Bugtraq
- phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2),
x0r0n
- Yblog => Cross Site Scripting,
h4ck3riran
- [SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution,
Moritz Muehlenhoff
- [SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service,
Moritz Muehlenhoff
- setSlice exploited in the wild - massively,
Gadi Evron
- OlateDownload 3.4.0 Multiple Vulnerabilities,
no-reply
- Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability,
ozkan . aziz
- rPSA-2006-0176-1 openldap openldap-clients openldap-servers,
rPath Update Announcements
- Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation,
Matasano Advisories
- rPSA-2006-0175-2 openssl openssl-scripts,
rPath Update Announcements
- Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow),
Alexander Sotirov
- [ MDKSA-2006:176 ] - Updated xine-lib packages fix buffer overflow vulnerabilities,
security
- [ MDKSA-2006:175 ] - Updated mplayer packages fix buffer overflow vulnerabilities,
security
- [ MDKSA-2006:174 ] - Update gstreamer-ffmpeg packages fix buffer overflow vulnerabilities,
security
- [ MDKSA-2006:173 ] - Updated ffmpeg packages fix buffer overflow vulnerabilities,
security
- Sql injection in PostNuke [Admin section],
Omid
- Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities,
Stefan Esser
- UBB.threads Multiple input validation error,
security
- [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues,
admin
- FreeBSD Security Advisory FreeBSD-SA-06:23.openssl [REVISED],
FreeBSD Security Advisories
- Secunia Research: Joomla BSQ Sitestats Component Multiple Vulnerabilities,
Secunia Research
- TSLSA-2006-0054 - multi,
Trustix Security Advisor
- rPSA-2006-0175-1 openssl openssl-scripts,
rPath Update Announcements
- [ MDKSA-2006:172 ] - Updated openssl packages fix vulnerabilities,
security
- MkPortal UrloBox Increment Zize Desfiguration,
vannovax
- [ MDKSA-2006:171 ] - Updated openldap packages fixes ACL vulnerability,
security
- [ GLSA 200609-19 ] Mozilla Firefox: Multiple vulnerabilities,
Matthias Geerdsen
- [ MDKSA-2006:157-1 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities,
security
- [ GLSA 200609-20 ] DokuWiki: Shell command injection and Denial of Service,
Matthias Geerdsen
- An analysis of Microsoft Windows Vista’s ASLR,
Renaud Lifchitz
- SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion,
chris_hasibuan
- [SECURITY] [DSA 1185-1] New openssl packages fix denial of service,
Moritz Muehlenhoff
- Multiple XSS Vulnerabilities in Zen Cart 1.3.5,
security
- [USN-353-1] openssl vulnerabilities,
Martin Pitt
- [ MDKSA-2006:170-1 ] - Updated webmin packages fix XSS vulnerability,
security
- ERRATA: [ GLSA 200609-17 ] OpenSSH: Denial of Service,
Sune Kloppenborg Jeppesen
- [OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl),
OpenPKG
- FreeBSD Security Advisory FreeBSD-SA-06:23.openssl,
FreeBSD Security Advisories
- Newswriter SW v1.4.2 Remote File Include Exploit,
x0r0n
- SAP Internet Transaction Server XSS vulnerability,
info
- Multitple XSS Vulnerabilities in Red Mombin 0.7,
security
- [ GLSA 200609-18 ] Opera: RSA signature forgery,
Matthias Geerdsen
- MkPortal Cross Site Scripting (All versions) xSS,
vannovax
- Comdev Events Calendar 3.1 :) <= Remote File Inclusion,
stormhacker
- PHPSelect Web Development Division <= Remote File Inclusion,
stormhacker
- Comdev News Publisher 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Newsletter 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev FAQ Support 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Guestbook 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev CSV Importer 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev eCommerce 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Web Blogger 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Contact Form 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Photo Gallery 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Vote Caster 3.1 :) <= Remote File Inclusion,
stormhacker
- Comdev Links Directory 3.1 :) <= Remote File Inclusion,
stormhacker
- [ GLSA 200609-17 ] OpenSSH: Denial of Service,
Sune Kloppenborg Jeppesen
- bug com_madeira,
ifx
- Exploit module available for WebViewFolderIcon setSlice 0-day,
Chris Byrd
- Digital Armaments September-October Hacking Challenge: Explorer and Mozilla,
info
- VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities,
Base64
- Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit,
gmdarkfig
- rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server,
rPath Update Announcements
- net2ftp: a web based FTP client :) <= Remote File Inclusion,
stormhacker
- JAF CMS 4.0 RC1 multiple vulnerabilities,
nanoymaster
- Free Rainbow Tables.com,
Jerome Athias
- ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities,
zdi-disclosures
- Windows VML security update MS06-055 released,
Juha-Matti Laurio
- rPSA-2006-0173-1 openoffice.org,
rPath Update Announcements
- WD25:- Deparcq Pieter project File Include Vulnerability,
stormhacker
- VML Exploit vs. AV/IPS/IDS signatures,
avivra
SUSE Security Announcement: gzip (SUSE-SA:2006:056),
Thomas Biege
[Whitepaper] - Access over Ethernet: Insecurities in AoE,
Morgan Marquis-Boire
PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.,
meto5757
[SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities,
Martin Schulze
SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion,
chris_hasibuan
[ GLSA 200609-16 ] Tikiwiki: Arbitrary command execution,
Sune Kloppenborg Jeppesen
Vbulletin 2.X sql injection,
security
CubeCart Multiple input Validation vulnerabilities,
security
webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit,
the-wolf-ksa
Back-end => 0.4.5 Remote File Include Vulnerabilities,
h4ck3riran
php_news => 2.0 Remote File Include Vulnerabilities,
h4ck3riran
QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities,
h4ck3riran
DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities,
h4ck3riran
WebspotBlogging => 3.0 Remote File Include Vulnerabilities,
h4ck3riran
Ruxcon 2006,
cfp
[ GLSA 200609-14 ] ImageMagick: Multiple Vulnerabilities,
Sune Kloppenborg Jeppesen
[ GLSA 200609-15 ] GnuTLS: RSA Signature Forgery,
Sune Kloppenborg Jeppesen
Uninformed Journal Release Announcement: Volume 5,
H D Moore
iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Signedness Vulnerability,
iDefense Labs
iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability,
iDefense Labs
[security bulletin] HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges,
security-alert
[security bulletin] HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code,
security-alert
Local File Inclusion : Kietu,
cdg393
RE: [Full-disclosure] Yet another 0day for IE,
Bill Stout
tech support being flooded due to IE 0day,
Gadi Evron
PNews v1.1.0 (nbs) Remote File Inclusion,
CvIr . System
[ MDKSA-2006:169 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security
wwwthreads <= 5.4.2 croos site script vulnerbilities,
h4ck3riran
[ MDKSA-2006:170 ] - Updated webmin packages fix XSS vulnerability,
security
PhotoStore Multiple Cross-Site Scripting Vulnerabilities,
meto5757
Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.,
meto5757
MyPhotos<= Remote File Include Vulnerability,
h4ck3riran
[SECURITY] [DSA 1184-1] New Linux 2.6.8 packages fix several vulnerabilities,
Martin Schulze
[ GLSA 200609-13 ] gzip: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[USN-352-1] Thunderbird vulnerabilities,
Martin Pitt
Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0,
Moritz Naumann
[SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities,
Martin Schulze
phpstak <= Remote File Include Vulnerability,
h4ck3riran
Windows VML Vulnerability FAQ (CVE-2006-4868) written,
Juha-Matti Laurio
ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)],
Gadi Evron
Jamroom Media Content Management System Login.php Xss Vuln.,
meto5757
[RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability,
advisories
"Buffer overflow" term considered overloaded,
Steven M. Christey
Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting),
pdp (architect)
RSA Keyon Log verification bypass vulnerability,
Andrei Mikhailovsky
SolpotCrew Advisory #12 - phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion,
chris_hasibuan
Call for Papers and Tutorials for the 19th Annual FIRST Conference, June 17– 22, 2007,
Ian Cook
[Call for Papers] DIMVA 2007,
Robin Sommer
Woltlab Burning Board 2.3.X SQL Injection Vulnerability,
sn4k3 . 23
jevoncms (.inc) Path Disclosure,
CvIr . System
More Vulnerable ATM Models,
Steve
[PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability,
guanyu_vn
Self-contained XSS Attacks (the new generation of XSS),
pdp (architect)
Google Mini Search Applicance Path Disclosure,
Patrick Webster
Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting,
Patrick Webster
ContentKeeper Authenticated Access Password Disclosure,
Patrick Webster
RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities,
Patrick Webster
Eskolar CMS Remote Sql Injection,
security
E-Vision CMS Multible Remote injections,
security
TSLSA-2006-0052 - multi,
Trustix Security Advisor
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness,
Moritz Muehlenhoff
[USN-351-1] firefox vulnerabilities,
Martin Pitt
[security bulletin] HPSBUX02156 SSRT061236 rev.1 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02153 SSRT061181 rev.1 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS),
security-alert
FW: APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005,
dm
[security bulletin] HPSBST02134 SSRT061187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-052, MS06-053 and MS06-054,
security-alert
[CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities,
Williams, James K
Grayscale BandSite CMS Multiple Input Validation Vulnerabilities,
security
Wili-CMS Multiple Input Validation Vulnerabilities,
security
[ MDKSA-2006:168 ] - Updated Firefox packages fix multiple vulnerabilities,
security
Re: CounterPath eyeBeam Handing SIP header Vulnerabilities,
support
[ MDKSA-2006:167 ] - Updated gzip packages fix multiple vulnerabilities,
security
[ MDKSA-2006:166 ] - Updated gnutls packages fixes PKCS signature verification issue.,
security
[scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities,
Marc Ruef
[USN-350-1] Thunderbird vulnerabilities,
Martin Pitt
Internet Explorer VML Zero-Day Mitigation,
Matthew Murphy
Dr.Web 4.33 antivirus LHA long directory name heap overflow,
Jean-Sébastien Guay-Leroux
mysql_error() can lead to Cross Site Scripting attacks,
gmdarkfig
vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit,
nop
Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms,
Cisco Systems Product Security Incident Response Team
PowerPoint issue fixed in MS06-012/CVE2006-009,
Juha-Matti Laurio
Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Guard enables Cross Site Scripting,
Cisco Systems Product Security Incident Response Team
[OpenPKG-SA-2006.020] OpenPKG Security Advisory (gzip),
OpenPKG
Camino release 1.0.3 fixes several vulnerabilities,
Juha-Matti Laurio
rPSA-2006-0170-1 gzip,
rPath Update Announcements
Microsoft PowerPoint 0-day Vulnerability FAQ - September written,
Juha-Matti Laurio
[SECURITY] [DSA 1180-1] New bomberclone packages fix several vulnerabilities,
Martin Schulze
Innovate Portal v2.0 Index.PHP Xss Vuln.,
meto5757
White paper release: Bypassing network access control (NAC) systems,
Ofir Arkin
Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit,
saudi . unix
PT News 1.7.8 (Search.php) XSS Vulnerability,
Snake . Apollyon
NextAge Cart Cross-Site Scripting multiple Vulnerabilities,
meto5757
Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities,
simo64
Yet another 0day for IE,
Gadi Evron
Apple Remote Desktop root vulneravility,
fribitch
eSyndiCat Portal System XSS Vuln.,
meto5757
[ GLSA 200609-12 ] Mailman: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[USN-349-1] gzip vulnerabilities,
Martin Pitt
[RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?,
rfdslabs
New PowerPoint 0-day Trojan in the wild,
Juha-Matti Laurio
[SECURITY] [DSA 1179-1] New alsaplayer packages fix denial of service,
Martin Schulze
[ MDKSA-2006:165 ] - Updated mailman packages fix multiple vulnerabilities,
security
FreeBSD Security Advisory FreeBSD-SA-06:21.gzip,
FreeBSD Security Advisories
[Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability,
botan
[SECURITY] [DSA 1178-1] New freetype packages fix execution of arbitrary code,
Moritz Muehlenhoff
ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability,
ajannhwt
HP-UX X.25 Denial of Service Vulnerability,
oktayonur
Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability,
D3nGeR
PHP-Post Multiple Input Validation Vulnerabilities,
security
PHPQuiz Multiple Remote Vulnerabilites,
simo64
NixieAffiliate all version bypass admin and xss,
ali
HitWeb v3.0 - Remote File Include Vulnerabilities,
erne
Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability,
ajannhwt
Symantec Security Advisory: Symantec AntiVirus Corporate Edition,
secure
Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability,
ajannhwt
AzzCoder => PNphpBB (Latest) Remote File Include,
azzcoder
Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability,
ajannhwt
USB Attacks Going Commercial?,
Gadi Evron
Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability,
ajannhwt
EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability,
ajannhwt
Busy box httpd file traversal vulenrability,
bug-finder
[USN-348-1] GnuTLS vulnerability,
Martin Pitt
Sql injection in Moodle,
Omid
MyBB 1.2 Full path and Cross site scripting vulnerabilities,
security
PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability,
AG- Spider
BizDirectory all version xss,
ali
McAfee VirusScan Enterprise - disabling the client side "On-Access Scan",
EitanCaspi@xxxxxxxxx
[ GLSA 200609-11 ] BIND: Denial of Service,
Raphael Marichez
easypage.org >> v7 sql injection,
ali
rPSA-2006-0169-1 firefox thunderbird,
rPath Update Announcements
Limbo - Lite Mambo CMS Multiple Vulnerabilities,
security
Roller Weblogger XSS vulnerability,
p3rlhax
[Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow,
Reversemode
BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability,
x0r0n
phpQuiz sensitive file (install.php),
sn_0py
Symantec Norton Insufficient validation of 'SymEvent' driver input buffer,
David Matousek
Google Search API Worms,
pdp (architect)
@System Security Meeting in Pisa,
Giorgio Zoppi
Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability,
x0r0n
SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include,
jong_amq
SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion,
bius
ppalCart V(2.5 EE) Remote File Inclusion,
l0x3
MyBB Full path and Cross site scripting vulnerabilities,
security
Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities,
x17
Jupiter CMS Multiple injections,
security
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection,
ajannhwt
mcLinksCounter v1.1 - Remote File Include Vulnerabilities,
erne
ClickBlog! <= v2.0 (default.asp) Admin ByPASS SQL Injection,
ajannhwt
[SECURITY] [DSA 1177-1] New usermin packages fix denial of service,
Martin Schulze
[SECURITY] [DSA 1160-2] New Mozilla packages fix several vulnerabilities,
Martin Schulze
PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit,
Saudi . unix
Fwd: IE ActiveX 0day?,
Tyop Tyip
Hackers to Hackers Conference III - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
PhotoPost =>4.6 (PP_PATH) Remote File Inclusion Exploit,
saudi . unix
[security bulletin] HPSBUX02126 SSRT051019 rev.1 - HP-UX running X.25 Local Denial of Service (Dos),
security-alert
Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability,
dh
SolpotCrew Advisory #9 - phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion,
chris_hasibuan
Fullpath disclosure in Blue Magic Board 5.5,
hack2prison
SIP over TLS: X.509 peer authentication vulnerability in Ingate products,
Per Cederqvist
Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit,
saudi . unix
[USN-346-2] Fixed linux-restricted-modules-2.6.15 for previous Linux kernel update,
Martin Pitt
Secunia Research: Tagger LE PHP "eval()" Injection Vulnerabilities,
Secunia Research
XSS vulnerability in Blojsom,
p3rlhax
[ GLSA 200609-10 ] DokuWiki: Arbitrary command execution,
Sune Kloppenborg Jeppesen
DCP-Portal SE 6.0 multiple injections,
security
ADOdb Date Library Full path Bugs,
security
[ MDKSA-2006:164 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
ToorCon Pre-Registration Closing Friday!,
h1kari@xxxxxxxxxxx
Mailman 2.1.8 Multiple Security Issues,
Moritz Naumann
PAKCON III: Call for Papers (CfP 2006),
Ayaz Ahmed Khan
[SECURITY] [DSA 1176-1] New zope2.7 packages fix information disclosure,
Moritz Muehlenhoff
PAKCON III: Announce (2006),
Ayaz Ahmed Khan
[eVuln] NX5Linkx Multiple Vulnerabilities,
Alex
[ GLSA 200609-08 ] xine-lib: Buffer overflows,
Sune Kloppenborg Jeppesen
TualBLOG v 1.0 multiple sql injection,
dj_remix_20
[ GLSA 200609-09 ] FFmpeg: Buffer overflows,
Sune Kloppenborg Jeppesen
[eVuln] CJ Tag Board XSS Vulnerability,
Alex
[eVuln] Links Manager Multiple XSS and SQL Injection Vulnerabilities,
Alex
[eVuln] indexcity SQL Injection and XSS Vulnerabilities,
Alex
[eVuln] Doika guestbook 'page' XSS Vulnerability,
Alex
Snitz Forums 2000 v3.4.06,
ajannhwt
[0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit,
nop
Cisco IOS VTP issues,
FX
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze
[security bulletin] HPSBMA02149 SSRT050968 rev.1 - HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02151 SSRT051021 rev.1 - HP-UX Running ARPA Transport Software, Local Denial of Service (DoS),
security-alert
[USN-345-1] mailman vulnerabilities,
Martin Pitt
Multiple Vulnerabilities in Apple QuickTime,
avert
[ GLSA 200609-07 ] LibXfont, monolithic X.org: Multiple integer overflows,
Sune Kloppenborg Jeppesen
NetPerformer FRAD ACT Multiple Vulnerabilities,
arif . jatmoko
PHP Event Calendar Multiple Parameter Cross Site Scripting Vulnerability,
OS2A BTO
# ForumJBC v4 < = Cross-Site Scripting - XSS Exploit ;,
x17
[SECURITY] [DSA 1175-1] New isakmpd packages fix replay protection bypass,
Martin Schulze
[EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2,
eEye Advisories
NETGEAR Rotuer DG834GT Firmware V1.01.28 (DoS),
nullflag
iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow,
iDefense Labs
iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability,
iDefense Labs
Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability,
daftrix
iDefense Security Advisory 09.12.06: Apple QuickTime FLIC File Heap Overflow Vulnerability,
iDefense Labs
Apple QuickTime H.264 Integer Overflow Vulnerability,
Sowhat
LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution,
Chris Travers
[USN-344-1] X.org vulnerabilities,
Martin Pitt
AzzCoder => phpBB XS 0.58 Remote File Include,
azzcoder
Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability,
irc
Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability,
irc
Apple QuickTime Player H.264 Codec Remote Integer Overflow,
Piotr Bania
WTools v0.0.1-ALPH - Remote File Include Vulnerabilities,
erne
ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery,
Sune Kloppenborg Jeppesen
Session Token Remains Valid After Logout in IBM Lotus Domino Web Access,
dave . ferguson
rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
Sql injection in Tikiwiki,
Omid
CMS.R. the Content Management System admin authentication baypass,
security
ShAnKaR: multiple PHP application poison NULL byte vulnerability,
3APA3A
SolpotCrew Advisory #8 - Mcgallerypro (path_to_folder) Remote File Inclusion,
chris_hasibuan
C-News v 1.0.1 < = Multiple Remote File Include Vulnerabilities,
the . leo . 008
Microsoft visual basic 6. overflow,
mallahzadeh
[SECURITY] [DSA 1173-1] New openssl packages fix RSA signature forgery cryptographic weakness,
Moritz Muehlenhoff
PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit],
ali
SIPS v 0.2.2 < = Remote File Include Vulnerability,
the . leo . 008
HotPlug CMS Config File Include Vulnerability,
security
PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities,
l0x3
text ads xss attack,
ali
Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability,
l0x3
PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities,
l0x3
[SECURITY] [DSA 1174-1] New openssl096 packages fix RSA signature forgery cryptographic weakness,
Moritz Muehlenhoff
Vikingboard 0.1b Multiple Vulnerabilities,
no-replay
MagpieRSS (a simple RSS integration tool) Full path vul,
security
XHP CMS v0.5.1 Vuls Xss and Full path vuls,
security
Web Server Creator v0.1 (l) Remote Include Vulnerability,
x0r0n
PUMA 1.0 RC 2 (config.php) Remote File Inclusion,
philipp . niedziela
[SECURITY] [DSA 1159-2] New Mozilla Thunderbird packages fix several problems,
Martin Schulze
ConSec Symposium - Sept 20-22 in Austin, TX,
Michael Allgeier
SimpleBoard Mambo Component 1.1.0 Remote File Include,
stormhacker
[SECURITY] [DSA 1172-1] New bind9 packages fix denial of service,
Martin Schulze
Cross Context Scripting with Sage,
pdp (architect)
PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore(),
cxib
Multible injections and vulnerabilities in Jetbox CMS,
security
[ MDKSA-2006:163 ] - Updated bind packages fix DoS vulnerabilities,
security
RSA SecurID SID800 Token vulnerable by design,
Hadmut Danisch
Airscanner Mobile Security Advisory #06070101: Abidia & OAnywhere (All versions),
removethis_contact
Airscanner Mobile Security Advisory #06260602: Pocket Expense Pro 3.9.1 Authentication Bypass,
removethis_contact
mcNews v1.3 - Remote File Include,
erne
Akarru rfi,
erne
Timesheet 1.2.1 Blind SQL Injection Vulnerability,
secaware2006
client side vulnerability in yahoo mail,
p3rlhax
rPSA-2006-0166-1 bind bind-utils,
rPath Update Announcements
rPSA-2006-0165-1 mailman,
rPath Update Announcements
PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit,
saudi . unix
[RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow,
advisories
[USN-343-1] bind9 vulnerabilities,
Martin Pitt
News Evolution v3.0.3 - Remote File Include Vulnerabilities,
erne
ACGV News v0.9.1 - Remote File Include Vulnerabilities,
erne
Black Hat Briefings Japan Speakers Selected!,
Jeff Moss
[SECURITY] [DSA 1171-1] New ethereal packages fix execution of arbitrary code,
Moritz Muehlenhoff
Sql injection in BLOG:CMS,
Omid
FreeBSD Security Advisory FreeBSD-SA-06:20.bind,
FreeBSD Security Advisories
Linux kernel source archive vulnerable,
Hadmut Danisch
WM-News v0.5 - Remote File Include Vulnerabilities,
erne
Sql injection in RunCMS,
Omid
XSS in AckerTodo v4.0,
viz . security
ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow,
zdi-disclosures
SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability,
ciriboflacs
Shadow Prmod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability,
ciriboflacs
DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution,
rgod
Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244,
Chris Travers
CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer,
CORE Security Technologies Advisories
CORE-2006-0321: AOL ICQ Pro 2003b heap overflow vulnerability,
CORE Security Technologies Advisories
xxs in MKPortal M1.1,
exe_crack
[ MDKSA-2006:162 ] - Updated php packages fix vulnerabilities,
security
Re: PasswordSafe 3.0 weak random number generator allows key recovery attack,
ronys
BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability,
ciriboflacs
[ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery,
Sune Kloppenborg Jeppesen
Host header cannot be trusted as an anti anti DNS-pinning measure,
Amit Klein (AKsecurity)
PHPFusion <= 6.01.4 extract()/_SERVER[REMOTE_ADDR] sql injection exploit,
rgod
SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities,
3APA3A
[USN-342-1] PHP vulnerabilities,
Martin Pitt
Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability,
Steven M. Christey
NDSS CFP Due September 10th,
Crispin Cowan
[USN-341-1] libxfont vulnerability,
Martin Pitt
[OpenPKG-SA-2006.019] OpenPKG Security Advisory (bind),
OpenPKG
[ MDKSA-2006:161 ] - Updated openssl packages fix vulnerability,
security
FreeBSD Security Advisory FreeBSD-SA-06:19.openssl,
FreeBSD Security Advisories
WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit,
stormhacker
Microsoft confirmed Word 0-day vulnerability,
Juha-Matti Laurio
[ GLSA 200609-02 ] GTetrinet: Remote code execution,
Sune Kloppenborg Jeppesen
IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability,
Juha-Matti Laurio
Sql Injection and Path Disclosoure Wordpress v2.0.5,
vannovax
[ GLSA 200609-01 ] Streamripper: Multiple remote buffer overflows,
Sune Kloppenborg Jeppesen
[ GLSA 200609-03 ] OpenTTD: Remote Denial of Service,
Sune Kloppenborg Jeppesen
[ GLSA 200609-04 ] LibXfont: Multiple integer overflows,
Sune Kloppenborg Jeppesen
[security bulletin] HPSBUX02102 SSRT051078 rev.4 - HP-UX usermod(1M) Local Unauthorized Access.,
security-alert
[SECURITY] [DSA 1170-1] New fastjar packages fix directory traversal,
Martin Schulze
Canon ImageRunner reveals SMB, IPX, and FTP username/passwords,
gunrnr
Cisco IOS GRE issue,
FX
release uhooker v1.2,
Hernan Ochoa
Reminder: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA,
Dave Wichers
[USN-340-1] imagemagick vulnerabilities,
Martin Pitt
Details for BID 19586,
shulman
Details for BID 18428,
shulman
[OpenPKG-SA-2006.018] OpenPKG Security Advisory (openssl),
OpenPKG
Easy Address Book Web Server Format String Vulnerability,
revnic
php download local file include,
ali
Anti-vir2,
rugginello
Dyn CMS <= REleased (x_admindir) Remote File Inclusion Exploit,
SHiKaA-
in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit,
saudi . unix
rPSA-2006-0163-1 openssl openssl-scripts,
rPath Update Announcements
FlashChat <= 4.5.7 Remote File Include Vulnerability,
mc . nadz
UPDATE: [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code,
Sune Kloppenborg Jeppesen
AuditWizard 6.3.2 gives away administrator password,
Terry Donaldson
[security bulletin] HPSBUX02145 SSRT061202 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access,
security-alert
ZIXForum 1.12 <= "RepId" Remote SQL Injection,
ChironeX . FleckeriX
Anti-vir vulnerability,
rugginello
2nd European Conference on Computer Network Defense (EC2ND),
Blyth A J C (AT)
Buffer overflow vulnerability in dsocks,
Michael Adams
[Kurdish Security # 26 ] AnnonceV News Script Remote Command Vulnerability,
botan
Re: CuteNews 1.3.* Remote File Include Vulnerability,
satalin
VirtualPC 2004 (build 528) detection (?),
gynvael
MyBace Light (hauptverzeichniss) Remote File Inclusion,
philipp . niedziela
SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability,
jong_amq
[Kurdish Security # 25 ] GrapAgenda Remote Command Vulnerability,
botan
[SECURITY] [DSA 1169-1] New MySQL 4.1 packages fix several vulnerabilities,
Martin Schulze
HITBSecConf2006 Final Call !,
Praburaajan
Microsoft Word 0-day Vulnerability (September) FAQ document available,
Juha-Matti Laurio
[SECURITY] [DSA 1168-1] New imagemagick packages fix arbitrary code execution,
Moritz Muehlenhoff
SoftBB v0.1 < = Cross-Site Scripting,
the . leo . 008
[USN-339-1] OpenSSL vulnerability,
Martin Pitt
TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking,
TTG
[USN-338-1] MySQL vulnerabilities,
Martin Pitt
CFP, IT Underground, Warsaw, Poland 2006,
Piotr Sobolewski
Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability,
tinywebgallery
AnywhereUSB/5 1.80.00 Drivers Integer Overflow,
SecuriTeam Assisted Disclosure
SoftBB 0.1 Remote PHP Code Execution Exploit,
gmdarkfig
Airscanner Mobile Security Advisory #05081201: PDAapps Verichat v1.30bh Local Password Disclosure,
contact_removethis
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities,
Steve Kemp
Web Dictate Admin Null Password Vulnerability,
revnic
[SECURITY] [DSA 1166-1] New cheesetraceker packages fix buffer overflow,
Steve Kemp
Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability,
atomo64
Airscanner Mobile Security Advisory #05081701: IM+ v3.10 Local Password Plaintext Exposure,
contact_removethis
The Amazing Little Poll Admin Pwd,
tugra
Tr Forum V2.0 Multiple Vulnerabilities,
gmdarkfig
Annuaire 1Two 2.2 Remote SQL Injection Exploit,
gmdarkfig
ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities,
sirdarckcat
Autentificator <=2.01 SQL Injection Vulnerability,
sirdarckcat
PHP-Revista Multiple vulnerabilities,
sirdarckcat
XXS in Powered by vbzoom,
exe_crack
Sql injections in e107 [Admin section],
Omid
Sql injection in SMF [Admin section],
Omid
Icblogger <= "YID" Remote Blind SQL Injection,
ChironeX . FleckeriX
forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc,
gmdarkfig
[Informix] Is Telelogic's Synergy integrated Informix server also vulnerable?,
Sec Anon
[ MDKSA-2006:160 ] - Updated xorg-x11/XFree86 packages fix potential vulnerabilities,
security
[ MDKSA-2006:159 ] - Updated sudo packages whitelist environments,
security
Re: Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ),
Carsten Eilers
ISS BlackICE PC Protection Insufficient validation of arguments of NtOpenSection Vulnerability,
David Matousek
[SECURITY] [DSA 1165-1] New capi4hylafax packages fix arbitrary command execution,
Martin Schulze
Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability,
maric_sasa
Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ),
do
[ISR] - IBM eGatherer ActiveX Code Execution PoC,
Francisco Amato
ModuleBased CMS alfa 1 Multiple Remote File Inclusion,
amir . scorpino
