Hosting Provided By

Mailing List Archive For bugtraq@securityfocus.com By Thread

ASP-CMS version 1 default password location. joseph.giron13(at)gmail.com (29 Sep 2007)
phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion h3llcode(at)hotmail.it (30 Sep 2007)
eGov Content Manager Cross Site Scripting Vulrnability DoZ(at)HackersCenter.com (29 Sep 2007)
[ GLSA 200709-18 ] Bugzilla: Multiple vulnerabilities Raphael Marichez (30 Sep 2007)
ASP Product catalog SQL injection vulnerability joseph.giron13(at)gmail.com (29 Sep 2007)
Affiliate Network Pro Multiple Input Validation and Local file inclusion hack2prison(at)yahoo.com (29 Sep 2007)
Public Media Manager <= 1.3 Remote File Inclusion Vulnerability 0in.email(at)gmail.com (29 Sep 2007)
[USN-522-1] OpenSSL vulnerabilities Kees Cook (28 Sep 2007)
[SECURITY] [DSA 1378-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (28 Sep 2007)
Re: 0trace - traceroute on established connections tyter9(at)gmail.com (28 Sep 2007)
- Re: 0trace - traceroute on established connections Tony Rall (28 Sep 2007)
feedreader3 has XSS vulnerability Guy Mizrahi (28 Sep 2007)
- RE: feedreader3 has XSS vulnerability avivra (30 Sep 2007)
Owning Big Brother: How to Crack into Axis IP cameras research(at)procheckup.com (28 Sep 2007)
[ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability security(at)mandriva.com (27 Sep 2007)
[USN-521-1] libmodplug vulnerability Kees Cook (27 Sep 2007)
Ruby Net::HTTPS library does not validate server certificate CN Chris Clark (27 Sep 2007)
Promise NAS NS4300N GUI bug Tor Houghton (27 Sep 2007)
rPSA-2007-0202-1 kernel rPath Update Announcements (27 Sep 2007)
[ MDKSA-2007:189 ] - Updated t1lib packages fix vulnerability security(at)mandriva.com (27 Sep 2007)
[ GLSA 200709-17 ] teTeX: Multiple buffer overflows Raphael Marichez (27 Sep 2007)
[SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (27 Sep 2007)
[ GLSA 200709-16 ] Lighttpd: Buffer overflow Pierre-Yves Rofes (27 Sep 2007)
iDefense Security Advisory 09.27.07: Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities iDefense Labs (27 Sep 2007)
OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow Moritz Jodeit (27 Sep 2007)
[waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12 come2waraxe(at)yahoo.com (27 Sep 2007)
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS come2waraxe(at)yahoo.com (27 Sep 2007)
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta come2waraxe(at)yahoo.com (27 Sep 2007)
[CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities Williams, James K (26 Sep 2007)
[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11 come2waraxe(at)yahoo.com (27 Sep 2007)
- Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11 Bugsman (27 Sep 2007)
[SECURITY] [DSA 1343-2] New file packages fix arbitrary code execution Florian Weimer (26 Sep 2007)
Joomla multiple vulerabilities (1.0.X >= ) security(at)soqor.net (26 Sep 2007)
- Re: Joomla multiple vulerabilities (1.0.X >= ) Gavin Hanover (26 Sep 2007)
- Re: Joomla multiple vulerabilities (1.0.X >= ) packet(at)packetstormsecurity.org (26 Sep 2007)
[USN-520-1] fetchmail vulnerabilities Kees Cook (25 Sep 2007)
ERNW Tool Release: CVSS Calculator mozilla(at)ids-guide.de (21 Sep 2007)
Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling rocheml(at)httrack.com (26 Sep 2007)
- Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling rocheml(at)httrack.com (27 Sep 2007)
  - Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling none(at)none.com (27 Sep 2007)
    - Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling rocheml(at)httrack.com (27 Sep 2007)
    - Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling Rob Thompson (27 Sep 2007)
[USN-519-1] elinks vulnerability Kees Cook (25 Sep 2007)
Possible Windows Explorer bad PNG file preview integer overflow handling rocheml(at)httrack.com (25 Sep 2007)
- Re: Possible Windows Explorer bad PNG file preview integer overflow handling none(at)none.com (27 Sep 2007)
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink security(at)mandriva.com (25 Sep 2007)
CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software Core Security Technologies Advisories (25 Sep 2007)
- RE: CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software avivra (25 Sep 2007)
SimpNews version 2.41.03 File Content Disclosure Vulnerability securityresearch(at)netvigilance.com (25 Sep 2007)
SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities securityresearch(at)netvigilance.com (25 Sep 2007)
SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities securityresearch(at)netvigilance.com (25 Sep 2007)
SimpGB version 1.46.02 File Content Disclosure Vulnerability securityresearch(at)netvigilance.com (25 Sep 2007)
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities securityresearch(at)netvigilance.com (25 Sep 2007)
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities securityresearch(at)netvigilance.com (25 Sep 2007)
SimpGB version 1.46.02 Information Disclosure Vulnerability securityresearch(at)netvigilance.com (25 Sep 2007)
iDefense Security Advisory 09.25.07: Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability iDefense Labs (25 Sep 2007)
New Shell For Linux & Windows crazy_king(at)eno7.org (25 Sep 2007)
- Re: New Shell For Linux & Windows Vladimir Vitkov (26 Sep 2007)
n.runs AG puts §202 law to the test - Tools back online Thierry Zoller (25 Sep 2007)
[waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke come2waraxe(at)yahoo.com (25 Sep 2007)
[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11 come2waraxe(at)yahoo.com (25 Sep 2007)
- Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11 gmdarkfig(at)gmail.com (28 Sep 2007)
Simple PHP Blog Multiple Vulnerabilities luca.carettoni(at)securenetwork.it (25 Sep 2007)
rPSA-2007-0199-1 openssl openssl-scripts rPath Update Announcements (25 Sep 2007)
JSPWiki Multiple Vulnerabilities Jason Kratzer (24 Sep 2007)
ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability zdi-disclosures(at)3com.com (24 Sep 2007)
Auditing clients program in Oracle fryxar fryxar (24 Sep 2007)
sk.log v0.5.3 Remote File Inclusion h3llcode(at)hotmail.it (24 Sep 2007)
[USN-517-1] kdm vulnerability Kees Cook (24 Sep 2007)
rPSA-2007-0198-1 kernel rPath Update Announcements (24 Sep 2007)
Google Urchin password theft madness pagvac (24 Sep 2007)
Arbitrary Command Inclusion darkbunny91(at)gmail.com (24 Sep 2007)
New bypass shell for linux ernealizm(at)yahoo.com (23 Sep 2007)
- Re: New bypass shell for linux none(at)none.com (24 Sep 2007)
Re: New Zeroday published Joey Mengele (24 Sep 2007)
[security bulletin] HPSBOV02261 SSRT071449 rev.1 - HP OpenVMS running BIND, Remote DNS Cache Poisoning security-alert(at)hp.com (24 Sep 2007)
Service Pack 3 for Microsoft Sharepoint Services broken jimbob1(at)atack.fr (24 Sep 2007)
- Re: Service Pack 3 for Microsoft Sharepoint Services broken bobbyh(at)johnsonpace.com (27 Sep 2007)
COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability Wojciech Purczynski (24 Sep 2007)
- Re: COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability Robert Swiecki (26 Sep 2007)
RE: Re[2]: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again) Panda Security Response (24 Sep 2007)
[ GLSA 200709-15 ] BEA JRockit: Multiple vulnerabilities Raphael Marichez (23 Sep 2007)
Nuke Mobile Entartainment Local File Inclusion h3llcode(at)hotmail.it (23 Sep 2007)
Oracle 11g Password algorithm revealed pete(at)petefinnigan.com (22 Sep 2007)
- Re: Oracle 11g Password algorithm revealed Thierry Zoller (24 Sep 2007)
- Re: Oracle 11g Password algorithm revealed ak(at)red-database-security.com (24 Sep 2007)
  - Re: Re: Oracle 11g Password algorithm revealed pete(at)petefinnigan.com (24 Sep 2007)
HITBSecConf2007 - Malaysia Materials & Photos are up ! Praburaajan (22 Sep 2007)
xcms all version arbitrary code execution x0kster(at)gmail.com (22 Sep 2007)
[ MDKSA-2007:187 ] - Updated PHP packages fix numerous vulnerabilities security(at)mandriva.com (21 Sep 2007)
2 vanilla XSS on Wordpress ‘wp-register.php’ Adrian P (21 Sep 2007)
iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities iDefense Labs (21 Sep 2007)
iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability iDefense Labs (21 Sep 2007)
EEYE: Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops eEye Advisories (21 Sep 2007)
DEFCON London DC4420 meet - Monday 24th September Major Malfunction (21 Sep 2007)
greensql firewall permanent xss laurent.gaffie(at)gmail.com (21 Sep 2007)
iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability iDefense Labs (21 Sep 2007)
iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities iDefense Labs (21 Sep 2007)
iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability iDefense Labs (21 Sep 2007)
iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities iDefense Labs (21 Sep 2007)
[CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities Williams, James K (21 Sep 2007)
ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage zdi-disclosures(at)3com.com (21 Sep 2007)
[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service Steve Kemp (21 Sep 2007)
DDIVRT-2007-04 NetSupport Manager Authentication Bypass VulnerabilityResearch(at)DigitalDefense.net (21 Sep 2007)
[ISR] - Barracuda Spam Firewall. Cross-Site Scripting ISR-noreply (21 Sep 2007)
TSLSA-2007-0028 - multi Trustix Security Advisor (21 Sep 2007)
[Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature Aditya K Sood (20 Sep 2007)
- Re: [Mlabs] Dissecting Internals of Windows XP Svchost : Reverse Engineering Stature J. Oquendo (21 Sep 2007)
Neuron News 1.0 Local file inclusion (index.php) h3llcode(at)hotmail.it (21 Sep 2007)
[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service Steve Kemp (21 Sep 2007)
[SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass Steve Kemp (21 Sep 2007)
Re: [Full-disclosure] 0day: PDF pwns Windows Rohit Srivastwa (21 Sep 2007)
- Re: [Full-disclosure] 0day: PDF pwns Windows Joey Mengele (20 Sep 2007)
  - Re: [Full-disclosure] 0day: PDF pwns Windows Gadi Evron (20 Sep 2007)
  - Re: [Full-disclosure] 0day: PDF pwns Windows Chad Perrin (20 Sep 2007)
    - RE: [Full-disclosure] 0day: PDF pwns Windows Michael Bitow (21 Sep 2007)
  - RE: [Full-disclosure] 0day: PDF pwns Windows Jeff Wells (jmwells) (21 Sep 2007)
- Re: [Full-disclosure] 0day: PDF pwns Windows pdp (architect) (21 Sep 2007)
[USN-516-1] xfsdump vulnerability Kees Cook (20 Sep 2007)
List all the comment + entry belong to the Yahoo 360 public blog and more... vnn95(at)yahoo.com (20 Sep 2007)
ToorCon Final Lineup Announcement David Hulton (20 Sep 2007)
[ GLSA 200709-14 ] ClamAV: Multiple vulnerabilities Pierre-Yves Rofes (20 Sep 2007)
[ MDKSA-2007:186 ] - Updated openoffice.org packages fix TIFF parser vulnerability security(at)mandriva.com (20 Sep 2007)
rPSA-2007-0194-1 kdebase rPath Update Announcements (20 Sep 2007)
[ GLSA 200709-13 ] rsync: Two buffer overflows Raphael Marichez (20 Sep 2007)
Vigile CMS v1.8 Multiple Remote XSS Vulnerability x0kster(at)gmail.com (20 Sep 2007)
PHP-Nuke add admin ALL Versions h3llcode(at)hotmail.it (20 Sep 2007)
- Re: PHP-Nuke add admin ALL Versions n0de(at)kich0t.com (21 Sep 2007)
- Re: PHP-Nuke add admin ALL Versions Blaine Elzey (22 Sep 2007)
  - Re: Re: PHP-Nuke add admin ALL Versions h3llcode(at)hotmail.it (21 Sep 2007)
WebED-0.8999 Multiple Remote File Inclusion Vulnerability h3llcode(at)hotmail.it (20 Sep 2007)
PhpBB Xs 2 profile.php Permanent Xss Vulnerability h3llcode(at)hotmail.it (20 Sep 2007)
[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities dann frazier (19 Sep 2007)
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player VMware Security team (19 Sep 2007)
SimplePHPBlog Hacking webmaster666(at)email.it (20 Sep 2007)
- Re: SimplePHPBlog Hacking luca.carettoni(at)ikkisoft.com (21 Sep 2007)
WebBatch Applications Cross Site Scripting Vulrnability DoZ(at)HackersCenter.com (19 Sep 2007)
[security bulletin] HPSBUX02249 SSRT071442 rev.2 - HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change security-alert(at)hp.com (20 Sep 2007)
[security bulletin] HPSBUX02251 SSRT071449 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert(at)hp.com (20 Sep 2007)
[Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM Aditya K Sood (20 Sep 2007)
0day: PDF pwns Windows pdp (architect) (20 Sep 2007)
- Re: 0day: PDF pwns Windows Gadi Evron (20 Sep 2007)
  - Re: 0day: PDF pwns Windows Crispin Cowan (20 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows Steven Adair (21 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows Chad Perrin (20 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows Wayne D. Hoxsie Jr. (21 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows bugtraq(at)cgisecurity.net (21 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows coderman (21 Sep 2007)
    - Re: 0day: PDF pwns Windows Casper.Dik(at)Sun.COM (21 Sep 2007)
    - Re: 0day: PDF pwns Windows J. Oquendo (21 Sep 2007)
    - Re: 0day: PDF pwns Windows Crispin Cowan (23 Sep 2007)
    - Re: 0day: PDF pwns Windows Chad Perrin (23 Sep 2007)
    - Re: 0day: PDF pwns Windows Crispin Cowan (24 Sep 2007)
    - Re: [Full-disclosure] 0day: PDF pwns Windows J. Oquendo (25 Sep 2007)
    - Re: 0day: PDF pwns Windows Lamont Granquist (24 Sep 2007)
    - Re: 0day: PDF pwns Windows Roland Kuhn (25 Sep 2007)
    - RE: 0day: PDF pwns Windows Thor (Hammer of God) (25 Sep 2007)
    - defining 0day Gadi Evron (25 Sep 2007)
    - Re: defining 0day Brian Loe (25 Sep 2007)
    - Re: defining 0day Gadi Evron (25 Sep 2007)
    - Re: defining 0day Brian Loe (25 Sep 2007)
    - Re: defining 0day Adrian Griffis (25 Sep 2007)
    - Re: defining 0day Brian Loe (25 Sep 2007)
    - Re: defining 0day Andrew Weaver (25 Sep 2007)
    - RE: defining 0day David Gillett (25 Sep 2007)
    - Re: defining 0day Charles Miller (25 Sep 2007)
    - Re: defining 0day Gadi Evron (25 Sep 2007)
    - Re: defining 0day Zow (26 Sep 2007)
    - Re: defining 0day Chad Perrin (26 Sep 2007)
    - RE: defining 0day Marvin Simkin (27 Sep 2007)
    - Re: defining 0day Chad Perrin (27 Sep 2007)
    - Re: 0day: PDF pwns Windows Steve Shockley (25 Sep 2007)
    - Re: Re: 0day: PDF pwns Windows rmk115(at)mailandnews.com (21 Sep 2007)
    - Re: Re: 0day: PDF pwns Windows johanfunsale(at)yahoo.com (22 Sep 2007)
    - Re: Re: 0day: PDF pwns Windows Lamont Granquist (24 Sep 2007)
    - Re: 0day: PDF pwns Windows Iggy E (25 Sep 2007)
- Re: 0day: PDF pwns Windows Aditya K Sood (20 Sep 2007)
  - Re: 0day: PDF pwns Windows pdp (architect) (20 Sep 2007)
- Re: 0day: PDF pwns Windows pdp (architect) (21 Sep 2007)
- Re: [Full-disclosure] 0day: PDF pwns Windows Thierry Zoller (21 Sep 2007)
  - Re: [Full-disclosure] 0day: PDF pwns Windows Kevin Finisterre (lists) (21 Sep 2007)
  - Re: [Full-disclosure] 0day: PDF pwns Windows Aaron Collins (21 Sep 2007)
- RE: 0day: PDF pwns Windows Glenn.Everhart(at)chase.com (25 Sep 2007)
Security Advisory for Bugzilla 3.0.1 and 3.1.1 mkanat(at)bugzilla.org (19 Sep 2007)
- Re: Security Advisory for Bugzilla 3.0.1 and 3.1.1 tkevans(at)tkevans.com (20 Sep 2007)
RE: Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again) Panda Security Response (19 Sep 2007)
Update? Question on BID 19000 Michael Scheidell (15 Sep 2007)
[ GLSA 200709-12 ] Poppler: Two buffer overflow vulnerabilities Raphael Marichez (19 Sep 2007)
rPSA-2007-0193-1 gdm rPath Update Announcements (19 Sep 2007)
[USN-515-1] t1lib vulnerability Kees Cook (19 Sep 2007)
- Re: [USN-515-1] t1lib vulnerability 3APA3A (21 Sep 2007)
  - Re: [Full-disclosure] [USN-515-1] t1lib vulnerability Ismail Dönmez (21 Sep 2007)
  - Re: [USN-515-1] t1lib vulnerability Kees Cook (21 Sep 2007)
PHPBBPLUS 1.5.3 RFI BUG Mehrad1989(at)gmail.com (19 Sep 2007)
WBR3404TX Broadband Router XSS azizov(at)itdefence.ru (19 Sep 2007)
Multiple vulnerabilities in the gMotor2 engine Luigi Auriemma (19 Sep 2007)
file upload vulnerability in joomla media component vinodsharma.mmit(at)gmail.com (19 Sep 2007)
- Re: file upload vulnerability in joomla media component Gavin Hanover (19 Sep 2007)
  - Re: Re: file upload vulnerability in joomla media component vinodsharma.mimit(at)gmail.com (04 Oct 2007)
[security bulletin] HPSBUX02259 SSRT071439 rev.1 - HP-UX Running logins(1M), Remote Unauthorized Access security-alert(at)hp.com (19 Sep 2007)
rPSA-2007-0189-1 openoffice.org rPath Update Announcements (18 Sep 2007)
[USN-514-1] X.org vulnerability Kees Cook (18 Sep 2007)
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval come2waraxe(at)yahoo.com (19 Sep 2007)
[security bulletin] HPSBST02260 SSRT071471 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054 security-alert(at)hp.com (19 Sep 2007)
TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability TSRT(at)3com.com (18 Sep 2007)
FLEA-2007-0056-1 openoffice.org Foresight Linux Essential Announcement Service (19 Sep 2007)
rPSA-2007-0190-1 kdebase rPath Update Announcements (18 Sep 2007)
[USN-513-1] Qt vulnerability Kees Cook (18 Sep 2007)
[ GLSA 200709-10 ] PhpWiki: Authentication bypass Raphael Marichez (18 Sep 2007)
[ GLSA 200709-11 ] GDM: Local Denial of Service Raphael Marichez (18 Sep 2007)
A little advisory content correction. j00ru.vx(at)gmail.com (18 Sep 2007)
Uninformed Journal Release Announcement: Volume 8 Uninformed Staff (18 Sep 2007)
WifiZoo v1.1 Hernan Ochoa (18 Sep 2007)
Plague in (security) software drivers & BSDOhook utility Matousec - Transparent security Research (18 Sep 2007)
security notice: Backdooring Windows Media Files pdp (architect) (18 Sep 2007)
- Re: security notice: Backdooring Windows Media Files jf (18 Sep 2007)
- RE: security notice: Backdooring Windows Media Files Memisyazici, Aras (18 Sep 2007)
  - Re: security notice: Backdooring Windows Media Files pdp (architect) (18 Sep 2007)
    - RE: security notice: Backdooring Windows Media Files Memisyazici, Aras (18 Sep 2007)
[ MDKSA-2007:185 ] - Updated avahi packages fix vulnerability security(at)mandriva.com (17 Sep 2007)
[security bulletin] HPSBUX02153 SSRT061181 rev.6 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert(at)hp.com (18 Sep 2007)
XSS on Obedit v3.03 fuxxx0rz(at)gmail.com (17 Sep 2007)
GCALDaemon Remote DoS luca.carettoni(at)securenetwork.it (18 Sep 2007)
[ MDKSA-2007:184 ] - Updated cacti packages fix vulnerability security(at)mandriva.com (17 Sep 2007)
FLEA-2007-0054-1 lighttpd Foresight Linux Essential Announcement Service (17 Sep 2007)
b1gmail Cross Site Scripting malibu.r(at)hotmail.com (17 Sep 2007)
rPSA-2007-0188-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements (17 Sep 2007)
iDefense Security Advisory 09.17.07: Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities iDefense Labs (17 Sep 2007)
Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion L4teral (17 Sep 2007)
FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass Foresight Linux Essential Announcement Service (17 Sep 2007)
SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure research(at)symantec.com (17 Sep 2007)
TSLSA-2007-0026 - multi Trustix Security Advisor (17 Sep 2007)
[SECURITY] [DSA 1375-1] New OpenOffice.org packages fix arbitrary code execution Martin Schulze (17 Sep 2007)
Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting GmbH (17 Sep 2007)
[ GLSA 200709-09 ] GNU Tar: Directory traversal vulnerability Raphael Marichez (15 Sep 2007)
Media Player Classic Denial of Service yeikos(at)gmail.com (16 Sep 2007)
IE (Internet Explorer) pwns SecondLife pdp (architect) (16 Sep 2007)
WinImage 8.10 vulnerabilities j00ru.vx(at)gmail.com (15 Sep 2007)
Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities Seth Fogie (15 Sep 2007)
[ GLSA 200709-08 ] id3lib: Insecure temporary file creation Matthias Geerdsen (15 Sep 2007)
[ GLSA 200709-07 ] Eggdrop: Buffer overflow Matthias Geerdsen (15 Sep 2007)
[USN-512-1] Quagga vulnerability Kees Cook (15 Sep 2007)
rPSA-2007-0187-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements (14 Sep 2007)
[ GLSA 200709-06 ] flac123: Buffer overflow Raphael Marichez (14 Sep 2007)
[ GLSA 200709-05 ] RealPlayer: Buffer overflow Raphael Marichez (14 Sep 2007)
rPSA-2007-0184-1 samba samba-swat rPath Update Announcements (14 Sep 2007)
Gelato SQL Injection exploit s0cratex(at)hotmail.com (14 Sep 2007)
[security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation security-alert(at)hp.com (14 Sep 2007)
[GOODFELLAS-VULN] FileFind class from MFC Library cause heap overflow GOODFELLAS SRT (14 Sep 2007)
[GOODFELLAS-VULN] ActiveX hpqutil!ListFiles hpqutil.dll - Remote heap overflow GOODFELLAS SRT (14 Sep 2007)
rPSA-2007-0182-1 httpd mod_ssl rPath Update Announcements (14 Sep 2007)
AIM Local File Display in Notification Window shell(at)dotshell.net (14 Sep 2007)
new XSS vulnerability in php-stats -tracking.php root(at)hanicker.it (14 Sep 2007)
[ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability security(at)mandriva.com (14 Sep 2007)
Boa (with Intersil Extensions) - HTTP Basic Authentication Bypass luca.carettoni(at)securenetwork.it (13 Sep 2007)
[ GLSA 200709-03 ] Streamripper: Buffer overflow Raphael Marichez (13 Sep 2007)
[ GLSA 200709-04 ] po4a: Insecure temporary file creation Raphael Marichez (13 Sep 2007)
[ MDKSA-2007:182 ] - Updated quagga packages fix vulnerability and bugs security(at)mandriva.com (13 Sep 2007)
[ GLSA 200709-02 ] KVIrc: Remote arbitrary code execution Raphael Marichez (13 Sep 2007)
Next generation malware: Windows Vista's gadget API Tim Brown (13 Sep 2007)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (13 Sep 2007)
  - RE: Next generation malware: Windows Vista's gadget API avivra (14 Sep 2007)
- RE: Next generation malware: Windows Vista's gadget API Roger A. Grimes (14 Sep 2007)
  - RE: Next generation malware: Windows Vista's gadget API Peter Gutmann (15 Sep 2007)
    - Re: Next generation malware: Windows Vista's gadget API Tim Brown (15 Sep 2007)
    - Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Thierry Zoller (16 Sep 2007)
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API Tim Brown (16 Sep 2007)
    - RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API Strykar (17 Sep 2007)
    - Re: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Peter Gutmann (17 Sep 2007)
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Roger A. Grimes (17 Sep 2007)
    - Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API Tim Brown (17 Sep 2007)
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Peter Gutmann (18 Sep 2007)
    - RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Ed Patterson (18 Sep 2007)
WinSCP < 4.04 url protocol handler flaw Kender.Security(at)gmail.com (13 Sep 2007)
NDSS 2008 CfP Papers Due September 21 Crispin Cowan (12 Sep 2007)
[ MDKSA-2007:180 ] - Updated id3lib packages fix vulnerability security(at)mandriva.com (12 Sep 2007)
[ MDKSA-2007:181 ] - Updated librpcsecgss packages fix vulnerabilities security(at)mandriva.com (12 Sep 2007)
ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability zdi-disclosures(at)3com.com (12 Sep 2007)
CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities Code Audit Labs (12 Sep 2007)
- Re: CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities Florian Weimer (21 Sep 2007)
AIM Arbitrary HTML Display in Notification Window shell(at)dotshell.net (11 Sep 2007)
SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor research(at)symantec.com (10 Sep 2007)
CS Guestbook Admin Name & Md5 Security Vuln crazy_king(at)eno7.org (11 Sep 2007)
Re Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass laurent.gaffie(at)gmail.com (12 Sep 2007)
Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information Integrigy Alerts (12 Sep 2007)
0DAY: QuickTime pwns Firefox pdp (architect) (12 Sep 2007)
S21SEC-036-EN Ekiga <= 2.0.5 Denial of service S21sec Labs (12 Sep 2007)
RSA EnVision Reflected XSS Hole Stelios Tigkas (12 Sep 2007)
Boinc Forum Cross Site Scripting Vulrnability DoZ(at)HackersCenter.com (12 Sep 2007)
[ MDKSA-2007:179 ] - Updated fetchmail packages fix DoS vulnerability security(at)mandriva.com (11 Sep 2007)
[ MDKSA-2007:178 ] - Updated x11-server packages fix vulnerability security(at)mandriva.com (11 Sep 2007)
RE: ScanAlert Security Advisory Nick Merritt (11 Sep 2007)
[ GLSA 200709-01 ] MIT Kerberos 5: Multiple vulnerabilities Matthias Geerdsen (11 Sep 2007)
iDefense Security Advisory 09.11.07: Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer Overflow Vulnerability iDefense Labs (11 Sep 2007)
[SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities Steve Kemp (11 Sep 2007)
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities Thijs Kinkhorst (11 Sep 2007)
[SECURITY] [DSA 1372-1] New ktorrent packages fix directory traversal Steve Kemp (11 Sep 2007)
Assurent VR - Microsoft Agent Crafted URL Stack Buffer Overflow VR-Subscription-noreply(at)assurent.com (11 Sep 2007)
NuclearBB Alpha 2 Remote File Inclusion b14ck1c3(at)hotmail.com (11 Sep 2007)
PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass laurent.gaffie(at)gmail.com (11 Sep 2007)
- Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass Ronald Chmara (12 Sep 2007)
- Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass Ben Wheeler (12 Sep 2007)
RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability OS2A BTO (11 Sep 2007)
[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default Gerald (Jerry) Carter (11 Sep 2007)
rPSA-2007-0181-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements (10 Sep 2007)
[SECURITY] [DSA 1370-2] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst (10 Sep 2007)
ekoparty 3rd edition CFP ekoparty (10 Sep 2007)
New Whitepaper : g00gle CrewBots matteo(at)gray-world.net (08 Sep 2007)
XSIO - Cross Site Image Overlaying Sven Vetsch / Disenchant (10 Sep 2007)
- Re: XSIO - Cross Site Image Overlaying Tod Beardsley (10 Sep 2007)
[Aria-Security Team] social-networkin SQL Injection Advisory(at)Aria-security.net (09 Sep 2007)
Symantec Product Security: Symantec Device Driver Local Elevation of Privilege secure(at)symantec.com (10 Sep 2007)
/* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */ laurent.gaffie(at)gmail.com (09 Sep 2007)
PHP <=5.2.4 open_basedir bypass & code exec & denial of service laurent.gaffie(at)gmail.com (09 Sep 2007)
- Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service azurIt (10 Sep 2007)
Announcing ShmooCon 08 and the CFP B Potter (09 Sep 2007)
[SECURITY] [DSA 1370-1] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst (09 Sep 2007)
[SECURITY] [DSA 1365-2] New id3lib3.8.3 packages fix denial of service Moritz Muehlenhoff (09 Sep 2007)
Husrev Forums v2.0.1:PoWerBoard Sql yollubunlar(at)yollubunlar.org (08 Sep 2007)
Proxy Anket v3.0.1 Sql injection Vulnerable yollubunlar(at)yollubunlar.org (08 Sep 2007)
phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities yollubunlar(at)yollubunlar.org (08 Sep 2007)
Netjuke 1.0-rc2 - sql injection & XSS cod3in(at)gmail.com (08 Sep 2007)
IMF 2007 - 2nd Call for Participation Oliver Goebel (08 Sep 2007)
TxxCMS_Multiple File inclusion Vulnerabilies nnc(at)chilloutzone.eu (08 Sep 2007)
ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability zdi-disclosures(at)3com.com (07 Sep 2007)
ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability zdi-disclosures(at)3com.com (07 Sep 2007)
hack.lu 2007 18-20 October, Luxembourg info(at)hack.lu (07 Sep 2007)
[ MDKSA-2007:174-1 ] - Updated krb5 packages fix vulnerabilities security(at)mandriva.com (07 Sep 2007)
Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc retrog(at)alice.it (07 Sep 2007)
[USN-511-2] Kerberos vulnerability Kees Cook (07 Sep 2007)
Safari 3.0.3 (522.15.5) Buffer overflow azizov(at)itdefence.ru (07 Sep 2007)
FLEA-2007-0052-1 gd Foresight Linux Essential Announcement Service (06 Sep 2007)
FLEA-2007-0051-1 star Foresight Linux Essential Announcement Service (06 Sep 2007)
[ MDKSA-2007:177 ] - Updated MySQL packages fix vulnerabilities security(at)mandriva.com (06 Sep 2007)
Buffalo AirStation WHR-G54S CSRF vulnerability Henri Lindberg - Smilehouse Oy (07 Sep 2007)
- Re: Buffalo AirStation WHR-G54S CSRF vulnerability Adrian P (07 Sep 2007)
FLEA-2007-0050-1 krb5 krb5-workstation Foresight Linux Essential Announcement Service (06 Sep 2007)
FLEA-2007-0053-1 fetchmail Foresight Linux Essential Announcement Service (07 Sep 2007)
[ MDKSA-2007:176 ] - Updated kdebase and kdelibs packages fix location bar spoofing issues security(at)mandriva.com (06 Sep 2007)
[HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal Gynvael Coldwind (06 Sep 2007)
[SECURITY] [DSA 1369-1] New gforge packages fix SQL injection Moritz Muehlenhoff (06 Sep 2007)
[ MDKSA-2007:174 ] - Updated krb5 packages fix vulnerabilities security(at)mandriva.com (06 Sep 2007)
[SECURITY] [DSA 1367-2] New krb5 packages fix arbitrary code execution Moritz Muehlenhoff (06 Sep 2007)
[ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow security(at)mandriva.com (06 Sep 2007)
rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (06 Sep 2007)
PHP <= 5.2.4 multiple Iconv functions denial of service laurent.gaffie(at)gmail.com (05 Sep 2007)
[HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities Gynvael Coldwind (06 Sep 2007)
[HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal Gynvael Coldwind (06 Sep 2007)
Sophos Anti-Virus 6.5.4 Vulnerability disclosure(at)contextis.co.uk (06 Sep 2007)
updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer Tom Yu (05 Sep 2007)
rPSA-2007-0177-1 kdebase kdelibs rPath Update Announcements (05 Sep 2007)
rPSA-2007-0178-1 fetchmail rPath Update Announcements (05 Sep 2007)
Format string and clients disconnection in Alien Arena 2007 6.10 Luigi Auriemma (05 Sep 2007)
PHP <=5.2.4 iconv_substr() denial of service laurent.gaffie(at)gmail.com (05 Sep 2007)
PHP < 5.2.3 fnmatch() denial of service laurent.gaffie(at)gmail.com (04 Sep 2007)
PHP < 5.2.4 setlocale() denial of service laurent.gaffie(at)gmail.com (04 Sep 2007)
PHP < 5.2.3 glob() denial of service laurent.gaffie(at)gmail.com (04 Sep 2007)
- Re: PHP < 5.2.3 glob() denial of service Jonathan Yu (05 Sep 2007)
Cisco Security Advisory: Denial of Service Vulnerabilities in Content Switching Module Cisco Systems Product Security Incident Response Team (05 Sep 2007)
Cisco Security Advisory: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities Cisco Systems Product Security Incident Response Team (05 Sep 2007)
rPSA-2007-0176-1 gd php php-mysql php-pgsql php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements (05 Sep 2007)
[ MDKSA-2007:173 ] - Updated tar packages fix vulnerabilities security(at)mandriva.com (04 Sep 2007)
[USN-511-1] Kerberos vulnerability Kees Cook (04 Sep 2007)
Digital Armaments 2007 September-October Hacking Challenge: Symbian info(at)digitalarmaments.com (04 Sep 2007)
New version of Pass-The-Hash Toolkit v1.1 Hernan Ochoa (04 Sep 2007)
Tutorial on Fuzzled Tim Brown (04 Sep 2007)
[SECURITY] [DSA 1368-1] New librpcsecgss packages fix arbitrary code execution Moritz Muehlenhoff (04 Sep 2007)
[SECURITY] [DSA 1367-1] New krb5 packages fix arbitrary code execution Moritz Muehlenhoff (04 Sep 2007)
MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer Tom Yu (04 Sep 2007)
Re: Built2Go_PHP_Link_Portal_v1.79 >> RFI scoutt_42(at)yahoo.com (03 Sep 2007)
212cafeBoard Sql injection Lopez Bran (04 Sep 2007)
[security bulletin] HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert(at)hp.com (04 Sep 2007)
[security bulletin] HPSBUX02156 SSRT061236 rev.3 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert(at)hp.com (04 Sep 2007)
Wireshark DNP3 Dissector Infinite Loop Vulnerability Aviram Jenik (04 Sep 2007)
Marshal MailMarshal TAR Unpacking Vulnerability S. Vandersee (04 Sep 2007)
Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability tusharvartak(at)hotmail.com (03 Sep 2007)
- Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability Mark Thomas (04 Sep 2007)
Multiple vulnerabilities in Joomla 1.5 RC 1 Omid (03 Sep 2007)
- Re: Multiple vulnerabilities in Joomla 1.5 RC 1 admin(at)gate9.org.uk (04 Sep 2007)
DeepSec IDSC 2007 Vienna Registration Now Open Paul Böhm (03 Sep 2007)
Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll (v.1) remote arbitrary registry key manipulation retrog(at)alice.it (03 Sep 2007)
[SECURITY] [DSA 1288-2] New pptpd packages fix regression Moritz Muehlenhoff (02 Sep 2007)
Re: MkPortal "All Guests are Admin" Exploit nospam(at)fusedcoding.com (02 Sep 2007)
Re: ePersonnel_RC_2004 Remote File Bug the.tiger100(at)gmail.com (01 Sep 2007)
[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities Moritz Muehlenhoff (01 Sep 2007)
[Paper] The Anatomy of Third Party Pop Up Attacks. Aditya K Sood (01 Sep 2007)
[SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (01 Sep 2007)
Toms Gstebuch 1.00 - XSS cod3in(at)gmail.com (01 Sep 2007)
- Re: Toms Gstebuch 1.00 - XSS administrator(at)toms-seiten.at (07 Sep 2007)
  - Re: Re: Toms Gstebuch 1.00 - XSS hd1979(at)gmail.com (08 Sep 2007)
    - Re: Re: Re: Toms Gstebuch 1.00 - XSS administrator(at)toms-seiten.at (19 Sep 2007)
[SECURITY] [DSA 1365-1] New id3lib3.8.3 packages fix denial of service Moritz Muehlenhoff (01 Sep 2007)
Re: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files lcat (05 Sep 2007)
Re: Sony: The Return Of The Rootkit Tyler Reguly (01 Sep 2007)
Re: Sony: The Return Of The Rootkit John Hammond (01 Sep 2007)
Re: eyeOS checksum prediction jose(at)eyeos.org (18 Sep 2007)
Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Sergio Alvarez (03 Sep 2007)
- Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Jan Münther (03 Sep 2007)
  - Re: [Sec] Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Thierry Zoller (03 Sep 2007)
Re: Multiple vulnerabilities in rFactor 1.250 superfreak(at)freestart.hu (25 Sep 2007)
Re: Multiple vulnerabilities in rFactor 1.250 babutski(at)gmail.com (27 Sep 2007)
Re: [irc-security] Multiple vulnerabilities in ircu Colin Alston (21 Sep 2007)
- Re: [irc-security] Multiple vulnerabilities in ircu Tom Laermans (21 Sep 2007)
Re: LFI On SMF 1.1.3 alex.tracer(at)gmail.com (24 Sep 2007)

Last message date: 29 Sep 2007
Archived on: 26 Sep 2008 EDT

403 messages sort by: [ author ] [ date ] [ subject ] [ attachment ]
Other periods:[ Previous, Thread view ] [ Next, Thread view ]

This archive was generated by hypermail 2.1.8 : 26 Sep 2008 EDT