Bugtraq

• Date Index

---

• [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability, Williams, James K
• [USN-428-1] Firefox vulnerabilities, Martin Pitt
• Evading the Norman SandBox Analyzer, Arne Vidstrom
• Cisco Security Advisory: Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability, Cisco Systems Product Security Incident Response Team
• Xbox 360 Hypervisor Privilege Escalation Vulnerability, Anonymous Hacker
  • <Possible follow-ups>
  • Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, gera
  • Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability, anohacker
• [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass], Netragard Security Advisories
• iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability, iDefense Labs
• Nullsoft ShoutcastServer Persistant XSS - 0day, SaMuschie
• WordPress Search Function SQL-Injection, SaMuschie
  • Re: WordPress Search Function SQL-Injection, Justin Frydman - Thinkweb Media
    • Re: WordPress Search Function SQL-Injection, ascii
  • <Possible follow-ups>
  • Re: WordPress Search Function SQL-Injection, kelson
• rPSA-2007-0043-1 php php-mysql php-pgsql, rPath Update Announcements
• [ GLSA 200702-12 ] CHMlib: User-assisted remote execution of arbitrary code, Raphael Marichez
• [ GLSA 200702-11 ] MPlayer: Buffer overflow, Raphael Marichez
• Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities, Stefan Friedli
• Few unreported vulnerabilities by SehaTo, 3APA3A
• ViewCVS 0.9.4 issues, Moritz Naumann
  • Re: [Full-disclosure] ViewCVS 0.9.4 issues, Moritz Naumann
• MTCMS multiple upload vulnerabilities, none
• XXS in script Phorum, c_r_ck
  • <Possible follow-ups>
  • Re: XXS in script Phorum, brian
• WordPress AdminPanel CSRF/XSS - 0day, SaMuschie
• Secunia Software Inspector OS Security Assessment problem, David ROBERT
• [security bulletin] HPSBST02194 SSRT071306 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-005 Through MS07-016, security-alert
• SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke, research
• rPSA-2007-0040-1 firefox, rPath Update Announcements
• Know your Enemy: Web Application Threats, Gadi Evron
• SQLiteManager v1.2.0 Multiple Vulnerabilities, simon . itsecurity
• sitex multiple vulnerabilities, none
• Call for Paper - SyScan'07, Thomas Lim
• Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences, David Litchfield
• [ GLSA 200702-10 ] UFO2000: Multiple vulnerabilities, Raphael Marichez
• JBrowser Acces to Admin Panel Exploit, crazy_king
• [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities, Raphael Marichez
• Phpwebgallery-1.4.1, Multiple Cross Site Scripting, simon . itsecurity
• Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit, s0cratex
• Photostand_1.2.0 Multiple Cross Site Scripting, simon . itsecurity
• ActiveCalendar 1.2.0, Multiple vulnerabilities, simon . itsecurity
  • <Possible follow-ups>
  • Re: ActiveCalendar 1.2.0, Multiple vulnerabilities, simon . itsecurity
• Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final, krasza
• pickle download local file, none
• [ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability, security
• Simple one-file gallery, none
• Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability, Stefan Esser
• xtcommerce local file include, none
• shopkitplus local file include, none
• iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability, iDefense Labs
• iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability, iDefense Labs
  • <Possible follow-ups>
  • iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability, iDefense Labs
• Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support, secure
  • Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support, John Smith
• rPSA-2007-0038-1 spamassassin, rPath Update Announcements
• rPSA-2007-0036-1 kernel, rPath Update Announcements
• [USN-427-1] enigmail vulnerability, Martin Pitt
• Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability, Secunia Research
• [ MDKSA-2007:048 ] - Updated php packages fix multiple vulnerabilities, security
• Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski
  • Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Daniel Veditz
    • Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Stan Bubrouski
      • Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Ismail Dönmez
      • Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski
      • Message not available
      • Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski
• MSIE7 browser entrapment vulnerability (probably Firefox, too), Michal Zalewski
  • Firefox: onUnload tailgating (MSIE7 entrapment bug variant), Michal Zalewski
  • Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), Jeffrey Katz
    • Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), Michal Zalewski
  • <Possible follow-ups>
  • RE: MSIE7 browser entrapment vulnerability (probably Firefox, too), perpetualmotionuk
• Firefox Cache Hack - Firefox History Hack redux, pdp (architect)
  • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ben Bucksch
  • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Michael Silk
    • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, pdp (architect)
    • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ismail Dönmez
      • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, arman
      • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, pdp (architect)
      • Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ismail Dönmez
• [OpenPKG-SA-2007.010] OpenPKG Security Advisory (php), OpenPKG GmbH
• iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability, iDefense Labs
  • <Possible follow-ups>
  • Re: iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability, Steven M. Christey
• iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities, iDefense Labs
• [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability, erdc
  • Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability, Chris Smith
• iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability, iDefense Labs
• Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit, gmdarkfig
• FlashGameScript v1.5.4 Remote File Inclusion Vulnerability, malic89
• WebSpell > 4.0 Authentication Bypass and arbitrary code execution, r . verton
• JBoss jmx-console CSRF, buben . razuma
  • Re: JBoss jmx-console CSRF, pagvac
• Hasadya Raed, RaeD Hasadya
• JBrowser acces to admin/config files, sn0oPy . team
• SaphpLesson v3.0 SQL Injection Exploit, gamr-14
• pheap [edit LFI] vulnerability, none
• Re: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability, e4c5
• LoveCMS 1.4 multiple vulnerabilities, none
• Plantilla PHP Simple, none
• SYMSA-2007-002-1: Palm OS Treo Find Feature System Password Bypass, research
• Pics Navigator Directory Traversal Vulnerability, sn0oPy . team
• Magic News Plus File Inclusion And Xss Vulnerabilitis, security
• OWASP JBroFuzz 0.5 Fuzzer Released!, subere
• Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak, 3APA3A
  • Message not available
    • Re[2]: [Full-disclosure] Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak, 3APA3A
• [USN-426-1] Ekiga vulnerabilities, Kees Cook
• [USN-425-1] slocate vulnerability, Kees Cook
• Firefox bookmark cross-domain surfing vulnerability, Michal Zalewski
  • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, pdp (architect)
    • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, Michal Zalewski
      • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, pdp (architect)
      • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, Michal Zalewski
      • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, pdp (architect)
      • Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, Daniel Veditz
• iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability, iDefense Labs
• [ MDKSA-2007:047 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
• Call Center Software - Remote Xss Post Exploit -, corrado . liotta
• [ MDKSA-2007:044 ] - Updated ekiga packages fix string vulnerabilities., security
• Nabopoll Blind SQL Injection vulnerabilies, s0cratex
• [ MDKSA-2007:045 ] - Updated gnomemeeting packages fix string vulnerabilities, security
• Players disconnection in Simbin racing games, Luigi Auriemma
• Cisco Security Advisory: Multiple Vulnerabilities in 802.1X Supplicant, Cisco Systems Product Security Incident Response Team
• /bin/ls with gid=0 in Debian linux-ftpd, Paul Szabo
• Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Overtaking Google Desktop, Yair Amit
  • <Possible follow-ups>
  • RE: Overtaking Google Desktop, Yair Amit
• [USN-424-1] PHP vulnerabilities, Martin Pitt
• [ MDKSA-2007:046 ] - Updated gnucash packages fix temp file issues., security
• qwik-smtpd format string, hotturk
• TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities, TSRT
• VMware Workstation multiple denial of service and isolation manipulation vulnerabilities, EitanCaspi@xxxxxxxxx
• TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities, TSRT
• [USN-423-1] MoinMoin vulnerabilities, Kees Cook
• NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit, gmdarkfig
• Re: [Full-disclosure] Drive-by Pharming Threat, auto400208
  • <Possible follow-ups>
  • Re: [Full-disclosure] Drive-by Pharming Threat, auto400208
• ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit, Guns
  • Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit, str0ke
  • Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit, Mark Wadham
• AdMentor Script Remote SQL injection Exploit, crazy_king
• Metaye Released - ZmbScap, Contact
• phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities, ilkerkandemir
• Rootkit Profiler LX, Tobias Klein
• [ MDKSA-2007:043 ] - Updated clamav packages address multiple issues., security
• MyCalendar multiple XSS, sn0oPy . team
• NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit, gmdarkfig
• Jboss vulnerability, dexie
  • Re: Jboss vulnerability, James Davis
  • Re: Jboss vulnerability, Harry Hoffman
  • Re: Jboss vulnerability, Javier Antunez
  • Re: Jboss vulnerability (AUSCERT#2007d2feb), AusCERT
  • <Possible follow-ups>
  • Re: Jboss vulnerability, ben . dexter
• XLAtunes 0.1 (album) Remote SQL Injection Vulnerability, Guns
  • Re: XLAtunes 0.1 (album) Remote SQL Injection Vulnerability, str0ke
  • <Possible follow-ups>
  • XLAtunes 0.1 (album) Remote SQL Injection Vulnerability, Guns
• MediaWiki Cross-site Scripting, eyal
• ESupport Multiple HTML Injection Vulnerabilities, DoZ
• iTunes remote memory corruption vulnerability, poplix
• Powerschool 404 Admin Exposure, gheetotank
• Remote DoS in libevent DNS parsing <= 1.2a, Jon Oberheide
• [ GLSA 200702-08 ] AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities, Raphael Marichez
• [ GLSA 200702-07 ] Sun JDK/JRE: Execution of arbitrary code, Raphael Marichez
• [ GLSA 200702-06 ] BIND: Denial of Service, Raphael Marichez
• mAlbum v0.3 admin by default user/pass, sn0oPy . team
• DotClear v1.2.5, k4rtal
  • <Possible follow-ups>
  • Re: DotClear v1.2.5, contact
• Firefox: about:blank is phisher's best friend, Michal Zalewski
  • RE: Firefox: about:blank is phisher's best friend, Michael Wojcik
  • Re: Firefox: about:blank is phisher's best friend, Florian Weimer
    • Re: Firefox: about:blank is phisher's best friend, Michal Zalewski
  • <Possible follow-ups>
  • Re: Firefox: about:blank is phisher's best friend, zonafirefox
    • Re: Firefox: about:blank is phisher's best friend, Michal Zalewski
• false: Plume CMS 1.2.2 < = RFi Vulnerabilities, Stuart Moore
• utorrent issue?, Gadi Evron
• phpbb_wordsearch < = RFi Vulnerabilities, k4rtal
• Plume CMS 1.2.2 < = RFi Vulnerabilities, k4rtal
• Drake CMS v0.3.2 < = RFi Vulnerabilities, k4rtal
• Ezboo webstats acces to sensitive files, sn0oPy . team
• PBLang 4.60 <= (index.php) Remote File Include Vulnerability, me you
• Downgrading the Oracle native authentication, sec . list
• Meganoide's news v1.1.1 < = RFi Vulnerabilities, k4rtal
  • <Possible follow-ups>
  • Meganoide's news v1.1.1 < = RFi Vulnerabilities, k4rtal
• [funsec] Quebec Health Officials Fighting Computer Virus (fwd), Gadi Evron
• Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, kissme
• [SECURITY] [DSA 1261-1] New PostgreSQL packages fix several vulnerabilities, Moritz Muehlenhoff
• [ GLSA 200702-05 ] Fail2ban: Denial of Service, Raphael Marichez
• Dem_trac acces to log file wihtout authentification, sn0oPy . team
• CedStat v1.31 XSS, sn0oPy . team
• EasyMail Objects v6.5 Connect Method Stack Overflow, Paul Craig
• [USN-422-1] ImageMagick vulnerabilities, Kees Cook
• Drive-by Pharming Threat, Zulfikar Ramzan
  • Re: Drive-by Pharming Threat, Mark Senior
    • Re: Drive-by Pharming Threat, Dennis
  • <Possible follow-ups>
  • RE:Drive-by Pharming Threat, psirt
  • RE: Drive-by Pharming Threat, Memisyazici, Aras
    • Re: Drive-by Pharming Threat, Marcello Barnaba
      • Re: Drive-by Pharming Threat, Cedric Blancher
  • Re: Drive-by Pharming Threat, auto400208
    • Re: [Full-disclosure] Drive-by Pharming Threat, Martin Johns
    • Re: [Full-disclosure] Drive-by Pharming Threat, Andrew Farmer
    • Re: Drive-by Pharming Threat, Jeremy Saintot
  • Re: Drive-by Pharming Threat, hlockhar
• MSN redirect Bug, h4x0r_ir
• iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability, iDefense Labs
  • Re: [Full-disclosure] iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability, aCaB
• [security bulletin] HBSBGN02189 SSRT071297 rev.1 ServiceGuard for Linux, Remote Unauthorized Access, security-alert
• iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability, iDefense Labs
  • Re: iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability, Alan J. Wylie
• Comodo DLL injection via weak hash function exploitation Vulnerability, Matousec - Transparent security Research
• XSS in [deskpro.com v1.1.0 ], bl4ck
• XSS in [Calendar Express 2 ], bl4ck
• Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities, Brett Moore
• Re: Stanford university SCARF user editing, spam
• defacements for the installation of malcode, Gadi Evron
  • <Possible follow-ups>
  • RE: defacements for the installation of malcode, Jeremy Epstein
    • RE: defacements for the installation of malcode, Gadi Evron
• Firefox: serious cookie stealing / same-domain bypass vulnerability, Michal Zalewski
  • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Ben Bucksch
    • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Peter Besenbruch
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Daniel Veditz
  • Message not available
    • Re: Firefox: serious cookie stealing / same-domain bypass vulnerability, Michal Zalewski
  • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, pdp (architect)
    • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Michal Zalewski
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Stan Bubrouski
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, pdp (architect)
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, pdp (architect)
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Base64
      • Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability, Michal Zalewski
• [SECURITY] [DSA 1260-1] New imagemagick package fix arbitrary code execution, Moritz Muehlenhoff
• [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure, Moritz Muehlenhoff
  • Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure, Matthias Andree
• Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module, Cisco Systems Product Security Incident Response Team
• Apache Multiple Injection Vulnerabilities, hugo
  • Re: Apache Multiple Injection Vulnerabilities, Amit Klein
    • Re: Apache Multiple Injection Vulnerabilities, Hugo Vázquez Caramés
  • Re: Apache Multiple Injection Vulnerabilities, Amit Klein
  • <Possible follow-ups>
  • RE: Apache Multiple Injection Vulnerabilities, Rogier Mulhuijzen
  • Re: Apache Multiple Injection Vulnerabilities, security
  • Re: Re: Apache Multiple Injection Vulnerabilities, hugo
• Argument injection issues, Steven M. Christey
• Solaris telnet vuln solutions digest and network risks, Gadi Evron
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances, Cisco Systems Product Security Incident Response Team
• WebTester 5.0.2 sql injection and XSS vulnerabilities, Moran Zavdi
• Jupiter CMS 1.1.5 Multiple Vulnerabilities, gmdarkfig
  • <Possible follow-ups>
  • Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities, gmdarkfig
• [security bulletin] HPSBUX02192 SSRT061233 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS), security-alert
• HPSBUX02191 SSRT071302 rev.1 - HP-UX Running SLSd, Remote Unauthorized Arbitrary File Creation, security-alert
• Secunia Research: MailEnable Web Mail Client Multiple Vulnerabilities, Secunia Research
• iDefense Security Advisory 02.13.07: Hewlett-Packard HP-UX SLSd Arbitrary File Creation Vulnerability, iDefense Labs NO-REPLY
• SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, research
  • <Possible follow-ups>
  • Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, dkirker
  • Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, agonline . dummy
  • Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, chgsupra1
    • RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
      • RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, McCarty, Eric C.
      • RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
  • Re: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, chgsupra1
• [ GLSA 200702-04 ] RAR, UnRAR: Buffer overflow, Raphael Marichez
• MS Interactive Training .cbo Overflow, Brett Moore
• RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?, Peter Ferrie
• [ GLSA 200702-03 ] Snort: Denial of Service, Raphael Marichez
• [ GLSA 200702-02 ] ProFTPD: Local privilege escalation, Raphael Marichez
• iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability, iDefense Labs NO-REPLY
• [ GLSA 200702-01 ] Samba: Multiple vulnerabilities, Raphael Marichez
• Fullaspsite Shop (tr) Xss & SqL &#304;nj. VulnZ., ShaFuq31
• UPDATE: [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation, Raphael Marichez
• Cisco Security Advisory: Multiple IOS IPS Vulnerabilities, Cisco Systems Product Security Incident Response Team
• TSLSA-2007-0007 - multi, Trustix Security Advisor
• NDSS: Network and Distributed Systems Security, Crispin Cowan
• [ MDKSA-2007:042 ] - Updated smb4k packages fix numerous vulnerabilities, security
• Aruba Mobility Controller Management Buffer Overflow, security
• Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account, security
• Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Thierry Zoller
  • RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Michael Wojcik
    • Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Casper . Dik
    • RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron
      • Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Joep Vesseur
      • Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron
      • Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability -, Darren Reed
• Inertia News Remote File &#304;nclude, crazy_king
• PHP 5.2.1 crash bug, squeeky . mouse
• XSS in eWay, bl4ck
• SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)., 3APA3A
• XSS in lighttpd, bl4ck
  • RE: XSS in lighttpd, Bart Seresia
• XSS in communityserver !, bl4ck
• Solaris telnet vulnberability - how many on your network?, Gadi Evron
  • Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Vincent Archer
    • Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Huzeyfe Onal
      • Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, armin walland
  • RE: Solaris telnet vulnberability - how many on your network?, Oliver Friedrichs
    • RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • RE: Solaris telnet vulnberability - how many on your network?, Oliver Friedrichs
      • RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • RE: Solaris telnet vulnberability - how many on your network?, Michal Zalewski
      • Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
      • Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re: Solaris telnet vulnberability - how many on your network?, Damien Miller
      • Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re[2]: Solaris telnet vulnberability - how many on your network?, Thierry Zoller
      • RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
      • RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re: Re[2]: Solaris telnet vulnberability - how many on your network?, Darren Reed
      • RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Evans, Thomas
      • Reflections on Trusting Trust [was: Re: Solaris telnet ...], Gadi Evron
      • Re: Solaris telnet vulnberability - how many on your network?, georg . oppenberg
    • Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
      • Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
      • Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
      • Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
      • Re: Solaris telnet vulnberability - how many on your network?, Joe Shamblin
      • Re: Solaris telnet vulnberability - how many on your network?, Casper . Dik
      • RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?, David Taylor
      • Re: Solaris telnet vulnberability - how many on your network?, Darren Reed
  • Re: Solaris telnet vulnberability - how many on your network?, Leandro Gelasi
  • <Possible follow-ups>
  • Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
  • Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
    • RE: Re: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
    • Re: Re: Solaris telnet vulnberability - how many on your network?, jf
      • Re: Re: Solaris telnet vulnberability - how many on your network?, Hugo van der Kooij
  • RE: Re: Re: Solaris telnet vulnberability - how many on your network?, jf
  • Re: RE: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
  • Re: Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
    • Re: Re: Re: Solaris telnet vulnberability - how many on your network?, jf
      • Re: Solaris telnet vulnberability - how many on your network?, Anthony R. Nemmer
      • Re: Solaris telnet vulnberability - how many on your network?, greimer
      • Re: Solaris telnet vulnberability - how many on your network?, Darren Reed
      • Re: Solaris telnet vulnberability - how many on your network?, Nate Eldredge
      • RE: Solaris telnet vulnberability - how many on your network?, Michael Wojcik
      • RE: Solaris telnet vulnberability - how many on your network?, Nate Eldredge
      • Re: Solaris telnet vulnberability - how many on your network?, Edsel Adap
      • Re: Solaris telnet vulnberability - how many on your network?, Cromar Scott
    • Re: Re: Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
  • Re: RE: Re: Re: Solaris telnet vulnberability - how many on your network?, thefinn12345
  • Re: Solaris telnet vulnberability - how many on your network?, Brandon Butterworth
  • Re: Solaris telnet vulnberability - how many on your network?, Marco Ivaldi
    • Re[2]: Solaris telnet vulnberability - how many on your network?, Thierry Zoller
      • RE: Re[2]: Solaris telnet vulnberability - how many on your network?, Roger A. Grimes
  • Re[2]: Solaris telnet vulnberability - how many on your network?, Steven M. Christey
• XSS in JBoss Portal, bl4ck
• Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
  • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
    • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
    • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Paul Szabo
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      • Re: Firefox focus stealing vulnerability (possibly other browsers), Claus Färber
      • Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      • Re: Firefox focus stealing vulnerability (possibly other browsers), Andreas Beck
      • Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
  • Firefox/MSIE focus stealing vulnerability - clarification, Michal Zalewski
  • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
    • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect)
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
  • Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
    • Re: Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski
      • Message not available
      • Message not available
      • Message not available
      • Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch
• Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability, me you
• Port randomization paper, Fernando Gont
• Windows logoff bug solution possibly., Rage Coder
• [USN-417-3] PostgreSQL regression, Martin Pitt
• Radical Technologies - Portal Search- multiple XSS issue, claxus
• Miniwebsvr 0.0.6 - Directory traversal, Daniel Nyström
• Jportal 2.3.1 CSRF vulnerability, dzitu
• DotClear Full Path Disclosure Vulnerability, raphael . huck
  • Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
    • Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
      • Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
      • Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
      • Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
      • Re: DotClear Full Path Disclosure Vulnerability, Gmail account
      • Re: DotClear Full Path Disclosure Vulnerability, Raphaël HUCK
      • Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
• Web Server Botnets and Server Farms as Attack Platforms, Gadi Evron
  • Re: Web Server Botnets and Server Farms as Attack Platforms, Anders Henke
  • <Possible follow-ups>
  • Re: Web Server Botnets and Server Farms as Attack Platforms, Steven M. Christey
  • Re: Web Server Botnets and Server Farms as Attack Platforms, Tom
• Oreon1.2.x Series Exploit Coded, hotturk
• [OpenPKG-SA-2007.009] OpenPKG Security Advisory (twiki), OpenPKG GmbH
• Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6, Sebastian Wolfgarten
• Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb), Sebastian Wolfgarten
• KvGuestbook Remote Add Admin Exploit, crazy_king
• Multiple vulnerabilities in phpMyVisites, Nicob
• MediaWiki Full Path Disclosure Vulnerability, raphael . huck
• phpPolls 1.0.3 (acces to sensitive file), sn0oPy . team
• [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel, Andrea Purificato - bunker
  • Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel, Andrea Purificato - bunker
• nabopoll 1.1.2 sensitive file (admin without password), sn0oPy . team
• Allons_voter Version 1.0 xss and admin votes, sn0oPy . team
• mcRefer SQL injection, sn0oPy . team
  • <Possible follow-ups>
  • Re: mcRefer SQL injection, gmdarkfig
• [USN-421-1] MoinMoin vulnerability, Kees Cook
• rPSA-2007-0031-1 kernel, rPath Update Announcements
• rPSA-2006-0233-1 dbus dbus-glib dbus-qt dbus-x11, rPath Update Announcements
• [ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability, security
• FreeBSD Security Advisory FreeBSD-SA-07:02.bind, FreeBSD Security Advisories
• XSS in Rainbow with Rainbow.Zen, bl4ck
• Every MS Exploit, layne
• local bug :[xxs] in whm, ali
  • <Possible follow-ups>
  • Re: local bug :[xxs] in whm, anon . e . mouse
• Call for Papers: IT-Incident Management and IT-Forensics 2007, Oliver Goebel
• Capital Request Forms Db Username and Password Vulnerabilities, gokhankaya
• Ovidentia Exploit Codeds, hotturk
• Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, clappymonkey
  • Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
    • RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, McCarty, Eric C.
      • Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0, Nicolas RUFF
• PAKCON III: Call for Papers [cfp], Ayaz Ahmed Khan
• [Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities., Reversemode
• eXtreme File Hosting remote file upload vulnerability, hamed . bazargani
• [ MDKSA-2007:037-1 ] - Updated postgresql packages address multiple vulnerabilities, security
• rPSA-2007-0029-1 ImageMagick, rPath Update Announcements
• rPSA-2007-0028-1 gd, rPath Update Announcements
• ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability, zdi-disclosures
• TFTP directory traversal in Kiwi CatTools, Nicob
  • <Possible follow-ups>
  • Re: TFTP directory traversal in Kiwi CatTools, support
• Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details), Nicob
• [security bulletin] HPSBMA02190 SSRT071300 rev.1 - HP OpenView Storage Data Protector, Local Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBGN02187 SSRT061280 rev.1 - Mercury LoadRunner, Performance Center, Monitor over Firewall, Remote Unauthenticated Arbitrary Code Execution, security-alert
• rPSA-2007-0025-2 postgresql postgresql-server, rPath Update Announcements
• remote file include in whm (all version), ali
  • Re: remote file include in whm (all version), Mailinglists Address
• Ability to inject and execute any code as root in SysCP, flo
• [ MDKSA-2007:039 ] - Updated gtk+2.0 packages address DoS, LSB issues, several bugs, security
• iDefense Security Advisory 02.07.07: Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 02.07.07: RARLabs Unrar Password Prompt Buffer Overflow Vulnerability, iDefense Labs
• [ MDKSA-2007:040 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
• iDefense Security Advisory 02.07.07: Trend Micro TmComm Local Privilege Escalation Vulnerability, iDefense Labs
• XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln., gokhankaya
• rPSA-2007-0026-1 samba samba-swat, rPath Update Announcements
• [SECURITY] [DSA 1258-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
• [ MDKSA-2007:038 ] - Updated php packages to address multiple issues, security
• [ MDKSA-2007:037 ] - Updated postgresql packages address multiple vulnerabilities, security
• [ MDKSA-2007:036 ] - Updated libwmf packages fix embedded gd DoS vulnerability., security
• [ MDKSA-2007:035 ] - Updated gd packages fix DoS vulnerability., security
• Medium level security hole in FreeProxy, Tim Brown
• MySQLNewsEngine (affichearticles.php3) Remote File Inc. Vuln., gokhankaya
• [USN-417-2] PostgreSQL 8.1 regression, Martin Pitt
• VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability, DoZ
  • <Possible follow-ups>
  • Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability, kier
• [USN-419-1] Samba vulnerabilities, Kees Cook
• [USN-420-1] KDE library vulnerability, Kees Cook
• [security bulletin] HPSBUX02181 SSRT061289 rev.2 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS), security-alert
• rPSA-2007-0025-1 postgresql postgresql-server, rPath Update Announcements
• PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Andrea \"bunker\" Purificato
  • Re: [Full-disclosure] PS Information Leak on HP Tru64 Alpha OSF1 v5.1 1885, Andrea \"bunker\" Purificato
  • Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Ivan Jager
    • Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885, Andrea Purificato - bunker
• [USN-418-1] Bind vulnerabilities, Kees Cook
• Unofficial SQL-Ledger patch for CVE-2007-0667, Chris Travers
• Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass., Kanedaaa Bohater
• Sql injection bugs in Joomla and Mambo, Omid
• Sql injection bugs in Virtuemart and Letterman, Omid
• Firefox + popup blocker + XMLHttpRequest + srand() = oops, Michal Zalewski
  • Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops, pdp (architect)
    • Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops, Michal Zalewski
• iDefense Security Advisory 02.02.07: Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability, iDefense Labs
• [USN-417-1] PostgreSQL vulnerabilities, Martin Pitt
• Uphotogallery Multiple Cross-Site Scripting Vulnerability, DoZ
• [ MDKSA-2007:034 ] - Updated samba packages address multiple vulnerabilities, security
• Mina Ajans Script Remote File Inclusion Vuln., canberx
• rPSA-2007-0023-1 tshark wireshark, rPath Update Announcements
• Les News v2.2 [Admin news without password], sn0oPy . team
• [SECURITY] [DSA 1257-1] New samba packages fix several vulnerabilities, Moritz Muehlenhoff
• Sql injection bugs in PHP-Nuke, Omid
• [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin, Gerald (Jerry) Carter
• Cold Fusion Web Server XSS 0 day, digi7al64
• Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Steven M. Christey
• dvddb-0.6 media remote file include vuln., gokhankaya
• [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris, Gerald (Jerry) Carter
• [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d, Gerald (Jerry) Carter
• TSLSA-2007-0005 - multi, Trustix Security Advisor
• Jetty Session ID Prediction, NGSSoftware Insight Security Research
  • Re: Jetty Session ID Prediction, Amit Klein
  • Re: Jetty Session ID Prediction, Michal Zalewski
    • Re: Jetty Session ID Prediction, Amit Klein
      • Re: Jetty Session ID Prediction, Michal Zalewski
  • <Possible follow-ups>
  • Re: Jetty Session ID Prediction, Chris Anley
    • Re: Jetty Session ID Prediction, Amit Klein
      • Re: Jetty Session ID Prediction, Chris Anley
    • Re: Jetty Session ID Prediction, Michal Zalewski
• flashChat 4.7.8 Cross Site Scripting Vulnerability, binaryloc
• Wap Portal Serve 1.* <= Remote File Inclusion, stormhacker
• dvddb-0.6 media sql-inj. vuln., gokhankaya
  • Re: dvddb-0.6 media sql-inj. vuln., str0ke
• Sql injection bugs in Xoops 2.0.16 + Weblinks module, Omid
• Adrenalin's ASP Chat XSS, sn0oPy . team
• MysearchEngine XSS, sn0oPy . team
• Vmare workstation guest isolation weaknesses (clipboard transfer), EitanCaspi@xxxxxxxxx
• Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest, Michal Zalewski
  • Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest, Amit Klein
• Ublog Reload Admin Panel Multiple HTML Injections, DoZ
• [ MDKSA-2007:033 ] - Updated wireshark packages fix multiple vulnerabilities, security
• Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3, mkanat
• [ MDKSA-2007:032 ] - Updated mpg123 packages fix DoS vulnerability., security
• [ MDKSA-2007:031 ] - Updated kdelibs packages fix KHTML vulnerability, security
• Chicken of the VNC 2.0 remote DoS, poplix
• Re: SMF "index.php?action=pm" Cross Site-Scripting, grudge
• Phishing Evolution Report Released, Carl Jongsma
• Cerulean Portal System (phpbb_root_path) Remote File Include Exploit, xorontr
• Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit, xorontr
• php web portail [remote file include & local file include], saps . audit
• strange behavior on Cisco 2801, Marcin
  • Re: strange behavior on Cisco 2801, Neil Anderson
    • Sourceforge compromized?, Michael Scheidell
      • Re: Sourceforge compromized?, Eliah Kagan
      • Re: Sourceforge compromized?, Serguei A. Mokhov
      • Re: Sourceforge compromized?, Tim
      • Re: Sourceforge compromized?, Karl Schlitt
  • Re: strange behavior on Cisco 2801, Eloy Paris
• [USN-415-1] GTK vulnerability, Kees Cook
• Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
• Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, Michal Bucko
  • <Possible follow-ups>
  • Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, Steven M. Christey
    • Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, 3APA3A
  • Re: Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, michal . bucko
  • Re: Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities, ismaelalfaro
• Re: Defeating CAPTCHAs via Averaging, Lou Katz
  • Re: Defeating CAPTCHAs via Averaging, Andreas Beck
    • Re: Defeating CAPTCHAs via Averaging, noreply9871234
• Technika - Attack Scripting Environment, pdp (architect)
• Re: stompy the session stomper - tool availability, Michal Zalewski
• [SECURITY] [DSA 1256-1] New gtk+2.0 packages fix denial of service, Moritz Muehlenhoff
• [ GLSA 200701-26 ] KSirc: Denial of Service vulnerability, Raphael Marichez
• BBED - Oracle Block Browser and Editor, pete
• [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access, Raphael Marichez

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)