Bugtraq
- Final notification about "POC2008" Conference
- RE: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day
- [ MDVSA-2008:121-1 ] freetype2
- Re: Java Web start vulnerability
- Typo <= 5.1.3 Multiple Vulnerabilities
- [Paper] Reflective Dll Injection
- iDefense Security Advisory 10.31.08: Oracle WebLogic Apache Connector
- Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day
- iDefense Security Advisory 10.31.08: OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities
- Secunia Research: Interact SQL Injection and Cross-Site Request Forgery
- Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day
- Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
- VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff
- From: VMware Security Team
- U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability
- phpWebSite links.php Sql Injection
- spitfirephoto Pro pages.php Sql Injection
- Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day
- 2008 OpenVAS Contest
- iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow
- [ GLSA 200810-03 ] libspf2: DNS response buffer overflow
- [USN-661-1] Linux kernel regression
- iDefense Security Advisory 10.30.08: Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability
- ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability
- harlandscripts Mypage.php Sql Injection
- DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference
- PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability
- rPSA-2008-0308-1 samba samba-client samba-server samba-swat
- From: rPath Update Announcements
- Re: Advanced application-level OS fingerprinting
- [ MDVSA-2008:222 ] Eterm
- PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability
- IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability
- Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)
- Tool update: VoIPER v0.07
- [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)
- [ MDVSA-2008:219 ] mplayer
- rPSA-2008-0307-1 nfs-client nfs-server nfs-utils
- From: rPath Update Announcements
- [ MDVSA-2008:220 ] kernel
- rPSA-2008-0309-1 lighttpd
- From: rPath Update Announcements
- Re: MS08-067 - Where can I find an exploit for this?
- PHP-Nuke Module BookCatalog (category&catid) Remote SQL injection Vulnerability
- Re: MS08-067 - Where can I find an exploit for this?
- [ MDVSA-2008:221 ] aterm
- Advanced application-level OS fingerprinting
- [SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities
- KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.
- Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows
- Re: [ MDVSA-2008:217 ] lynx
- Quassel IRC: connection hijacking
- Re: MySQL command-line client HTML injection vulnerability
- Re: Quassel IRC: connection hijacking
- Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE]
- [ MDVSA-2008:218 ] lynx
- [ MDVSA-2008:217 ] lynx
- A video can crash ANY iphone/ipod and a few libraries.
- PHP-Nuke Module League (team&tid) XSS Vulnerability
- [ MDVSA-2008:216 ] emacs
- Re: MyBB 1.4.2: Multiple Vulnerabilties
- From: krzysztof . kozlowski
- rPSA-2008-0306-1 libxslt
- From: rPath Update Announcements
- Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
- Blaze Media Pro 8.02 SE vulnerability
- [ MDVSA-2008:215 ] wireshark
- rPSA-2008-0305-1 pcre
- From: rPath Update Announcements
- Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
- n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution
- MSF eXploit Builder v2 Alpha Sources Released
- MyBB 1.4.2: Multiple Vulnerabilties
- ClubHack2008 [India] - CFP Closing Soon
- Windows RPC MS08-067 FAQ document updated
- XSS in phpMyadmin
- [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files
- bcoos 1.0.13 Remote File Include Vulnerability
- BotNet on the Rise
- [SECURITY] [DSA 1660-1] New clamav packages fix denial of service
- Windows RPC MS08-067 FAQ document released
- Re: HTTPBruteForcer released
- Re: HTTPBruteForcer released
- Java Web start vulnerability
- HTTPBruteForcer released
- Re: MS08-067 - Where can I find an exploit for this?
- From: Salvador III Manaois
- iPei cross site scripting Vulnerablity
- Re: MS08-067 - Where can I find an exploit for this?
- From: Salvador III Manaois
- MS08-067 - Where can I find an exploit for this?
- [USN-658-1] Moodle vulnerability
- [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution
- [security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066
- txtshop - beta 1.0 / Local File Inclusion Vulnerability
- Re: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
- Re: MJGuest 6.8 GT Cross Site Scripting Vulnerability
- SiteEngine 5.x Multiple Remote Vulnerabilities
- freeSSHd (stf - rename) Buffer Overflow Vulnerability
- GoodTech SSH Remote Buffer Overflow Exploit
- vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
- phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)
- [SECURITY] [DSA 1658-1] New dbus packages fix denial of service
- SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded Devices
- From: ProCheckUp Research
- SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability
- From: Security Objectives Corporation
- Re: FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
- From: Cisco Systems Product Security Incident Response Team
- Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow
- Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows
- FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
- From: noreply-secresearch
- Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges
- Secunia Research: HP OpenView Products Shared Trace Service Denial of Service
- Opera Stored Cross Site Scripting Vulnerability
- [tool] crapto1 released
- n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution
- SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability
- From: Security Objectives Corporation
- Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.
- [USN-657-1] Amarok vulnerability
- Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation
- [SECURITY] [DSA 1657-1] New qemu packages fix denial of service
- [Off-Topic] How I was busted. Story of a poor lonesome hacker
- Last Call for DeepSec IDSC 2008 in Vienna
- From: DeepSec Conference Vienna
- [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability
- London DEFCON meet - DC4420 - Thursday October 23rd
- [SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities
- [Tool] sqlmap 0.6.1 released
- From: Bernardo Damele A. G.
- Lee has posted more detailed response to Fyodor's TCP/IP DoS post
- Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
- FireGPG Passphrase And Cleartext Vulnerability
- Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
- CVE-2008-4000: Oracle PeopleTools – Authentication Weakness
- CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC7368br]
- From: Davide Dante Del Vecchio
- [ MDVSA-2008:208-1 ] pam_mount
- HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct
- Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC7368br]
- Application-level OS fingerprinting research - pre-release hashes
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br]
- Re: Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm
- flashchat severe bug
- Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm
- From: vinodsharma . mimit
- [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
- Re: Re: MS OWA 2003 Redirection Vulnerability
- [ MDVSA-2008:214 ] mon
- rPSA-2008-0294-1 postfix
- From: rPath Update Announcements
- rPSA-2008-0295-1 rails
- From: rPath Update Announcements
- HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation
- SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis
- Paper: Adventures with a certain Xen vulnerability
- [ MDVSA-2008:213 ] dbus
- [USN-656-1] CUPS vulnerabilities
- Multiple Flash Authoring Heap Overflows - Malformed SWF Files
- [security bulletin] HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data
- Re: MS OWA 2003 Redirection Vulnerability
- [ MDVSA-2008:212 ] libxml2
- Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution
- Exploit for MS08-066 - AFD.sys kernel memory overwrite.
- MS OWA 2003 Redirection Vulnerability
- Vivid Ads Shopping Cart (cid) Remote SQL Injection
- [USN-655-1] exiv2 vulnerabilities
- iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow
- From: labs-no-reply@xxxxxxxxxxxx
- [USN-654-1] libexif vulnerabilities
- iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities
- From: labs-no-reply@xxxxxxxxxxxx
- TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability
- ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
- ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
- CORE-2008-1010: VLC media player XSPF Memory Corruption
- From: CORE Security Technologies Advisories
- iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability
- [USN-652-1] LittleCMS vulnerability
- [SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
- [USN-653-1] D-Bus vulnerabilities
- Webscene eCommerce (level) Remote Sql Injection
- Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.
- WP Comment Remix 1.4.3 Multiple Vulnerabilities
- [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability
- [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities
- [SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
- [SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
- [SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service
- Re: Re: Token Kidnapping Windows 2003 PoC exploit
- CREATE ANY DIRECTORY to SYSDBA
- [SECURITY] [DSA 1646-2] New squid packages fix array bounds check
- Marvell Driver Malformed Association Request Vulnerability
- Uninformed Journal Release Announcement: Volume 10
- NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability
- [ MDVSA-2008:210-1 ] mono
- CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability
- [ MDVSA-2008:211 ] cups
- İltaweb Alışveriş Sistemi (tr) Sql inj
- iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20
- [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: ProCheckUp Research
- Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: Vladimir '3APA3A' Dubrovin
- [USN-651-1] Ruby vulnerabilities
- ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability
- [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
- Re: News Manager Remote SQL Injection Vulnerability
- CA ARCserve Backup Multiple Vulnerabilities
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: Vladimir '3APA3A' Dubrovin
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
- News Manager Remote SQL Injection Vulnerability
- [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: ProCheckUp Research
- [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
- FC2 BLOG Cross-Site Scripting Vulnerabilities
- Re: Token Kidnapping Windows 2003 PoC exploit
- [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
- PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress
- From: ProCheckUp Research
- ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability
- Token Kidnapping Windows 2003 PoC exploit
- ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
- ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability
- [SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities
- Re: MySQL command-line client HTML injection vulnerability
- [SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files
- Advisory: Graphviz Buffer Overflow Code Execution
- Windows Mobile 6 insecure password handling and too short WLAN-password
- Cisco Security Advisory: Authentication Bypass in Cisco Unity
- From: Cisco Systems Product Security Incident Response Team
- [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)
- Re: HostAdmin 3.* Remote File Include Vulnerabilities
- ANNOUNCE - RFIDIOt version 0.1t released
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
- [ GLSA 200810-01 ] WordNet: Execution of arbitrary code
- [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability
- [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
- Re: Verizon FIOS (and DSL?) wireless access point insecure default WEP key
- Yerba SACphp <= 6.3 / Local File Inclusion Exploit
- HostAdmin 3.* Remote File Include Vulnerabilities
- [SECURITY] [DSA-1646-1] New squid packages fix array bounds check
- Firefox Privacy Broken If Used to Open Web Page File
- [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities
- Re: AyeView v2.20 (malformed gif image) DoS Exploit
- From: Vladimir '3APA3A' Dubrovin
- Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- [SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows
- OpenNMS Multiple Vulnerabilities
- [SECURITY] [DSA 1643-1] New feta packages fix denial of service
- FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities
- FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
- PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability
- VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
- From: VMware Security team
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit
- [ MDVSA-2008:209 ] pam_krb5
- [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text
- [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems
- VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)
- AyeView v2.20 (malformed gif image) DoS Exploit
- RE: RE: MySQL command-line client HTML injection vulnerability
- From: Quark IT - Hilton Travis
- [ MDVSA-2008:210 ] mono
- MetaGauge 1.0.0.17 Directory Traversal
- iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
- CMME Multiple Information disclosure vulnerabilities
- Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits"
- Re: RE: MySQL command-line client HTML injection vulnerability
- Website Directory - XSS Exploit
- [USN-650-1] cpio vulnerability
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits"
- Re: Blue Coat xss
- Re: White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x
- From: Vladimir '3APA3A' Dubrovin
- HostAdmin Cross-Site Scripting Vulnerabilities
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues
- Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
- XSS vulnerability in phpMyID
- Adobe Flash Player plug-in null pointer dereference and browser crash
- FreeBSD Security Advisory FreeBSD-SA-08:10.nd6
- From: FreeBSD Security Advisories
- [USN-649-1] OpenSSH vulnerabilities
- Re: MS Internet Explorer 7 Denial Of Service Exploit
- phpMyID can act as a redirector and as headers injector
- Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
- Oracle Password Cracker written in PL/SQL
- Printlog <= 0.4: Remote File Edition Vulnerability
- RE: MySQL command-line client HTML injection vulnerability
- From: Quark IT - Hilton Travis
- [USN-648-1] nasm vulnerability
