Mailing List Archive For bugtraq@securityfocus.com Jul 2007 By Thread

• [USN-493-1] Firefox vulnerabilities Kees Cook (Tue Jul 31 2007 - 22:12:32 EDT)
• [SECURITY] [DSA 1343-1] New file packages fix arbitrary code execution Moritz Muehlenhoff (Tue Jul 31 2007 - 17:36:42 EDT)
• Really, really, penultimate, PacSec CFP deadline, Aug 10. Dragos Ruiu (Tue Jul 31 2007 - 17:25:23 EDT)
• Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability 3APA3A (Tue Jul 31 2007 - 16:49:07 EDT)
• CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability Code Audit Labs (Mon Jul 30 2007 - 20:36:11 EDT)
• security contact for uat.edu needed Hans Wolters (Mon Jul 30 2007 - 18:42:30 EDT)
• [USN-492-1] tcpdump vulnerability Kees Cook (Mon Jul 30 2007 - 23:20:16 EDT)
• FLEA-2007-0037-1 unrar Foresight Linux Essential Announcement Service (Mon Jul 30 2007 - 21:39:26 EDT)
• BellaBook Admin Bypass/Remote Code Execution ilkerkandemir(at)mynet.com (Tue Jul 31 2007 - 06:44:20 EDT)
• rPSA-2007-0151-1 gvim vim vim-minimal rPath Update Announcements (Tue Jul 31 2007 - 00:05:44 EDT)
• RFI ====> vBulletin v3.6.5 RaeD(at)BsdMail.Com (Mon Jul 30 2007 - 04:28:22 EDT)
  • Re: RFI ====> vBulletin v3.6.5 scott-REMOVE(at)vbulletin.com (Tue Jul 31 2007 - 09:21:26 EDT)
  • Re: RFI ====> vBulletin v3.6.5 no-reply(at)aria-security.net (Tue Jul 31 2007 - 03:19:44 EDT)
• Exploit In Internet Explorer RaeD(at)BsdMail.Com (Sun Jul 29 2007 - 04:58:00 EDT)
  • Re: Exploit In Internet Explorer paraw (Mon Jul 30 2007 - 17:11:37 EDT)
  • RE: Exploit In Internet Explorer Larry Seltzer (Mon Jul 30 2007 - 17:55:54 EDT)
  • Re: Exploit In Internet Explorer Nick FitzGerald (Mon Jul 30 2007 - 18:35:21 EDT)
    • Re: Exploit In Internet Explorer Gadi Evron (Tue Jul 31 2007 - 01:01:49 EDT)
• BellaBiblio Admin Login Bypass ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:29:58 EDT)
• Dora Emlak Script v1.0 (tr) Admin Login ByPass ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:13:48 EDT)
• phpVoter v0.6 Remote File Include Vulnerability ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:12:48 EDT)
• Phorm v3.0 Remote File Upload Vulnerability ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:12:06 EDT)
• Madoa Poll v1.1 Remote File Include Vulnerabilities ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:11:15 EDT)
• phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:10:33 EDT)
• RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability ilkerkandemir(at)mynet.com (Mon Jul 30 2007 - 15:09:56 EDT)
• [SECURITY] [DSA 1342-1] New xfs packages fix privilege escalation Moritz Muehlenhoff (Mon Jul 30 2007 - 14:53:28 EDT)
• [DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities Heine Deelstra (Sun Jul 29 2007 - 17:47:49 EDT)
• [DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities Heine Deelstra (Sun Jul 29 2007 - 17:49:50 EDT)
• FLEA-2007-0036-1 vim vim-minimal gvim Foresight Linux Essential Announcement Service (Mon Jul 30 2007 - 12:49:46 EDT)
• ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver Security Response Team (Sun Jul 29 2007 - 19:38:05 EDT)
• [Aria-security] community Cross-site Scripting (XSS) h4ck3riran(at)yahoo.com (Sun Jul 29 2007 - 12:03:41 EDT)
• TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability anonymous.c7ffa4057a (Sun Jul 29 2007 - 14:32:52 EDT)
• security@soqor.net security(at)soqor.net (Sun Jul 29 2007 - 05:53:03 EDT)
• E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL Advisory(at)aria-security.net (Sat Jul 28 2007 - 19:18:52 EDT)
• [Aria-security] itcms 0.2 Cross-site Scripting (XSS) h4ck3riran(at)yahoo.com (Sun Jul 29 2007 - 12:05:23 EDT)
• [ GLSA 200707-14 ] tcpdump: Integer overflow Raphael Marichez (Sat Jul 28 2007 - 18:42:40 EDT)
• [ GLSA 200707-13 ] Fail2ban: Denial of Service Raphael Marichez (Sat Jul 28 2007 - 18:33:31 EDT)
• [ GLSA 200707-12 ] VLC media player: Format string vulnerabilities Raphael Marichez (Sat Jul 28 2007 - 16:04:45 EDT)
• Friend Script 2.5 - 2.4 Remote File İnclude yollubunlar(at)yollubunlar.org (Fri Jul 27 2007 - 19:48:04 EDT)
• WebEvents: Online Event Registration Template Username Fields SQL INJECTION Advisory(at)Aria-security.net (Fri Jul 27 2007 - 20:00:00 EDT)
• WebEvents: Online Event Registration Template Username Fields SQL INJECTION Advisory(at)Aria-security.net (Fri Jul 27 2007 - 19:59:53 EDT)
• SuskunDuygular - yelik Sistemi v.1 Sql yollubunlar(at)yollubunlar.org (Fri Jul 27 2007 - 19:50:09 EDT)
• TSLSA-2007-0023 - multi Trustix Security Advisor (Sat Jul 28 2007 - 04:00:51 EDT)
• phpCoupon Vulnerabilities hack2prison(at)yahoo.com (Sat Jul 28 2007 - 01:18:04 EDT)
• PHPBlogger cookie privilege escalation darthballsbr(at)hotmail.com (Sat Jul 28 2007 - 07:03:24 EDT)
• Berthanas Ziyaretci Defteri v2.0 (tr) Sql yollubunlar(at)yollubunlar.org (Fri Jul 27 2007 - 19:51:11 EDT)
• Message Board / Threaded Discussion Forum SQL INJECTION Advisory(at)Aria-security.net (Fri Jul 27 2007 - 20:00:31 EDT)
• Pay Roll - Time Sheet and Punch Card Application With Web Interface SQL Injection Advisory(at)Aria-security.net (Fri Jul 27 2007 - 20:00:48 EDT)
• Real Estate listing website application template SQL Injection Advisory(at)Aria-security.net (Fri Jul 27 2007 - 20:01:00 EDT)
• WebStore - Online Store Application Template SQL INJECTION Advisory(at)Aria-security.net (Fri Jul 27 2007 - 20:00:10 EDT)
• Anti XSS AJAX Fady Anwar (Thu Jul 26 2007 - 05:28:47 EDT)
  • Re: Anti XSS AJAX Ronald Chmara (Sat Jul 28 2007 - 02:39:22 EDT)
• BTsniff - Bleutooth sniffing under *nix Thierry Zoller (Fri Jul 27 2007 - 12:14:53 EDT)
• FLEA-2007-0035-1: libvorbis Foresight Linux Essential Announcement Service (Fri Jul 27 2007 - 13:16:17 EDT)
• Solaris finger bug Jim Mellander (Fri Jul 27 2007 - 14:17:39 EDT)
  • Re: Solaris finger bug Joep Vesseur (Fri Jul 27 2007 - 15:18:48 EDT)
• Metyus Forum Portal v1.0 crazy_king(at)eno7.org (Fri Jul 27 2007 - 07:36:40 EDT)
• Re: Retrieving "deleted" sms/mms from Nokia phone (Symbian S60) abrash_han(at)hotmail.com (Fri Jul 27 2007 - 08:03:32 EDT)
• sBlog 0.7.3 Beta XSS Vulnerabilitie Guns(at)0x90.com.ar (Thu Jul 26 2007 - 19:45:41 EDT)
• rPSA-2007-0150-1 libvorbis rPath Update Announcements (Fri Jul 27 2007 - 11:25:28 EDT)
• rPSA-2007-0149-1 bind bind-utils rPath Update Announcements (Fri Jul 27 2007 - 06:21:39 EDT)
• Breakpoint Security: Encase Pre-Advisory announce(at)breakpointsecurity.net (Fri Jul 27 2007 - 03:25:32 EDT)
• PHPSysInfo Index.php Cross Site Scripting DoZ(at)HackersCenter.com (Tue Jul 24 2007 - 23:12:09 EDT)
• Re: Guidance Software response to iSEC report on EnCase (fwd) jf (Fri Jul 27 2007 - 01:03:18 EDT)
  • Re: Guidance Software response to iSEC report on EnCase (fwd) Alexander Sotirov (Thu Jul 26 2007 - 18:38:07 EDT)
• iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities iDefense Labs (Thu Jul 26 2007 - 17:31:02 EDT)
• iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability iDefense Labs (Thu Jul 26 2007 - 17:27:38 EDT)
• iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability iDefense Labs (Thu Jul 26 2007 - 17:17:29 EDT)
• Guidance Software response to iSEC report on EnCase larry.gill(at)guidancesoftware.com (Thu Jul 26 2007 - 13:51:19 EDT)
  • Re: Guidance Software response to iSEC report on EnCase Alex Stamos (Thu Jul 26 2007 - 19:32:39 EDT)
• [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning Moritz Muehlenhoff (Thu Jul 26 2007 - 13:03:40 EDT)
• FLEA-2007-0034-1: Foresight Linux Essential Announcement Service (Thu Jul 26 2007 - 11:52:21 EDT)
• [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert(at)hp.com (Thu Jul 26 2007 - 11:35:52 EDT)
• SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion s4m3k(at)ganteng.la (Thu Jul 26 2007 - 00:46:36 EDT)
• Dependet Forums (Username Field) Remote SQL Injection Advisory(at)Aria-security.net (Wed Jul 25 2007 - 23:24:20 EDT)
• [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities security(at)mandriva.com (Wed Jul 25 2007 - 19:32:46 EDT)
• [ GLSA 200707-11 ] MIT Kerberos 5: Arbitrary remote code execution Raphael Marichez (Wed Jul 25 2007 - 18:11:22 EDT)
• [ GLSA 200707-10 ] Festival: Privilege elevation Raphael Marichez (Wed Jul 25 2007 - 17:30:54 EDT)
• [ MDKSA-2007:149 ] - Updated BIND9 packages fix vulnerabilities security(at)mandriva.com (Wed Jul 25 2007 - 17:18:12 EDT)
• [SECURITY] [DSA 1341-1] New bind9 packages fix DNS cache poisoning Moritz Muehlenhoff (Wed Jul 25 2007 - 17:13:15 EDT)
• ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability zdi-disclosures(at)3com.com (Wed Jul 25 2007 - 15:21:11 EDT)
• [ MDKSA-2007:148 ] - Updated tcpdump packages fix BGP dissector vulnerability security(at)mandriva.com (Wed Jul 25 2007 - 14:38:56 EDT)
• [ GLSA 200707-09 ] GIMP: Multiple integer overflows Raphael Marichez (Wed Jul 25 2007 - 15:23:12 EDT)
• Mozilla protocol abuse Thor Larholm (Wed Jul 25 2007 - 14:48:23 EDT)
  • Re: [Full-disclosure] Mozilla protocol abuse bugtraq(at)cgisecurity.net (Wed Jul 25 2007 - 15:00:44 EDT)
  • Re: Mozilla protocol abuse Thor Larholm (Wed Jul 25 2007 - 21:32:15 EDT)
• Mitridat Form Processor Pro XSS Charles Kim (Wed Jul 25 2007 - 13:13:25 EDT)
• [USN-491-1] Bind vulnerability Kees Cook (Wed Jul 25 2007 - 10:09:05 EDT)
• n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory security(at)nruns.com (Wed Jul 25 2007 - 09:07:41 EDT)
• [OpenPKG-SA-2007.022] OpenPKG Security Advisory (bind) OpenPKG GmbH (Wed Jul 25 2007 - 06:19:09 EDT)
• [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability Williams, James K (Tue Jul 24 2007 - 21:00:39 EDT)
• [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities Williams, James K (Tue Jul 24 2007 - 20:55:37 EDT)
  • RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities Williams, James K (Thu Jul 26 2007 - 10:30:39 EDT)
• [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability Williams, James K (Tue Jul 24 2007 - 20:49:53 EDT)
• [ GLSA 200707-08 ] NVClock: Insecure file usage Raphael Marichez (Tue Jul 24 2007 - 18:48:12 EDT)
• [ GLSA 200707-07 ] MPlayer: Multiple buffer overflows Raphael Marichez (Tue Jul 24 2007 - 18:33:33 EDT)
• iDefense Security Advisory 07.24.07: Computer Associates eTrust Intrusion Detection CallCode ActiveX Control Code Execution Vulnerability iDefense Labs (Tue Jul 24 2007 - 18:29:03 EDT)
• iDefense Security Advisory 07.24.07: Computer Associates AntiVirus CHM File Handling DoS Vulnerability iDefense Labs (Tue Jul 24 2007 - 18:18:54 EDT)
• TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability TSRT(at)3com.com (Tue Jul 24 2007 - 16:43:32 EDT)
• cPanel 10.9.1 XSS Advisory(at)Aria-Security.net (Mon Jul 23 2007 - 20:01:06 EDT)
• ZDI-07-043: Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability zdi-disclosures(at)3com.com (Tue Jul 24 2007 - 15:24:11 EDT)
• ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability zdi-disclosures(at)3com.com (Tue Jul 24 2007 - 15:22:08 EDT)
• Cisco Security Advisory: Wireless ARP Storm Vulnerabilities Cisco Systems Product Security Incident Response Team (Tue Jul 24 2007 - 13:22:52 EDT)
• FLEA-2007-0033-1: firefox thunderbird Foresight Linux Essential Announcement Service (Tue Jul 24 2007 - 12:55:32 EDT)
• PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1) research(at)procheckup.com (Tue Jul 24 2007 - 06:17:13 EDT)
• [SECURITY] [DSA 1340-1] New ClamAV packages fix denial of service Martin Schulze (Tue Jul 24 2007 - 03:24:05 EDT)
• printenv.pl(all versions) cross site scripting Vulnerability hadihadi_zedehal_2006(at)yahoo.com (Tue Jul 24 2007 - 10:42:39 EDT)
• PR07-20: Webroot disclosure on Webbler CMS research(at)procheckup.com (Tue Jul 24 2007 - 06:20:56 EDT)
• [SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff (Mon Jul 23 2007 - 20:00:33 EDT)
• PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2) research(at)procheckup.com (Tue Jul 24 2007 - 06:15:59 EDT)
• "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Tue Jul 24 2007 - 03:33:51 EDT)
  • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) securityfocus(at)networkontap.com (Tue Jul 24 2007 - 13:40:35 EDT)
    • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Tue Jul 24 2007 - 16:07:59 EDT)
    • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Jamie Riden (Tue Jul 24 2007 - 16:18:47 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Theo de Raadt (Thu Jul 26 2007 - 18:50:04 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Gadi Evron (Fri Jul 27 2007 - 00:40:55 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Tim (Fri Jul 27 2007 - 12:37:49 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Fri Jul 27 2007 - 15:19:19 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Tim Newsham (Fri Jul 27 2007 - 14:54:33 EDT)
      • Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Fri Jul 27 2007 - 18:34:13 EDT)
• PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses research(at)procheckup.com (Tue Jul 24 2007 - 06:31:18 EDT)
• dbdisplay.pl(all versions) Remote execut Vulnerability hadihadi_zedehal_2006(at)yahoo.com (Tue Jul 24 2007 - 10:47:21 EDT)
• Oracle E-Business Suite - Multiple Vulnerabilities Integrigy Alerts (Mon Jul 23 2007 - 22:33:57 EDT)
• Re: [WEB SECURITY] [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos Pranay Kanwar (Sat Jul 21 2007 - 10:19:19 EDT)
• Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability Oliver Karow (Fri Jul 20 2007 - 13:22:14 EDT)
• iDefense Security Advisory 07.23.07: Ipswitch Instant Messaging Server Denial of Service Vulnerability iDefense Labs (Mon Jul 23 2007 - 17:33:35 EDT)
• The Pwnie Awards! Alexander Sotirov (Mon Jul 23 2007 - 17:12:13 EDT)
• [security bulletin] HPSBST02243 SSRT071446 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-036 to MS07-041 security-alert(at)hp.com (Mon Jul 23 2007 - 10:13:53 EDT)
• Minb Is Not A Blog default password directory Joseph.giron13(at)gmail.com (Sun Jul 22 2007 - 06:25:17 EDT)
• Webspell 4.x Local File Inclusion f00(at)nowayyyy.de (Sun Jul 22 2007 - 09:45:55 EDT)
• [SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff (Mon Jul 23 2007 - 13:27:52 EDT)
• n.runs-SA-2007.023 - Norman Antivirus DOC parsing Divide by Zero Advisory security(at)nruns.com (Mon Jul 23 2007 - 13:43:21 EDT)
• [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln. Advisory(at)Aria-Security.net (Sun Jul 22 2007 - 19:42:46 EDT)
• n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory security(at)nruns.com (Mon Jul 23 2007 - 11:02:18 EDT)
• PHMe CMS 0.0.2 local File Include Vulnerabilitiy h4ck3riran(at)yahoo.com (Mon Jul 23 2007 - 10:04:41 EDT)
  • Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy BlackHawk (Mon Jul 23 2007 - 12:57:44 EDT)
• n.runs-SA-2007.022 - Norman Antivirus DOC parsing Detection Bypass Advisory security(at)nruns.com (Mon Jul 23 2007 - 11:03:10 EDT)
• [security bulletin] HPSBUX02153 SSRT061181 rev.4 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) security-alert(at)hp.com (Mon Jul 23 2007 - 10:14:38 EDT)
• n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory security(at)nruns.com (Mon Jul 23 2007 - 11:01:27 EDT)
• [SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Sun Jul 22 2007 - 15:19:22 EDT)
• CVE-2007-3383: XSS in Tomcat send mail example Mark Thomas (Sat Jul 21 2007 - 19:51:11 EDT)
• SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS Johannes Greil (Sun Jul 22 2007 - 05:36:55 EDT)
• [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities Moritz Muehlenhoff (Sun Jul 22 2007 - 13:43:28 EDT)
• Buffer overflow in Areca CLI, version <= 1.72.250 Sebastian Wolfgarten (Sun Jul 22 2007 - 08:59:54 EDT)
• Re: rare bug in Opera 9.20 browser kaneda(at)bohater.net (Sat Jul 21 2007 - 23:45:19 EDT)
• Oracle bad Views - Exploit released bunker (Sat Jul 21 2007 - 05:53:40 EDT)
• [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue admin(at)majorsecurity.de (Sat Jul 21 2007 - 04:49:56 EDT)
• [Aria-Security] Munch Pro Remote Login ByPass Advisory(at)Aria-Security.net (Sat Jul 21 2007 - 03:20:17 EDT)
• [Aria-Security] Property Pro Remote Login ByPass Advisory(at)Aria-Security.net (Sat Jul 21 2007 - 03:21:40 EDT)
• [ MDKSA-2007:147 ] - Updated ImageMagick packages fix multiple vulnerabilities security(at)mandriva.com (Fri Jul 20 2007 - 20:42:20 EDT)
• JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation s4mi(at)LinuxMail.org (Fri Jul 20 2007 - 17:28:53 EDT)
• 2007-07-20 - n.runs-SA-2007.017 - NOD32 Antivirus ASPACK parsing Infinite Loop Advisory security(at)nruns.com (Fri Jul 20 2007 - 15:42:56 EDT)
• UseBB 1.0.x Cross Site Scripting (XSS) s4mi(at)LinuxMail.org (Fri Jul 20 2007 - 15:54:36 EDT)
• FLEA-2007-0032-1: flashplayer Foresight Linux Essential Announcement Service (Fri Jul 20 2007 - 15:49:23 EDT)
• 2007-07-20 - n.runs-SA-2007.018 - NOD32 Antivirus ASPACK and FSG parsing Divide by Zero Advisory security(at)nruns.com (Fri Jul 20 2007 - 15:43:50 EDT)
• 2007-07-20 - n.runs-SA-2007.016 - NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory security(at)nruns.com (Fri Jul 20 2007 - 15:41:53 EDT)
• Elite Forum Full HTML ENject versin 1.0.0.0 starext(at)msn.com (Fri Jul 20 2007 - 03:02:19 EDT)
• rPSA-2007-0147-1 tcpdump rPath Update Announcements (Fri Jul 20 2007 - 08:37:03 EDT)
• rPSA-2007-0148-1 firefox thunderbird rPath Update Announcements (Fri Jul 20 2007 - 08:39:57 EDT)
• [USN-490-1] Firefox vulnerabilities Kees Cook (Thu Jul 19 2007 - 21:12:02 EDT)
• SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw research(at)symantec.com (Wed Jul 18 2007 - 14:58:02 EDT)
• Wii's Internet Channel affected to Flash FLV parser vulnerability Juha-Matti Laurio (Thu Jul 19 2007 - 17:40:50 EDT)
• [ANNOUNCE] RSBAC 1.3.5 released Amon Ott (Thu Jul 19 2007 - 05:49:11 EDT)
• [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos Aditya K Sood (Sat Jul 21 2007 - 03:12:24 EDT)
• [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities Williams, James K (Thu Jul 19 2007 - 14:10:40 EDT)
• iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability iDefense Labs (Thu Jul 19 2007 - 12:04:30 EDT)
• DokuWiki suffers XSS Cyrill Brunschwiler (Thu Jul 19 2007 - 10:49:24 EDT)
• [USN-486-1] Linux kernel vulnerabilities Kees Cook (Wed Jul 18 2007 - 18:57:48 EDT)
• [USN-489-1] Linux kernel vulnerabilities Kees Cook (Thu Jul 19 2007 - 09:57:31 EDT)
• iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability iDefense Labs (Thu Jul 19 2007 - 11:44:48 EDT)
• rPSA-2007-0145-1 lighttpd rPath Update Announcements (Thu Jul 19 2007 - 07:55:21 EDT)
• [USN-489-2] redhat-cluster-suite vulnerability Kees Cook (Thu Jul 19 2007 - 09:57:55 EDT)
• Geoblog v1 administrator bypass joseph.giron13(at)gmail.com (Thu Jul 19 2007 - 04:14:25 EDT)
• [Reversemode Advisory] Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Reversemode (Wed Jul 18 2007 - 18:06:14 EDT)
• Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) Team SHATTER (Wed Jul 18 2007 - 17:52:12 EDT)
• Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) Team SHATTER (Wed Jul 18 2007 - 17:50:13 EDT)
• [SECURITY] [DSA 1335-1] New gimp packages fix arbitrary code execution Moritz Muehlenhoff (Wed Jul 18 2007 - 17:47:38 EDT)
• iDefense Security Advisory 07.18.07: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow iDefense Labs (Wed Jul 18 2007 - 16:57:46 EDT)
• iDefense Security Advisory 07.18.07: Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability iDefense Labs (Wed Jul 18 2007 - 17:08:23 EDT)
• [SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution Steve Kemp (Wed Jul 18 2007 - 16:18:17 EDT)
• [SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling Steve Kemp (Wed Jul 18 2007 - 16:09:50 EDT)
• Cisco Security Advisory: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software Cisco Systems Product Security Incident Response Team (Wed Jul 18 2007 - 12:16:09 EDT)
• Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 Chris Travers (Wed Jul 18 2007 - 11:36:58 EDT)
• Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD ak(at)red-database-security.com (Wed Jul 18 2007 - 01:57:14 EDT)
• ASA-2007-017: Remote Crash Vulnerability in STUN implementation Kevin P. Fleming (Tue Jul 17 2007 - 19:01:31 EDT)
• Oracle Security: SQL Injection in package DBMS_PRVTAQIS ak(at)red-database-security.com (Wed Jul 18 2007 - 01:55:13 EDT)
• ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver Kevin P. Fleming (Tue Jul 17 2007 - 18:57:44 EDT)
• Oracle Security: Insert / Update / Delete Data via Views ak(at)red-database-security.com (Wed Jul 18 2007 - 01:54:20 EDT)
• [USN-488-1] mod_perl vulnerability Kees Cook (Tue Jul 17 2007 - 20:03:16 EDT)
• Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 Chris Travers (Tue Jul 17 2007 - 20:55:47 EDT)
• ASA-2007-016: Remote crash vulnerability in Skinny channel driver Kevin P. Fleming (Tue Jul 17 2007 - 18:59:40 EDT)
• iDefense Security Advisory 07.17.07: Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities iDefense Labs (Tue Jul 17 2007 - 20:34:30 EDT)
• ASA-2007-014: Stack buffer overflow in IAX2 channel driver Kevin P. Fleming (Tue Jul 17 2007 - 18:54:56 EDT)
• iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability iDefense Labs (Tue Jul 17 2007 - 18:35:02 EDT)
• [USN-485-1] PHP vulnerabilities Kees Cook (Tue Jul 17 2007 - 17:17:36 EDT)
• [USN-487-1] Dovecot vulnerability Kees Cook (Tue Jul 17 2007 - 17:57:01 EDT)
• [USN-484-1] curl vulnerability Kees Cook (Tue Jul 17 2007 - 13:34:39 EDT)
• iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability iDefense Labs (Mon Jul 16 2007 - 18:59:01 EDT)
• iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability iDefense Labs (Mon Jul 16 2007 - 18:57:05 EDT)
• London DC4420 meet - tommorrow, Wednesday 18th July Adam Laurie (Tue Jul 17 2007 - 11:13:40 EDT)
• rPSA-2007-0143-1 mysql mysql-bench mysql-server rPath Update Announcements (Tue Jul 17 2007 - 08:24:47 EDT)
• rPSA-2007-0142-1 perl-Net-DNS rPath Update Announcements (Tue Jul 17 2007 - 08:11:50 EDT)
• rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements (Tue Jul 17 2007 - 08:06:26 EDT)
• Insanely simple blog - Multiple vulnerabilities joseph.giron13(at)gmail.com (Tue Jul 17 2007 - 06:08:41 EDT)
• LFI On SMF 1.1.3 sirn0n(at)yahoo.com (Tue Jul 17 2007 - 02:52:13 EDT)
  • Re: LFI On SMF 1.1.3 jkloske(at)itee.uq.edu.au (Tue Jul 17 2007 - 20:51:53 EDT)
    • Re: LFI On SMF 1.1.3 Cornelius Riemenschneider (Wed Jul 18 2007 - 15:03:52 EDT)
• Official release of SQL Power Injector 1.2 Francois Larouche (Mon Jul 16 2007 - 14:06:25 EDT)
• Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Mon Jul 16 2007 - 13:22:22 EDT)
• ExLibris Aleph and Metalib Cross Site Scripting Attack Matthew Cook (Mon Jul 16 2007 - 10:10:23 EDT)
• [security bulletin] HPSBGN02234 SSRT071435 rev.1 - HP ServiceGuard for Linux, Local Unauthorized Access, Increase in Privilege security-alert(at)hp.com (Mon Jul 16 2007 - 08:42:21 EDT)
• Session Riding and multiple XSS in WebCit Christopher Schwardt (Sat Jul 14 2007 - 17:01:00 EDT)
• Re: Menu Manager Mod for WebAPP - No Input Filtering info(at)web-app.net (Sat Jul 14 2007 - 00:56:20 EDT)
  • Re: Re: Menu Manager Mod for WebAPP - No Input Filtering web-app(at)hotmail.com (Mon Jul 16 2007 - 17:53:57 EDT)
• The dark side of ajax Fady Anwar (Fri Jul 13 2007 - 15:45:03 EDT)
• WhitePapers By SecNiche Security Aditya K Sood (Sun Jul 15 2007 - 22:01:12 EDT)
• Opera/Konqueror: data: URL scheme address bar spoofing Robert Swiecki (Fri Jul 13 2007 - 19:50:49 EDT)
  • Re: Opera/Konqueror: data: URL scheme address bar spoofing Harri Porten (Sat Jul 14 2007 - 16:11:37 EDT)
  • Re: Opera/Konqueror: data: URL scheme address bar spoofing lockoom(at)gmail.com (Mon Jul 16 2007 - 06:58:24 EDT)
• MSIE7 entrapment again (+ FF tidbit) Michal Zalewski (Fri Jul 13 2007 - 18:20:54 EDT)
• AzDG Dating Gold v3.0.5 ===> Remote File Include Vulnerability mostafa_ragab(at)msn.com (Thu Jul 12 2007 - 21:33:38 EDT)
• Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack Calyptix Security (Wed Jul 11 2007 - 13:42:00 EDT)
• Bogus BID 24744 urtrapped9(at)gmail.com (Thu Jul 12 2007 - 14:14:18 EDT)
• zdnet reports on java vulnerabilities Jonathan Smith (Fri Jul 13 2007 - 13:42:08 EDT)
  • RE: zdnet reports on java vulnerabilities Stephen Shankland (Fri Jul 13 2007 - 19:54:50 EDT)
• [USN-483-1] libnet-dns-perl vulnerabilities Kees Cook (Fri Jul 13 2007 - 14:57:25 EDT)
• [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution Minded Security Research Labs (Fri Jul 13 2007 - 12:51:40 EDT)
• [Eleytt] 12LIPIEC2007 2007-07-12 Michal Bucko (Thu Jul 12 2007 - 17:35:01 EDT)
  • Re: [Eleytt] 12LIPIEC2007 2007-07-12 michal.bucko(at)eleytt.com (Fri Jul 13 2007 - 14:38:54 EDT)
• No Patch for IE on Windows Mobile/CE LIUDIEYU dot COM (Fri Jul 13 2007 - 11:10:59 EDT)
• ActiveWeb Contentserver CMS Multiple Cross Site Scriptings RedTeam Pentesting GmbH (Fri Jul 13 2007 - 03:49:39 EDT)
• ActiveWeb Contentserver CMS SQL Injection Management Interface RedTeam Pentesting GmbH (Fri Jul 13 2007 - 03:48:48 EDT)
• ActiveWeb Contentserver CMS Editor Permission Settings Problem RedTeam Pentesting GmbH (Fri Jul 13 2007 - 03:51:14 EDT)
• ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting GmbH (Fri Jul 13 2007 - 03:50:40 EDT)
• [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting Marc Ruef (Fri Jul 13 2007 - 03:14:14 EDT)
• TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability TSRT(at)3com.com (Thu Jul 12 2007 - 20:54:00 EDT)
• ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability TSRT(at)3Com.com (Thu Jul 12 2007 - 20:56:28 EDT)
• ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability zdi-disclosures(at)3com.com (Thu Jul 12 2007 - 20:56:18 EDT)
• [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities security(at)mandriva.com (Thu Jul 12 2007 - 20:49:11 EDT)
• Whitepaper: Command Injection in XML Digital Signatures and Encryption brad(at)isecpartners.com (Thu Jul 12 2007 - 16:34:40 EDT)
• FLEA-2007-0031-1: xfs Foresight Linux Essential Announcement Service (Thu Jul 12 2007 - 15:08:51 EDT)
• iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability iDefense Labs (Thu Jul 12 2007 - 12:37:10 EDT)
• FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive FreeBSD Security Advisories (Thu Jul 12 2007 - 11:09:47 EDT)
• MkPortal - Multiple SQL Injection Vulnerabilities does_not_exist(at)jmp-esp.kicks-ass.net (Thu Jul 12 2007 - 09:04:50 EDT)
• rPSA-2007-0138-1 gimp rPath Update Announcements (Wed Jul 11 2007 - 19:38:23 EDT)
• iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability iDefense Labs (Wed Jul 11 2007 - 18:50:06 EDT)
  • Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability Dan Harkless (Mon Jul 16 2007 - 20:13:57 EDT)
    • Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability Steve Shockley (Tue Jul 17 2007 - 21:31:38 EDT)
• iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability iDefense Labs (Wed Jul 11 2007 - 17:18:40 EDT)
• iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability iDefense Labs (Wed Jul 11 2007 - 17:15:19 EDT)
• iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability iDefense Labs (Wed Jul 11 2007 - 17:19:41 EDT)
• iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability iDefense Labs (Wed Jul 11 2007 - 17:17:09 EDT)
• [ GLSA 200707-06 ] XnView: Stack-based buffer overflow Stefan Cornelius (Wed Jul 11 2007 - 15:47:08 EDT)
• TippingPoint detection bypass Andres Riancho (Wed Jul 11 2007 - 08:20:19 EDT)
• 0day linux 2.6 /dev/mem rootkit found James E. Jones (Wed Jul 11 2007 - 11:53:21 EDT)
• iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability iDefense Labs (Wed Jul 11 2007 - 14:19:20 EDT)
• iDefense Security Advisory 07.11.07: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability iDefense Labs (Wed Jul 11 2007 - 14:01:38 EDT)
• Dotclear remote script execution Sacha (Wed Jul 11 2007 - 13:38:36 EDT)
• Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities Cisco Systems Product Security Incident Response Team (Wed Jul 11 2007 - 12:00:00 EDT)
• Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities Cisco Systems Product Security Incident Response Team (Wed Jul 11 2007 - 12:00:00 EDT)
• Powered By Dvbbs Version 7.1.0 Sp1 By Pass RaeD(at)BsdMail.Com (Wed Jul 11 2007 - 06:46:04 EDT)
• Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Wed Jul 11 2007 - 11:13:03 EDT)
  • Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Noam Rathaus (Wed Jul 11 2007 - 11:32:53 EDT)
    • Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Wed Jul 11 2007 - 11:46:56 EDT)
• SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability does_not_exist(at)jmp-esp.kicks-ass.net (Wed Jul 11 2007 - 10:10:30 EDT)
• rPSA-2007-0137-1 tshark wireshark rPath Update Announcements (Wed Jul 11 2007 - 09:11:52 EDT)
• Advisory: Arbitrary kernel mode memory writes in AVG john-lindsay(at)ngssoftware.com (Wed Jul 11 2007 - 08:55:06 EDT)
• Low Risk Vulnerability in Active Directory NGSSoftware Insight Security Research (Wed Jul 11 2007 - 06:07:04 EDT)
• [USN-482-1] OpenOffice.org vulnerability Kees Cook (Wed Jul 11 2007 - 05:17:25 EDT)
• durito: enVivo!CMS SQL injection 3APA3A (Wed Jul 11 2007 - 04:29:32 EDT)
• SUN Java JNLP Overflow Brett Moore (Tue Jul 10 2007 - 22:37:26 EDT)
• [ MDKSA-2007:145 ] - Updated wireshark packages fix multiple vulnerabilities security(at)mandriva.com (Tue Jul 10 2007 - 22:03:33 EDT)
• Multiple .NET Null Byte Injection Vulnerabilities Paul Craig (Tue Jul 10 2007 - 17:46:12 EDT)
• XSS Tunnelling White Paper and Tool Ferruh Mavituna (Tue Jul 10 2007 - 17:51:02 EDT)
  • Re: XSS Tunnelling White Paper and Tool Security Guy (Wed Jul 11 2007 - 08:57:26 EDT)
• TippingPoint IPS Signature Evasion Paul Craig (Tue Jul 10 2007 - 17:37:03 EDT)
  • Re: TippingPoint IPS Signature Evasion 3APA3A (Wed Jul 11 2007 - 10:30:04 EDT)
    • RE: TippingPoint IPS Signature Evasion Paul Craig (Wed Jul 11 2007 - 16:44:26 EDT)
• EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference eEye Advisories (Tue Jul 10 2007 - 18:01:13 EDT)
• [ MDKSA-2007:144 ] - Updated OpenOffice.org packages fix RTF import vulnerability security(at)mandriva.com (Tue Jul 10 2007 - 15:06:46 EDT)
• SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface research(at)symantec.com (Mon Jul 09 2007 - 17:29:06 EDT)
• iDefense Security Advisory 07.09.07: IBM AIX libodm ODMPATH Stack Overflow Vulnerability iDefense Labs (Tue Jul 10 2007 - 13:10:20 EDT)
• Whitepaper - DNS pinning and web proxies Dafydd Stuttard (Tue Jul 10 2007 - 11:29:57 EDT)
  • Re: Whitepaper - DNS pinning and web proxies Amit Klein (Tue Jul 10 2007 - 14:19:05 EDT)
• Regarding http://www.securityfocus.com/bid/24744 urtrapped9(at)gmail.com (Tue Jul 10 2007 - 11:27:45 EDT)
• Entertainment CMS Admin Login Bypass mata(at)kw3rlndoarme.net (Tue Jul 10 2007 - 11:17:07 EDT)
• Flashbb <= 1.1.7 - Remote File Inclusion Exploit mata(at)kw3rlndoarme.net (Tue Jul 10 2007 - 11:16:38 EDT)
• Announce: RFIDIOt PC/SC support - new release 0.1p (July 2007) Adam Laurie (Tue Jul 10 2007 - 10:44:30 EDT)
• [USN-481-1] ImageMagick vulnerabilities Kees Cook (Tue Jul 10 2007 - 09:32:46 EDT)
• [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation security-alert(at)hp.com (Tue Jul 10 2007 - 08:53:45 EDT)
• [ MDKSA-2007:143 ] - Updated mplayer packages fix buffer overflow remote vulnerabilities security(at)mandriva.com (Tue Jul 10 2007 - 05:57:57 EDT)
• Internet Explorer 0day exploit Thor Larholm (Tue Jul 10 2007 - 01:09:23 EDT)
  • Re: Internet Explorer 0day exploit Gadi Evron (Tue Jul 10 2007 - 11:53:21 EDT)
    • Re: Internet Explorer 0day exploit Dragos Ruiu (Sat Jul 14 2007 - 22:40:42 EDT)
      • Re: Internet Explorer 0day exploit Gadi Evron (Sat Jul 14 2007 - 22:41:38 EDT)
      • Re: Internet Explorer 0day exploit Chris Stromblad (Wed Jul 18 2007 - 04:37:07 EDT)
      • Re: Internet Explorer 0day exploit Zow (Wed Jul 18 2007 - 12:53:09 EDT)
      • Re: Internet Explorer 0day exploit Chris Stromblad (Wed Jul 18 2007 - 16:12:11 EDT)
      • Re: Internet Explorer 0day exploit Zow (Thu Jul 19 2007 - 16:06:08 EDT)
      • Re: Internet Explorer 0day exploit Chris Stromblad (Fri Jul 20 2007 - 04:22:32 EDT)
      • Re: Internet Explorer 0day exploit Chad Perrin (Fri Jul 20 2007 - 17:08:52 EDT)
      • RE: Internet Explorer 0day exploit Ken Kousky (Sat Jul 21 2007 - 11:22:00 EDT)
      • RE: Internet Explorer 0day exploit Hugo van der Kooij (Tue Jul 24 2007 - 01:37:08 EDT)
      • RE: Internet Explorer 0day exploit Roger A. Grimes (Tue Jul 24 2007 - 10:54:00 EDT)
      • Re: Internet Explorer 0day exploit Bigby Findrake (Wed Jul 18 2007 - 14:37:02 EDT)
      • Re: Internet Explorer 0day exploit Chris Stromblad (Wed Jul 18 2007 - 16:17:13 EDT)
  • Re: Internet Explorer 0day exploit Aaron Katz (Fri Jul 20 2007 - 14:36:50 EDT)
    • Re: Re: Internet Explorer 0day exploit piercede(at)pdx.edu (Fri Jul 20 2007 - 14:35:47 EDT)
    • Re: Internet Explorer 0day exploit Aaron Katz (Fri Jul 20 2007 - 14:43:16 EDT)
• WinPcap NPF.SYS Privilege Elevation Vulnerability mballano(at)gmail.com (Mon Jul 09 2007 - 19:32:13 EDT)
  • Re: WinPcap NPF.SYS Privilege Elevation Vulnerability Gerald Combs (Tue Jul 10 2007 - 14:37:12 EDT)
    • Re: Re: WinPcap NPF.SYS Privilege Elevation Vulnerability mballano(at)gmail.com (Tue Jul 10 2007 - 15:21:54 EDT)
• iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability iDefense Labs (Mon Jul 09 2007 - 16:52:36 EDT)
  • Re: [Full-disclosure] iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability KJK::Hyperion (Wed Jul 11 2007 - 13:35:18 EDT)
• iDefense Security Advisory 07.09.07: Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities iDefense Labs (Mon Jul 09 2007 - 17:20:52 EDT)
• EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability eEye Advisories (Mon Jul 09 2007 - 17:09:41 EDT)
• [SECURITY] [DSA 1332-1] New vlc packages fix arbitrary code execution Moritz Muehlenhoff (Mon Jul 09 2007 - 13:56:42 EDT)
• Firefox wyciwyg:// cache zone bypass Michal Zalewski (Mon Jul 09 2007 - 09:37:26 EDT)
• Another You tube clone script vulnerability Samael De Icaro (Fri Jul 06 2007 - 18:53:56 EDT)
• CodeIgniter 1.5.3 vulnerabilities Åukasz Pilorz (Sun Jul 08 2007 - 11:54:09 EDT)
• PHP Comet-Server o_0p(at)hotmail.com (Sun Jul 08 2007 - 05:43:05 EDT)
• [Eleytt] 7LIPIEC2007 sapheal(at)hack.pl (Sat Jul 07 2007 - 17:02:23 EDT)
  • Re: [Eleytt] 7LIPIEC2007 Michal Zalewski (Mon Jul 09 2007 - 12:34:41 EDT)
  • Re: [Eleytt] 7LIPIEC2007 activereports.support(at)datadynamics.com (Mon Jul 23 2007 - 14:41:45 EDT)
    • Re: Re: [Eleytt] 7LIPIEC2007 michal.bucko(at)eleytt.com (Mon Jul 09 2007 - 15:36:28 EDT)
    • Re: Re: [Eleytt] 7LIPIEC2007 gynvael(at)coldwind.pl (Tue Jul 10 2007 - 17:46:47 EDT)
      • Re: Re: [Eleytt] 7LIPIEC2007 MichaÅ‚ Melewski (Thu Jul 12 2007 - 05:55:13 EDT)
• [SECURITY] [DSA 1331-1] New php4 packages fix arbitrary code execution Moritz Muehlenhoff (Sat Jul 07 2007 - 11:00:42 EDT)
• [SECURITY] [DSA 1330-1] New php5 packages fix arbitrary code execution Moritz Muehlenhoff (Sat Jul 07 2007 - 10:24:03 EDT)
• eTicket version 1.5.5 XSS Attack Vulnerability securityresearch(at)netvigilance.com (Sat Jul 07 2007 - 09:33:56 EDT)
• An Auction Site for Vulnerabilities Ivan . (Fri Jul 06 2007 - 02:39:29 EDT)
  • Re: An Auction Site for Vulnerabilities Radoslav Dejanoviæ (Sat Jul 07 2007 - 16:10:32 EDT)
• phpTrafficA <=1.4.3 Admin Login Bypass corrado.liotta(at)alice.it (Fri Jul 06 2007 - 14:28:23 EDT)
• [ GLSA 200707-05 ] Webmin, Usermin: Cross-site scripting vulnerabilities Raphael Marichez (Thu Jul 05 2007 - 18:56:27 EDT)
• [SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation Steve Kemp (Thu Jul 05 2007 - 16:11:33 EDT)
• AsteriDex (Asterisk / Trixbox) remote code execution Carl Livitt (Thu Jul 05 2007 - 12:24:44 EDT)
• SAP DB Web Server Stack Overflow NGSSoftware Insight Security Research (Thu Jul 05 2007 - 11:55:11 EDT)
• Internet Communication Manager Denial Of Service Attack NGSSoftware Insight Security Research (Thu Jul 05 2007 - 11:52:05 EDT)
• SAP Internet Graphics Server XSS and Heap Overflow NGSSoftware Insight Security Research (Thu Jul 05 2007 - 11:45:33 EDT)
• SAP Message Server Heap Overflow NGSSoftware Insight Security Research (Thu Jul 05 2007 - 11:49:17 EDT)
• EnjoySAP, SAP GUI for Windows - Stack Overflow NGSSoftware Insight Security Research (Thu Jul 05 2007 - 11:46:47 EDT)
• [NETRAGARD SECURITY ADVISORY][Maia Mailguard 1.0.2 Arbitrary Code Execution][NETRAGARD-20070628] Netragard Security Advisories (Thu Jul 05 2007 - 11:18:54 EDT)
• Redirection Vulnerability in wp-pass.php, WordPress 2.2.1 Nick S. Coblentz (Thu Jul 05 2007 - 11:14:20 EDT)
• Re: Serious holes affecting JFFNMS not(at)themoment.thanks (Thu Jul 05 2007 - 07:48:36 EDT)
• [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access security-alert(at)hp.com (Thu Jul 05 2007 - 07:19:05 EDT)
• Session fixation in Zen Cart CMS tomaz.bratusa(at)teamintell.com (Thu Jul 05 2007 - 02:36:49 EDT)
• [ MDKSA-2007:142 ] - Updated apache packages fix multiple security issues security(at)mandriva.com (Thu Jul 05 2007 - 00:08:41 EDT)
• [ MDKSA-2007:141 ] - Updated apache packages fix multiple security issues security(at)mandriva.com (Wed Jul 04 2007 - 23:56:57 EDT)
• [ MDKSA-2007:140 ] - Updated apache packages fix multiple security issues security(at)mandriva.com (Wed Jul 04 2007 - 23:42:33 EDT)
• [ MDKSA-2007:139 ] - Updated MySQL packages fix multiple security issues security(at)mandriva.com (Wed Jul 04 2007 - 18:54:20 EDT)
• [USN-480-1] Gimp vulnerability Kees Cook (Wed Jul 04 2007 - 18:48:40 EDT)
• Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c NGSSoftware Insight Security Research (Wed Jul 04 2007 - 11:47:14 EDT)
• PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27) Dragos Ruiu (Tue Jul 03 2007 - 23:32:44 EDT)
• SQL Injection in SaphpLesson2.0 "show.php" Sw33t.h4cK3r(at)hotmail.com (Wed Jul 04 2007 - 03:03:00 EDT)
• Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting GmbH (Wed Jul 04 2007 - 09:20:39 EDT)
• Fujitsu-Siemens ServerView Remote Command Execution RedTeam Pentesting GmbH (Wed Jul 04 2007 - 09:17:39 EDT)
• SQL Injection in saphp "showcat.php" Sw33t.h4cK3r(at)hotmail.com (Wed Jul 04 2007 - 03:09:28 EDT)
• Re: Remote File Include In Script SoftNews Media Group foster(at)ghc.ru (Wed Jul 04 2007 - 02:26:35 EDT)
• MySQLDumper vulnerability: Bypassing Apache based access control possible bugtraq(at)henningpingel.de (Tue Jul 03 2007 - 17:01:49 EDT)
• [ GLSA 200707-04 ] GNU C Library: Integer overflow Raphael Marichez (Tue Jul 03 2007 - 16:52:59 EDT)
• [ MDKSA-2007:138 ] - Updated kdebase packages fix Flash Player interaction vulnerability security(at)mandriva.com (Tue Jul 03 2007 - 16:37:31 EDT)
• Cross Site Scripting in Oliver Library Management System A. R. (Tue Jul 03 2007 - 13:01:30 EDT)
• Security on AIR: Local file access through JavaScript fukami (Tue Jul 03 2007 - 11:24:01 EDT)
• Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control NGSSoftware Insight Security Research (Tue Jul 03 2007 - 06:20:34 EDT)
• Moodle XSS / Liesbeth base CMS sensitive information disclosure 3APA3A (Tue Jul 03 2007 - 05:10:27 EDT)
• Two Unpublished IE Cases LIUDIEYU dot COM (Tue Jul 03 2007 - 01:15:22 EDT)
• [ GLSA 200707-02 ] OpenOffice.org: Two buffer overflows Raphael Marichez (Mon Jul 02 2007 - 17:16:54 EDT)
• High Risk Flaw in Sun's Java Web Start NGSSoftware Insight Security Research (Mon Jul 02 2007 - 15:06:44 EDT)
• AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights teh_lost_byte(at)yahoo.com (Mon Jul 02 2007 - 09:20:32 EDT)
  • Re[2]: Light Blog 4.1 XSS Vulnerability BlackHawk (Tue Jul 03 2007 - 07:52:31 EDT)
• AV Arcade 2.1b (view_page.php) Remote SQL Injection teh_lost_byte(at)yahoo.com (Mon Jul 02 2007 - 09:20:05 EDT)
• [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow Steve Kemp (Sun Jul 01 2007 - 15:12:18 EDT)
• PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities teh_lost_byte(at)yahoo.com (Mon Jul 02 2007 - 09:19:02 EDT)
• Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing. Aditya K Sood (Sun Jul 01 2007 - 12:53:42 EDT)
• FreeDomain.co.nr Clone SQL Injection teh_lost_byte(at)yahoo.com (Mon Jul 02 2007 - 09:17:32 EDT)
• eTicket v.1.5.1.1 Multiple Cross-Site Scripting darkz.gsa(at)gmail.com (Mon Jul 02 2007 - 03:42:56 EDT)
• [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files Steve Kemp (Sun Jul 01 2007 - 13:56:28 EDT)
• [ GLSA 200707-01 ] Firebird: Buffer overflow Raphael Marichez (Sun Jul 01 2007 - 17:41:31 EDT)
• [SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files Steve Kemp (Sun Jul 01 2007 - 14:50:24 EDT)