Hosting Provided By

Mailing List Archive For bugtraq@securityfocus.com Jun 2007 By Author

Airscanner Corp.
- Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users) (Fri Jun 29 2007 - 13:45:31 EDT)
azizov(at)itdefence.ru
- Safari Bookmarks Buffer Overflow Vulnerability (Sun Jun 24 2007 - 12:14:59 EDT)
Calyptix Security
- Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device (Tue Jun 26 2007 - 14:44:53 EDT)
cxib(at)securityreason.com
- PHP 4/5 htaccess safemode and open_basedir Bypass (Tue Jun 26 2007 - 20:42:04 EDT)
darkz.gsa(at)gmail.com
- POWER PHLOGGER v.2.2.5 (username) SQL Injection (Mon Jun 25 2007 - 04:47:55 EDT)
David Thiel
- flac123 0.0.9 - Stack overflow in comment parsing (Thu Jun 28 2007 - 22:34:02 EDT)
Eitan Caspi
- "run as" local denial-of-service enables administrative account processes to be killed (Sat Jun 23 2007 - 16:44:59 EDT)
Emanuele Gentili
- akocomment SQL INJECTION (all version) (Fri Jun 29 2007 - 17:12:37 EDT)
esc6(at)hush.com
- Conti FTP Server v1.0 DoS (Tue Jun 26 2007 - 23:24:16 EDT)
Firewall1954(at)hotmail.com
- XEForum Cookie Modification Privilege Escalation Vulnerability (Wed Jun 27 2007 - 21:12:55 EDT)
Foresight Linux Essential Announcement Service
- FLEA-2007-0030-1: avahi avahi-glib avahi-sharp (Thu Jun 28 2007 - 10:33:43 EDT)
- FLEA-2007-0029-1: krb5 krb5-workstation (Wed Jun 27 2007 - 20:27:48 EDT)
- FLEA-2007-0028-1: libexif (Fri Jun 22 2007 - 15:08:41 EDT)
Francisco Amato
- [ISR] :: Infobyte Security Research :: release (ISR-sqlget.pl) v1.0.0 (Mon Jun 25 2007 - 17:02:20 EDT)
Gadi Evron
- CFP: ISOI III (a DA workshop) (Tue Jun 26 2007 - 00:16:19 EDT)
gmdarkfig(at)gmail.com
- Pluxml 0.3.1 Remote Code Execution Exploit (Sun Jun 24 2007 - 11:08:05 EDT)
Goodfellas SRT
- [GOODFELLAS - VULN] hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write. (Wed Jun 27 2007 - 16:27:57 EDT)
- [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write (Tue Jun 26 2007 - 16:03:50 EDT)
- [GOODFELLAS - VULN] BarCodeAx.dll v. 4.9 ActiveX Control Remote Stack Buffer Overflow (Sat Jun 23 2007 - 12:07:17 EDT)
HASEGAWA Yosuke
- MS07-034: Executing arbitrary script with mhtml: protocol handler (Thu Jun 21 2007 - 23:42:13 EDT)
Henri Lindberg - Louhi Networks Oy
- CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability (Tue Jun 26 2007 - 21:01:32 EDT)
iDefense Labs
- iDefense Security Advisory 06.26.07: RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability (Tue Jun 26 2007 - 15:53:46 EDT)
- iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability (Tue Jun 26 2007 - 14:46:14 EDT)
- iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities (Thu Jun 21 2007 - 16:50:32 EDT)
imprili(at)gmail.com
- KF Web Server 3.1.0 admin console XSS (Sat Jun 23 2007 - 15:18:37 EDT)
- LiteWEB 2.7 404 Denial of Services (Sat Jun 23 2007 - 15:51:56 EDT)
- SHTTPD V1.38 server source code disclosure (Sat Jun 23 2007 - 13:21:38 EDT)
Ivan Buetler
- SAP Internet Communication Framework (BC-MID-ICF) Vulnerability (Wed Jun 27 2007 - 03:03:39 EDT)
- SAP Web Dynpro Java (BC-WD-JAV) Vulnerability (Wed Jun 27 2007 - 03:00:50 EDT)
James C. Slora Jr.
- RE: "run as" local denial-of-service enables administrative account processes to be killed (Tue Jun 26 2007 - 10:30:18 EDT)
Jerome Athias
- [SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow (Thu Jun 28 2007 - 02:48:06 EDT)
John Smith
- iPhone Security Settings (Fri Jun 29 2007 - 20:10:06 EDT)
john-lindsay(at)ngssoftware.com
- Contact request - nVidia (Wed Jun 27 2007 - 12:38:07 EDT)
kaneda(at)bohater.net
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x (Thu Jun 21 2007 - 14:39:11 EDT)
Kees Cook
- [USN-479-1] MadWifi vulnerabilities (Fri Jun 29 2007 - 01:37:26 EDT)
- [USN-478-1] libexif vulnerability (Tue Jun 26 2007 - 20:10:18 EDT)
- [USN-477-1] krb5 vulnerabilities (Tue Jun 26 2007 - 20:01:44 EDT)
- [USN-476-1] redhat-cluster-suite vulnerability (Fri Jun 22 2007 - 14:22:56 EDT)
- [USN-475-1] evolution-data-server vulnerability (Thu Jun 21 2007 - 19:52:28 EDT)
Larry Seltzer
- RE: [Full-disclosure] Apple Safari: idn urlbar spoofing (Mon Jun 25 2007 - 17:15:22 EDT)
laurent.gaffie(at)gmail.com
- phpTrafficA < 1.4.2 (Sun Jun 24 2007 - 13:56:56 EDT)
- eNdonesia 8.4 [multiple injection sql] (Fri Jun 22 2007 - 12:24:52 EDT)
- NetClassifieds [multiple vulnerabilities] (Thu Jun 21 2007 - 15:21:35 EDT)
Matousec - Transparent security Research
- Outpost Enforcing system reboot with 'outpost_ipc_hdr' mutex Vulnerability (Fri Jun 01 2007 - 13:37:09 EDT)
Michal Zalewski
- Re: [Full-disclosure] Apple Safari: idn urlbar spoofing (Mon Jun 25 2007 - 17:22:34 EDT)
Moritz Muehlenhoff
- [SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution (Fri Jun 29 2007 - 11:06:48 EDT)
- [SECURITY] [DSA 1323-1] New krb5 packages fix several vulnerabilities (Thu Jun 28 2007 - 16:13:18 EDT)
- [SECURITY] [DSA 1322-1] New wireshark packages fix denial of service (Wed Jun 27 2007 - 16:57:25 EDT)
- [SECURITY] [DSA 1320-1] New clamav packages fix several vulnerabilities (Sat Jun 23 2007 - 06:57:02 EDT)
- [SECURITY] [DSA 1321-1] New evolution-data-server packages fix arbitrary code execution (Sat Jun 23 2007 - 08:49:54 EDT)
- [SECURITY] [DSA 1319-1] New maradns packages fix denial of service (Sat Jun 23 2007 - 05:54:46 EDT)
- [SECURITY] [DSA 1318-1] New ekg packages fix denial of service (Fri Jun 22 2007 - 17:39:23 EDT)
motokochan(at)simplemachines.org
- Re: Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue (Mon Jun 25 2007 - 02:33:01 EDT)
NGSSoftware Insight Security Research
- Ingres wakeup setuid(ingres) file truncation (Mon Jun 25 2007 - 05:41:10 EDT)
- Ingres stack overflow in uuid_from_char function (Mon Jun 25 2007 - 05:35:42 EDT)
- Ingres Unauthenticated Pointer Overwrite 1 (Mon Jun 25 2007 - 05:30:51 EDT)
- Ingres verifydb local stack overflow (Mon Jun 25 2007 - 05:38:58 EDT)
- Ingres Unauthenticated Pointer Overwrite 2 (Mon Jun 25 2007 - 05:33:33 EDT)
Nico Leidecker
- Papoo CMS 3.6 - Access Restriction Bypass (Sun Jun 24 2007 - 12:22:03 EDT)
- Papoo CMS 3.6 - SQL Injection (Sun Jun 24 2007 - 12:20:59 EDT)
no-spam(at)brierley.com
- Re: Re: PHPMyDesk Beta Release 1.0b ==> RFI (Fri Jun 22 2007 - 21:00:58 EDT)
pito pito
- phpreactor <===1.2.7 remote file include (Fri Jun 01 2007 - 08:26:56 EDT)
prodigy.zero(at)gmail.com
- Re: Light Blog 4.1 XSS Vulnerability (Sat Jun 30 2007 - 14:39:49 EDT)
RaeD(at)BsdMail.Com
- SQL Injection In Script VBZooM V1.12 (Fri Jun 29 2007 - 03:36:10 EDT)
Raphael Marichez
- [ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabilities (Tue Jun 26 2007 - 17:12:29 EDT)
- [ GLSA 200706-09 ] libexif: Buffer overflow (Tue Jun 26 2007 - 17:22:02 EDT)
research(at)symantec.com
- SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products (Fri Jun 22 2007 - 14:06:27 EDT)
Richard Moore
- Safari XMLHttpRequest HTTP header injection (Mon Jun 25 2007 - 07:03:18 EDT)
Robert Swiecki
- Re: Apple Safari: idn urlbar spoofing (Wed Jun 27 2007 - 05:27:40 EDT)
- Re: Apple Safari: idn urlbar spoofing (Mon Jun 25 2007 - 16:33:19 EDT)
rPath Update Announcements
- rPSA-2007-0136-1 httpd mod_ssl (Wed Jun 27 2007 - 17:32:41 EDT)
- rPSA-2007-0135-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Wed Jun 27 2007 - 16:18:20 EDT)
- rPSA-2007-0133-1 emacs emacs-leim (Mon Jun 25 2007 - 20:44:48 EDT)
- rPSA-2007-0131-1 libexif (Mon Jun 25 2007 - 12:10:39 EDT)
scott-REMOTE-(at)vbulletin.com
- Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x (Fri Jun 22 2007 - 07:32:23 EDT)
scott-REMOVE-(at)vbulletin.com
- Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x (Fri Jun 22 2007 - 06:30:09 EDT)
Secunia Research
- Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability (Thu Jun 28 2007 - 09:19:18 EDT)
- Secunia Research: Symantec Mail Security for SMTP Boundary Errors (Thu Jun 28 2007 - 09:17:09 EDT)
security(at)mandriva.com
- [ MDKSA-2007:136 ] - Updated evolution packages fix vulnerability (Tue Jun 26 2007 - 18:27:44 EDT)
- [ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities (Tue Jun 26 2007 - 23:34:58 EDT)
- [ MDKSA-2007:135 ] - Updated webmin packages fix XSS vulnerability (Fri Jun 22 2007 - 19:37:55 EDT)
- [ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue (Thu Jun 21 2007 - 19:58:30 EDT)
- [ MDKSA-2007:133 ] - Updated emacs packages fix DoS vulnerability (Thu Jun 21 2007 - 18:21:24 EDT)
- [ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities (Thu Jun 21 2007 - 15:03:01 EDT)
security-alert(at)hp.com
- [security bulletin] HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) (Thu Jun 28 2007 - 10:28:21 EDT)
- HPSBTU02207 SSRT061239 rev.2 - HP Tru64 UNIX OpenSSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS) (Wed Jun 27 2007 - 09:04:39 EDT)
- [security bulletin] HPSBUX02225 SSRT071295 rev.1 - HP-UX Running Xserver, Local Denial of Service (DoS) (Mon Jun 25 2007 - 09:01:05 EDT)
- HPSBST02231 SSRT071438 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-030 to MS07-035 (Thu Jun 21 2007 - 15:28:25 EDT)
- [security bulletin] HPSBGN02199 SSRT071312 rev.3 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Executio (Thu Jun 21 2007 - 15:27:26 EDT)
securityresearch(at)netvigilance.com
- eTicket version 1.5.5 XSS Attack Vulnerability (Wed Jun 27 2007 - 17:04:24 EDT)
- eTicket version 1.5.5 Path Disclosure Vulnerability (Wed Jun 27 2007 - 17:04:15 EDT)
- Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities (Mon Jun 25 2007 - 12:20:53 EDT)
- MyNews version 0.10 SQL Injection Vulnerability (Mon Jun 25 2007 - 12:18:03 EDT)
- Calendarix version 0.7. 20070307 Multiple XSS Attacks (Mon Jun 25 2007 - 12:24:59 EDT)
- Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities (Mon Jun 25 2007 - 12:20:30 EDT)
- Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities (Mon Jun 25 2007 - 12:18:25 EDT)
sf(at)hm2k.org
- Re: eTicket version 1.5.5 XSS Attack Vulnerability (Fri Jun 29 2007 - 05:56:41 EDT)
spymeta(at)yahoo.com
- All Of the Mambo & Joomla Script Remote File Inclussion Bugs.. (Fri Jun 22 2007 - 05:36:26 EDT)
Steve Kemp
- [SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising (Thu Jun 28 2007 - 17:04:32 EDT)
- [SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow (Fri Jun 22 2007 - 21:10:24 EDT)
Steven M. Christey
- Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x (Thu Jun 21 2007 - 16:21:15 EDT)
support(at)keyfocus.net
- Re: KF Web Server 3.1.0 admin console XSS (Tue Jun 26 2007 - 09:26:10 EDT)
suresync(at)gmail.com
- Re: Re: Progress Webspeed exploit for all releases (Fri Jun 29 2007 - 17:51:26 EDT)
- Openedge _mprosrv buffer overflow (Wed Jun 27 2007 - 06:14:13 EDT)
Tom Yu
- MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow (Tue Jun 26 2007 - 14:01:56 EDT)
- MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities (Tue Jun 26 2007 - 14:01:54 EDT)
Trustix Security Advisor
- TSLSA-2007-0021 - kerberos5 (Fri Jun 29 2007 - 08:08:59 EDT)
underwater(at)itdefence.ru
- WheatBlog 1.1 RFI/SQL Injection (Sat Jun 30 2007 - 10:52:04 EDT)
USprotte(at)web.de
- Juniper SBR V 6.0.1 CRL-Checking problem (Wed Jun 27 2007 - 14:56:29 EDT)
Williams, James K
- [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities (Fri Jun 22 2007 - 10:00:40 EDT)
- 110 messages sort by: [ thread ] [ date ] [ subject ] [ attachment ]
This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 14:45:28 EDT