Mailing List Archive For bugtraq@securityfocus.com Dec 2007 By Thread

[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise zinho(at)hackerscenter.com (Thu Dec 27 2007 - 14:21:36 EST)
Instant Softwares DatingSite SQL Injection The-0utl4w-noreply(at)aria-security.net (Sat Dec 29 2007 - 20:39:12 EST)
LiveCart Multiple Cross-Site Scripting Vulnerabilities DoZ(at)HackersCenter.com (Sun Dec 30 2007 - 18:53:02 EST)
milliscripts (dir.php) Cross-Site Scripting Vulnerability sys-project(at)hotmail.com (Sun Dec 30 2007 - 11:59:06 EST)
[ GLSA 200712-22 ] Opera: Multiple vulnerabilities Pierre-Yves Rofes (Sun Dec 30 2007 - 12:17:19 EST)
Fingerprints in Astaro Security Gateway v7.1 morin.josh(at)gmail.com (Fri Dec 28 2007 - 00:06:12 EST)
Bitweaver source code disclosure, arbitrary file upload admin(at)bugreport.ir (Sun Dec 30 2007 - 07:04:20 EST)
[ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution Pierre-Yves Rofes (Sun Dec 30 2007 - 13:30:49 EST)
[ GLSA 200712-24 ] AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code Robert Buchholz (Sun Dec 30 2007 - 12:53:08 EST)
[ GLSA 200712-23 ] Wireshark: Multiple vulnerabilities Robert Buchholz (Sun Dec 30 2007 - 12:39:55 EST)
CCMS v3.1 Demo <= SQL Injection Vulnerability 0day pawel2827(at)gmail.com (Sat Dec 29 2007 - 15:16:07 EST)
CuteNews Arbitrary File Download AllVersion pawel2827(at)gmail.com (Sat Dec 29 2007 - 15:17:13 EST)
TK53 Advisory #2: Multiple vulnerabilities in ClamAV Lolek of TK53 (Sat Dec 29 2007 - 13:15:58 EST)
[ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities Robert Buchholz (Sat Dec 29 2007 - 11:25:03 EST)
[ GLSA 200712-20 ] ClamAV: Multiple vulnerabilities Robert Buchholz (Sat Dec 29 2007 - 11:12:29 EST)
[SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution Moritz Muehlenhoff (Fri Dec 28 2007 - 20:41:21 EST)
[ GLSA 200712-19 ] Syslog-ng: Denial of Service Robert Buchholz (Sat Dec 29 2007 - 10:59:52 EST)
[ GLSA 200712-18 ] Multi-Threaded DAAP Daemon: Multiple vulnerabilities Robert Buchholz (Sat Dec 29 2007 - 09:00:01 EST)
[ GLSA 200712-17 ] exiftags: Multiple vulnerabilities Pierre-Yves Rofes (Sat Dec 29 2007 - 08:59:30 EST)
[ GLSA 200712-16 ] Exiv2: Integer overflow Pierre-Yves Rofes (Sat Dec 29 2007 - 08:38:04 EST)
[ GLSA 200712-15 ] libexif: Multiple vulnerabilities Pierre-Yves Rofes (Sat Dec 29 2007 - 08:07:22 EST)
Buffer-overflow in CoolPlayer 217 Luigi Auriemma (Fri Dec 28 2007 - 13:17:13 EST)
[SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution Thijs Kinkhorst (Fri Dec 28 2007 - 11:31:08 EST)
[SECURITY] [DSA 1440-1] New inotify-tools packages fix arbitrary code execution Moritz Muehlenhoff (Fri Dec 28 2007 - 10:58:13 EST)
[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection Thijs Kinkhorst (Fri Dec 28 2007 - 10:41:20 EST)
[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression Thijs Kinkhorst (Thu Dec 27 2007 - 16:21:06 EST)
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities Florian Weimer (Fri Dec 28 2007 - 10:29:40 EST)
2z-project 0.9.6.1 Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] (Fri Dec 28 2007 - 08:26:11 EST)
FAQMasterFlexPlus multiple vulnerabilities Juan Galiana (Thu Dec 27 2007 - 22:26:34 EST)
OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities Juan Galiana (Thu Dec 27 2007 - 22:18:44 EST)
Buffer-overflow in Extended Module Player 2.5.1 Luigi Auriemma (Thu Dec 27 2007 - 12:23:45 EST)
Multiple vulnerabilities in libnemesi 0.6.4-rc1 Luigi Auriemma (Thu Dec 27 2007 - 12:26:46 EST)
Multiple vulnerabilities in Feng 0.1.15 Luigi Auriemma (Thu Dec 27 2007 - 12:25:41 EST)
PHP -> set_time_limit brancohat(at)gmail.com (Wed Dec 26 2007 - 16:14:05 EST)
[security bulletin] HPSBGN02298 SSRT071502 rev.2 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert(at)hp.com (Thu Dec 27 2007 - 07:31:29 EST)
Latest round of web hacking incidents for 2007 & Project news Ofer Shezaf (Thu Dec 27 2007 - 10:44:41 EST)
- RE: Latest round of web hacking incidents for 2007 & Project news Memisyazici, Aras (Sun Dec 30 2007 - 07:13:24 EST)
IPortalX Forums Cross-Site Scripting Vulnerability DoZ(at)HackersCenter.com (Thu Dec 27 2007 - 02:18:26 EST)
XZero Community Classifieds <= v4.95.11 LFI & SQL Injection office(at)rstzone.org (Wed Dec 26 2007 - 20:26:55 EST)
Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection sys-project(at)hotmail.com (Wed Dec 26 2007 - 17:32:01 EST)
Bid 24744 ? balrog(at)gmail.com (Sat Dec 22 2007 - 16:14:52 EST)
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities Moritz Muehlenhoff (Wed Dec 26 2007 - 08:20:33 EST)
Confixx Professional RFİ erne(at)ernealizm.us (Tue Dec 25 2007 - 13:23:33 EST)
TotalPlayer 3.0 .m3u crash david130490(at)hotmail.com (Mon Dec 24 2007 - 18:21:04 EST)
- Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma (Thu Dec 27 2007 - 05:27:11 EST)
- Re: TotalPlayer 3.0 .m3u crash Luigi Auriemma (Thu Dec 27 2007 - 05:42:07 EST)
  - Re: Re: TotalPlayer 3.0 .m3u crash david130490(at)hotmail.com (Thu Dec 27 2007 - 11:53:11 EST)
    - Re: Re: Re: TotalPlayer 3.0 .m3u crash david130490(at)hotmail.com (Thu Dec 27 2007 - 12:28:26 EST)
Multiple vulnerabilities in RUNCMS 1.6 by DSecRG Digital Security Research Group (Tue Dec 25 2007 - 10:12:05 EST)
Unicode buffer-overflow in Zoom Player 6.00b2 Luigi Auriemma (Mon Dec 24 2007 - 12:48:05 EST)
Double directory traversal in ImgSvr 0.6.21 Luigi Auriemma (Mon Dec 24 2007 - 12:20:57 EST)
Buffer-overflow and format string in VideoLAN VLC 0.8.6d Luigi Auriemma (Mon Dec 24 2007 - 12:18:32 EST)
Update: Clients buffer-overflow in Live for Speed 0.5X10 Luigi Auriemma (Mon Dec 24 2007 - 12:22:17 EST)
SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability sys-project(at)hotmail.com (Mon Dec 24 2007 - 12:05:37 EST)
[CVE-2007-5342] Apache Tomcat's default security policy is too open Mark Thomas (Sun Dec 23 2007 - 14:26:08 EST)
PHP <= 5.2.5 Safe Mode Bypass admin(at)bugreport.ir (Mon Dec 24 2007 - 06:50:44 EST)
- Re: PHP <= 5.2.5 Safe Mode Bypass shsuff(at)hotmail.com (Mon Dec 24 2007 - 12:19:08 EST)
  - Re: Re: PHP <= 5.2.5 Safe Mode Bypass Alireza Hassani (Tue Dec 25 2007 - 08:20:06 EST)
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 come2waraxe(at)yahoo.com (Sun Dec 23 2007 - 16:39:58 EST)
Jupiter Cms Multiple Vulnerabilities admin(at)bugreport.ir (Mon Dec 24 2007 - 06:55:18 EST)
pdflib long filename multiple bufferoverflows poplix (Sat Dec 22 2007 - 18:01:03 EST)
Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability Mesut Timur (Mon Dec 24 2007 - 08:52:58 EST)
[ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack ISecAuditors Security Advisories (Mon Dec 24 2007 - 02:32:12 EST)
Logaholic Web Analytics Software malibu.r(at)hotmail.com (Sun Dec 23 2007 - 00:29:38 EST)
[HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities DoZ(at)HackersCenter.com (Sat Dec 22 2007 - 12:37:20 EST)
- Re: [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities yannick.warnier(at)dokeos.com (Mon Dec 24 2007 - 06:29:57 EST)
Microsoft Office Publisher jplopezy(at)gmail.com (Sat Dec 22 2007 - 00:22:22 EST)
- Re: Microsoft Office Publisher fagian(at)gmail.com (Sun Dec 23 2007 - 12:19:33 EST)
My Blog Rfi beenudel1986(at)gmail.com (Sat Dec 22 2007 - 09:16:17 EST)
America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution evanchik(at)gmail.com (Fri Dec 21 2007 - 18:15:55 EST)
Word 2003 denial of service jplopezy(at)gmail.com (Fri Dec 21 2007 - 17:13:11 EST)
HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert(at)hp.com (Fri Dec 21 2007 - 17:12:41 EST)
[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability Williams, James K (Fri Dec 21 2007 - 14:26:42 EST)
Buffer-overflow in WinUAE 1.4.4 Luigi Auriemma (Fri Dec 21 2007 - 14:00:52 EST)
Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Fri Dec 21 2007 - 11:16:19 EST)
- RE: Cryptome: NSA has real-time access to Hushmail servers Jim Harrison (Fri Dec 21 2007 - 13:41:06 EST)
  - RE: Cryptome: NSA has real-time access to Hushmail servers M. Burnett (Sat Dec 22 2007 - 04:55:41 EST)
- RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God) (Fri Dec 21 2007 - 13:51:30 EST)
- RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Sat Dec 22 2007 - 07:02:18 EST)
  - Re: Cryptome: NSA has real-time access to Hushmail servers Valdis.Kletnieks(at)vt.edu (Wed Dec 26 2007 - 16:33:42 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers Kurt Buff (Thu Dec 27 2007 - 12:26:20 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers Seth (Thu Dec 27 2007 - 14:14:19 EST)
    - RE: Cryptome: NSA has real-time access to Hushmail servers Kevin Reiter (Thu Dec 27 2007 - 15:09:00 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers Steve Shockley (Thu Dec 27 2007 - 13:11:05 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers J. Oquendo (Thu Dec 27 2007 - 14:07:43 EST)
    - RE: Cryptome: NSA has real-time access to Hushmail servers Thor (Hammer of God) (Thu Dec 27 2007 - 14:18:57 EST)
    - RE: Cryptome: NSA has real-time access to Hushmail servers Craig Wright (Thu Dec 27 2007 - 14:24:24 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers Rob Thompson (Thu Dec 27 2007 - 14:18:55 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers mark seiden-via mac (Thu Dec 27 2007 - 17:06:25 EST)
    - Re: Cryptome: NSA has real-time access to Hushmail servers Jay Hennigan (Thu Dec 27 2007 - 11:58:40 EST)
- RE: Cryptome: NSA has real-time access to Hushmail servers Juha-Matti Laurio (Sun Dec 30 2007 - 18:36:10 EST)
Moodle SQL Injection root(at)hanicker.it (Fri Dec 21 2007 - 05:04:31 EST)
- Re: Moodle SQL Injection foo(at)bar.com (Fri Dec 21 2007 - 23:26:04 EST)
  - Re: Re: Moodle SQL Injection bar(at)foo.com (Sat Dec 22 2007 - 13:43:38 EST)
[USN-559-1] MySQL vulnerabilities Jamie Strandboge (Fri Dec 21 2007 - 02:25:53 EST)
CFP CISIS '08 hjan (Fri Dec 21 2007 - 04:11:27 EST)
[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Thu Dec 20 2007 - 17:28:26 EST)
Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio(at)antoniocortes.com (Thu Dec 20 2007 - 15:20:28 EST)
- Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability antonio(at)antoniocortes.com (Thu Dec 20 2007 - 15:25:39 EST)
PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability sys-project(at)hotmail.com (Thu Dec 20 2007 - 10:02:01 EST)
[security bulletin] HPSBUX02284 SSRT071483 rev.4 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access security-alert(at)hp.com (Thu Dec 20 2007 - 07:52:50 EST)
- Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability nbbn(at)gmx.net (Thu Dec 20 2007 - 16:20:32 EST)
SiteScape Forum TCL injection lolo lolo (Thu Dec 20 2007 - 04:52:43 EST)
[security bulletin] HPSBUX02295 SSRT071333 rev.1 - HP-UX Running rpc.yppasswdd, Remote Denial of Service (DoS) security-alert(at)hp.com (Thu Dec 20 2007 - 07:53:42 EST)
[security bulletin] HPSBTU02300 SSRT071452 rev.1 - HP Tru64 UNIX running FFM, Local Denial of Service (Dos) security-alert(at)hp.com (Thu Dec 20 2007 - 07:54:34 EST)
[Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection The-0utl4w-noreply(at)aria-security.net (Thu Dec 20 2007 - 00:20:09 EST)
Re: Re: NETGEAR WGT624 Wireless DSL router default user name/password vulnerability mj(at)gayrockies.net (Thu Dec 20 2007 - 12:38:59 EST)
iSupport v1.8 Local file include vulnerability ahcrew(at)gmail.com (Wed Dec 19 2007 - 23:17:52 EST)
Black Hat Briefings Call for Papers and Happy Happy Joy Joy jmoss (Wed Dec 19 2007 - 18:23:30 EST)
xeCMS 1.x.x Remote File Disclosure Vulnerability. p4imi0 (Wed Dec 19 2007 - 16:47:55 EST)
HP laptops Software Update tool vulnerability porkythepig(at)anspi.pl (Wed Dec 19 2007 - 15:39:51 EST)
[SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Wed Dec 19 2007 - 12:38:04 EST)
Array overflow in id3lib (devel CVS) Luigi Auriemma (Wed Dec 19 2007 - 12:59:03 EST)
SYMSA-2007-015 research(at)symantec.com (Tue Dec 18 2007 - 15:14:02 EST)
Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module Cisco Systems Product Security Incident Response Team (Wed Dec 19 2007 - 10:20:00 EST)
smbfs and apache+php source code disclosure Maciej G±siorowski (Wed Dec 19 2007 - 05:14:50 EST)
[USN-557-1] GD library vulnerability Jamie Strandboge (Tue Dec 18 2007 - 20:34:03 EST)
[ GLSA 200712-14 ] CUPS: Multiple vulnerabilities Robert Buchholz (Tue Dec 18 2007 - 17:26:41 EST)
[ GLSA 200712-13 ] E2fsprogs: Multiple buffer overflows Robert Buchholz (Tue Dec 18 2007 - 15:48:56 EST)
Google Toolbar Dialog Spoofing Vulnerability avivra (Tue Dec 18 2007 - 15:13:46 EST)
AST-2007-027 - Database matching order permits host-based authentication to be ignored Security Officer (Tue Dec 18 2007 - 15:03:42 EST)
Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow(at)hushmail.com (Tue Dec 18 2007 - 14:33:27 EST)
- Re: Tiger Team: New TV series about pen testers airing on CourtTV Dec 25 11 pm blackredyellow(at)hushmail.com (Wed Dec 26 2007 - 23:17:50 EST)
iDefense Security Advisory 12.17.07: Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Vulnerability iDefense Labs (Tue Dec 18 2007 - 13:25:39 EST)
rPSA-2007-0269-1 kernel rPath Update Announcements (Tue Dec 18 2007 - 13:42:31 EST)
iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability iDefense Labs (Tue Dec 18 2007 - 13:26:49 EST)
[USN-556-1] Samba vulnerability Kees Cook (Tue Dec 18 2007 - 14:27:46 EST)
[security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069 security-alert(at)hp.com (Tue Dec 18 2007 - 08:32:42 EST)
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability zdi-disclosures(at)3com.com (Mon Dec 17 2007 - 18:42:57 EST)
SyScan'08 Call For Paper/Training organiser(at)syscan.org (Tue Dec 18 2007 - 02:12:50 EST)
ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability zdi-disclosures(at)3com.com (Mon Dec 17 2007 - 18:55:04 EST)
ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability zdi-disclosures(at)3com.com (Mon Dec 17 2007 - 18:57:58 EST)
Multiple xss in mambo 4.6.2 beenudel1986(at)gmail.com (Tue Dec 18 2007 - 08:25:29 EST)
- Re: Multiple xss in mambo 4.6.2 Hanno BÃ¶ck (Wed Dec 26 2007 - 16:52:42 EST)
Rosoft Media Player 4.1.7 crash jplopezy(at)gmail.com (Tue Dec 18 2007 - 00:53:52 EST)
rPSA-2007-0268-1 kdebase rPath Update Announcements (Mon Dec 17 2007 - 17:01:42 EST)
Apple OS X Software Update Remote Command Execution Moritz Jodeit (Mon Dec 17 2007 - 16:47:29 EST)
Uber Uploader <= 5.3.6 Remote File Upload Vulnerability sys-project(at)hotmail.com (Mon Dec 17 2007 - 16:17:46 EST)
- Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability recklessb(at)users.sourceforge.net (Tue Dec 18 2007 - 15:31:13 EST)
SurgeMail v.38k4 webmail Host header crash retrog(at)alice.donotspam.it (Mon Dec 17 2007 - 14:45:30 EST)
RaidenHTTPD 2.0.19 ulang cmd exec poc exploit retrog(at)alice.donotspam.it (Mon Dec 17 2007 - 14:40:09 EST)
rPSA-2007-0266-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (Mon Dec 17 2007 - 14:26:12 EST)
Heap overflow in PeerCast 0.1217 Luigi Auriemma (Mon Dec 17 2007 - 12:22:04 EST)
PHP Security Framework: Vuln and Security Bypass gmdarkfig(at)gmail.com (Sun Dec 16 2007 - 13:48:08 EST)
[SECURITY] [DSA 1434-1] New mydns packages fix denial of service Thijs Kinkhorst (Sun Dec 16 2007 - 16:18:26 EST)
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code Steve Kemp (Sun Dec 16 2007 - 10:13:36 EST)
release uhooker v1.3 Hernan Ochoa (Mon Dec 17 2007 - 08:19:45 EST)
[SECURITY] [DSA 1433-1] New centericq packages fix execution of code Steve Kemp (Sun Dec 16 2007 - 14:54:43 EST)
jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow gforce(at)operamail.com (Mon Dec 17 2007 - 09:13:02 EST)
neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006(at)yahoo.com (Sun Dec 16 2007 - 18:13:42 EST)
ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler (Mon Dec 17 2007 - 05:38:05 EST)
- Re: [syslog-ng] ZSA-2007-029: syslog-ng Denial of Service Balazs Scheidler (Mon Dec 17 2007 - 09:26:04 EST)
ClubHack2007: Presentation are online now `ClubHack ` (Sat Dec 15 2007 - 06:55:06 EST)
Wordpress - Broken Access Control th3.r00k.nospam(at)pork.gmail.com (Fri Dec 14 2007 - 17:07:11 EST)
- Re: Wordpress - Broken Access Control otto(at)ottodestruct.com (Sun Dec 16 2007 - 05:07:29 EST)
  - Re: Wordpress - Broken Access Control Abel Cheung (Wed Dec 19 2007 - 16:29:01 EST)
- Re: Wordpress - Broken Access Control th3.r00k.nospam(at)pork.gmail.com (Mon Dec 17 2007 - 21:16:01 EST)
- Re: Wordpress - Broken Access Control otto(at)ottodestruct.com (Wed Dec 19 2007 - 15:07:40 EST)
PHP RPG - Sql Injection and Session Information Disclosure. th3.r00k.nospam(at)pork.gmail.com (Fri Dec 14 2007 - 17:08:05 EST)
Oreon/Centreon - Multiple Remote File Inclusion th3.r00k.nospam(at)pork.gmail.com (Fri Dec 14 2007 - 17:06:19 EST)
Anon Proxy Server - Remote Code Execution th3.r00k.nospam(at)pork.gmail.com (Fri Dec 14 2007 - 17:05:35 EST)
[security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access security-alert(at)hp.com (Sat Dec 15 2007 - 06:14:00 EST)
Phpay - Local File Inclusion th3.r00k.nospam(at)pork.gmail.com (Fri Dec 14 2007 - 17:03:52 EST)
POC for samba send_mailslot() x 86 (Fri Dec 14 2007 - 15:34:01 EST)
ANNOUNCE: SquirrelMail 1.4.13 Released Jon Angliss (Fri Dec 14 2007 - 12:22:45 EST)
[ MDKSA-2007:246 ] - Updated Firefox packages fix multiple vulnerabilities security(at)mandriva.com (Fri Dec 14 2007 - 01:39:14 EST)
[ISR] - Novell Groupwise client remote stack overflow silently patched. ISR-noreply (Fri Dec 14 2007 - 09:47:39 EST)
HPSBUX02296 SSRT071504 rev.2 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert(at)hp.com (Fri Dec 14 2007 - 07:19:50 EST)
PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991(at)gmail.com (Fri Dec 14 2007 - 03:42:16 EST)
- Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug theredc0ders(at)gmail.com (Sun Dec 16 2007 - 20:37:53 EST)
  - Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991(at)gmail.com (Mon Dec 17 2007 - 15:46:40 EST)
+ Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 swhite(at)securestate.com (Thu Dec 13 2007 - 17:05:07 EST)
[ MDKSA-2007:245 ] - Updated wpa_supplicant package fixes remote denial of service security(at)mandriva.com (Thu Dec 13 2007 - 16:19:46 EST)
[ GLSA 200712-12 ] IRC Services: Denial of Service Pierre-Yves Rofes (Thu Dec 13 2007 - 15:48:41 EST)
[ GLSA 200712-11 ] Portage: Information disclosure Pierre-Yves Rofes (Thu Dec 13 2007 - 15:13:40 EST)
SECURITY: 1.4.12 Package Compromise Jon Angliss (Thu Dec 13 2007 - 11:49:40 EST)
[USN-550-3] Cairo regression Kees Cook (Wed Dec 12 2007 - 23:18:42 EST)
MS Office 2007: Target of Hyperlinks not covered by Digital Signatures poehls(at)informatik.uni-hamburg.de (Thu Dec 13 2007 - 10:07:09 EST)
Hosting Controller - Multiple Security Bugs (Extremely Critical) admin(at)bugreport.ir (Thu Dec 13 2007 - 07:15:12 EST)
Fwd: Websense 6.3.1 Filtering Bypass The Security Community (Wed Dec 12 2007 - 18:31:52 EST)
- RE: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass Hubbard, Dan (Thu Dec 13 2007 - 09:49:08 EST)
SQL MKPortal M1.1 Rc1 Sw33t.h4cK3r(at)hotmail.com (Wed Dec 12 2007 - 04:57:51 EST)
[security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) security-alert(at)hp.com (Thu Dec 13 2007 - 08:35:45 EST)
OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents poehls(at)informatik.uni-hamburg.de (Thu Dec 13 2007 - 10:14:26 EST)
[security bulletin] HPSBUX02296 SSRT071504 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code security-alert(at)hp.com (Thu Dec 13 2007 - 08:36:58 EST)
QK SMTP Server 3 - Denial of service jplopezy(at)gmail.com (Wed Dec 12 2007 - 17:39:54 EST)
iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability iDefense Labs (Wed Dec 12 2007 - 14:47:20 EST)
rPSA-2007-0264-1 mod_dav_svn subversion rPath Update Announcements (Wed Dec 12 2007 - 14:34:57 EST)
iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability iDefense Labs (Wed Dec 12 2007 - 14:02:40 EST)
MS Office 2007: Digital Signature does not protect Meta-Data poehls(at)informatik.uni-hamburg.de (Wed Dec 12 2007 - 05:35:21 EST)
- AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar (Thu Dec 13 2007 - 11:42:03 EST)
  - Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls (Fri Dec 14 2007 - 06:07:59 EST)
    - AW: MS Office 2007: Digital Signature does not protect Meta-Data Naujoks, Hans-Dietmar (Fri Dec 14 2007 - 08:56:15 EST)
    - Re: AW: MS Office 2007: Digital Signature does not protect Meta-Data webmaster(at)networkdefense.biz (Thu Dec 13 2007 - 16:12:20 EST)
    - Re: MS Office 2007: Digital Signature does not protect Meta-Data Henrich C. Poehls (Wed Dec 19 2007 - 08:37:01 EST)
Cpanel Vulnerability? Francisco Pecorella (Wed Dec 12 2007 - 08:16:21 EST)
- Re: Cpanel Vulnerability? Charles Hardin (Wed Dec 12 2007 - 10:28:47 EST)
  - Re: Re: Cpanel Vulnerability? gdfuego(at)gmail.com (Wed Dec 12 2007 - 12:05:24 EST)
[SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Tue Dec 11 2007 - 23:11:50 EST)
[ MDKSA-2007:244 ] - Updated samba packages fix vulnerability security(at)mandriva.com (Tue Dec 11 2007 - 21:15:31 EST)
[SECURITY] [DSA 1431-1] New ruby-gnome2 packages fix execution of arbitrary code Steve Kemp (Tue Dec 11 2007 - 17:47:49 EST)
[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service Steve Kemp (Tue Dec 11 2007 - 17:22:13 EST)
ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability zdi-disclosures(at)3com.com (Tue Dec 11 2007 - 17:21:47 EST)
ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability zdi-disclosures(at)3com.com (Tue Dec 11 2007 - 17:18:32 EST)
[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting Steve Kemp (Tue Dec 11 2007 - 17:11:41 EST)
ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption zdi-disclosures(at)3com.com (Tue Dec 11 2007 - 17:08:39 EST)
ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability zdi-disclosures(at)3com.com (Tue Dec 11 2007 - 16:54:33 EST)
Meridian Prolog Manager Username and Plain Text Password Disclosure Prolog Error (Tue Dec 11 2007 - 16:42:59 EST)
Black Hat Briefings Call for Papers jmoss (Tue Dec 11 2007 - 15:46:20 EST)
HP notebooks remote code execution vulnerability (multiple series) porkythepig(at)anspi.pl (Tue Dec 11 2007 - 14:30:43 EST)
SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS imei Addmimistrator (Tue Dec 11 2007 - 03:15:05 EST)
PGMfuzz - a tool for testing Pragmatic General Multicast protocol implementations IRM Research (Tue Dec 11 2007 - 12:42:06 EST)
rPSA-2007-0262-1 e2fsprogs rPath Update Announcements (Tue Dec 11 2007 - 12:59:24 EST)
[ MDKSA-2007:241 ] - Updated tomcat5 packages fix multiple vulnerabilities security(at)mandriva.com (Mon Dec 10 2007 - 18:18:35 EST)
[SECURITY] [DSA 1481-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Tue Dec 11 2007 - 00:51:52 EST)
[ MDKSA-2007:243 ] - Updated MySQL packages fix multiple vulnerabilities security(at)mandriva.com (Mon Dec 10 2007 - 20:18:23 EST)
[ MDKSA-2007:242 ] - Updated e2fsprogs packages fix vulnerability security(at)mandriva.com (Mon Dec 10 2007 - 20:03:17 EST)
ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities zdi-disclosures(at)3com.com (Mon Dec 10 2007 - 17:50:19 EST)
[ GLSA 200712-10 ] Samba: Execution of arbitrary code Pierre-Yves Rofes (Mon Dec 10 2007 - 16:03:03 EST)
WASC Announcement: The Script Mapping Project Results and Call for Participation announcements(at)webappsec.org (Mon Dec 10 2007 - 15:50:21 EST)
Dell / Dell Financial Services - Contact Justin(at)InfoTek (Mon Dec 10 2007 - 14:49:40 EST)
- Re: Dell / Dell Financial Services - Contact Juha-Matti Laurio (Mon Dec 10 2007 - 16:58:00 EST)
[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution Moritz Muehlenhoff (Mon Dec 10 2007 - 15:43:14 EST)
[USN-550-2] Cairo regression Kees Cook (Mon Dec 10 2007 - 15:36:29 EST)
Filesystem access in DOSBox 0.72 Luigi Auriemma (Mon Dec 10 2007 - 15:11:31 EST)
Multiple vulnerabilities in BadBlue 2.72b Luigi Auriemma (Mon Dec 10 2007 - 15:09:29 EST)
Multiple vulnerabilities in BarracudaDrive 3.7.2 Luigi Auriemma (Mon Dec 10 2007 - 15:08:44 EST)
WordPress Charset SQL injection vulnerability (re-resend) Abel Cheung (Mon Dec 10 2007 - 14:22:37 EST)
rPSA-2007-0261-1 samba samba-swat rPath Update Announcements (Mon Dec 10 2007 - 13:46:40 EST)
[SECURITY] Buffer overrun in send_mailslot() Gerald (Jerry) Carter (Mon Dec 10 2007 - 08:50:40 EST)
Advisory: Websense XSS Vulnerability Liquidmatrix Security Digest (Mon Dec 10 2007 - 11:06:35 EST)
[ GLSA 200712-07 ] Lookup: Insecure temporary file creation Pierre-Yves Rofes (Sun Dec 09 2007 - 16:42:45 EST)
Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability Secunia Research (Mon Dec 10 2007 - 10:56:42 EST)
[ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities Pierre-Yves Rofes (Sun Dec 09 2007 - 17:04:21 EST)
Falt4 CMS Security Report/Advisory Mesut Timur (Mon Dec 10 2007 - 10:40:43 EST)
squids ICAP implementation lacks a defer check when reading from ICAP server Martin Huter (Mon Dec 10 2007 - 04:17:25 EST)
SQL injection - GestDownV1.00Beta bebe(at)gmail.com (Sat Dec 08 2007 - 21:49:47 EST)
[ GLSA 200712-05 ] PEAR::MDB2: Information disclosure Pierre-Yves Rofes (Sun Dec 09 2007 - 16:14:50 EST)
[ GLSA 200712-06 ] Firebird: Multiple buffer overflows Pierre-Yves Rofes (Sun Dec 09 2007 - 16:27:29 EST)
[ GLSA 200712-04 ] Cairo: User-assisted execution of arbitrary code Pierre-Yves Rofes (Sun Dec 09 2007 - 15:16:27 EST)
bttlxeForum Multiple SQL Injection And Cross Site Scripting noreply(at)aria-security.net (Sat Dec 08 2007 - 20:01:31 EST)
[ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities Pierre-Yves Rofes (Sun Dec 09 2007 - 14:54:21 EST)
Security and hacking papers Ork (Mon Dec 10 2007 - 07:50:18 EST)
Bitweaver XSS & SQL Injection Vulnerability DoZ(at)HackersCenter.com (Sun Dec 09 2007 - 14:30:13 EST)
[ GLSA 200712-09 ] Ruby-GNOME2: Format string error Pierre-Yves Rofes (Sun Dec 09 2007 - 17:17:39 EST)
Flat PHP Board <= 1.2 Multiple Vulnerabilities kingoftheworld92(at)fastwebnet.it (Sun Dec 09 2007 - 10:35:25 EST)
CVE-2007-6205 Hanno BÃ¶ck (Mon Dec 10 2007 - 09:01:46 EST)
Unsanitized scripting in RoundCube webmail Tomas Kuliavas (Sun Dec 09 2007 - 08:39:34 EST)
The Cookie Tools v0.3 -- first public release michele dallachiesa (Mon Dec 10 2007 - 08:45:55 EST)
Two vulnerabilities in SquirrelMail GPG plugin Tomas Kuliavas (Sun Dec 09 2007 - 08:39:11 EST)
Call for Papers - Security and High Performance Computing System 2008 shpcs08(at)atilf.no (Mon Dec 10 2007 - 04:31:09 EST)
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability brainheadbrainhead(at)gmx.de (Sat Dec 08 2007 - 17:53:59 EST)
Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection no-reply(at)Aria-Security.net (Sat Dec 08 2007 - 16:26:04 EST)
[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities Moritz Muehlenhoff (Sat Dec 08 2007 - 06:54:32 EST)
[USN-555-1] e2fsprogs vulnerability Kees Cook (Fri Dec 07 2007 - 23:56:09 EST)
Media Player Classic 6.4.9 MP4 Stack Overflow 0-day gforce(at)operamail.com (Fri Dec 07 2007 - 20:54:52 EST)
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Rob Thompson (Mon Dec 10 2007 - 14:28:39 EST)
- Re: Media Player Classic 6.4.9 MP4 Stack Overflow 0-day Matthew Leeds (Wed Dec 12 2007 - 12:56:46 EST)
Windows media player 6.4 MP4 Stack Overflow 0-day gforce(at)operamail.com (Fri Dec 07 2007 - 20:53:27 EST)
[SECURITY] [DSA 1425-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Sat Dec 08 2007 - 06:40:53 EST)
Nullsoft Winamp MP4 tags Stack Overflow gforce(at)operamail.com (Fri Dec 07 2007 - 20:51:31 EST)
Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Luigi Auriemma (Fri Dec 07 2007 - 17:01:28 EST)
Upload directory traversal in Easy File Sharing 4.5 Luigi Auriemma (Fri Dec 07 2007 - 17:00:52 EST)
Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) Luigi Auriemma (Fri Dec 07 2007 - 17:01:42 EST)
Two vulnerabilities in Simple HTTPD 1.38 Luigi Auriemma (Fri Dec 07 2007 - 17:01:17 EST)
[ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw security(at)mandriva.com (Fri Dec 07 2007 - 16:20:58 EST)
Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability jaakkoNOSPAM(at)NOSPAMritke.fi (Fri Dec 07 2007 - 14:25:02 EST)
[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities Steve Kemp (Fri Dec 07 2007 - 13:56:32 EST)
R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities advisory(at)rapid7.com (Thu Dec 06 2007 - 17:57:52 EST)
TCP Port randomization paper Fernando Gont (Thu Dec 06 2007 - 19:45:04 EST)
- RE: TCP Port randomization paper Amit Klein (Tue Dec 11 2007 - 08:56:31 EST)
  - Re: RE: TCP Port randomization paper Amit Klein (Tue Dec 18 2007 - 02:28:16 EST)
- Re: TCP Port randomization paper Fernando Gont (Tue Dec 11 2007 - 18:15:48 EST)
[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS ISecAuditors Security Advisories (Fri Dec 07 2007 - 06:31:51 EST)
rPSA-2007-0260-1 firefox rPath Update Announcements (Thu Dec 06 2007 - 18:17:44 EST)
[ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability security(at)mandriva.com (Thu Dec 06 2007 - 20:25:12 EST)
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution Steve Kemp (Fri Dec 07 2007 - 08:21:05 EST)
Potential SQL injection vulnerability in Apache::AuthCAS Matthias Bethke (Thu Dec 06 2007 - 19:41:14 EST)
[CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities Williams, James K (Thu Dec 06 2007 - 19:09:16 EST)
ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability zdi-disclosures(at)3com.com (Thu Dec 06 2007 - 17:31:57 EST)
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows zdi-disclosures(at)3com.com (Thu Dec 06 2007 - 17:40:02 EST)
[USN-554-1] teTeX and TeX Live vulnerabilities Jamie Strandboge (Thu Dec 06 2007 - 16:04:59 EST)
[ MDKSA-2007:238 ] - Updated liblcms package fixes buffer overflow security(at)mandriva.com (Thu Dec 06 2007 - 16:00:53 EST)
[Security Advisorie] OpenNewsletter v2.5 Multipe XSS Attacks Sarasa (Thu Dec 06 2007 - 13:51:44 EST)
UPDATE: [ GLSA 200711-29 ] Samba: Execution of arbitrary code Pierre-Yves Rofes (Wed Dec 05 2007 - 18:22:55 EST)
[XSS] OpenNewsletter v2.5 Multipe XSS Attacks bugtraq(at)darkprotocols.net (Thu Dec 06 2007 - 12:33:17 EST)
HITBSecConf2007 Malaysia Videos Now Available Praburaajan (Thu Dec 06 2007 - 00:26:27 EST)
SQUID-2007:2, Dec 4, 2007 Adrian Chadd (Thu Dec 06 2007 - 06:24:22 EST)
NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability NSFOCUS Security Team (Thu Dec 06 2007 - 00:44:53 EST)
[SECURITY] [DSA 1421-1] New wesnoth packages fix arbitrary file disclosure Martin Schulze (Thu Dec 06 2007 - 06:04:40 EST)
Aria-Security.Net: PenPals Login and search page SQL Injection no-reply(at)Aria-Security.net (Thu Dec 06 2007 - 00:26:58 EST)
[UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability cocoruder (Thu Dec 06 2007 - 00:28:21 EST)
[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code security-alert(at)hp.com (Thu Dec 06 2007 - 08:28:54 EST)
Avast! AntiVirus TAR Processing Remote Heap Corruption Sowhat (Thu Dec 06 2007 - 02:26:49 EST)
[ GLSA 200712-01 ] Hugin: Insecure temporary file creation Pierre-Yves Rofes (Wed Dec 05 2007 - 17:22:22 EST)
ezContents Version 1.4.5 Remote File Disclosure Vulnerability. p4imi0 (Wed Dec 05 2007 - 17:33:43 EST)
SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. kingoftheworld92(at)fastwebnet.it (Wed Dec 05 2007 - 17:24:47 EST)
- Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. carlo.feller(at)gmail.com (Tue Dec 18 2007 - 08:01:39 EST)
[ GLSA 200712-02 ] Cacti: SQL injection Pierre-Yves Rofes (Wed Dec 05 2007 - 17:42:41 EST)
Firefox 2.0.0.11 INPUT Denial Of Service azizov(at)itdefence.ru (Wed Dec 05 2007 - 14:34:23 EST)
Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Wed Dec 05 2007 - 13:06:57 EST)
[SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation Thijs Kinkhorst (Wed Dec 05 2007 - 14:14:40 EST)
[ELEYTT] Public Advisory 05-12-2007 Michal Bucko (Tue Dec 04 2007 - 21:39:07 EST)
[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution Martin Schulze (Wed Dec 05 2007 - 10:19:43 EST)
Advisory: Cross Site Scripting in CiscoWorks Liquidmatrix Security Digest (Wed Dec 05 2007 - 09:14:02 EST)
Sql Injection in wordpress 2.3.1 beenudel1986(at)gmail.com (Wed Dec 05 2007 - 06:14:04 EST)
- Re: Sql Injection in wordpress 2.3.1 alan(at)verselogic.net (Wed Dec 05 2007 - 13:42:44 EST)
- Re: Sql Injection in wordpress 2.3.1 shino(at)jenux.homelinux.org (Wed Dec 05 2007 - 14:27:09 EST)
[USN-553-1] Mono vulnerability Kees Cook (Tue Dec 04 2007 - 19:08:19 EST)
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability erdc(at)echo.or.id (Wed Dec 05 2007 - 05:44:02 EST)
rPSA-2007-0257-1 rsync rPath Update Announcements (Tue Dec 04 2007 - 18:30:21 EST)
Opera 9.50 beta and prior remote DoS (freeze) gynvael(at)vexillium.org (Wed Dec 05 2007 - 02:13:59 EST)
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Michal Bucko (Tue Dec 04 2007 - 21:38:21 EST)
Blind Sql-Injection in Joomla 1.5 RC3 beenudel1986(at)gmail.com (Tue Dec 04 2007 - 22:51:48 EST)
[USN-552-1] Perl vulnerability Kees Cook (Tue Dec 04 2007 - 19:07:16 EST)
[ MDKSA-2007:237 ] - Updated openssl packages fix DTLS vulnerability security(at)mandriva.com (Tue Dec 04 2007 - 22:24:36 EST)
[ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability security(at)mandriva.com (Tue Dec 04 2007 - 22:18:16 EST)
The recent number of unpatched QuickTime flaws is: two Juha-Matti Laurio (Tue Dec 04 2007 - 19:53:13 EST)
[USN-546-2] Firefox regression Kees Cook (Tue Dec 04 2007 - 15:56:11 EST)
RFI and Multiple XSS in PhpMyChat beenudel1986(at)gmail.com (Tue Dec 04 2007 - 13:01:55 EST)
TIBCO Rendezvous Exploitation Video IRM Research (Tue Dec 04 2007 - 12:29:50 EST)
CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability CORE Security Technologies Advisories (Tue Dec 04 2007 - 11:26:02 EST)
Re: Powerschool 404 Admin Exposure bob(at)hotmail.com (Tue Dec 04 2007 - 11:28:15 EST)
[security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access security-alert(at)hp.com (Tue Dec 04 2007 - 12:38:40 EST)
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection research(at)procheckup.com (Tue Dec 04 2007 - 09:20:36 EST)
The first release of SWFIntruder is out ! Stefano Di Paola (Tue Dec 04 2007 - 11:07:22 EST)
(Re-post) ATC-08 CFP atc08(at)atilf.no (Tue Dec 04 2007 - 05:48:02 EST)
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd) Gadi Evron (Tue Dec 04 2007 - 02:13:53 EST)
[ MDKSA-2007:234 ] - Updated vixie-cron packages fix DoS vulnerability security(at)mandriva.com (Mon Dec 03 2007 - 18:33:15 EST)
[USN-551-1] OpenLDAP vulnerabilities Jamie Strandboge (Mon Dec 03 2007 - 22:16:06 EST)
Snitz2000 SQL Injection: A user can gain admin level admin(at)bugreport.ir (Mon Dec 03 2007 - 17:21:06 EST)
[ MDKSA-2007:235 ] - Updated apache packages fix vulnerabilities security(at)mandriva.com (Mon Dec 03 2007 - 18:45:14 EST)
[USN-549-2] PHP regression Kees Cook (Mon Dec 03 2007 - 22:45:53 EST)
SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability Bernhard Mueller (Tue Dec 04 2007 - 08:56:42 EST)
[MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets Thomas Roessler (Mon Dec 03 2007 - 18:04:57 EST)
- Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets) Thomas Roessler (Tue Dec 04 2007 - 11:35:40 EST)
[USN-550-1] Cairo vulnerability Kees Cook (Mon Dec 03 2007 - 16:42:42 EST)
SYMSA-2007-014: SQL Injection Vulnerability in Beehive Forum Software research(at)symantec.com (Mon Dec 03 2007 - 13:58:38 EST)
Fwd: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability imipak (Mon Dec 03 2007 - 14:10:38 EST)
McAfee SecurityCenter Privacy Service HTML Execution Vulnerability DoZ(at)HackersCenter.com (Mon Dec 03 2007 - 10:57:55 EST)
Lotfian Brochure and cataloge Script XSS And SQL Injection noreply(at)aria-security.net (Sun Dec 02 2007 - 22:23:26 EST)
PR06-09: BEA Plumtree portal full version disclosure vulnerability research(at)procheckup.com (Sat Dec 01 2007 - 16:14:07 EST)
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users research(at)procheckup.com (Sat Dec 01 2007 - 16:32:37 EST)
sing (debian) vunlerability? Milen Rangelov (Mon Dec 03 2007 - 03:32:26 EST)
- Re: sing (debian) vunlerability? Moritz Muehlenhoff (Tue Dec 04 2007 - 16:11:46 EST)
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps AKS aka (0kn0ck) (Mon Dec 03 2007 - 16:27:12 EST)
[SECURITY] [DSA 1418-1] New cacti packages fix SQL injection Thijs Kinkhorst (Sun Dec 02 2007 - 07:22:32 EST)
[SECURITY] [DSA 1417-1] New asterisk packages fix SQL injection Moritz Muehlenhoff (Sun Dec 02 2007 - 07:06:03 EST)
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability research(at)procheckup.com (Sat Dec 01 2007 - 16:04:34 EST)
- Re: PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability guiness.stout (Mon Dec 03 2007 - 11:26:54 EST)
Realplayer 11 DOS attack when processing a malformed AU file on MS Vista and XP thesinoda(at)hotmail.com (Sat Dec 01 2007 - 09:12:29 EST)
DC4420 - London DEFCON chapter Christmas Party - 11th December Major Malfunction (Sat Dec 01 2007 - 05:25:31 EST)
- Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities oldguy(at)oldguy.us (Thu Dec 27 2007 - 13:59:41 EST)
- Re: Design flaw in AS3 socket handling allows port probing fukami (Thu Dec 20 2007 - 17:53:01 EST)
- Re: BellaBiblio Admin Login Bypass security curmudgeon (Thu Dec 06 2007 - 21:23:35 EST)
- Re: Phorm v3.0 Remote File Upload Vulnerability security curmudgeon (Thu Dec 06 2007 - 21:24:20 EST)
- Re: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability security curmudgeon (Thu Dec 06 2007 - 21:11:05 EST)
- Re: Friend Script 2.5 - 2.4 Remote File İnclude security curmudgeon (Thu Dec 06 2007 - 19:02:25 EST)
- Re: SQL Injection in SaphpLesson2.0 "show.php" security curmudgeon (Sat Dec 01 2007 - 23:08:03 EST)
- Re: SQL Injection in saphp "showcat.php" security curmudgeon (Sat Dec 01 2007 - 23:07:27 EST)

364 messages sort by: [ author ] [ date ] [ subject ] [ attachment ]

This archive was generated by hypermail 2.1.8 : Thu Jul 29 2010 - 16:10:34 EDT