Bugtraq

Date Index

Hobbit monitor: Security issue with Hobbit 4.2-beta client, Henrik Stoerner
My smiles "browse.php" SQL Injection, CrAzY . CrAcKeR
Module's Name "Classifieds" SQL Injection, CrAzY . CrAcKeR
CDJ<<--V NITKID 2.0 "category.php" SQL Injection, CrAzY . CrAcKeR
MyNewsGroups<<--v. 0.6 "tree.php" SQL Injection, CrAzY . CrAcKeR
FreeHost "misc.php & news.php" SQL Injection, CrAzY . CrAcKeR
ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability, zdi-disclosures
ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox], Juha-Matti Laurio
[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability, mac68k
Zen-Cart 1.3.0.2 Full Path Disclosure, o . y . 6
[ GLSA 200606-30 ] Kiax: Arbitrary code execution, Sune Kloppenborg Jeppesen
libwmf integer/heap overflow, sean
[SECURITY] [DSA 1104-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
ezWaiter v3.0 - XSS, luny
Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS), Juha-Matti Laurio
Browser bugs hit IE, Firefox today (SANS), Bill Stout
rPSA-2006-0120-1 gnupg, Justin M. Forbes
Msie 7.0 beta Crash, Mr . Niega
[security bulletin] HPSBUX02122 SSRT061158 rev.2 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[security bulletin] HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution, security-alert
Novell Security Announcement NOVELL-SA:2006:001, Jim Short
Multiple Vulnerabilities in PatchLink Update Server 6, Chris Steipp
Novell Security contact address change, Roman Drahtmueller
rPSA-2006-0116-1 mutt, Justin M. Forbes
Digital Armaments Security Advisory 29.06.2006: Siemens Speedstream Wireless Router Password Protection Bypass Vulnerability, info
[ GLSA 200606-28 ] Horde Web Application Framework: XSS vulnerability, Sune Kloppenborg Jeppesen
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities, Secunia Research
[ MDKSA-2006:115 ] - Updated mutt packages fix buffer overflow vulnerability, security
Softbiz Banner Exchange 1.0 XSS, securityconnection
CSRF in Nuked Klan 1.7 SP4.2, blwood
[ GLSA 200606-29 ] Tikiwiki: SQL injection and multiple XSS vulnerabilities, Sune Kloppenborg Jeppesen
DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability', K F (lists)
[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html, addmimistrator
PHPClassifieds General, luny
Presentation: AT&T ISNN - "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications.", Kenneth F. Belva
Secunia Research: Opera SSL Certificate "Stealing" Weakness, Secunia Research
[ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities, security
Cisco Security Advisory: Access Point Web-Browser Interface Vulnerability, Cisco Systems Product Security Incident Response Team
Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Ralf
Microsoft's Real Test with Vista is Vulnerabilities, Gadi Evron
- Re: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, thomas48
  - RE: [funsec] Microsoft's Real Test with Vista is Vulnerabilities, Larry Seltzer
[OpenPKG-SA-2006.011] OpenPKG Security Advisory (png), OpenPKG
Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System, Cisco Systems Product Security Incident Response Team
PHP iCalendar Cross Site Scripting, botan
MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl), stormhacker
AzDGDatingPlatinum<<--v1.1.0 "view.php" SQL Injection, CrAzY . CrAcKeR
SyScan'06 Highlight - Is Phone Banking Safe?, thomas48
[ GLSA 200606-27 ] Mutt: Buffer overflow, Sune Kloppenborg Jeppesen
[USN-307-1] mutt vulnerability, Martin Pitt
BLOG:CMS <= 4.0.0k sql injection, rgod
PHP-Nuke Module's Name Sections<<--V3 SQL Injection, CrAzY . CrAcKeR
[ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
- <Possible follow-ups>
- [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability, security
[ MDKSA-2006:112 ] - Updated gd packages fix DoS vulnerability., security
vCard PRO SQL Injection, CrAzY . CrAcKeR
[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag, addmimistrator
Layered Defense Advisory: Format String Vuln in CA eTrust, dh
smartsite cms v1.0 Remote File include, KARKOR23
[Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability, mac68k
Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
- <Possible follow-ups>
- Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...), Luigi Auriemma
CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability, Williams, James K
[Kurdish Security # 10 ] MF Piadas 1.0 Remote File Include Vulnerability, botan
SUSE Security Announcement: freetype2 (SUSE-SA:2006:037), Thomas Biege
Re: Is Windows TCP/IP source routing PoC code available?, 3APA3A
- Re[2]: Is Windows TCP/IP source routing PoC code available?, "Ìèíàåâ_Àíäðåé"
[Kurdish Security # 11] SiteBar Cross-Site Scripting, botan
phpvillage "funshow.php" SQL Injection, CrAzY . CrAcKeR
SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service, research
CrisoftRicette<<--1.0pre15b Remote File Inclusion, CrAzY . CrAcKeR
Re: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, Steven M. Christey
[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities, Moritz Muehlenhoff
[USN-305-1] OpenLDAP vulnerability, Martin Pitt
[USN-306-1] MySQL 4.1 vulnerability, Martin Pitt
Usenet Script v0.5, luny
Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow, Alexander Hristov
Jaws <= 0.6.2 'Search gadget' SQL injection, rgod
error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2, cxib
Winged Gallery v1.0, luny
Taking Over Laptops by Fuzzing Wireless Drivers, Gadi Evron
Universal Hooker - Tool release, Hernan Ochoa
Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities, Gadi Evron
[OpenPKG-SA-2006.010] OpenPKG Security Advisory (gnupg), OpenPKG
OpenGuestbook Cross Site Scripting & SQL Injection, simo64
Amazon and Msn vulnerabilities, dcrab
Undisclosed cross site scripting vulnerabilities in domaintools.com - requesting contacts, admin
Mailenable SMTP Service DoS, db0
GlobeTrotter Mobility Manager - security issue, dzelek
[ MDKSA-2006:111 ] - Updated MySQL packages fixes authorized user DoS(crash) vulnerability., security
[ GLSA 200606-26 ] EnergyMech: Denial of Service, Thierry Carrez
[ GLSA 200606-25 ] Hashcash: Possible heap overflow, Thierry Carrez
XSS in Cpanel 10, preth00nker
- <Possible follow-ups>
- Re: XSS in Cpanel 10, bug
[SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation, Steve Kemp
Planetnews Authecnication Admin ByPass, alp_eren
[USN-304-1] gnupg vulnerability, Martin Pitt
Claroline Cross-Site Scripting Vulnerabilities, bug@xxxxxxxxxxxxxxx
DeluxeBB 1.07 Create admin Exploit, Hessamx
[Kurdish Security # 9] MyMail Directory Traversal And XSS Attacking Vulnerability, botan
ERNW Security Advisory 01/2006, mozilla
Softbiz Dating 1.0 SQL injection, securityconnection
WBB<<---v2.0 RC2 "newthread.php" SQL Injection, CrAzY . CrAcKeR
[Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability, mac68k
phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln, rozowa . landrynka
SYMSA-2006-005, research
WBB<<---v2.3.1"report.php" SQL Injection, CrAzY . CrAcKeR
[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion, the_day
Calendar ( Provided by Codewalkers ) - SQL Injection, Silitix
- <Possible follow-ups>
- Re: Calendar ( Provided by Codewalkers ) - SQL Injection, krustevs
[KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
- <Possible follow-ups>
- [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access, addmimistrator
WBB<<---v1.2 "showmods.php" SQL Injection, CrAzY . CrAcKeR
Dating biz@ dating script v1.0 - XSS, luny
productcart soltan_defacer, soltan_defacer
rPSA-2006-0110-1 kernel, Justin M. Forbes
Linux VNC evil client patch - BID 17978, embyte
- <Possible follow-ups>
- Re: Linux VNC evil client patch - BID 17978, embyte
DREAMACCOUNT V3.1 Remote Command Execution Exploit, KARKOR23
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability, mac68k
[ GLSA 200606-24 ] wv2: Integer overflow, Stefan Cornelius
Cisco Secure ACS Weak Session Management Vulnerability, Darren Bounds
- Re: Cisco Secure ACS Weak Session Management Vulnerability, Clayton Kossmeyer
Dating Agent PRO 4.7.1 Vulnerability, securityconnection
Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability, Darren Bounds
aeDating 4.1 XSS, securityconnection
TSLSA-2006-0037 - multi, Trustix Security Advisor
[security bulletin] HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS), security-alert
[KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables, addmimistrator
QaTraq 6.5 RC: Multiple XSS Vulnerabilities, enji
[SNS Advisory No.88] Webmin Directory Traversal Vulnerability, snsadv@xxxxxxxxx
vlbook 1.2 XSS Bug, omnipresent
[SECURITY] [DSA 1101-1] New courier packages fix denial of service, Martin Schulze
flock d0s exploit remote. beta 1 (v0.7), co296
- Re: flock d0s exploit remote. beta 1 (v0.7), Chris Rothecker
[ GLSA 200606-23 ] KDM: Symlink vulnerability, Sune Kloppenborg Jeppesen
RE: MS Excel Remote Code Execution POC Exploit, Jain, Siddhartha
- Re: MS Excel Remote Code Execution POC Exploit, naveed
- <Possible follow-ups>
- Re: MS Excel Remote Code Execution POC Exploit, Steven M. Christey
  - Re: MS Excel Remote Code Execution POC Exploit, naveed
- Re: Re: MS Excel Remote Code Execution POC Exploit, Juha-Matti Laurio
[ GLSA 200606-22 ] aRts: Privilege escalation, Sune Kloppenborg Jeppesen
VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01), VigilantMinds Advisories
[ MDKSA-2006:109 ] - Updated wv2 packages fix vulnerability, security
Somechess v1.5 rc1 - XSS, luny
Excel 0-day FAQ updated with Microsoft advisory information, Juha-Matti Laurio
cjGuestbook v1.3 - XSS, luny
Digital Armaments July-August Hacking Challange: Microsoft, info
- Re: Digital Armaments July-August Hacking Challange: Microsoft, Alexander Sotirov
Eduha Meeting php shell upload Vulnerabilities, liz0
Re: possible SQL injection in Subdreamer, ziad
[ MDKSA-2006:110 ] - Updated gnupg packages fix vulnerability, security
Bypassing of web filters by using ASCII, k . huwig
- Re: Bypassing of web filters by using ASCII, Fixer
  - Re: Bypassing of web filters by using ASCII, Paul
    - Re: Bypassing of web filters by using ASCII, Kurt Huwig
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
    - RE: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - RE: Bypassing of web filters by using ASCII, RSnake
    - Re: Bypassing of web filters by using ASCII, Hubert Seiwert
    - RE: Bypassing of web filters by using ASCII, James C. Slora Jr.
    - Re: Bypassing of web filters by using ASCII, Thor (Hammer of God)
- Re: Bypassing of web filters by using ASCII, RSnake
  - Re: Bypassing of web filters by using ASCII, Kurt Huwig
  - Re: Bypassing of web filters by using ASCII, David Huecking
- Re: Bypassing of web filters by using ASCII, Hubert Seiwert
- Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
  - Message not available
    - Re: Bypassing of web filters by using ASCII, Amit Klein (AKsecurity)
    - Re: Bypassing of web filters by using ASCII, Vincent Archer
    - Re: Bypassing of web filters by using ASCII, Balazs Attila-Mihaly (Cd-MaN)
- <Possible follow-ups>
- Re: Bypassing of web filters by using ASCII, Kurt Huwig
Opera 9 DoS PoC, N9
- Re: Opera 9 DoS PoC, Bruno Lustosa
  - Re: Opera 9 DoS PoC, Bastian Ahrens
  - Re: Opera 9 DoS PoC, Eric Furman
- <Possible follow-ups>
- Re: Opera 9 DoS PoC, Darren Clarke
  - Re: Opera 9 DoS PoC, Laurent
[ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities, security
Re: Vacation Retal Script v1.0, radu
Sendmail MIME DoS vulnerability, Jain, Siddhartha
- Re: Sendmail MIME DoS vulnerability, Gadi Evron
- Re: Sendmail MIME DoS vulnerability, Claus Assmann
JEdit ActiveX Control Information Disclosure vulnerability, bulten
[ MDKSA-2006:107 ] - Updated arts packages fix vulnerability in artswrapper, security
ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code), mbrooks
RahnemaCo "page.php" Remote File Inclusion[2], CrAzY . CrAcKeR
Module's Name Content<<--V1.0 SQL injection, CrAzY . CrAcKeR
Module's Name Downloads <<--V 7 SQL injection, CrAzY . CrAcKeR
Re: MAXDEV CMS Multiple vulnerabilities, pete
[MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, admin
- Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities, Marc MERLIN
vBulletin<<--v3.5.X "member.php" Cross Site Scripting, CrAzY . CrAcKeR
- <Possible follow-ups>
- Re: vBulletin<<--v3.5.X "member.php" Cross Site Scripting, scott
Multiple Bypass and Integrity Lost Vulnerabilities, egavriil
display.cgi, soltan_defacer
- <Possible follow-ups>
- Re: display.cgi, eufrato
trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows, Martin Herfurt
Janus Contact, Charles Hamby
Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks, Reynolds, Jake
V3Chat Instant Messenger - XSS, luny
- <Possible follow-ups>
- Re: V3Chat Instant Messenger - XSS, support
qtofilemanager xss attack !, alijsb
Vm ware 0day dos exploit by n00b., co296
- Re: Vm ware 0day dos exploit by n00b., Paul Szabo
- Re: Vm ware 0day dos exploit by n00b., Eliah Kagan
Dragons Kingdom v1.0 - XSS & cookie disclosure, luny
WeBBoA Hosting Script SQL Injection, entrika_fs
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities, liz0
singapore gallery <= 0.10.0 Multiple Vulnerabilities, simo64
[ GLSA 200606-20 ] Typespeed: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
onedotoh xss atack, alijsb
[ GLSA 200606-21 ] Mozilla Thunderbird: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, selfar2002
- <Possible follow-ups>
- Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities, stormhacker
SaphpLesson<<--1.1 "misc.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.00 "lng.php" SQL injection, CrAzY . CrAcKeR
vuBB <= 0.2.1 [BFA] SQL Injection Exploit + Advisory link, gmdarkfig
VBZooM <<--V1.11 "message.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.00 "rank.php" SQL injection, CrAzY . CrAcKeR
XSS Vulnerability in Maximus SchoolMAX, Fixer
e107 v0.7.5 XSS, securityconnection
[security bulletin] HPSBTU02116 SSRT061135 rev.2 - HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS), security-alert
Microsoft Excel 0-day Vulnerability FAQ document written, Juha-Matti Laurio
MPCS v0.2 - XSS, luny
XSS in http://www.newscientist.com/ - Search, viz . security
mp3.com - Cross site scripting vulnerability, admin
vbzoom V1.11 forum.php SQL Injection Vulnerabilities, KARKOR23
PTT.yu Guestbook Vulnebility, us3rg0d
Technorati.com - XSS with cookie disclosure, luny
43things.com - XSS with cookie disclosure, luny
Blogspot.com - XSS with cookie disclosure, luny
RahnemaCo Remote File Inclusion Exploit, Breeeeh
SinFP 2.00 - a major release with many new features, GomoR
Biblenet.net - XSS, luny
B3ta.com - XSS with cookie disclosure, luny
Confixx <= 3, kr4ch
- <Possible follow-ups>
- Confixx <= 3, kr4ch
Facetherating.com - XSS & session disclosure, luny
Ashop Search Module SQL injection, entrika_fs
VampireFreaks journal XSS, nanoymaster
webcrawler.com - XSS vulnerability in search-engine, admin
Palm.com - XSS vulnerability, admin
Ratemylook.co.uk - XSS with session disclosure, luny
About.com - XSS with cookie disclosure, luny
Macworld.com - XSS vulnerability, admin
Ratescene.co.uk - XSS with session disclosure, luny
Cybersocieties.com - XSS & cookie disclosure, luny
Windowsitpro.com - XSS with cookie disclosure, luny
Re: PHP Advanced Transfer Manager Download users password hashes, jn
animesuki XSS, nanoymaster
Facerave.com - XSS & sessions disclosure, luny
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML], botan
Proof of concept: mybb 1.1.2 remote code execution, Javier Olascoaga
Hotscripts.com - XSS with cookie disclosure, luny
alipager xss attack, s3rv3r_hack3r
ISO.org - XSS vulnerability, admin
hi5.com - XSS with cookie disclosure, luny
Apnaspace.com - XSS with cookie disclosure, luny
XSS in GardenWeb, nanoymaster
Cline Communications Sql injection, liz0
Mambo <= 4.6rc1 sql injection, rgod
Dealgates.com - XSS with cookie disclosure, luny
Housecarers.com - XSS & cookie disclosure, luny
[ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion, eufrato
bitweaver <= v1.3 multiple vulnerabilities, rgod
GreatDomains.com - XSS with cookie disclosure, admin
webcrawler.com - Cross site scripting vulnerability, admin
Netscape.com - Cross site scripting vulnerability, admin
Simple PHP Poll Authecnication Admin ByPass, alp_eren
file include exploits in dotwidgeta Version 2, SWEET SWEET
Bingbox.com - XSS & cookie disclosure, luny
- Re: Bingbox.com - XSS & cookie disclosure, Sven Vetsch
Youtube.com - XSS & cookie disclosure, luny
Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability, t . brehm
PictureDis Products "lang" Parameter File Inclusion Vulnerability, root-hacked
PHP security (or the lack thereof), Darren Reed
- Re: PHP security (or the lack thereof), Bojan Zdrnja
  - Re: PHP security (or the lack thereof), Jessica Hope
- Re: PHP security (or the lack thereof), Jose Nazario
  - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), kicktd
    - Re: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Crispin Cowan
- Re: PHP security (or the lack thereof), Neil Neely
- Re: PHP security (or the lack thereof), john mullee
  - Re: PHP security (or the lack thereof), Darren Reed
    - Re: PHP security (or the lack thereof), Ronald Chmara
    - Re: PHP security (or the lack thereof), Tonnerre Lombard
    - Re: PHP security (or the lack thereof), Darren Reed
- <Possible follow-ups>
- Re: PHP security (or the lack thereof), Steven M. Christey
- Re: PHP security (or the lack thereof), Alan J Rosenthal
  - Re: PHP security (or the lack thereof), Geo.
- Re: Re: PHP security (or the lack thereof), nabiy
  - Re: PHP security (or the lack thereof), Crispin Cowan
    - Re: PHP security (or the lack thereof), Daniel Hulme
    - Re: PHP security (or the lack thereof), Tobias J. Kreidl
    - Re: PHP security (or the lack thereof), Glynn Clements
  - Re: PHP security (or the lack thereof), Ronald Chmara
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Paul Schmehl
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Matthias Kestenholz
    - RE: PHP security (or the lack thereof), Geo.
    - Re: PHP security (or the lack thereof), Mrten
- Re: Re: PHP security (or the lack thereof), nabiy
[ MDKSA-2006:106 ] - Updated mdkkdm packages fix local vulnerability, security
[ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm, security
Blacksingles.com - XSS & cookie disclosure, luny
Cisco Secure ACS Cross Site Scripting Vulnerability., liam . romanis
- <Possible follow-ups>
- RE: Cisco Secure ACS Cross Site Scripting Vulnerability., Paul Oxman (poxman)
Zeroboard File Upload & extension bypass Vulnerability, mins
Ji-takz Chat (mycfg) Remote File Inclusion, SpC-x
Carspace.com - XSS with cookie disclosure, luny
Calendarix 0.7.20060401, SQL Injection Vulnerabilities, Federico Fazzi
Chatizens.com - XSS with cookie disclosure, luny
aXentForum II XSS vuLLn, SnoBmsn
- <Possible follow-ups>
- Re: aXentForum II XSS vuLLn, Steven M. Christey
file include exploits in nucleus 3.23, gamr-14
- <Possible follow-ups>
- Re: file include exploits in nucleus 3.23, nukedx
[security bulletin] HPSBUX02115 SSRT061077 rev.1 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS), security-alert
Re: Several flaws in e-business designer (eBD), ebd . soporte
Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities, KARKOR23
Develooping Flash Chat (banned_file) Remote File Inclusion, SpC-x
Boardhost.com - XSS, luny
[USN-303-1] MySQL vulnerability, Martin Pitt
dvdwolf SQL injection/XSS, CrAzY . CrAcKeR
TSLSA-2006-0036 - multi, Trustix Security Advisor
rPSA-2006-0105-1 arts, Justin M. Forbes
HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities, Federico Fazzi
[ GLSA 200606-19 ] Sendmail: Denial of Service, Sune Kloppenborg Jeppesen
rPSA-2006-0106-1 kdebase, Justin M. Forbes
[ GLSA 200606-17 ] OpenLDAP: Buffer overflow, Sune Kloppenborg Jeppesen
Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed., Reversemode
[ GLSA 200606-18 ] PAM-MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[USN-297-2] Thunderbird extensions update for recent security update, Martin Pitt
Andys Chat 4.5 (action) Remote File Inclusion, SpC-x
HotPlugCMS_1.0 - SQL Injection Vulnerability, guest01
Advisory: Unauthorized password recovery in phpBannerExchange, RedTeam Pentesting
Advisory: Authentication bypass in phpBannerExchange, RedTeam Pentesting
MP3 Search/Archive v1.2 - XSS, luny
[SECURITY] [DSA 1100-1] New wv2 packages fix integer overflow, Martin Schulze
[ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability, security
APBoard 2.2-r3 <= SQL Injections, 666
ePrayver v.Alpha - XSS, luny
[USN-300-1] wv2 vulnerability, Martin Pitt
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
- <Possible follow-ups>
- Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities, Secunia Research
FreeBSD Security Advisory FreeBSD-SA-06:17.sendmail, FreeBSD Security Advisories
[SECURITY] [DSA 1099-1] New horde2 packages fix cross-site scripting, Moritz Muehlenhoff
EC2ND - Call for Papers, Blyth A J C (Comp)
wbb<<--v 2.2.2 "thread.php" SQL injection, CrAzY . CrAcKeR
Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities, Secunia Research
[ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability, security
[USN-301-1] kdm vulnerability, Martin Pitt
[FSA016] ISPConfig 2.2.3, File inclusion vulnerability, Federico Fazzi
- <Possible follow-ups>
- Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability, t . brehm
[ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability, security
[SECURITY] [DSA 1098-1] New horde3 packages fix cross-site scripting, Moritz Muehlenhoff
MySQL DoS, Kanatoko
- Re: MySQL DoS, Tonnerre Lombard
- <Possible follow-ups>
- Re: MySQL DoS, xhire
[ MDKSA-2006:101 ] - Updated squirrelmail packages fix vulnerabilities, security
[SECURITY] [DSA 1097-1] New Kernel 2.4.27 packages fix several vulnerabilities, Moritz Muehlenhoff
[KDE Security Advisory] KDM symlink attack vulnerability, Dirk Mueller
PhpBlueDragon CMS 2.9.1, File inclusion vulnerability, Federico Fazzi
Fusion Polls (xtrphome) Remote File Inclusion, SpC-x
[ GLSA 200606-15 ] Asterisk: IAX2 video frame buffer overflow, Sune Kloppenborg Jeppesen
Flipper Poll (root_path) Remote File Inclusion, SpC-x
SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability, SEC Consult Research
[ GLSA 200606-16 ] DokuWiki: PHP code injection, Sune Kloppenborg Jeppesen
wbb<<--v 2.1.6 "profile.php" SQL injection, CrAzY . CrAcKeR
wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection, CrAzY . CrAcKeR
bbrss PhpBB (phpbb_root_path) Remote File Inclusion, SpC-x
Freeze Greetings Cards PWD.txt, alp_eren
[ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability, security
[ MDKSA-2006:099-1 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
Secunia Research: PicoZip "zipinfo.dll" Multiple Archives Buffer Overflow, Secunia Research
Black Hat Speakers + 2005 Content on-line, Jeff Moss
[USN-299-1] dhcdbd vulnerability, Martin Pitt
Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability, Secunia Research
[USN-288-4] dovecot regression fix, Martin Pitt
[USN-298-1] libgd2 vulnerability, Martin Pitt
[USN-297-1] Thunderbird vulnerabilities, Martin Pitt
G Shout 1.3.1 Version - Remote File Include Vulnerability, SpC-x
[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, admin
- <Possible follow-ups>
- Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities, ellinger
ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability, zdi-disclosures
Simpleshout 1.6.0 Version - Remote File Include Vulnerability, SpC-x
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, research
file include exploits in mcGuestbook 1.3, gamr-14
- <Possible follow-ups>
- file include exploits in mcGuestbook 1.3, SWEET SWEET
Oracle DBMS_STANDARD security problem, putosoft softputo
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others, gmdarkfig
GamePlay.co.uk XSS, charlie
- Re: GamePlay.co.uk XSS, Patrick Morris
iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow, labs-no-reply
REMOTE FILE INCLUSION ( ALL ), SpC-x
- <Possible follow-ups>
- Re: REMOTE FILE INCLUSION ( ALL ), Steven M. Christey
- Re: REMOTE FILE INCLUSION ( ALL ), eufrato
blur6ex <= 0.3.462 'ID' blind sql injection, rgod
TikiWiki Sql injection & XSS Vulnerabilities, bug@xxxxxxxxxxxxxxx
[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock., Reversemode
Web-CMS <<--1.0 "print.php" SQL injection, CrAzY . CrAcKeR
# MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., erne
[REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege escalation advisory, Reversemode
Chipmailer <= 1.09 Multiple Vulnerabilities, tamriel
Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities, SpC-x
Re: Shoutpro 1.0 Version - Remote File Include Vulnerability, Steven M. Christey
- <Possible follow-ups>
- Shoutpro 1.0 Version - Remote File Include Vulnerability, SpC-x
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS, labs-no-reply
S H O U T B O X (v1.5) Version - Remote File Include Vulnerability, SpC-x
Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, SpC-x
- <Possible follow-ups>
- Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities, Steven M. Christey
Jobline 1 1 1 Version - Remote File Include Vulnerability, SpC-x
PHP MESSENGER 1.0 Version - Remote File Include Vulnerability, SpC-x
ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability, zdi-disclosures
iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability, labs-no-reply
iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow, labs-no-reply
High Risk Vulnerability in Microsoft Windows RASMAN Service, Peter Winter-Smith
multiple Xss exploits in 35mmslidegallery V6, black code
Simpnews <= All version - Remote File Include Vulnerabilities, SpC-x
- Re: Simpnews <= All version - Remote File Include Vulnerabilities, str0ke
VBZooM <<--V1.01 "language.php" SQL injection, CrAzY . CrAcKeR
[SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution, Martin Schulze
VBZooM <<--V1.11 "subject.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<--V1.02 "meaning.php" SQL injection, CrAzY . CrAcKeR
VBZooM <<-- V1.11 "show.php" SQL injection, CrAzY . CrAcKeR
Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection, Steven M. Christey
DCP-Portal 6.1.x, Remote command execution, Federico Fazzi
Content-Builder (CMS) 0.7.5, Remote command execution, Federico Fazzi
Emllabs.com - XSS, luny
Call For Papers - No cON Name 2006 Edition Spain, Jose Nicolas Castellano
[FSA013] phpCMS 1.2.1pl2, Remote command execution, Federico Fazzi
internet explorer vulnerability based on MarjinZ & Mr.Niega discovered, Kevin Berkane
Invision Power Board XSS, kepche
Blackplanet.com - XSS & cookie disclosure vuln., luny
[ GLSA 200606-09 ] SpamAssassin: Execution of arbitrary code, Sune Kloppenborg Jeppesen
Yourfacesucks.com - XSS & cookie disclosure, luny
Onlinenode.com - XSS, luny
Meefo.com - XSS with cookie include, luny
# MHG Security Team --- PHORUM 5.1.13 Remote File Inc., erne
- <Possible follow-ups>
- Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc., brian
[EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow, eEye Advisories
Vampirefreaks.com - XSS with cookie disclosure, luny
Flork.com, luny
myPHP Guestbook 2.0.2 XSS Vulnerabilitie, x0r_1
rPSA-2006-0100-1 freetype, Justin M. Forbes
[ MDKSA-2006:099 ] - Updated freetype2 packages fixes multiple vulnerabilities., security
[ GLSA 200606-14 ] GDM: Privilege escalation, Sune Kloppenborg Jeppesen
Stargazer.org - XSS with Session output, luny
Windows XP Task Scheduler Local Privilege Escalation (Advisory), zipk0der
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory), Eliah Kagan
ThWboard 3.0 <= SQL Injection, 666
Virtualtourist.com - XSS with cookie disclosure, luny
cescripts.com - XSS, luny
Nowtalking.com - XSS, luny
Wireclub.com - XSS & cookie disclosure, luny
sorry i wrong something, this is original AWF CMS 1.11 adv, Federico Fazzi
Opengaia.com - XSS Vuln & Session Include, luny
[KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack, addmimistrator
Foing (manage_songs.php) Remote File Inclusion[phpBB], darkfire
PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, redl_ine
- <Possible follow-ups>
- Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities, reports
Myscrapbook v3.1 - XSS, luny
tempnam() Bypass unique file name PHP 5.1.4, cxib
CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure, gmdarkfig
Wanderlist.com - XSS vuln with sessions disclosure, luny
RCblog 1.03 Directory Traversal [index.php], irc0d3r
WinSCP - URI Handler Command Switch Parsing, Jelmer Kuperus
vbulletin.com Multiple XSS Vulnerabilities, chris
- <Possible follow-ups>
- Re: vbulletin.com Multiple XSS Vulnerabilities, contact
Hotbot.com - XSS vulnerability in search engine, admin
Lycos.com - XSS vulnerability, admin
Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability, Secunia Research
[ GLSA 200606-13 ] MySQL: SQL Injection, Sune Kloppenborg Jeppesen
5 Star Review - review-script.com - XSS w/ cookie output, luny
[ GLSA 200606-12 ] Mozilla Firefox: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Mydeardiary.com - XSS, luny
[ GLSA 200606-11 ] JPEG library: Denial of Service, Sune Kloppenborg Jeppesen
Diaryland.com - XSS, luny
[ GLSA 200606-10 ] Cscope: Many buffer overflows, Sune Kloppenborg Jeppesen
igloo DoubleSpeak v 0.1 Multiple remote file inclusion, aminrayden
- Re: igloo DoubleSpeak v 0.1 Multiple remote file inclusion, str0ke
ERRATA: [ GLSA 200604-10 ] zgv: Heap overflow, Sune Kloppenborg Jeppesen
[MajorSecurity #12]ZMS<= 2.9 - XSS, admin
Joomla! 1.0 Remote File Inclusion, c4nberx
[MajorSecurity #14]CFXe-CMS <= 2.0 - XSS, admin
[MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS, admin
[KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability, farhadkey
[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS, admin
Tempinbox.com, luny
AsianXO.com - XSS with cookie data include, luny
fx-APP Version 0.0.8.1, luny
Ringlink v3.2 - XSS, luny
[SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities, Martin Schulze
rPSA-2006-0099-1 openldap openldap-clients openldap-servers, Justin M. Forbes
CORE-2006-0330: Asterisk PBX truncated video frame vulnerability, Core Security Technologies advisories
[Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability, mac68k
[Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability, mac68k
[USN-296-1] firefox vulnerabilities, Martin Pitt
TSLSA-2006-0034 - multi, Trustix Security Advisor
0verkill 0.6, Remote integer overflow, Federico Fazzi
ST AdManager Lite v1, luny
P.A.I.D v2.2, luny
Windows Software Restriction Policy Protection Bypass, 3APA3A
- Re: [Full-disclosure] Windows Software Restriction Policy Protection Bypass, Dinis Cruz
- RE: Windows Software Restriction Policy Protection Bypass, Roger A. Grimes
[USN-288-2] PostgreSQL server/client vulnerabilities, Martin Pitt
[USN-288-3] PostgreSQL client vulnerabilities, Martin Pitt
Contensis CMS XSS vunerability, smigofthedump
CORE-2006-0327: IAXclient truncated frames vulnerabilities, Core Security Technologies advisories
PHP-Nuke Download Module Remote SQL Injection, BuNy-m
TinyMuw v1.0 - XSS, luny
Secunia Research: AutoMate unacev2.dll Buffer Overflow Vulnerability, Secunia Research
Secunia Research: SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities, Secunia Research
[ GLSA 200606-08 ] WordPress: Arbitrary command execution, Sune Kloppenborg Jeppesen
Docebo Lms 3.0.3, Remote command execution, Federico Fazzi
MobeSpace v2.0 - XSS, luny
Re: DGbook v1.0 - XSS, diangemilang
Docebo Kms 3.0.3, Remote command execution, Federico Fazzi
mole.com.ua Ticket Booking Script - XSS, luny
mole.com.ua Booking Script, luny
Docebo Core 3.0.3, Remote command execution, Federico Fazzi
Docebo CMS 3.0.3, Remote command execution, Federico Fazzi
[USN-293-1] gdm vulnerability, Martin Pitt
[USN-292-1] binutils vulnerability, Martin Pitt
phazizGuestbook v2.0 - XSS, luny
iFoto v0.20-06/06/06, luny
- <Possible follow-ups>
- Re: iFoto v0.20-06/06/06, aizu . ikmal
Dell Openmanage CD Vulnerability, wiz561
- <Possible follow-ups>
- RE: Dell Openmanage CD Vulnerability, Michael Scheidell
okscripts.com - XSS Vulns, luny
[SECURITY] [DSA 1094-1] New gforge packages fix cross-site scripting, Moritz Muehlenhoff
[USN-294-1] courier vulnerability, Martin Pitt
[ GLSA 200606-07 ] Vixie Cron: Privilege Escalation, Sune Kloppenborg Jeppesen
[USN-295-1] xine-lib vulnerability, Martin Pitt
SSL VPNs and security, Michal Zalewski
- Re: SSL VPNs and security, Amit Klein (AKsecurity)
- Message not available
  - Re: SSL VPNs and security, E Mintz
- Message not available
  - Re: SSL VPNs and security, Michal Zalewski
    - Re: SSL VPNs and security, E Mintz
- Re: SSL VPNs and security, Eloy Paris
- <Possible follow-ups>
- Re: SSL VPNs and security, wnorth
- Re: SSL VPNs and security, thanekamp
  - Re: SSL VPNs and security, Michal Zalewski
[security bulletin] HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution, security-alert
[SECURITY] [DSA 1092-1] New MySQL 4.1 packages fix SQL injection, Martin Schulze
'Multiple Sql injection and XSS in integramod portal, ahwaz
rPSA-2006-0098-1 gdm, Justin M. Forbes
[USN-289-1] tiff vulnerabilities, Martin Pitt
Ie opera dos exploit, co296
- Re: Ie opera dos exploit, Daniel Hoffmann
- Re: Ie opera dos exploit, Nathaniel Hasenfus
Re: Tiny Web Gallery <= 1.4 XSS, tinywebgallery
bug of script injection in shoutcast servers, mantasjadzevicius
Re: phpBannerExchange 2.0 Directory Traversal Vulnerability, mopeygoff
[SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution, Martin Schulze
PHP-Nuke <= 7.9 Search XSS Vulnerability, try_og
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability, Paul Laudanski
- <Possible follow-ups>
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability, try_og
Back-end = 0.7.2.1 (jpcache.php) Remote command execution, Federico Fazzi
NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure, gmdarkfig
Mathcad Area Lock Vulnerability, bugtraq
Uninformed Journal Release Announcement: Volume 4, Uninformed Journal
Tikiwiki 1.9.3.2 security release, marc
cms-bandits 2.5, Remote command execution, Federico Fazzi
[USN-291-1] FreeType vulnerabilities, Martin Pitt
GUESTEX guestbook code execution, root
Ez Ringtone Manager from scriptez.net - XSS, luny
[SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service, Martin Schulze
E-Dating System from scriptsez.net - XSS, luny
[MajorSecurity #10]i.List <= 1.5 - XSS, admin
[ GLSA 200606-06 ] AWStats: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
[NOBYTES.COM: #12] ViArt Shop v2.5.5 - XSS Vulnerability, John Cobb
Easy Ad-Manager, luny
Chemical Directory - XSS, luny
Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns, luny
Mafia Moblog Full Path Disclosure / SQL injection, simo64
[ MDKSA-2006:098 ] - Updated postgresql packages fixes SQL injection vulnerabilities., security
PBL Guestbook v1.31 - XSS, luny
[ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability., security
[ MDKSA-2006:096 ] - Updated openldap packages fixes buffer overflow vulnerability., security
Calendar Express 2 SQL injection, CrAzY . CrAcKeR
[FLSA-2006:189137-2] Updated firefox package fixes security issues, Marc Deslauriers
[FLSA-2006:190884] Updated squirrelmail package fixes security issues, Marc Deslauriers
[FLSA-2006:190941] Updated ipsec-tools package fixes security issue, Marc Deslauriers
[FLSA-2006:190777] Updated X.org packages fix security issue, Marc Deslauriers
MiraksGalerie <= 2.62 Multiple Remote command execution, Federico Fazzi
- <Possible follow-ups>
- MiraksGalerie <= 2.62 Multiple Remote command execution, Federico Fazzi
aWebNews <= 1.0 (login.php) Remote DocumentRoot file disclosure, Federico Fazzi
- Re: aWebNews <= 1.0 (login.php) Remote DocumentRoot file disclosure, str0ke
[ GLSA 200606-01 ] Opera: Buffer overflow, Sune Kloppenborg Jeppesen
[FLSA-2006:189137-1] Updated mozilla packages fix security issues, Marc Deslauriers
[ GLSA 200606-04 ] Tor: Several vulnerabilities, Sune Kloppenborg Jeppesen
[HV-LOW] Microsoft NetMeeting memory corruption (Brief), vuln
Vice Stats 0.5b SQL injection, CrAzY . CrAcKeR
[ GLSA 200606-05 ] Pound: HTTP request smuggling, Sune Kloppenborg Jeppesen
rPSA-2006-0096-1 spamassassin, Justin M. Forbes
[ GLSA 200606-03 ] Dia: Format string vulnerabilities, Sune Kloppenborg Jeppesen
MyBB 1.1.2 New XSS, o . y . 6
ADVISORY - D-Link Wireless Access-Point, news
XSS on LarkinWEB & Company, spymeta
Re: WebCalendar-1.0.3 reading of any files, craig
TinyPHP forum <= 3.6 Remote Command Execution Exploit, hessamx
BloggIT <= 1.01 (admin.php) Arbitrary code execution, Federico Fazzi
bug on showwich.asp, ip . chat
Re: Buffer-overflow and crash in Fenice OMS 1.10, giampaolo . mancini
[ GLSA 200606-02 ] shadow: Privilege escalation, Sune Kloppenborg Jeppesen
libgd 2.0.33 infinite loop in GIF decoding ?, rocheml
- Re: libgd 2.0.33 infinite loop in GIF decoding ?, Xavier Roche
[SECURITY] [DSA 1090-1] New spamassassin packages fix remote command execution, Martin Schulze
IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, IRM Advisories
- <Possible follow-ups>
- Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, phil . mccracken
  - Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, Hayden Searle
    - Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass, alberto
Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix, Matt Riddell (IT)
GANTTy v1.0.3, luny
[ MDKSA-2006:095 ] - Updated libtiff packages fixes tiffsplit vulnerability, security
ParticleSoft Wiki v1.0.2, luny
ParticleSoft Whois v1.0.3, luny
Partial Links v1.2.2, luny
Particle Gallery v1.0.0, luny
Multiple file include exploits in Xtreme Downloads v.1.0, black code
file include in Xtreme Downloads v.1.0, gamr-14
Re: PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn, k . reznichak
ASPScriptz Guest Book 2.0 XSS, omnipresent
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Tobias Kreidl
- Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Kurt Seifried
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Ray Van Dolson
    - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Jose Ramirez
  - Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise, Bojan Zdrnja
[KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection, farhadkey
[Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability, mac68k
[Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability, mac68k
Dmx Forum <= v2.1a Remote Passwords Disclosure, gmdarkfig
Personal Information Disclosure/Account Hijacking Vulerability in mafia online games, Ulrich Keil
[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability, admin
[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability, admin
- <Possible follow-ups>
- Re: [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability, admin
Re: [Full Disclosure] [Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability, mac68k
Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker, Stefan Esser
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability, ajannhwt
FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit, ajannhwt
TSLSA-2006-0032 - multi, Trustix Security Advisor
Kmita FAQ v1.0, luny
LabWiki v1.0, luny
Multiple Vendor NTFS Data Stream Malware Stealth Technique, Joxean Koret
- <Possible follow-ups>
- Re: Multiple Vendor NTFS Data Stream Malware Stealth Technique, Andreas Marx
  - Re: Multiple Vendor NTFS Data Stream Malware Stealth Technique, Gadi Evron
CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion, SpC-x
Re: [Full-disclosure] bug in oscomerce, Frank Laszlo
# MHG Security Team ---Rumble 1.02 version Remote File Inc., erne
- <Possible follow-ups>
- # MHG Security Team ---Rumble 1.02 version Remote File Inc., MSN : erne [at] ernealizm [dot] com
Bookmark4U Remote File Include, selfar2002
- Re: Bookmark4U Remote File Include, str0ke
Client buffer-overflow in Quake 3 engine (1.32c / rev 795), Luigi Auriemma
XSS in ICQ.com, sn4k3 . 23
- <Possible follow-ups>
- Re: XSS in ICQ.com, 321_321
- Re: XSS in ICQ.com, 321_321
- Re: XSS in ICQ.com, 321_321
SMS "messages.php" SQL injection, CrAzY . CrAcKeR
New <<BackTrack release announcement, Max Moser
Timberland Search XSS Vulnerability, try_og
VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue, VMware Security Team
Re: phpFoX All Version Login Exploit, purefan
Re: [Info Disclosure] Diesel PHP Job Site Latest Version, John F Flynn III
- Re: [Info Disclosure] Diesel PHP Job Site Latest Version, Ronald van den Blink
Re: OaBoard 1.0 Remote File inclusion, Botan Rizgar
Re: WBB<--v2.3.4"misc.php" SQL injection Vulnerability, nukedx
LifeType <=1.0.4 'articleId' SQL injection, rgod
DotClear <= 1.2.4 'blog_dc_path' (php5) arbitrary remote inclusion, rgod
[SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution, Martin Schulze
[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability, admin
phpBB2 (template.php) Remote File Inclusion, canberx
- RE: phpBB2 (template.php) Remote File Inclusion, Scrouaf _
- Re: phpBB2 (template.php) Remote File Inclusion, ad@xxxxxxxxxxxxxxxx
  - Re: phpBB2 (template.php) Remote File Inclusion, Jessica Hope
  - Re: phpBB2 (template.php) Remote File Inclusion, Aaron Klein
  - Re: phpBB2 (template.php) Remote File Inclusion, Paul Laudanski
LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability, ajannhwt
- <Possible follow-ups>
- LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability, ajannhwt
Blackhat USA 2006 - Review , remarks and proposal agenda, newslist@xxxxxxxxxxxxxxxxxxxxxx
[SECURITY] [DSA 1088-1] New centericq packages fix arbitrary code execution, Martin Schulze
Critical SQL Injection in CoolForum, gmdarkfig
[ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution, eufrato
[SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities, Martin Schulze
Pixelpost <= 1-5rc1-2 multiple vulnerabilities, rgod
rPSA-2006-0091-1 firefox thunderbird, Justin M. Forbes
[DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue, Uwe Hermann
[DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue, Uwe Hermann
[DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue, Uwe Hermann
[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue, Uwe Hermann
# MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, erne ayaz
- <Possible follow-ups>
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, nukedx
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit, Steven M. Christey
Pro Publish SQL Injection and XSS Vulnerabilities, Soothackers
new bug, webmaster
[SECURITY] [DSA 1086-1] New xmcd packages fix denial of service, Martin Schulze
MyTrueHood.com - XSS, luny
aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit, ajannhwt
New Snort Bypass - Patch - Bypass of Patch, Sigint Consulting
- Re: New Snort Bypass - Patch - Bypass of Patch, M. Dodge Mumford
  - Re: New Snort Bypass - Patch - Bypass of Patch, M. Dodge Mumford
    - Re: New Snort Bypass - Patch - Bypass of Patch, Pukhraj Singh
Redaxo CMS <= 3.2 Remote File Include, beford
newsfactory Cross Site Scripting & SQL injection, CrAzY . CrAcKeR
Re: Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions., mikes
Bytehoard 2.1 Remote File Include, beford
PHP ManualMaker v1.0, luny
Weblog Oggi v1.0, luny
VMSA-2006-0002 - VMware Server sensitive information lifetime issue, VMware Security Team
Re: my Web Server << v-1.0 Denial of Service Exploit, Steven M. Christey
SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability, Jessica Hope
northstudio Cross Site Scripting Vulnerability, CrAzY . CrAcKeR
Re: PHPSimple Choose v0.3, prattmic
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities, Yannick von Arx
Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues, Arne Vidstrom
CA Forum Remote SQL Injection, omnipresent
[ MDKSA-2006:094 ] - Updated evolution packages fix DoS (crash) vulnerability on certain messages., security
Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., rgod
- <Possible follow-ups>
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., nukedx
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc., Steven M. Christey
Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue, advisories
[SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities, Martin Schulze
- Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities, Thomas Dickey
SyScan'06 - The Hackers' Conference in Asia, thomas48
Squirrelmail local file inclusion, brokejunker
- Re: Squirrelmail local file inclusion, Paul Schmehl
- <Possible follow-ups>
- Re: Squirrelmail local file inclusion, Steven M. Christey
  - Re: Squirrelmail local file inclusion, pauls
Snort HTTP Inspect Pre-Processor Uricontent Bypass, Christian Swartzbaugh
TAL RateMyPic v1.0, luny
ishopcart cgi 0day and multiple vulnerabilities, bugtraq
FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs, FreeBSD Security Advisories
multiple file inclusion exploits in ovidentia v5.8.0, black code
- <Possible follow-ups>
- multiple file inclusion exploits in ovidentia v5.8.0, black-cod3
[security bulletin] HPSBUX02122 SSRT061158 rev.1 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
SUSE Security Announcement: rug (SUSE-SA:2006:029), Thomas Biege
[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution, Steve Kemp
rPSA-2006-0087-1 kernel, Justin M. Forbes
Internet explorer Vulnerbility, Mr . Niega
- Re: Internet explorer Vulnerbility, Alexander Sotirov
- RE: Internet explorer Vulnerbility, Peter Kruse
- Re: Internet explorer Vulnerbility, Hariharan
- <Possible follow-ups>
- Internet Explorer vulnerbility, Mr . Niega
  - Re: Internet Explorer vulnerbility, Andrei Ponomarev
  - Re: Internet Explorer vulnerbility, Michael N. Telnov
- RE: Internet Explorer vulnerbility, Greg Merideth (Forward Technology)
  - Re: RE: Internet Explorer vulnerbility, Charles Hamby
Re: Fire fox dos exploit, anoni . mouse
- Re: Fire fox dos exploit, Ronald van den Blink
- <Possible follow-ups>
- Re: Fire fox dos exploit, pagvac
- RE: Fire fox dos exploit, Andy
  - RE: Fire fox dos exploit, Sanjay Rawat
    - RE: Fire fox dos exploit, Jaroslaw Sajko
- Re: Fire fox dos exploit, Ronald van den Blink
- Re: Fire fox dos exploit, Yannick von Arx
- Re: Re: Fire fox dos exploit, vincenzo . ampolo
- Re: Fire fox dos exploit, Phil Trainor
- Re: Fire fox dos exploit, Aaron Hopkins
- Re: Re: Fire fox dos exploit, al4321
Re: New SecurityFocus mailing list: Focus-Apple, Marc Fossi