoint SYN DoS Vulnerability, Bojan Zdrnja
- Re: Checkpoint SYN DoS Vulnerability, Chris Brenton
  - Re: Checkpoint SYN DoS Vulnerability, sanjay naik
    - Re: Checkpoint SYN DoS Vulnerability, Niranjan S Patil
- <Possible follow-ups>
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik
- Re: Re: Checkpoint SYN DoS Vulnerability, jrh57
- RE: Checkpoint SYN DoS Vulnerability, Sterling, Chuck
- Re: Checkpoint SYN DoS Vulnerability, sanjay naik
ScanAlert Security Advisory, Joseph Pierini
Newsportal: code injection vulnerability, newsportal
IceWarp Cross-Site Scripting(XSS), LiNuX_rOOt1
Sphider Multiple Xss Vulnerabilities, Soothackers
PhpRemoteView Multiple Xss Vulnerabilities, Soothackers
Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9, David Maciejak
DeluxeBB 1.06 Remote SQL Injection Exploit, kingofska
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability, geinblues
Confixx 3.1.2 <= Code Injection, Snake_23
[USN-284-1] Quagga vulnerabilities, Martin Pitt
Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
Novell NDPS Remote Vulnerability (Server & Client), Ryan Smith
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Juha-Matti Laurio
- <Possible follow-ups>
- RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Krpata, Tyler
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Matt Venzke
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector), Leandro Meiners
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector), Leandro Meiners
Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research
tyree[at]users.sourceforge.net, tyree
Azboard <= 1.0 Multiple Sql Injections, geinblues
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit, rgod
RealVNC 4.1.1 Remote Compromise, James Evans
- Message not available
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Joachim Schipper
- <Possible follow-ups>
- re: RealVNC 4.1.1 Remote Compromise, plato
DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop', KF (lists)
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak, Martin Schulze
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection, bonsite
90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- <Possible follow-ups>
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., sirdarckcat
- Re: 90% of programs made in PHP5 and prior Full Path Disclosure vuln., Kamil Sienicki
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Marc Schoenefeld
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, William Starling
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space, Leif Erik Andersen (at Seven)
Is MS06-018 a DoS or a system compromise ?, Nick Boyce
- RE: Is MS06-018 a DoS or a system compromise ?, Maxime Ducharme
- <Possible follow-ups>
- RE: Is MS06-018 a DoS or a system compromise ?, Hayes, Bill
  - Re: Is MS06-018 a DoS or a system compromise ?, Nick Boyce
[USN-274-2] MySQL vulnerability, Martin Pitt
[SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting, Martin Schulze
PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid), rgod
SQL-Injection in e107 allows attacker to become a site admininstrator, socsam
[FLSA-2006:164512] Updated fetchmail packages fix security issues, Marc Deslauriers
Server crash in Empire 4.3.2, Luigi Auriemma
[FLSA-2006:152923] Updated xloadimage package fixes security issues, Marc Deslauriers
[FLSA-2006:152904] Updated ncpfs package fixes security issues, Marc Deslauriers
Gphotos Directory Traversal and Cross Site Scripting, doz
Socket unreachable in GNUnet rev 2780, Luigi Auriemma
[FLSA-2006:185355] Updated gnupg package fixes security issues, Marc Deslauriers
Multiple vulnerabilities in Raydium rev 309, Luigi Auriemma
Multiple vulnerabilities in Outgun 1.0.3 bot 2, Luigi Auriemma
[FLSA-2006:152868] Updated tetex packages fix security issues, Marc Deslauriers
Buffer-overflow and NULL pointer crash in Genecys 0.2, Luigi Auriemma
[FLSA-2006:152898] Updated emacs packages fix a security issue, Marc Deslauriers
# MHG Security Team --- Gallery Upload Vulnerabilities, Dj_ReMix_20
PHP Live Helper ASP(chat.php) XSS, mster-X
Several flaws in e-business designer (eBD), Pedro Andújar
Dovecot IMAP: Mailbox names list disclosure with mboxes, Timo Sirainen
SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure, Bernhard Mueller
Dokeos LDAP hole fixed, thomas . depraetere
PHPBB 2.0.20 persistent issues with avatars, rgod
- Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
- <Possible follow-ups>
- Re: PHPBB 2.0.20 persistent issues with avatars, s89df987 s9f87s987f
  - Re: PHPBB 2.0.20 persistent issues with avatars, Paul Laudanski
[EEYEB-20060307] Apple QuickTime FPX Integer Overflow, eEye Advisories
TSLSA-2006-0026 - kernel, Trustix Security Advisor
Apple QuickDraw/QuickTime Multiple Vulnerabilities, Avert
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB], botan
How secure is software X?, David Litchfield
- Re: How secure is software X?, Adam Shostack
- Re: How secure is software X?, Tim Newsham
- Re: [Full-disclosure] How secure is software X?, Michael Silk
  - Re: [Full-disclosure] How secure is software X?, David Litchfield
- Re: How secure is software X?, Paul B. Saitta
- Re: How secure is software X?, Fabian Becker
  - Re: How secure is software X?, Matt . Carpenter
    - Re: How secure is software X?, Duncan Simpson
  - Re: How secure is software X?, Crispin Cowan
- <Possible follow-ups>
- RE: How secure is software X?, Ferguson, Justin (IARC)
  - Re: How secure is software X?, David Litchfield
ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability, zdi-disclosures
yet more XSS in older versions of ColdFusion, zuxncwaruio
Re: Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability, jason . gerfen
Apple QuickTime udta ATOM Heap Overflow, Sowhat
Ipswitch WhatsUp Professional multiple flaws, David Maciejak
[ GLSA 200605-13 ] MySQL: Information leakage, Sune Kloppenborg Jeppesen
phpBB "charts.php" XSS and SQL-Injection, sn4k3 . 23
- <Possible follow-ups>
- Re: phpBB "charts.php" XSS and SQL-Injection, g30rg3x
- Re: phpBB "charts.php" XSS and SQL-Injection, phpbb
Verizon Voicewing and Linksys PAP2-VN, securityfocus
Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Microsoft MSDTC NdrAllocate Validation Vulnerability, avert
[SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution, Martin Schulze
[TZO-042006] Insecure Auto-Update and File execution (2), Thierry Zoller
Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion, rgod
[ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities, security
Cisco Security Advisory: AVS TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, Greg owens
- <Possible follow-ups>
- RE: SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure, John Stuppi (jstuppi)
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability, zdi-disclosures
Kerio WinRoute Firewall Protocol Inspection Denial, SnoBMSN
[48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL, 48Bits.com [I+D Team]
vbulletin security Alert, aura
- <Possible follow-ups>
- Re: vbulletin security Alert, scott
PhpListPro 2.01 Remote File Include Vulnerability, SnoBMSN
- <Possible follow-ups>
- Re: PhpListPro 2.01 Remote File Include Vulnerability, not
[TZO-042006] Insecure Auto-Update and File execution, Thierry Zoller
mybb v1.1.1(showthread.php) SQL Injection Exploit, Breeeeh
Firefox 1.5.0.3 - DoS, p4 . werterxyz
- Re: Firefox 1.5.0.3 - DoS, Chris Horry
  - Re: Firefox 1.5.0.3 - DoS, RSnake
- Re: Firefox 1.5.0.3 - DoS, Flavio Visentin
- Re: Firefox 1.5.0.3 - DoS, Ronald van den Blink
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 - DoS, marrob
- Re: Re: Firefox 1.5.0.3 - DoS, Ronald
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities, security
UBlog Remote XSS Exploit, SnoBMSN
Re: Milliscript 1.4 Multiple Vulnerabilities, webmaster
Oracle - the last word, David Litchfield
- <Possible follow-ups>
- Re: Oracle - the last word, Steven M. Christey
  - RE: Oracle - the last word, Lee Kelly
    - RE: Oracle - the last word, Iggy E
  - Re: Oracle - the last word, Stefano Di Paola
Hackmaster Group DMCounter Remote File Include, c-w-m
[ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability, security
Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code, Brian Gallagher
[ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow, Sune Kloppenborg Jeppesen
[ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution, Sune Kloppenborg Jeppesen
[ GLSA 200605-11 ] Ruby: Denial of Service, Sune Kloppenborg Jeppesen
# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities, Dj_ReMix_20
IBM Websphere Application Server Multiple Vulnerabilities, SnoBmsn
[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution, Martin Schulze
[Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
- <Possible follow-ups>
- Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, marco . correnti
  - Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption, Reversemode
Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games, Thilo Schulz
ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability, zdi-disclosures
IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Thierry Zoller
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Hugo van der Kooij
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, Felipe openglx
- <Possible follow-ups>
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING, king_purba
[EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow, eEye Advisories
[EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service, eEye Advisories
# MHG Security Team --- DuGallery V2.x SQL Injection, Dj_ReMix_20
plaNetStat Admin ByPass, alp_eren
# MHG Security Team --- OzzyWork Gallery SQL Injection, Dj_ReMix_20
ICQ Client Cross-Application Scripting (XAS), 3APA3A
[SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution, Martin Schulze
tseekdir.cgi<--Local File Include, BoNy-m
- Re: tseekdir.cgi<--Local File Include, security curmudgeon
- <Possible follow-ups>
- Re: tseekdir.cgi<--Local File Include, Steven M. Christey
Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability, Secunia Research
SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, research
- Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure, Matthew Cerha
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability, admin
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities, rgod
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago
- Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity)
ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability, zdi-disclosures
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, VSR Advisories
- <Possible follow-ups>
- VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices, Matthew Cerha
[ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Thierry Carrez
Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability, Secunia Research
[USN-283-1] MySQL vulnerabilities, Martin Pitt
[USN-282-1] Nagios vulnerability, Martin Pitt
[Kurdish Security # 5] phpRaid Remote File Include [SMF], botan
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB), botan
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, infocus
- Re: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities, Andrea Rimicci
singapore v0.9.7 XSS Vulnerabilities, alp_eren
Claroline Open Source e-Learning 1.7.5 Remote File Include, beford
Multiple Vulnerabilities In IdealBB ASP Bulletin Board, CodeScan Labs
Dokeos Learning Management System 1.6.4 Remote File Include, beford
CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability, Williams, James K
[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution, Martin Schulze
AngelineCMS Multiple Vulnerabilities, admin
[ GLSA 200605-07 ] Nagios: Buffer overflow, Sune Kloppenborg Jeppesen
[KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack, addmimistrator
OpenEngine (PHP CMS), ck
Phil's Bookmark script admin By-pass, alp_eren
- <Possible follow-ups>
- Re: Phil's Bookmark script admin By-pass, Steven M. Christey
- Re: Re: Phil's Bookmark script admin By-pass, theproffx
Limbo CMS (option=weblinks) SQL injection exploit, SnoBMSN
X-POLL admin By-Pass, alp_eren
URL Bug On 1ASPHost and DomainDLX Hosting Services, spymeta
Idle scan rediscovered!!!, Joel Jose
Firefox 1.5.0.3 code execution exploit, yesn
- Re: Firefox 1.5.0.3 code execution exploit, James_gmail-ij
- Re: Firefox 1.5.0.3 code execution exploit, Flavio Visentin
- Re: Firefox 1.5.0.3 code execution exploit, Daniel Veditz
- Re: Firefox 1.5.0.3 code execution exploit, Ismail Donmez
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 code execution exploit, Juha-Matti Laurio
phpBB 2.0.20 Full Path Disclosure and SQL Errors, cxib
- Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
  - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Maksymilian Arciemowicz
    - Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors, Paul Laudanski
Intel wireless service s24evmon.exe confidential information disclosure., ruben
Alexadex.com players.py XSS Exploit, skinnypuppy
Re: DB_eSession deleteSession() SQL injection, interact
X7Chat <= 2.0.2 avatar XSS injection, zerogue
WebsiteBaker CMS lack of sanitizing, zerogue
- <Possible follow-ups>
- Re: WebsiteBaker CMS lack of sanitizing, ryan
VisionSource CMS <= 0.6 XSS vectors, zerogue
[ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution, Thierry Carrez
PassMasterFlex (and PassMasterFlex+) XSS injection, zerogue
myBloggie <= 2.1.3 XSS, zerogue
FlexCustomer <= 0.0.4 sql injection, zerogue
ChipmunkBoard Multiple Attack vectors, zerogue
ChipmunkBlogger improper input sanitizing, zerogue
JetBox CMS Remote File Include, beford
[ GLSA 200605-05 ] rsync: Potential integer overflow, Sune Kloppenborg Jeppesen
TSLSA-2006-0024 - multi, Trustix Security Advisor
Cryptomathic ActiveX Buffer Overflow (TDC Digital signature), CIRT.DK Advisory
Invision Community Blog .. Bugs, o . y . 6
- <Possible follow-ups>
- Re: Invision Community Blog .. Bugs, mattmecham
[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability, security
SaPHPLesson 3.0 Multbugs, o . y . 6
CuteNews 1.4.1 Multiple vulnerabilities, k4p0k4p0
modules name(Downloads)SQL Injection Exploit, Mster-X
- Re: modules name(Downloads)SQL Injection Exploit, Paul Laudanski
  - Re: modules name(Downloads)SQL Injection Exploit, znx
modules name(Sections)SQL Injection Exploit, Mster-X
- Re: modules name(Sections)SQL Injection Exploit, security curmudgeon
- <Possible follow-ups>
- RE: modules name(Sections)SQL Injection Exploit, Evans, Arian
WebCalendar User Account Enumeration Weakness, David Maciejak
- Re: WebCalendar User Account Enumeration Weakness, David Maciejak
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, leonleon77
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk, Tonnerre Lombard
bigwebmaster guestbook multiply XSS, Javor Ninov
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You", Joxean Koret
libero.it XSS vulnerability - HTML injection, Davide Denicolo
321soft PhP Gallery 0.9 - directory travel & XSS, d4igoro
[USN-281-1] Linux kernel vulnerabilities, Martin Pitt
Fast Click <= 2.3.8 Remote File Inclusion, Aminrayden
[REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability, rewterz
Fast Click SQL Lite <= 1.1.3 Remote File Inclusion, Aminrayden
zawhttpd - Buffer Overflow, Kamil Sienicki
PunBB 1.2.11 Cross-Site Scripting, o . y . 6
CuteGuestbook XSS attack, omnipresent
[REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability, rewterz
ISA Server 2004 Log Manipulation, beSIRT
- <Possible follow-ups>
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
  - Re: ISA Server 2004 Log Manipulation, beSIRT
    - Re: ISA Server 2004 Log Manipulation, Thor (Hammer of God)
- Re: ISA Server 2004 Log Manipulation, Shaun Colley
- Re: ISA Server 2004 Log Manipulation, Steven M. Christey
[security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
[USN-280-1] X.org server vulnerability, Martin Pitt
[USN-278-1] gdm vulnerability, Martin Pitt
[ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities, security
[USN-279-1] libnasl/nessus vulnerability, Martin Pitt
BankTown's ActiveX Buffer Overflow Vulnerability, Alex Park
- <Possible follow-ups>
- Re: BankTown's ActiveX Buffer Overflow Vulnerability, lkh1348
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, David F. Skoll
- Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Joachim Schipper
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Kurt Seifried
  - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, c0redump
    - Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw, Giancarlo Razzolini
Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication., gdehanot
Quagga RIPD unauthenticated route injection, Konstantin V. Gavrilenko
- Re: Quagga RIPD unauthenticated route injection, Paul Jakma
[USN-277-1] TIFF library vulnerabilities, Martin Pitt
[SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution, Martin Schulze
Dynamic Evaluation Vulnerabilities in PHP applications, Steven M. Christey
- Re: Dynamic Evaluation Vulnerabilities in PHP applications, Michael Schlenker
SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023), Ludwig Nussel
Quagga RIPD unauthenticated route table broadcast, Konstantin V. Gavrilenko
[USN-276-1] Thunderbird vulnerabilities, Martin Pitt
[ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability, security
[ GLSA 200605-04 ] phpWebSite: Local file inclusion, Sune Kloppenborg Jeppesen
[ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam, Sune Kloppenborg Jeppesen
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension, Sune Kloppenborg Jeppesen
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution., Stefano Di Paola
MySQL Anonymous Login Handshake - Information Leakage., Stefano Di Paola
Oracle, where are the patches???, David Litchfield
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???), Michael Shigorin
- <Possible follow-ups>
- RE: Oracle, where are the patches???, Kornbrust, Alexander
  - Re: [Full-disclosure] RE: Oracle, where are the patches???, Cesar
Invision Gallery 2.0.6 ( SQL Injection ), o . y . 6
- <Possible follow-ups>
- Re: Invision Gallery 2.0.6 ( SQL Injection ), mattmecham
- Re: Re: Invision Gallery 2.0.6 ( SQL Injection ), an0n
TyroCms beta V1.0 multiple XSS injections, zerogue
Russcom.net Loginphp multiple vulnerabilties, zerogue
FileProtection Express <= 1.0.1 authentification bypass, zerogue
SF-Users V1.0 XSS injection, zerogue
Cmscout <= V1.10 multiple XSS attack vectors, zerogue
sBlog SQL Injection and Path Disclosure Vulnerability, admin
geoBlog Mutiple XSS Vulnerability, admin
Ejabberd : Symlink vulnerability during installation process, Julien L.
- <Possible follow-ups>
- Re: Ejabberd : Symlink vulnerability during installation process, mickael . remond
zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities, raphael . huck
[SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities, Martin Schulze
X7 Chat <=2.0 remote commands execution, rgod
Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation, Cisco Systems Product Security Incident Response Team
JSBoard XSS vulnerability, Alexander Klink
[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability, security
VHCS --- Virtual Hosting Control System Cross Site Scripting, outlaw
FTP Fuzzer, infocus
- Re: FTP Fuzzer, Alexey Biznya
RE: Oracle 10g 10.2.0.2.0 DBA exploit, putosoft softputo
Blog Mod <= 0.2.x SQL Injection, qex
XINE format string bugs when handling non existen file, king_purba
CoolMenus Event Remote File Inclusion exploit, AminRayden
- <Possible follow-ups>
- Re: CoolMenus Event Remote File Inclusion exploit, Steven M. Christey
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N, AminRayden
Poll: Emerging Threats, Jon R. Kibler
- <Possible follow-ups>
- RE: Poll: Emerging Threats, H Alsaleh
OpenBB 1.0.8 Full Path Disclosure, o . y . 6
Invision Power Board v2.1.5 Remote SQL Injection, o . y . 6
- <Possible follow-ups>
- Re: Invision Power Board v2.1.5 Remote SQL Injection, mattmecham
4images<-- 1.7.1 SQL Injection, CrAzY . CrAcKeR
Thyme 1.3 Cross Site Scripting, outlaw
Image file crashes Finder, Safari and other apps, cmertes
[SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access, Martin Schulze
Re: Apple Mac OS X Safari 2.0.3 Vulnerability, buggy
[SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution, Martin Schulze
Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability, Secunia Research
free-php.net Poll 1.0 admin login, tugr
planetGallery admin login, tugr
JMK's Picture Gallery admin login, alp_eren
[ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow, Sune Kloppenborg Jeppesen
DMCounter Remote File Include, beford