Bugtraq
- [ GLSA 200701-27 ] ELinks: Arbitrary Samba command execution,
Raphael Marichez
- Windows Vista and unexported kernel symbols (Part II, 32bits version),
Matthieu Suiche
- [SECURITY] [DSA 1255-1] New libgtop2 packages fix arbitrary code execution,
Moritz Muehlenhoff
- [ECHO_ADV_63$2007] Cadre remote file inclusion,
y3dips
- Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP,
Cisco Systems Product Security Incident Response Team
- 2007 Security OPUS CFP: Closed (Agenda included),
Sharkey
- Oracle 10g R2 Enterprise Manager Directory Traversal,
NGS Software Insight Security Research
- Remote Unauthenticated Resource Exhaustion CA Mobile BackupService,
NGS Software Insight Security Research
- Remote DOS BrightStor ARCserve Backup for Laptops & Desktops,
NGS Software Insight Security Research
- OWASP JBroFuzz 0.4 Fuzzer Released!,
subere
- Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops,
NGS Software Insight Security Research
- Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup,
NGS Software Insight Security Research
- [ MDKSA-2007:030 ] - Updated bind packages fix DoS vulnerabilities,
security
- Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include,
trzindan
- EncapsCMS 0.3.6 (common_foot.php) Remote File Include,
trzindan
- PhP Generic library & framework (include_path) Remote File Include Exploit,
umutc4n
- RBL - ASP (scripts with db) SQL injection,
sn0oPy . team
- COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched),
Coseinc
- rPSA-2007-0020-2 rmake,
rPath Update Announcements
- [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue,
Uwe Hermann
- Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases,
David Litchfield
- RBL - ASP (scripts with db) SQL injection,
sn0oPy . team
- VII National Computer and Information Security Conference ACIS 2007 - COLOMBIA,
Jeimy Cano
- [ GLSA 200701-25 ] X.Org X server: Multiple vulnerabilities,
Matthias Geerdsen
- Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects,
Chris Travers
- gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability,
trzindan
- Phorum HTML Injection Vulnerability,
DoZ
- Defeating CAPTCHAs via Averaging,
noreply9871234
- CVSTrac 2.0.0 Denial of Service (DoS) vulnerability,
Ralf S. Engelschall
- Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities,
h4cked . eg
- [OpenPKG-SA-2007.008] OpenPKG Security Advisory (cvstrac),
OpenPKG GmbH
- Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS),
Alexander Sotirov
- MDPro 1.0.76 - Multiple Remote Vulnerabilities,
adexior
- [SECURITY] [DSA 1254-1] New bind9 packages fix denial of service,
Moritz Muehlenhoff
- [OpenPKG-SA-2007.007] OpenPKG Security Advisory (bind),
OpenPKG GmbH
- [SECURITY] [DSA 1252-1] New vlc packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze
- local Calendar System v1.1 (lcStdLib.inc) Remote File Include,
trzindan
- AdMentor (banners) admin SQL injection,
sn0oPy . team
- [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability,
security
- Open Conference Systems = 2.8.2 Remote File Inclusion,
trzindan
- [USN-398-4] Firefox regression,
Kees Cook
- Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872,
Chris Travers
- stompy the session stomper - tool availability,
Michal Zalewski
- [ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability,
security
- WS_FTP 2007 Professional SCP handling format string vulnerability,
Michal Bucko
- Dexia website security alert,
Jos Kirps
- rPSA-2007-0020-1 rmake,
rPath Update Announcements
- rPSA-2007-0021-1 bind bind-utils,
rPath Update Announcements
- iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability,
iDefense Labs
- S21sec-034-en: Cisco VTP DoS vulnerability,
S21sec Labs
- FdScript <= v1.3.2 Remote File Disclosure Vulnerability,
ajannhwt
- PHP Membership Manager Cross-Site Scripting Vulnerability,
DoZ
- Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger,
hainamluke
- [ GLSA 200701-23 ] Cacti: Command execution and SQL injection,
Matthias Geerdsen
- [ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities,
security
- Movable Type <= 3.33 XSS Exploit,
teracci2002
- [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed,
Matteo Beccati
- [ GLSA 200701-24 ] VLC media player: Format string vulnerability,
Matthias Geerdsen
- [USN-410-2] teTeX vulnerability,
Kees Cook
- Medium Risk Vulnerability in PGP Desktop,
NGSSoftware Insight Security Research
- RubyGems 0.9.0 and earlier installation exploit,
Eric Hodel
- Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities,
DoZ
- Vulnerability disclosure comments,
Shawna McAlearney
- high5 Review script Security Risk,
anon
- Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux,
Sebastian Wolfgarten
- The certification password of Internet Explorer 7 and operation of auto complete,
support
- [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities,
Matthias Geerdsen
- [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery],
Netragard Security Advisories
- GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability,
ajannhwt
- [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability,
corrado . liotta
- [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability,
corrado . liotta
- phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability,
me you
- Aztek Forum 4.1 Multiple Vulnerabilities Exploit,
gmdarkfig
- BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.],
Lebbeous Weekley
- makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability,
ajannhwt
- ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability,
ajannhwt
- EzDatabase Multiple Cross-Site Scripting Vulnerability,
DoZ
- ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability,
ajannhwt
- Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity,
xorontr
- uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability,
ajannhwt
- rPSA-2007-0019-1 gtk,
rPath Update Announcements
- Remove all admin->root authorization prompts from OSX,
K F (lists)
- [USN-414-1] Squid vulnerabilities,
Kees Cook
- Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL,
Team SHATTER
- [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities,
Williams, James K
- Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD,
Team SHATTER
- Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY,
Team SHATTER
- Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME,
Team SHATTER
- Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE,
Team SHATTER
- Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT,
Team SHATTER
- Multiple Remote Vulnerabilities in Wordpress,
bmatheny
- ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability,
zdi-disclosures
- [security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access,
security-alert
- DoS against Telligent Community Server,
bmatheny
- [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution,
Matthias Geerdsen
- Weaknesses in Pingback Design,
bmatheny
- [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed,
Matteo Beccati
- Cisco Security Advisory: Crafted IP Option Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: IPv6 Routing Header Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service,
Cisco Systems Product Security Incident Response Team
- Maxtricity Tagger Password Disclosure Vulnerability,
beks
- ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability,
me you
- [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities,
Williams, James K
- Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow,
Secunia Research
- Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow,
Secunia Research
- Toxiclab Shoutbox Password Disclosure Vulnerability,
beks
- [Aria-Security Team] MyBB Cross-Site Scripting,
Advisory
- [USN-413-1] BlueZ vulnerability,
Kees Cook
- [USN-412-1] GeoIP vulnerability,
Kees Cook
- [ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling,
Raphael Marichez
- [ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities,
security
- SUSE Security Announcement: xine (SUSE-SA:2007:013),
Thomas Biege
- Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability,
me you
- PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability,
ProCheckUp Research
- [USN-411-1] libsoup vulnerability,
Kees Cook
- rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi,
rPath Update Announcements
- subscribe (pwd.txt) Remote Password Disclosur,
the . tiger100
- [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation,
Raphael Marichez
- [ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities,
security
- [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities,
Raphael Marichez
- RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur,
the . tiger100
- SUSE Security Announcement: squid (SUSE-SA:2007:012),
Thomas Biege
- Re: Multiple SQL injections and XSS in FishCart 3.1,
michael
- [ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- rPSA-2007-0014-1 libgtop,
rPath Update Announcements
- [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion,
y3dips
- rPSA-2007-0015-1 libsoup,
rPath Update Announcements
- [ GLSA 200701-17 ] libgtop: Privilege escalation,
Matthias Geerdsen
- Adobe ColdFusion Information Disclosure,
zck zck
- Re: Bluetooth DoS by obex push [readable],
hornung
- xss filter to protect from xss attacks,
Anurag Agarwal
- rPSA-2007-0012-1 ed,
rPath Update Announcements
- Bluetooth DoS by obex push,
hornung
- AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability,
C0r3 1mp4ct
- [ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability,
security
- Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability,
Jose Avila III
- rPSA-2007-0011-1 wget,
rPath Update Announcements
- [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities,
Raphael Marichez
- [ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities,
Raphael Marichez
- [ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service,
Raphael Marichez
- SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before,
Rolf Huisman
- [ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure,
Matthias Geerdsen
- Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability,
me you
- UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability,
me you
- [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit,
corrado . liotta
- Check Point Connectra End Point security bypass,
Roni Bachar
- Fantastic News <=- (news.php) Remote File Include Vulnerability,
me you
- Full Path Disclosure in Open-Realty ( v2.3.4 ),
xx_hack_xx_2004
- PHP Link Directory XSS Vulnerability version <= 3.0.6,
jussi . vuokko
- phpAdsNew 2.0.7 Remote File Include,
mr alkomandoz
- Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability,
porkythepig
- cmsimple 2.7 Remote File Include,
mr alkomandoz
- SQL Injection in Unique Ads ( UDS ),
xx_hack_xx_2004
- XSS in Guestbook ( v.4.00 beta ),
xx_hack_xx_2004
- XMB "U2U Instant Messenger" Cross-Site Scripting,
Advisory
- [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution,
Steve Kemp
- FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability,
me you
- FishCart [injection sql],
saps . audit
- Wiki-how path disclosure,
iamtheevil1
- Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit,
luoluonet
- XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ),
xx_hack_xx_2004
- Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability,
info
- SMF "index.php?action=pm" Cross Site-Scripting,
Advisory
- Paypal Subscription Manager Multiple HTML Injections,
DoZ
- Login Manager Multiple HTML Injections,
DoZ
- a-forum xss,
sn0oPy
- [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability,
RISE Security
- DIMVA 2007: Final Call for Papers,
Robin Sommer
- WzdFTPD < 8.1 Denial of service,
S21sec Labs
- Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass,
advisory07
- Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop,
porkythepig
- DoS against AVM Fritz!Box 7050 (and others),
collin
- TSLSA-2007-0003 - multi,
Trustix Security Advisor
- Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability,
dh
- MyShoutBox Multiple Cross-Site Scripting Vulnerability,
DoZ
- EUSecWest 2007 Papers,
Dragos Ruiu
- [ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability,
security
- [x0n3-h4ck] sabros.us 1.7 XSS Exploit,
corrado . liotta
- [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability,
security
- [ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability,
security
- [ MDKSA-2007:020 ] - Updated poppler packages fix crafted pdf file vulnerability,
security
- [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability,
security
- [ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability,
security
- Directory Traversal in ArsDigita Community System,
Elliot Kendall
- [security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS),
security-alert
- Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability,
Cisco Systems Product Security Incident Response Team
- [USN-410-1] poppler vulnerability,
Martin Pitt
- CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow,
CYBSEC Advisories
- FW: [cacti-announce] Cacti 0.8.6j Released,
Warner Moore
- Multiple OS kernel insecure handling of stdio file descriptor,
XFOCUS Security Team
- [security bulletin] HPSBST02184 SSRT071296 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-001 Through MS07-004,
security-alert
- [security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS),
security-alert
- Microsoft Help Workshop .CNT contents files buffer overflow vulnerability,
porkythepig
- [x0n3-h4ck] myBloggie 2.1.5 XSS exploit,
corrado . liotta
- [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS,
ISecAuditors Security Advisories
- [SECURITY] [DSA 1250-1] New cacti packages fix arbitrary code execution,
Moritz Muehlenhoff
- Windows logoff bug possible security vulnerability and exploit.,
Rage Coder
- ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability,
zdi-disclosures
- SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal,
research
- [ GLSA 200701-12 ] Mono: Information disclosure,
Raphael Marichez
- [ GLSA 200701-11 ] Kronolith: Local file inclusion,
Raphael Marichez
- [ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability,
security
- rPSA-2007-0008-1 gd,
rPath Update Announcements
- vulnerability script indexu all versions,
gamr-14
- [ GLSA 200701-09 ] oftpd: Denial of Service,
Raphael Marichez
- [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit,
corrado . liotta
- Announcement: The Cross-site Request Forgery FAQ,
bugtraq
- rPSA-2007-0007-1 kdenetwork,
rPath Update Announcements
- dt_guestbook version 1.0f XSS vulnerability,
jesper . jurcenoks
- [ MDKSA-2007:016 ] - Updated fetchmail packages fix vulnerability,
security
- [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability,
Dirk Mueller
- [ MDKSA-2007:015 ] - Updated cacti packages SQL injection vulnerability,
security
- [ MDKSA-2007:017 ] - Updated wget packages fix ftp vulnerability,
security
- PHPATM Remote Password Disclosure Vulnerablity,
nightmare
- Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability,
me you
- [ GLSA 200701-10 ] WordPress: Multiple vulnerabilities,
Raphael Marichez
- liens_dynamiques xss and admin authentification,
sn0oPy . team
- [USN-409-1] ksirc vulnerability,
Martin Pitt
- Uninformed Journal Release Announcement: Volume 6,
H D Moore
- InstantForum.NET Multiple Cross-Site Scripting Vulnerability,
DoZ
- wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity,
ilkerkandemir
- Jax Petition Book (languagepack) Remote File Include Vulnerabilities,
ilkerkandemir
- Outpost Bypassing Self-Protection using file links Vulnerability,
Matousec - Transparent security Research
- [USN-408-1] krb5 vulnerability,
Martin Pitt
- Remedy Action Request System 5.01.02 - User Enumeration,
Davide Del Vecchio
- Oracle Passwords and OraBrute,
paulw
- Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability,
ilkerkandemir
- [USN-407-1] libgtop2 vulnerability,
Martin Pitt
- London DC4420 meet - Wednesday 17th January, 2007,
Major Malfunction
- Ovidentia 5.6x Series Remote File İnclude,
hotturk
- Trevorchan <= v0.7 Remote File Include Vulnerability,
ilkerkandemir
- PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability,
paisterist
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability,
sapheal
- [ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability,
security
- [SECURITY] [DSA 1248-1] New libsoup packages fix denial of service,
Moritz Muehlenhoff
- [ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities,
Raphael Marichez
- [ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities,
Raphael Marichez
- [ GLSA 200701-06 ] w3m: Format string vulnerability,
Raphael Marichez
- [ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service,
Raphael Marichez
- Naig <= 0.5.2 (this_path) Remote File Include Vulnerability,
me you
- AIOCP Login Bypass Vulnerability,
coloss7
- AIOCP SQL Injection Vulnerability,
coloss7
- [ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- seeking comments on disclosure articles,
smcalearney
- Wordpress disclosure of Table Prefix Weakness,
process
- [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities,
Williams, James K
- Micro CMS <= 3.5 Remote File Include Exploit,
ilkerKandemir
- Web Honeynet Project: announcement, exploit URLs this Wednesday,
Gadi Evron
- Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue,
advisories
- Re (3): Circumventing CSFR Form Token Defense,
bugtraq
- [USN-406-1] OpenOffice.org vulnerability,
Kees Cook
- [ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security
- xss in phpmyadmin <= 2.8.1,
alfa
- LunarPoll (PollDir) Remote File Include Vulnerabilities,
ilkerKandemir
- Nwom topsites v3.0,
lunY
- LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability,
advisories
- [security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code,
security-alert
- [ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability,
info
- [USN-405-1] fetchmail vulnerability,
Kees Cook
- easy-content filemanager,
hackerbinhphuoc
- ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability,
zdi-disclosures
- LayerOne 2007 CFP Announced,
Layer One
- [security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files,
security-alert
- ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability,
zdi-disclosures
- ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability,
zdi-disclosures
- rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
rPath Update Announcements
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail,
FreeBSD Security Advisories
- Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability,
Calyptix Advisories
- phpBB (privmsg.php) XSS Exploit,
info
- [ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability,
security
- Jshop Server 1.3,
irvian
- Xine-ui format string Vulnerabilties.,
saik0pod
- WMF CreateBrushIndirect vulnerability (DoS),
Alexander Sotirov
- Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability,
advisories
- [ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability,
security
- [ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability,
security
- DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS,
K F (lists)
- VMware ESX server security updates,
VMware Security team
- sazcart v1.5 (cart.php) Remote File include,
emel_gw_ini
- A Major design Bug in Camouflage 1.2.1 (latest),
thesinoda
- CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability,
ahmed_labib_hilmy
- [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities,
Raphael Marichez
- VLC Format String Vulnerability also in XINE,
Sven . Czaja
- A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version),
thesinoda
- [ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability,
security
- iDefense Q-1 2007 Challenge,
contributor
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
K F (lists)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Jim Manico
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Roman Medina-Heigl Hernandez
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Blue Boar
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
K F (lists)
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Blue Boar
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Simon Smith
- Re: [Full-disclosure] iDefense Q-1 2007 Challenge,
Tim Newsham
- Re: [_SUSPEKT] - Re: [Full-disclosure] iDefense Q-1 2007 Challenge - Bayesian Filter detected spam,
Simon Smith
- Cisco Security Advisory: DLSw Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability,
Cisco Systems Product Security Incident Response Team
- [OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos),
OpenPKG GmbH
- Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite,
Piotr Bania
- slocate leaks filenames of protected directories,
steven
- iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability,
iDefense Labs
- edit-x ecommerce (include_dir) Remote File include,
emel_gw_ini
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability,
iDefense Labs
- [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security
- rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability,
iDefense Labs
- rPSA-2007-0004-1 bzip2,
rPath Update Announcements
- Circumventing CSFR Form Token Defense,
Jim Manico
- CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice,
Williams, James K
- Easy Banner Pro Version 2.8 <= Remote File Inclusion,
stormhacker
- [USN-404-1] MadWifi vulnerability,
Kees Cook
- iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability,
iDefense Labs
- MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers,
Tom Yu
- MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer,
Tom Yu
- [USN-403-1] X.org vulnerabilities,
Kees Cook
- rPSA-2007-0003-1 fetchmail,
rPath Update Announcements
- magic photo storage website Multiple Remote File Inclusion,
emel_gw_ini
- Sina UC ActiveX Multiple Remote Stack Overflow,
Sowhat
- Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit,
yorn
- ppc engine Multiple file inclusion,
emel_gw_ini
- [KDE Security Advisory] ksirc Denial of Service vulnerability,
Dirk Mueller
- [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability,
security
- Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws),
socket69
- Cracking Steganography Application in less than ONE minute,
thesinoda
- RFID open source library - RFIDIOt code release - version 0.1k,
Adam Laurie
- [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability,
security
- GForge Cross Site Scripting vulnerability,
jose . palanco
- createauction (cats.asp) Remote SQL Injection Vulnerability,
emel_gw_ini
- Vendor guidelines regarding security contacts,
Steven M. Christey
- cisco nac bypass vulnerability - cisco trust agent,
thorben schroeder
- Re: Sun java System Messenger Express XSS,
b2wang
- [SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service,
Noah Meyerhans
- rPSA-2007-0001-1 openoffice.org,
rPath Update Announcements
- [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution,
Martin Schulze
- Packeteer PacketWise CLI overflow DoS,
kian . mohageri
- magic photo storage website Remote File Inclusion,
k1tk4t
- QASEC Announcement: Writing Software Security Test Cases,
bugtraq
- HP Multiple Products PML Driver Local Privilege Escalation,
Sowhat
- MKPortal Full Path Disclosure,
info
- TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling,
Lolek of TK53
- GeoBB Georgian Bulletin Board Remote File Include Vuln.,
ShaFuq31
- Dayfox Blog Remote File Include Vuln.,
ShaFuq31
- [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service,
Moritz Muehlenhoff
- NUNE News Script (custom_admin_path) Remote File Include Vulnerablity,
xorontr
- Uguestbook Remote Password Disclosure Vulnerability,
beks
- Webulas Remote Password Disclosure Vulnerability,
beks
- HarikaOnline v2.0 Remote Password Disclosure Vulnerability,
beks
- M-Core Remote Password Disclosure Vulnerability,
beks
- MitiSoft Remote Password Disclosure Vulnerability,
beks
- EMembersPro 1.0 Remote Password Disclosure Vulnerability,
beks
- AJLogin v3.5 Remote Password Disclosure Vulnerability,
beks
- @lex Guestbook <= 4.0.2 Remote Command Execution Exploit,
gmdarkfig
- 0trace - traceroute on established connections,
Michal Zalewski
- [OpenPKG-SA-2007.005] OpenPKG Security Advisory (wordpress),
OpenPKG GmbH
- FON Router allows anonymous web access,
l . friedrichs
- shopstorenow (orange.asp) sql injection,
emel_gw_ini
- Fix & Chips CMS v1.0,
luny
- [OpenPKG-SA-2007.004] OpenPKG Security Advisory (fetchmail),
OpenPKG GmbH
- [OpenPKG-SA-2007.003] OpenPKG Security Advisory (drupal),
OpenPKG GmbH
- Yet Another Link Directory v1.0,
lunY
- ohhASP Remote Password Disclosure,
Advisory
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server,
Cisco Systems Product Security Incident Response Team
- fetchmail security announcement 2006-02 (CVE-2006-5867),
Matthias Andree
- fetchmail security announcement 2006-03 (CVE-2006-5974),
Matthias Andree
- iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability,
iDefense Labs
- ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability,
zdi-disclosures
- [OpenPKG-SA-2007.002] OpenPKG Security Advisory (bzip2),
OpenPKG GmbH
- Kolayindir Download (Yenionline) (tr) SqL Injection Vuln.,
ShaFuq31
- iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability,
iDefense Labs
- Flog 1.1.2 Remote Admin Password Disclosure,
corrado . liotta
- [USN-402-1] Avahi vulnerability,
Kees Cook
- Multiple bugs in EditTag,
nj
- Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability,
Stefan Esser
- [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue,
Uwe Hermann
- RI Blog 1.3 XSS Vuln.,
ShaFuq31
- [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue,
Uwe Hermann
- iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability,
iDefense Labs
- Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit,
gmdarkfig
- Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability,
Stefan Esser
- Intranet Open Source Remote Password Disclosure "intranet.mdb",
Advisory
- Uber Uploader 4.2 Arbitrary File Upload Vulnerability,
null_hack
- IG Calendar SQL Injection,
asdfj38
- IG Shop remote code execution,
asdfj38
- MkPortal Admin XSS,
info
- [USN-400-1] Thunderbird vulnerabilities,
Kees Cook
- [USN-401-1] D-Bus vulnerability,
Kees Cook
- CMS Made Simple non-permanent XSS,
nanoymaster
- SAP Security,
Mark Litchfield
- Perforce client: security hole by design,
Ben Bucksch
- [USN-398-3] Firefox theme regression,
Kees Cook
- DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability',
K F (lists)
- Concurrency strikes MSIE (potentially exploitable msxml3 flaws),
Michal Zalewski
- High Risk Vulnerability in the OpenOffice and StarOffice Suites,
NGSSoftware Insight Security Research
- [ GLSA 200701-03 ] Mozilla Thunderbird: Multiple vulnerabilities,
Raphael Marichez
- Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites),
NGSSoftware Insight Security Research
- [ GLSA 200701-02 ] Mozilla Firefox: Multiple vulnerabilities,
Raphael Marichez
- Wordpress <= 2.x dictionnary & Bruteforce attack,
kadaj-diabolik
- [ GLSA 200701-01 ] DenyHosts: Denial of Service,
Raphael Marichez
- SAP Security Contact,
Mark Litchfield
- Universal PDF XSS After Party,
pdp (architect)
- [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability,
vulnpost-remove
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect)
- MkPortal "All Guests are Admin" Exploit,
info
- LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability,
advisories
- 23C3 - Bluetooth hacking revisted [Summary and Code],
Thierry Zoller
- Re: SMS handling OpenSER remote code executing,
bogdan
- Re: OpenSER OSP Module remote code execution,
bogdan
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous,
Juha-Matti Laurio
- CFP for RAID 2007,
Jeffrey Horton
- a cheesy Apache / IIS DoS vuln (+a question),
Michal Zalewski
- jgbbs,
dr . t3rr0r1st
- [USN-398-2] Firefox vulnerabilities,
Kees Cook
- Simple Web Content Management System SQL Injection Exploit,
gmdarkfig
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access,
Cisco Systems Product Security Incident Response Team
- [USN-398-1] Firefox vulnerabilities,
Kees Cook
- Black Hat New Years Updates (Free Stuff, too!),
Jeff Moss
- OpenPinboard <= Remote File Include,
zooz_998
- WineGlass "data.mdb" Remote Password Disclosure,
Advisory
- Hacking AJAX DWR Applications,
shulman
- Adobe Acrobat Reader Plugin - Multiple Vulnerabilities,
Stefano Di Paola
- [USN-399-1] w3m vulnerabilities,
Kees Cook
- openmedia local read file,
exe_crack
- Universal XSS with PDF files: highly dangerous,
pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
bugtraq
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Martin O'Neal
- Message not available
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
RSnake
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
RSnake
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Brian Eaton
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Marvin Simkin
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Ralph Angenendt
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Guy Podjarny
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Tom Spector
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
sven . vetsch
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Jean-Jacques Halans
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
HASEGAWA Yosuke
Re: Universal XSS with PDF files: highly dangerous,
The Anarcat
<Possible follow-ups>
Re: Universal XSS with PDF files: highly dangerous,
Jeff Williams
GuestBook v0.3a Remote Password Disclosure,
Advisory
Whos Johny Pwnerseed?,
K F
Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit,
wihl
[ MDKSA-2007:002 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
Windows NT Message Compiler 1.00.5239 arbitrary code execution,
sapheal
rPSA-2006-0234-2 firefox thunderbird,
rPath Update Announcements
Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit,
kadaj-diabolik
[ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities,
security
Windows Vista 64bits and unexported kernel symbols,
Matthieu Suiche
AspBB Remote Password Disclosure,
Advisory
Openforum Remote password Disclosure,
Advisory
lblog Remote Password Disclosure,
Advisory
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution,
sapheal
Re: [Full-disclosure] simplog 0.9.3.2 SQL injection,
str0ke
Welcome to Pwndertino...,
K F (lists)
Dailymotion password reset vulnerability,
daftrix
Re: XSS with Vbulletin (new idea !),
marco . van . herwaarden
Mozilla Firefox 2.0 denial of service vulnerability,
sapheal
AShop Shopping Cart Multiple XSS Vulnerabilities,
DoZ
[OpenPKG-SA-2007.001] OpenPKG Security Advisory (cacti),
OpenPKG GmbH
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Kevin Waterson
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Bill Nash
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Tino Wildenhain
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Harrison
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Dana Hudes
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Harrison
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Darren Reed
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Harrison
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Darren Reed
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Harrison
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Bill Nash
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Ronald Chmara
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Manico
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Dana Hudes
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Lawrence Paul MacIntyre
- Re: PHP as a secure language? PHP worms?,
Duncan Simpson
- RE: PHP as a secure language? PHP worms?,
Jim Harrison
- <Possible follow-ups>
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Chad Maron
ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution,
sapheal
rblog Database Download Vulnerability,
Advisory
golden book XSS,
sn0oPy . team
Kerio Fake 'iphlpapi' DLL injection Vulnerability,
Matousec - Transparent security Research
BattleBlog Database Download Vulnerability,
Advisory
[NGSEC] ngGame #3 - BrainStorming,
labs@NGSEC
Re: PlatinumFTP 1.0.18 remote DoS,
info
vBulletin vCard PRO XSS,
exexp
PHPIrc_bot <= Remote File Include,
zooz_998
Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files,
gregory_panakkal
Re: PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service,
Collin R. Mulliner
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow,
76693223
Spooky Login Multiple HTML Injection Vulnerability,
DoZ
