Hosting Provided By

Mailing List Archive For bugtraq@securityfocus.com By Author

3APA3A
- Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability (31 Jul 2007)
- Re: TippingPoint IPS Signature Evasion (11 Jul 2007)
- durito: enVivo!CMS SQL injection (11 Jul 2007)
- Moodle XSS / Liesbeth base CMS sensitive information disclosure (03 Jul 2007)
A. R.
- Cross Site Scripting in Oliver Library Management System (03 Jul 2007)
Aaron Katz
- Re: Internet Explorer 0day exploit (20 Jul 2007)
- Re: Internet Explorer 0day exploit (20 Jul 2007)
abrash_han(at)hotmail.com
- Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) (27 Jul 2007)
activereports.support(at)datadynamics.com
- Re: [Eleytt] 7LIPIEC2007 (23 Jul 2007)
Adam Laurie
- London DC4420 meet - tommorrow, Wednesday 18th July (17 Jul 2007)
- Announce: RFIDIOt PC/SC support - new release 0.1p (July 2007) (10 Jul 2007)
Aditya K Sood
- [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos (21 Jul 2007)
- WhitePapers By SecNiche Security (15 Jul 2007)
- Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing. (01 Jul 2007)
admin(at)majorsecurity.de
- [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue (21 Jul 2007)
Advisory(at)aria-security.net
- E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL (28 Jul 2007)
- WebEvents: Online Event Registration Template Username Fields SQL INJECTION (27 Jul 2007)
- WebEvents: Online Event Registration Template Username Fields SQL INJECTION (27 Jul 2007)
- Message Board / Threaded Discussion Forum SQL INJECTION (27 Jul 2007)
- Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection (27 Jul 2007)
- Real Estate listing website application template SQL Injection (27 Jul 2007)
- WebStore - Online Store Application Template SQL INJECTION (27 Jul 2007)
- Dependet Forums (Username Field) Remote SQL Injection (25 Jul 2007)
- cPanel 10.9.1 XSS (23 Jul 2007)
- [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln. (22 Jul 2007)
- [Aria-Security] Munch Pro Remote Login ByPass (21 Jul 2007)
- [Aria-Security] Property Pro Remote Login ByPass (21 Jul 2007)
ak(at)red-database-security.com
- Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD (18 Jul 2007)
- Oracle Security: SQL Injection in package DBMS_PRVTAQIS (18 Jul 2007)
- Oracle Security: Insert / Update / Delete Data via Views (18 Jul 2007)
Alex Stamos
- Re: Guidance Software response to iSEC report on EnCase (26 Jul 2007)
Alexander Sotirov
- Re: Guidance Software response to iSEC report on EnCase (fwd) (26 Jul 2007)
- The Pwnie Awards! (23 Jul 2007)
Amit Klein
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (27 Jul 2007)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (27 Jul 2007)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (24 Jul 2007)
- "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (24 Jul 2007)
- Re: Whitepaper - DNS pinning and web proxies (10 Jul 2007)
Amon Ott
- [ANNOUNCE] RSBAC 1.3.5 released (19 Jul 2007)
Andres Riancho
- TippingPoint detection bypass (11 Jul 2007)
announce(at)breakpointsecurity.net
- Breakpoint Security: Encase Pre-Advisory (27 Jul 2007)
anonymous.c7ffa4057a
- TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (29 Jul 2007)
Bigby Findrake
- Re: Internet Explorer 0day exploit (18 Jul 2007)
BlackHawk
- Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy (23 Jul 2007)
- Re[2]: Light Blog 4.1 XSS Vulnerability (03 Jul 2007)
brad(at)isecpartners.com
- Whitepaper: Command Injection in XML Digital Signatures and Encryption (12 Jul 2007)
Brett Moore
- SUN Java JNLP Overflow (10 Jul 2007)
bugtraq(at)cgisecurity.net
- Re: [Full-disclosure] Mozilla protocol abuse (25 Jul 2007)
bugtraq(at)henningpingel.de
- MySQLDumper vulnerability: Bypassing Apache based access control possible (03 Jul 2007)
bunker
- Oracle bad Views - Exploit released (21 Jul 2007)
Calyptix Security
- Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack (11 Jul 2007)
Carl Livitt
- AsteriDex (Asterisk / Trixbox) remote code execution (05 Jul 2007)
Chad Perrin
- Re: Internet Explorer 0day exploit (20 Jul 2007)
Charles Kim
- Mitridat Form Processor Pro XSS (25 Jul 2007)
Chris Stromblad
- Re: Internet Explorer 0day exploit (18 Jul 2007)
- Re: Internet Explorer 0day exploit (20 Jul 2007)
- Re: Internet Explorer 0day exploit (18 Jul 2007)
- Re: Internet Explorer 0day exploit (18 Jul 2007)
Chris Travers
- Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 (18 Jul 2007)
- Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 (17 Jul 2007)
Christopher Schwardt
- Session Riding and multiple XSS in WebCit (14 Jul 2007)
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Wireless ARP Storm Vulnerabilities (24 Jul 2007)
- Cisco Security Advisory: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software (18 Jul 2007)
- Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities (11 Jul 2007)
- Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities (11 Jul 2007)
Code Audit Labs
- CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability (30 Jul 2007)
Cornelius Riemenschneider
- Re: LFI On SMF 1.1.3 (18 Jul 2007)
corrado.liotta(at)alice.it
- phpTrafficA <=1.4.3 Admin Login Bypass (06 Jul 2007)
crazy_king(at)eno7.org
- Metyus Forum Portal v1.0 (27 Jul 2007)
Cyrill Brunschwiler
- DokuWiki suffers XSS (19 Jul 2007)
Dafydd Stuttard
- Whitepaper - DNS pinning and web proxies (10 Jul 2007)
Dan Harkless
- Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (16 Jul 2007)
darkz.gsa(at)gmail.com
- eTicket v.1.5.1.1 Multiple Cross-Site Scripting (02 Jul 2007)
darthballsbr(at)hotmail.com
- PHPBlogger cookie privilege escalation (28 Jul 2007)
does_not_exist(at)jmp-esp.kicks-ass.net
- MkPortal - Multiple SQL Injection Vulnerabilities (12 Jul 2007)
- SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability (11 Jul 2007)
DoZ(at)HackersCenter.com
- PHPSysInfo Index.php Cross Site Scripting (24 Jul 2007)
Dragos Ruiu
- Really, really, penultimate, PacSec CFP deadline, Aug 10. (31 Jul 2007)
- Re: Internet Explorer 0day exploit (14 Jul 2007)
- PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27) (03 Jul 2007)
eEye Advisories
- EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference (10 Jul 2007)
- EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (09 Jul 2007)
f00(at)nowayyyy.de
- Webspell 4.x Local File Inclusion (22 Jul 2007)
Fady Anwar
- Anti XSS AJAX (26 Jul 2007)
- The dark side of ajax (13 Jul 2007)
Ferruh Mavituna
- XSS Tunnelling White Paper and Tool (10 Jul 2007)
Foresight Linux Essential Announcement Service
- FLEA-2007-0037-1 unrar (30 Jul 2007)
- FLEA-2007-0036-1 vim vim-minimal gvim (30 Jul 2007)
- FLEA-2007-0035-1: libvorbis (27 Jul 2007)
- FLEA-2007-0034-1: (26 Jul 2007)
- FLEA-2007-0033-1: firefox thunderbird (24 Jul 2007)
- FLEA-2007-0032-1: flashplayer (20 Jul 2007)
- FLEA-2007-0031-1: xfs (12 Jul 2007)
foster(at)ghc.ru
- Re: Remote File Include In Script SoftNews Media Group (04 Jul 2007)
Francois Larouche
- Official release of SQL Power Injector 1.2 (16 Jul 2007)
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive (12 Jul 2007)
fukami
- Security on AIR: Local file access through JavaScript (03 Jul 2007)
Gadi Evron
- Re: Exploit In Internet Explorer (31 Jul 2007)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (27 Jul 2007)
- Re: Internet Explorer 0day exploit (14 Jul 2007)
- Re: Internet Explorer 0day exploit (10 Jul 2007)
Gerald Combs
- Re: WinPcap NPF.SYS Privilege Elevation Vulnerability (10 Jul 2007)
Guns(at)0x90.com.ar
- sBlog 0.7.3 Beta XSS Vulnerabilitie (26 Jul 2007)
gynvael(at)coldwind.pl
- Re: Re: [Eleytt] 7LIPIEC2007 (10 Jul 2007)
h4ck3riran(at)yahoo.com
- [Aria-security] community Cross-site Scripting (XSS) (29 Jul 2007)
- [Aria-security] itcms 0.2 Cross-site Scripting (XSS) (29 Jul 2007)
- PHMe CMS 0.0.2 local File Include Vulnerabilitiy (23 Jul 2007)
hack2prison(at)yahoo.com
- phpCoupon Vulnerabilities (28 Jul 2007)
hadihadi_zedehal_2006(at)yahoo.com
- printenv.pl(all versions) cross site scripting Vulnerability (24 Jul 2007)
- dbdisplay.pl(all versions) Remote execut Vulnerability (24 Jul 2007)
Hans Wolters
- security contact for uat.edu needed (30 Jul 2007)
Harri Porten
- Re: Opera/Konqueror: data: URL scheme address bar spoofing (14 Jul 2007)
Heine Deelstra
- [DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities (29 Jul 2007)
- [DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities (29 Jul 2007)
Hugo van der Kooij
- RE: Internet Explorer 0day exploit (24 Jul 2007)
iDefense Labs
- iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities (26 Jul 2007)
- iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability (26 Jul 2007)
- iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability (26 Jul 2007)
- iDefense Security Advisory 07.24.07: Computer Associates eTrust Intrusion Detection CallCode ActiveX Control Code Execution Vulnerability (24 Jul 2007)
- iDefense Security Advisory 07.24.07: Computer Associates AntiVirus CHM File Handling DoS Vulnerability (24 Jul 2007)
- iDefense Security Advisory 07.23.07: Ipswitch Instant Messaging Server Denial of Service Vulnerability (23 Jul 2007)
- iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability (19 Jul 2007)
- iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability (19 Jul 2007)
- iDefense Security Advisory 07.18.07: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow (18 Jul 2007)
- iDefense Security Advisory 07.18.07: Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability (18 Jul 2007)
- iDefense Security Advisory 07.17.07: Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities (17 Jul 2007)
- iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability (17 Jul 2007)
- iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability (16 Jul 2007)
- iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability (16 Jul 2007)
- iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (12 Jul 2007)
- iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.11.07: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability (11 Jul 2007)
- iDefense Security Advisory 07.09.07: IBM AIX libodm ODMPATH Stack Overflow Vulnerability (10 Jul 2007)
- iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability (09 Jul 2007)
- iDefense Security Advisory 07.09.07: Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities (09 Jul 2007)
ilkerkandemir(at)mynet.com
- BellaBook Admin Bypass/Remote Code Execution (31 Jul 2007)
- BellaBiblio Admin Login Bypass (30 Jul 2007)
- Dora Emlak Script v1.0 (tr) Admin Login ByPass (30 Jul 2007)
- phpVoter v0.6 Remote File Include Vulnerability (30 Jul 2007)
- Phorm v3.0 Remote File Upload Vulnerability (30 Jul 2007)
- Madoa Poll v1.1 Remote File Include Vulnerabilities (30 Jul 2007)
- phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability (30 Jul 2007)
- RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability (30 Jul 2007)
info(at)web-app.net
- Re: Menu Manager Mod for WebAPP - No Input Filtering (14 Jul 2007)
Integrigy Alerts
- Oracle E-Business Suite - Multiple Vulnerabilities (23 Jul 2007)
Ivan .
- An Auction Site for Vulnerabilities (06 Jul 2007)
James E. Jones
- 0day linux 2.6 /dev/mem rootkit found (11 Jul 2007)
Jamie Riden
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (24 Jul 2007)
jf
- Re: Guidance Software response to iSEC report on EnCase (fwd) (27 Jul 2007)
Jim Mellander
- Solaris finger bug (27 Jul 2007)
jkloske(at)itee.uq.edu.au
- Re: LFI On SMF 1.1.3 (17 Jul 2007)
Joep Vesseur
- Re: Solaris finger bug (27 Jul 2007)
Johannes Greil
- SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS (22 Jul 2007)
john-lindsay(at)ngssoftware.com
- Advisory: Arbitrary kernel mode memory writes in AVG (11 Jul 2007)
Jonathan Smith
- zdnet reports on java vulnerabilities (13 Jul 2007)
Joseph.giron13(at)gmail.com
- Minb Is Not A Blog default password directory (22 Jul 2007)
- Geoblog v1 administrator bypass (19 Jul 2007)
- Insanely simple blog - Multiple vulnerabilities (17 Jul 2007)
Juha-Matti Laurio
- Wii's Internet Channel affected to Flash FLV parser vulnerability (19 Jul 2007)
kaneda(at)bohater.net
- Re: rare bug in Opera 9.20 browser (21 Jul 2007)
Kees Cook
- [USN-493-1] Firefox vulnerabilities (31 Jul 2007)
- [USN-492-1] tcpdump vulnerability (30 Jul 2007)
- [USN-491-1] Bind vulnerability (25 Jul 2007)
- [USN-490-1] Firefox vulnerabilities (19 Jul 2007)
- [USN-486-1] Linux kernel vulnerabilities (18 Jul 2007)
- [USN-489-1] Linux kernel vulnerabilities (19 Jul 2007)
- [USN-489-2] redhat-cluster-suite vulnerability (19 Jul 2007)
- [USN-488-1] mod_perl vulnerability (17 Jul 2007)
- [USN-485-1] PHP vulnerabilities (17 Jul 2007)
- [USN-487-1] Dovecot vulnerability (17 Jul 2007)
- [USN-484-1] curl vulnerability (17 Jul 2007)
- [USN-483-1] libnet-dns-perl vulnerabilities (13 Jul 2007)
- [USN-482-1] OpenOffice.org vulnerability (11 Jul 2007)
- [USN-481-1] ImageMagick vulnerabilities (10 Jul 2007)
- [USN-480-1] Gimp vulnerability (04 Jul 2007)
Ken Kousky
- RE: Internet Explorer 0day exploit (21 Jul 2007)
Kevin P. Fleming
- ASA-2007-017: Remote Crash Vulnerability in STUN implementation (17 Jul 2007)
- ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver (17 Jul 2007)
- ASA-2007-016: Remote crash vulnerability in Skinny channel driver (17 Jul 2007)
- ASA-2007-014: Stack buffer overflow in IAX2 channel driver (17 Jul 2007)
KJK::Hyperion
- Re: [Full-disclosure] iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability (11 Jul 2007)
Larry Seltzer
- RE: Exploit In Internet Explorer (30 Jul 2007)
larry.gill(at)guidancesoftware.com
- Guidance Software response to iSEC report on EnCase (26 Jul 2007)
LIUDIEYU dot COM
- No Patch for IE on Windows Mobile/CE (13 Jul 2007)
- Two Unpublished IE Cases (03 Jul 2007)
lockoom(at)gmail.com
- Re: Opera/Konqueror: data: URL scheme address bar spoofing (16 Jul 2007)
Marc Ruef
- [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13 Jul 2007)
Mark Thomas
- CVE-2007-3383: XSS in Tomcat send mail example (21 Jul 2007)
Martin Schulze
- [SECURITY] [DSA 1340-1] New ClamAV packages fix denial of service (24 Jul 2007)
mata(at)kw3rlndoarme.net
- Entertainment CMS Admin Login Bypass (10 Jul 2007)
- Flashbb <= 1.1.7 - Remote File Inclusion Exploit (10 Jul 2007)
Matthew Cook
- ExLibris Aleph and Metalib Cross Site Scripting Attack (16 Jul 2007)
mballano(at)gmail.com
- Re: Re: WinPcap NPF.SYS Privilege Elevation Vulnerability (10 Jul 2007)
- WinPcap NPF.SYS Privilege Elevation Vulnerability (09 Jul 2007)
Metaeye SG
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. (11 Jul 2007)
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. (11 Jul 2007)
Michal Bucko
- [Eleytt] 12LIPIEC2007 2007-07-12 (12 Jul 2007)
Michal Zalewski
- MSIE7 entrapment again (+ FF tidbit) (13 Jul 2007)
- Re: [Eleytt] 7LIPIEC2007 (09 Jul 2007)
- Firefox wyciwyg:// cache zone bypass (09 Jul 2007)
michal.bucko(at)eleytt.com
- Re: [Eleytt] 12LIPIEC2007 2007-07-12 (13 Jul 2007)
- Re: Re: [Eleytt] 7LIPIEC2007 (09 Jul 2007)
MichaÅ‚ Melewski
- Re: Re: [Eleytt] 7LIPIEC2007 (12 Jul 2007)
Minded Security Research Labs
- [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution (13 Jul 2007)
Moritz Muehlenhoff
- [SECURITY] [DSA 1343-1] New file packages fix arbitrary code execution (31 Jul 2007)
- [SECURITY] [DSA 1342-1] New xfs packages fix privilege escalation (30 Jul 2007)
- [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning (26 Jul 2007)
- [SECURITY] [DSA 1341-1] New bind9 packages fix DNS cache poisoning (25 Jul 2007)
- [SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities (23 Jul 2007)
- [SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities (23 Jul 2007)
- [SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities (22 Jul 2007)
- [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities (22 Jul 2007)
- [SECURITY] [DSA 1335-1] New gimp packages fix arbitrary code execution (18 Jul 2007)
- [SECURITY] [DSA 1332-1] New vlc packages fix arbitrary code execution (09 Jul 2007)
- [SECURITY] [DSA 1331-1] New php4 packages fix arbitrary code execution (07 Jul 2007)
- [SECURITY] [DSA 1330-1] New php5 packages fix arbitrary code execution (07 Jul 2007)
mostafa_ragab(at)msn.com
- AzDG Dating Gold v3.0.5 ===> Remote File Include Vulnerability (12 Jul 2007)
Netragard Security Advisories
- [NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628] (05 Jul 2007)
NGSSoftware Insight Security Research
- Low Risk Vulnerability in Active Directory (11 Jul 2007)
- SAP DB Web Server Stack Overflow (05 Jul 2007)
- Internet Communication Manager Denial Of Service Attack (05 Jul 2007)
- SAP Internet Graphics Server XSS and Heap Overflow (05 Jul 2007)
- SAP Message Server Heap Overflow (05 Jul 2007)
- EnjoySAP, SAP GUI for Windows - Stack Overflow (05 Jul 2007)
- Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c (04 Jul 2007)
- Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control (03 Jul 2007)
- High Risk Flaw in Sun's Java Web Start (02 Jul 2007)
Nick FitzGerald
- Re: Exploit In Internet Explorer (30 Jul 2007)
Nick S. Coblentz
- Redirection Vulnerability in wp-pass.php, WordPress 2.2.1 (05 Jul 2007)
no-reply(at)aria-security.net
- Re: RFI ====> vBulletin v3.6.5 (31 Jul 2007)
Noam Rathaus
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. (11 Jul 2007)
not(at)themoment.thanks
- Re: Serious holes affecting JFFNMS (05 Jul 2007)
o_0p(at)hotmail.com
- PHP Comet-Server (08 Jul 2007)
Oliver Karow
- Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability (20 Jul 2007)
OpenPKG GmbH
- [OpenPKG-SA-2007.022] OpenPKG Security Advisory (bind) (25 Jul 2007)
paraw
- Re: Exploit In Internet Explorer (30 Jul 2007)
Paul Craig
- RE: TippingPoint IPS Signature Evasion (11 Jul 2007)
- Multiple .NET Null Byte Injection Vulnerabilities (10 Jul 2007)
- TippingPoint IPS Signature Evasion (10 Jul 2007)
piercede(at)pdx.edu
- Re: Re: Internet Explorer 0day exploit (20 Jul 2007)
Pranay Kanwar
- Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos (21 Jul 2007)
Radoslav Dejanoviæ
- Re: An Auction Site for Vulnerabilities (07 Jul 2007)
RaeD(at)BsdMail.Com
- RFI ====> vBulletin v3.6.5 (30 Jul 2007)
- Exploit In Internet Explorer (29 Jul 2007)
- Powered By Dvbbs Version 7.1.0 Sp1 By Pass (11 Jul 2007)
Raphael Marichez
- [ GLSA 200707-14 ] tcpdump: Integer overflow (28 Jul 2007)
- [ GLSA 200707-13 ] Fail2ban: Denial of Service (28 Jul 2007)
- [ GLSA 200707-12 ] VLC media player: Format string vulnerabilities (28 Jul 2007)
- [ GLSA 200707-11 ] MIT Kerberos 5: Arbitrary remote code execution (25 Jul 2007)
- [ GLSA 200707-10 ] Festival: Privilege elevation (25 Jul 2007)
- [ GLSA 200707-09 ] GIMP: Multiple integer overflows (25 Jul 2007)
- [ GLSA 200707-08 ] NVClock: Insecure file usage (24 Jul 2007)
- [ GLSA 200707-07 ] MPlayer: Multiple buffer overflows (24 Jul 2007)
- [ GLSA 200707-05 ] Webmin, Usermin: Cross-site scripting vulnerabilities (05 Jul 2007)
- [ GLSA 200707-04 ] GNU C Library: Integer overflow (03 Jul 2007)
- [ GLSA 200707-02 ] OpenOffice.org: Two buffer overflows (02 Jul 2007)
- [ GLSA 200707-01 ] Firebird: Buffer overflow (01 Jul 2007)
RedTeam Pentesting GmbH
- ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13 Jul 2007)
- ActiveWeb Contentserver CMS SQL Injection Management Interface (13 Jul 2007)
- ActiveWeb Contentserver CMS Editor Permission Settings Problem (13 Jul 2007)
- ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content (13 Jul 2007)
- Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure (04 Jul 2007)
- Fujitsu-Siemens ServerView Remote Command Execution (04 Jul 2007)
research(at)procheckup.com
- PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1) (24 Jul 2007)
- PR07-20: Webroot disclosure on Webbler CMS (24 Jul 2007)
- PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2) (24 Jul 2007)
- PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses (24 Jul 2007)
research(at)symantec.com
- SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw (18 Jul 2007)
- SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface (09 Jul 2007)
Reversemode
- [Reversemode Advisory] Microsoft DirectX RLE Compressed Targa Image File Heap Overflow (18 Jul 2007)
Robert Swiecki
- Opera/Konqueror: data: URL scheme address bar spoofing (13 Jul 2007)
Roger A. Grimes
- RE: Internet Explorer 0day exploit (24 Jul 2007)
Ronald Chmara
- Re: Anti XSS AJAX (28 Jul 2007)
rPath Update Announcements
- rPSA-2007-0151-1 gvim vim vim-minimal (31 Jul 2007)
- rPSA-2007-0150-1 libvorbis (27 Jul 2007)
- rPSA-2007-0149-1 bind bind-utils (27 Jul 2007)
- rPSA-2007-0147-1 tcpdump (20 Jul 2007)
- rPSA-2007-0148-1 firefox thunderbird (20 Jul 2007)
- rPSA-2007-0145-1 lighttpd (19 Jul 2007)
- rPSA-2007-0143-1 mysql mysql-bench mysql-server (17 Jul 2007)
- rPSA-2007-0142-1 perl-Net-DNS (17 Jul 2007)
- rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (17 Jul 2007)
- rPSA-2007-0138-1 gimp (11 Jul 2007)
- rPSA-2007-0137-1 tshark wireshark (11 Jul 2007)
s4m3k(at)ganteng.la
- SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion (26 Jul 2007)
s4mi(at)LinuxMail.org
- JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation (20 Jul 2007)
- UseBB 1.0.x Cross Site Scripting (XSS) (20 Jul 2007)
Sacha
- Dotclear remote script execution (11 Jul 2007)
Samael De Icaro
- Another You tube clone script vulnerability (06 Jul 2007)
sapheal(at)hack.pl
- [Eleytt] 7LIPIEC2007 (07 Jul 2007)
scott-REMOVE(at)vbulletin.com
- Re: RFI ====> vBulletin v3.6.5 (31 Jul 2007)
Sebastian Wolfgarten
- Buffer overflow in Areca CLI, version <= 1.72.250 (22 Jul 2007)
Security Guy
- Re: XSS Tunnelling White Paper and Tool (11 Jul 2007)
Security Response Team
- ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver (29 Jul 2007)
security(at)mandriva.com
- [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities (25 Jul 2007)
- [ MDKSA-2007:149 ] - Updated BIND9 packages fix vulnerabilities (25 Jul 2007)
- [ MDKSA-2007:148 ] - Updated tcpdump packages fix BGP dissector vulnerability (25 Jul 2007)
- [ MDKSA-2007:147 ] - Updated ImageMagick packages fix multiple vulnerabilities (20 Jul 2007)
- [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities (12 Jul 2007)
- [ MDKSA-2007:145 ] - Updated wireshark packages fix multiple vulnerabilities (10 Jul 2007)
- [ MDKSA-2007:144 ] - Updated OpenOffice.org packages fix RTF import vulnerability (10 Jul 2007)
- [ MDKSA-2007:143 ] - Updated mplayer packages fix buffer overflow remote vulnerabilities (10 Jul 2007)
- [ MDKSA-2007:142 ] - Updated apache packages fix multiple security issues (05 Jul 2007)
- [ MDKSA-2007:141 ] - Updated apache packages fix multiple security issues (04 Jul 2007)
- [ MDKSA-2007:140 ] - Updated apache packages fix multiple security issues (04 Jul 2007)
- [ MDKSA-2007:139 ] - Updated MySQL packages fix multiple security issues (04 Jul 2007)
- [ MDKSA-2007:138 ] - Updated kdebase packages fix Flash Player interaction vulnerability (03 Jul 2007)
security(at)nruns.com
- n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory (25 Jul 2007)
- n.runs-SA-2007.023 - Norman Antivirus DOC parsing Divide by Zero Advisory (23 Jul 2007)
- n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory (23 Jul 2007)
- n.runs-SA-2007.022 - Norman Antivirus DOC parsing Detection Bypass Advisory (23 Jul 2007)
- n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory (23 Jul 2007)
- 2007-07-20 - n.runs-SA-2007.017 - NOD32 Antivirus ASPACK parsing Infinite Loop Advisory (20 Jul 2007)
- 2007-07-20 - n.runs-SA-2007.018 - NOD32 Antivirus ASPACK and FSG parsing Divide by Zero Advisory (20 Jul 2007)
- 2007-07-20 - n.runs-SA-2007.016 - NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory (20 Jul 2007)
security(at)soqor.net
- security@soqor.net (29 Jul 2007)
security-alert(at)hp.com
- [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update (26 Jul 2007)
- [security bulletin] HPSBST02243 SSRT071446 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-036 to MS07-041 (23 Jul 2007)
- [security bulletin] HPSBUX02153 SSRT061181 rev.4 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (23 Jul 2007)
- [security bulletin] HPSBGN02234 SSRT071435 rev.1 - HP ServiceGuard for Linux, Local Unauthorized Access, Increase in Privilege (16 Jul 2007)
- [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation (10 Jul 2007)
- [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access (05 Jul 2007)
securityfocus(at)networkontap.com
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (24 Jul 2007)
securityresearch(at)netvigilance.com
- eTicket version 1.5.5 XSS Attack Vulnerability (07 Jul 2007)
sirn0n(at)yahoo.com
- LFI On SMF 1.1.3 (17 Jul 2007)
starext(at)msn.com
- Elite Forum Full HTML ENject versin 1.0.0.0 (20 Jul 2007)
Stefan Cornelius
- [ GLSA 200707-06 ] XnView: Stack-based buffer overflow (11 Jul 2007)
Stephen Shankland
- RE: zdnet reports on java vulnerabilities (13 Jul 2007)
Steve Kemp
- [SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution (18 Jul 2007)
- [SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling (18 Jul 2007)
- [SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation (05 Jul 2007)
- [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow (01 Jul 2007)
- [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files (01 Jul 2007)
- [SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files (01 Jul 2007)
Steve Shockley
- Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (17 Jul 2007)
Sw33t.h4cK3r(at)hotmail.com
- SQL Injection in SaphpLesson2.0 "show.php" (04 Jul 2007)
- SQL Injection in saphp "showcat.php" (04 Jul 2007)
Team SHATTER
- Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) (18 Jul 2007)
- Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (18 Jul 2007)
teh_lost_byte(at)yahoo.com
- AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights (02 Jul 2007)
- AV Arcade 2.1b (view_page.php) Remote SQL Injection (02 Jul 2007)
- PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities (02 Jul 2007)
- FreeDomain.co.nr Clone SQL Injection (02 Jul 2007)
Theo de Raadt
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (26 Jul 2007)
Thierry Zoller
- BTsniff - Bleutooth sniffing under *nix (27 Jul 2007)
Thor Lancelot Simon
- Re: Sudo: local root compromise with krb5 enabled (16 Jul 2007)
Thor Larholm
- Re: Mozilla protocol abuse (25 Jul 2007)
- Mozilla protocol abuse (25 Jul 2007)
- Internet Explorer 0day exploit (10 Jul 2007)
Tim
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (27 Jul 2007)
Tim Newsham
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (27 Jul 2007)
tomaz.bratusa(at)teamintell.com
- Session fixation in Zen Cart CMS (05 Jul 2007)
Trustix Security Advisor
- TSLSA-2007-0023 - multi (28 Jul 2007)
TSRT(at)3com.com
- TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability (24 Jul 2007)
- TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability (12 Jul 2007)
- ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability (12 Jul 2007)
urtrapped9(at)gmail.com
- Bogus BID 24744 (12 Jul 2007)
- Regarding http://www.securityfocus.com/bid/24744 (10 Jul 2007)
web-app(at)hotmail.com
- Re: Re: Menu Manager Mod for WebAPP - No Input Filtering (16 Jul 2007)
Williams, James K
- RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities (26 Jul 2007)
- [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability (24 Jul 2007)
- [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities (24 Jul 2007)
- [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability (24 Jul 2007)
- [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities (19 Jul 2007)
yollubunlar(at)yollubunlar.org
- Friend Script 2.5 - 2.4 Remote File İnclude (27 Jul 2007)
- SuskunDuygular - yelik Sistemi v.1 Sql (27 Jul 2007)
- Berthanas Ziyaretci Defteri v2.0 (tr) Sql (27 Jul 2007)
zdi-disclosures(at)3com.com
- ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability (25 Jul 2007)
- ZDI-07-043: Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability (24 Jul 2007)
- ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability (24 Jul 2007)
- ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability (12 Jul 2007)
Zow
- Re: Internet Explorer 0day exploit (19 Jul 2007)
- Re: Internet Explorer 0day exploit (18 Jul 2007)
Åukasz Pilorz
- CodeIgniter 1.5.3 vulnerabilities (08 Jul 2007)

Last message date: 31 Jul 2007
Archived on: 26 Sep 2008 EDT

379 messages sort by: [ thread ] [ date ] [ subject ] [ attachment ]
Other periods:[ Previous, Author view ] [ Next, Author view ]

This archive was generated by hypermail 2.1.8 : 26 Sep 2008 EDT