Bugtraq: by thread

Previous period

Next period

439 messages starting Nov 01 07 and ending Nov 30 07
Date index | Thread index | Author index

ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability zdi-disclosures (Nov 01)
Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure kingoftheworld92 (Nov 01)
CFP: International workshop on Secure Software Engineering - Deadline extended! secse08 (Nov 01)
Re: Comments re ISC's announcement on bind9 security Henrik Langos (Nov 01)
- <Possible follow-ups>
- Re: Comments re ISC's announcement on bind9 security Network Protocol Security (Nov 01)
- Re: Re: Comments re ISC's announcement on bind9 security ntn (Nov 01)
  - Re: Comments re ISC's announcement on bind9 security Theo de Raadt (Nov 01)
    - Re: Comments re ISC's announcement on bind9 security Tim (Nov 01)
    - Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)
    - Re: Comments re ISC's announcement on bind9 security Tim (Nov 02)
    - Re: Comments re ISC's announcement on bind9 security Shane Kerr (Nov 02)
    - Re: Comments re ISC's announcement on bind9 security Tim (Nov 05)
ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability zdi-disclosures (Nov 01)
sBlog 0.7.3 Beta Cross Site Request Forgery Guns (Nov 01)
ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability zdi-disclosures (Nov 01)
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability zdi-disclosures (Nov 01)
ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability zdi-disclosures (Nov 01)
ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability zdi-disclosures (Nov 01)
mac trojan in-the-wild Gadi Evron (Nov 01)
- Re: mac trojan in-the-wild Matthew Leeds (Nov 01)
  - RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
  - Re: mac trojan in-the-wild Nick FitzGerald (Nov 02)
- RE: mac trojan in-the-wild Thor (Hammer of God) (Nov 01)
  - RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)
    - Re: mac trojan in-the-wild nnp (Nov 02)
    - Re: [Full-disclosure] mac trojan in-the-wild Peter Besenbruch (Nov 02)
    - Re: [Full-disclosure] mac trojan in-the-wild Paul Schmehl (Nov 02)
    - Message not available
    - Re: mac trojan in-the-wild Robert McArdle (Nov 02)
    - RE: mac trojan in-the-wild Roger A. Grimes (Nov 02)
    - RE: mac trojan in-the-wild Thor (Hammer of God) (Nov 02)
    - RE: mac trojan in-the-wild Roger A. Grimes (Nov 02)
    - the heart of the problem [was: RE: mac trojan in-the-wild] Gadi Evron (Nov 02)
  - RE: mac trojan in-the-wild Jim Harrison (Nov 02)
    - RE: mac trojan in-the-wild Gadi Evron (Nov 02)
- Re: [Full-disclosure] mac trojan in-the-wild Peter Besenbruch (Nov 02)
- <Possible follow-ups>
- RE: mac trojan in-the-wild Memisyazici, Aras (Nov 02)
(tool announce) Orizon v0.50 announce Paolo Perego (Nov 01)
SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client Bernhard Mueller (Nov 01)
Re: Airkiosk/formlib application is XSS vuln Raymond Pete (Nov 01)
- Re: Airkiosk/formlib application is XSS vuln skien (Nov 01)
Cryptome: NSA has access to Windows Mobile smartphones Juha-Matti Laurio (Nov 01)
- RE: Cryptome: NSA has access to Windows Mobile smartphones Kurt Dillard (Nov 01)
Two XSS on Blue Coat ProxySG Management Console research (Nov 01)
[ MDKSA-2007:203 ] - Updated xen packages fix multiple vulnerabilities security (Nov 01)
ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities zdi-disclosures (Nov 01)
[ MDKSA-2007:204 ] - Updated cups packages fix vulnerability security (Nov 01)
[ GLSA 200711-01 ] gFTP: Multiple vulnerabilities Pierre-Yves Rofes (Nov 02)
IM upgrade automated social engineering attack Dragos Ruiu (Nov 02)
- Re: IM upgrade automated social engineering attack Roman Shirokov (Nov 06)
  - Re: IM upgrade automated social engineering attack Dragos Ruiu (Nov 06)
[ GLSA 200711-03 ] Gallery: Multiple vulnerabilities Pierre-Yves Rofes (Nov 02)
Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows Secunia Research (Nov 02)
[ GLSA 200711-02 ] OpenSSH: Security bypass Pierre-Yves Rofes (Nov 02)
Scribe <= 2.0 Remote PHP Code Execution kingoftheworld92 (Nov 02)
[USN-537-2] Compiz vulnerability Kees Cook (Nov 02)
Re: [botnets] re MAC trojan (fwd) Gadi Evron (Nov 02)
[UPH-07-03] Firefly Media Server remote format string vulnerability nnp (Nov 02)
- Re: [UPH-07-03] Firefly Media Server remote format string vulnerability nnp (Nov 02)
[UPH-07-01] Firefly Media Server DoS nnp (Nov 02)
- Re: [UPH-07-01] Firefly Media Server DoS nnp (Nov 02)
[UPH-07-02] Firefly Media Server DoS nnp (Nov 02)
DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) Roman Medina-Heigl Hernandez (Nov 02)
[ MDKSA-2007:205 ] - Updated opal packages fix vulnerability security (Nov 02)
phphelpdesk Multiple vulnerabilities Joseph . giron13 (Nov 03)
[ MDKSA-2007:206 ] - Updated pwlib packages fix vulnerability security (Nov 03)
[SECURITY] [DSA 1397-1] New mono packages fix integer overflow Moritz Muehlenhoff (Nov 03)
Skalinks <= 1_5 Cross Site Request Forgery Add Admin djvincy (Nov 05)
JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit gmdarkfig (Nov 05)
[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution Noah Meyerhans (Nov 05)
[Tool] sqlmap: a blind SQL injection tool (release 0.5) Bernardo Damele (Nov 05)
iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability iDefense Labs (Nov 05)
Leopard's firewall damages Skype and WoW Juergen Schmidt (Nov 05)
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution Florian Weimer (Nov 05)
iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability iDefense Labs (Nov 05)
ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability zdi-disclosures (Nov 05)
ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability zdi-disclosures (Nov 05)
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability zdi-disclosures (Nov 05)
ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability zdi-disclosures (Nov 05)
[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff (Nov 06)
[ MDKSA-2007:207 ] - Updated perl packages fix vulnerability security (Nov 06)
[ MDKSA-2007:208 ] - Updated ghostscript packages fix vulnerability security (Nov 06)
rPSA-2007-0232-1 perl rPath Update Announcements (Nov 06)
[ MDKSA-2007:209 ] - Updated netpbm packages fix vulnerability security (Nov 06)
[USN-539-1] CUPS vulnerability Kees Cook (Nov 06)
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix mj (Nov 06)
SMF .htaccess bypass h3llcode (Nov 06)
- Re: SMF .htaccess bypass Matt D. Harris (Nov 06)
  - Re: SMF .htaccess bypass anuj tenani (Nov 06)
IDMOS v1.0 Alpha Multiple RFI Vulnerability Guns (Nov 06)
Cypress BX script backdoored? Chris (Nov 06)
PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection Guns (Nov 06)
MyWebFTP Password Disclosure [NO-REPLY] (Nov 06)
rPSA-2007-0231-1 pcre rPath Update Announcements (Nov 06)
iDefense Security Advisory 11.06.07: Microsoft DebugView Privilege Escalation Vulnerability iDefense Labs (Nov 06)
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution Florian Weimer (Nov 06)
[ GLSA 200711-04 ] Evolution: User-assisted remote execution of arbitrary code Pierre-Yves Rofes (Nov 06)
[ MDKSA-2007:210 ] - Updated xfs package prevents arbitrary code execution vulnerabilities security (Nov 06)
[ GLSA 200711-05 ] SiteBar: Multiple issues Pierre-Yves Rofes (Nov 06)
SiteMinder Agent: Cross Site Scripting Giuseppe Gottardi (Nov 07)
- <Possible follow-ups>
- Re: SiteMinder Agent: Cross Site Scripting securityfocus (Nov 08)
- Re: Re: SiteMinder Agent: Cross Site Scripting overet (Nov 09)
- Re: SiteMinder Agent: Cross Site Scripting Williams, James K (Nov 09)
Secunia Research: Link Grammar "separate_sentence()" Buffer Overflow Secunia Research (Nov 07)
Secunia Research: AbiWord Link Grammar "separate_sentence()" Buffer Overflow Secunia Research (Nov 07)
Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities Secunia Research (Nov 07)
[ GLSA 200711-06 ] Apache: Multiple vulnerabilities Pierre-Yves Rofes (Nov 07)
[ GLSA 200711-07 ] Python: User-assisted execution of arbitrary code Pierre-Yves Rofes (Nov 07)
[ GLSA 200711-08 ] libpng: Multiple Denials of Service Pierre-Yves Rofes (Nov 07)
[SECURITY] [DSA 1402-1] New gforge packages fix several vulnerabilities Steve Kemp (Nov 07)
iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability iDefense Labs (Nov 07)
- <Possible follow-ups>
- Re: iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability buzzy (Nov 08)
[ GLSA 200711-09 ] MadWifi: Denial of Service Pierre-Yves Rofes (Nov 07)
[ GLSA 200711-10 ] Mono: Buffer overflow Pierre-Yves Rofes (Nov 07)
Aria-Security.Net Research: Request For Travel Sql Injection Advisory (Nov 08)
Simple Machine Forum - Private section/posts/info disclosure h3llcode (Nov 08)
- Re: Simple Machine Forum - Private section/posts/info disclosure Jindrich Kubec (Nov 09)
- <Possible follow-ups>
- Re: Simple Machine Forum - Private section/posts/info disclosure klynn . securityfocus (Nov 09)
[OpenPKG-SA-2007.023] OpenPKG Security Advisory (perl) OpenPKG GmbH (Nov 08)
[ GLSA 200711-12 ] Tomboy: User-assisted execution of arbitrary code Pierre-Yves Rofes (Nov 08)
[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows Pierre-Yves Rofes (Nov 08)
[security bulletin] HPSBUX02285 SSRT071484 rev.1 - HP-UX Running Aries PA Emulator, Local Unauthorized Access security-alert (Nov 08)
[ GLSA 200711-13 ] 3proxy: Denial of Service Pierre-Yves Rofes (Nov 08)
[ MDKSA-2007:211 ] - Updated pcre packages fix vulnerability security (Nov 08)
Aria-Security.Net Research: Lotfian BROCHURE Management System Advisory (Nov 08)
[ MDKSA-2007:212 ] - Updated pcre packages fix vulnerability security (Nov 08)
[ MDKSA-2007:213 ] - Updated pcre packages fix vulnerability security (Nov 08)
[SECURITY] [DSA 1404-1] New gallery2 packages fix privilege escalation Thijs Kinkhorst (Nov 08)
AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application The Asterisk Development Team (Nov 08)
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting Thijs Kinkhorst (Nov 08)
[ MDKSA-2007:214 ] - Updated flac packages fix vulnerability security (Nov 09)
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's Dragos Ruiu (Nov 09)
[ MDKSA-2007:215 ] - Updated openldap packages fix vulnerability security (Nov 09)
li-guestbook sql inj abc . seo (Nov 09)
xoops mylinks module - sql injection root (Nov 09)
iDefense Security Advisory 11.09.07: AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities iDefense Labs (Nov 10)
[SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution Thijs Kinkhorst (Nov 10)
SQL injection bug found in TBSource. drakomo (Nov 10)
iDefense Security Advisory 11.09.07: IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability iDefense Labs (Nov 10)
[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities Thijs Kinkhorst (Nov 10)
[48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow [48bits] vulndev (Nov 12)
Aria-Security.Net Research: Rapid Classified HotList Image Advisory (Nov 12)
[SECURITY] [DSA 1405-2] New zope-cmfplone packages fix regression Thijs Kinkhorst (Nov 12)
Re: Re: Simple Machine Forum - Private section/posts/info disclosure rx (Nov 12)
Eggblog v3.1.0 XSS Vulnerability mesut (Nov 12)
FLEA-2007-0063-1 perl Foresight Linux Essential Announcement Service (Nov 12)
FLEA-2007-0066-1 ImageMagick Foresight Linux Essential Announcement Service (Nov 12)
Oracle 0-day to get SYSDBA access pete (Nov 12)
Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 12)
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Jan Newger (Nov 12)
  - Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Peter Conrad (Nov 13)
  - Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle Duncan Simpson (Nov 13)
    - Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 12)
  - Re: Standing Up Against German Laws - Project HayNeedle Matt D. Harris (Nov 12)
    - Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 12)
    - Re: Standing Up Against German Laws - Project HayNeedle Florian Echtler (Nov 13)
    - Re: Standing Up Against German Laws - Project HayNeedle Paul Wouters (Nov 13)
    - Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 13)
    - Re: Standing Up Against German Laws - Project HayNeedle Valdis . Kletnieks (Nov 13)
    - Re: Standing Up Against German Laws - Project HayNeedle Frank Guthausen (Nov 14)
    - Re: Standing Up Against German Laws - Project HayNeedle Stefano Zanero (Nov 13)
    - Re: Standing Up Against German Laws - Project HayNeedle Raj Mathur (Nov 14)
    - Re: Standing Up Against German Laws - Project HayNeedle imipak (Nov 14)
    - RE: Standing Up Against German Laws - Project HayNeedle Quark IT - Hilton Travis (Nov 17)
FLEA-2007-0068-1 ruby Foresight Linux Essential Announcement Service (Nov 12)
PeopleAggregatory security advisory - re CVE-2007-5631 phil (Nov 12)
PHP-Nuke Module Advertising Blind SQL Injection Guns (Nov 12)
CVE-2007-3694: Cross site scripting (XSS) in broadcast machine Hanno Böck (Nov 12)
FLEA-2007-0064-1 pcre Foresight Linux Essential Announcement Service (Nov 12)
FLEA-2007-0067-1 pidgin Foresight Linux Essential Announcement Service (Nov 12)
iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability iDefense Labs (Nov 12)
FLEA-2007-0065-1 libpng Foresight Linux Essential Announcement Service (Nov 12)
FLEA-2007-0069-1 perl Foresight Linux Essential Announcement Service (Nov 12)
Cisco IOS Shellcode Research (Nov 12)
Alice - dns spoofer fabio (Nov 12)
RFID: Security Briefings angelo (Nov 12)
HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges security-alert (Nov 12)
- Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges Nick Boyce (Nov 15)
AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service L4teral (Nov 12)
[ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities Pierre-Yves Rofes (Nov 12)
[ GLSA 200711-15 ] FLAC: Buffer overflow Pierre-Yves Rofes (Nov 12)
[ MDKSA-2007:204-1 ] - Updated cups packages fix vulnerability security (Nov 12)
[ GLSA 200711-16 ] CUPS: Memory corruption Pierre-Yves Rofes (Nov 12)
PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script research (Nov 12)
[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS ISecAuditors Security Advisories (Nov 13)
ATC-08 Call for papers (repost) atc08 (Nov 13)
Re: Bosdev Multiple vulnerabilities sales (Nov 13)
[ MDKSA-2007:216 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Nov 13)
After 6 months - fix available for Microsoft DNS cache poisoning attack Amit Klein (Nov 13)
PHP <= 5.2.5 stream_wrapper_register() denial of service laurent . gaffie (Nov 13)
PHP <= 5.2.5 Gettext Lib Multiple Denial of service laurent . gaffie (Nov 13)
Oracle 11g/10g Installation Vulnerability David Litchfield (Nov 13)
[USN-540-1] flac vulnerability Kees Cook (Nov 13)
iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability iDefense Labs (Nov 13)
[ MDKSA-2007:217 ] - Updated libpng packages fix multiple vulnerabilities security (Nov 13)
[USN-541-1] Emacs vulnerability Kees Cook (Nov 13)
ExoPHPdesk user profile XSS / profile SQL injection Joseph . giron13 (Nov 13)
DocuSafe "Search" SQL Injection No-Reply (Nov 14)
Aria-Security.Net: MetaCart SQL Injection No-Reply (Nov 14)
Predictable DNS transaction IDs in Microsoft DNS Server Alla Bezroutchko (Nov 14)
[USN-542-1] poppler vulnerabilities Kees Cook (Nov 14)
Free Forums "search" Sql Injection No-Reply (Nov 14)
Konqueror Remote Denial Of Service laurent . gaffie (Nov 14)
Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0 IRM Research (Nov 14)
[security bulletin] HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) security-alert (Nov 14)
[ MDKSA-2007:218 ] - Updated mono packages fix arbitrary code execution vulnerability security (Nov 14)
[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities Pierre-Yves Rofes (Nov 14)
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability DVLabs (Nov 14)
[ GLSA 200711-18 ] Cpio: Buffer overflow Pierre-Yves Rofes (Nov 14)
[ GLSA 200711-19 ] TikiWiki: Multiple vulnerabilities Pierre-Yves Rofes (Nov 14)
Breaking RSA: Totient indirect factorization gandlf (Nov 14)
- Re: Breaking RSA: Totient indirect factorization Alexander Klimov (Nov 15)
- Re: Breaking RSA: Totient indirect factorization Clifton Royston (Nov 15)
  - Re: Breaking RSA: Totient indirect factorization gandlf (Nov 15)
    - Re: Breaking RSA: Totient indirect factorization Erick Galinkin (Nov 16)
- Re: Breaking RSA: Totient indirect factorization Watson Ladd (Nov 16)
[ GLSA 200711-20 ] Pioneers: Denial of Service Pierre-Yves Rofes (Nov 14)
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability iDefense Labs (Nov 15)
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability iDefense Labs (Nov 15)
iDefense Security Advisory 11.14.07: Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability iDefense Labs (Nov 15)
Some hashes for the record shadown (Nov 15)
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability iDefense Labs (Nov 15)
[security bulletin] HPSBUX02284 SSRT071483 rev.2 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access security-alert (Nov 15)
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd Gerald (Jerry) Carter (Nov 15)
[SAMBA] CVE-2007-5398 - Remote Code Execution in Samba's nmbd Gerald (Jerry) Carter (Nov 15)
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability Secunia Research (Nov 15)
Aida-Web Information Exposure MC Iglo (Nov 15)
[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability Tobias Klein (Nov 15)
[ MDKSA-2007:219 ] - Updated xpdf packages fix vulnerabilities security (Nov 15)
EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications eEye Advisories (Nov 15)
[USN-542-2] KOffice vulnerabilities Jamie Strandboge (Nov 15)
PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter) research (Nov 15)
PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page research (Nov 15)
[ MDKSA-2007:220 ] - Updated gpdf packages fix vulnerabilities security (Nov 15)
[USN-543-1] VMWare vulnerabilities Kees Cook (Nov 15)
[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability RISE Security (Nov 16)
[USN-544-1] Samba vulnerabilities Jamie Strandboge (Nov 16)
[ MDKSA-2007:221 ] - Updated kdegraphics packages fix vulnerabilities in kpdf security (Nov 16)
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability cocoruder (Nov 16)
- Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability CaseArmour.net Security Administrator (Nov 17)
- <Possible follow-ups>
- Re: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability Juha-Matti Laurio (Nov 19)
  - Re: [Full-disclosure] Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability jf (Nov 19)
AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat (Nov 16)
Javamail login username and password same email problem thetaung (Nov 16)
JiRos Upload Manager SQL Injection no-reply (Nov 17)
rPSA-2007-0241-1 samba samba-swat rPath Update Announcements (Nov 17)
[USN-544-2] Samba regression Jamie Strandboge (Nov 17)
net-finity (links.php) Remote SQL Injection Vulnerability verys-secret (Nov 17)
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability verys-secret (Nov 17)
Myspace Clone Script (index.php) Remote File Inclusion Vulnerability verys-secret (Nov 17)
security contact for mitsubishi electric? Chris Withers (Nov 17)
Sciurus Hosting Panel Code İnjection admin (Nov 17)
[ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities security (Nov 17)
[ MDKSA-2007:223 ] - Updated pdftohtml packages fix vulnerabilities security (Nov 17)
[ MDKSA-2007:224 ] - Updated samba packages fix vulnerabilities security (Nov 17)
[ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability erdc (Nov 19)
[ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities Pierre-Yves Rofes (Nov 19)
[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities Pierre-Yves Rofes (Nov 19)
[ GLSA 200711-26 ] teTeX: Multiple vulnerabilities Pierre-Yves Rofes (Nov 19)
Vulnerability Hash Database - Maillist Sowhat (Nov 19)
[ GLSA 200711-25 ] MySQL: Denial of Service Pierre-Yves Rofes (Nov 19)
[ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code Pierre-Yves Rofes (Nov 19)
[ GLSA 200711-21 ] Bochs: Multiple vulnerabilities Pierre-Yves Rofes (Nov 19)
VigileCMS 1.4 Multiple Remote Vulnerabilities info (Nov 19)
Belkin Wireless G Router DoS r00t (Nov 19)
[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability security (Nov 19)
Crash in LIVE555 Media Server 2007.11.01 Luigi Auriemma (Nov 19)
IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam (Nov 19)
- <Possible follow-ups>
- Re: IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam (Nov 19)
[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code Pierre-Yves Rofes (Nov 19)
[SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution Moritz Muehlenhoff (Nov 19)
[Aria-Secutiy Net] Click&BaneX SQL Injection no-reply (Nov 19)
Citrix NetScaler Web Management XSS nnposter (Nov 19)
Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Nils Toedtmann (Nov 19)
- Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Kapetanakis Giannis (Nov 19)
  - Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Graeme Fowler (Nov 19)
  - Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Michal Zalewski (Nov 19)
  - Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Nils Toedtmann (Nov 20)
    - Message not available
    - Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Kapetanakis Giannis (Nov 20)
Wordpress Cookie Authentication Vulnerability Steven J. Murdoch (Nov 19)
Alcatel OmniPCX Enterprise VoIP Vulnerability daniel . stirnimann (Nov 19)
rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements (Nov 19)
[ GLSA 200711-28 ] Perl: Buffer overflow Pierre-Yves Rofes (Nov 19)
[ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Nov 19)
[security bulletin] HPSBUX02289 SSRT071461 rev.1 - HP-UX Running BIND 8, Remote DNS Cache Poisoning security-alert (Nov 20)
Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN joel (Nov 20)
- Re: Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Nov 21)
[ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities security (Nov 20)
[ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities security (Nov 20)
EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow eEye Advisories (Nov 20)
[ GLSA 200711-29 ] Samba: Execution of arbitrary code Pierre-Yves Rofes (Nov 20)
[ GLSA 200711-30 ] PCRE: Multiple vulnerabilities Pierre-Yves Rofes (Nov 20)
[ GLSA 200711-31 ] Net-SNMP: Denial of Service Pierre-Yves Rofes (Nov 20)
[ GLSA 200711-32 ] Feynmf: Insecure temporary file creation Pierre-Yves Rofes (Nov 20)
Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS) Adrian P (Nov 20)
[ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities security (Nov 20)
[Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection no-reply (Nov 21)
Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection no-reply (Nov 21)
rPSA-2007-0243-1 flac rPath Update Announcements (Nov 21)
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Paul Schmehl (Nov 21)
- Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Gadi Evron (Nov 21)
[ MDKSA-2007:230 ] - Updated tetex packages fix vulnerabilities security (Nov 21)
rPSA-2007-0245-1 kernel rPath Update Announcements (Nov 21)
rPSA-2007-0245-2 kernel rPath Update Announcements (Nov 21)
E-vanced Solutions Multiple Vulnerabilites Joseph . giron13 (Nov 21)
GWextranet Multiple Vulnerabilites Joseph . giron13 (Nov 21)
[SECURITY] [DSA 1408-1] New kdegraphics packages fix arbitrary code execution Moritz Muehlenhoff (Nov 21)
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities bugtraq (Nov 21)
Ucms <= 1.8 Backdoor Remote Command Execution Exploit bugtraq (Nov 21)
SkyPortal vRC6 Multiple Remote Vulnerabilities bugtraq (Nov 21)
[ MDKSA-2007:224-1 ] - Updated samba packages fix vulnerabilities security (Nov 22)
Wheatblog (wB) Remote File inclusion .. security (Nov 22)
Aria-Security.net: NetAuctionHelp SQL Injection no-reply (Nov 22)
- <Possible follow-ups>
- Re: Aria-Security.net: NetAuctionHelp SQL Injection support (Nov 24)
- Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection no-reply (Nov 24)
[ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities erdc (Nov 22)
Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de) zero-x (Nov 22)
GetBlog local File inclusion .. security (Nov 22)
[Argeniss] Data0: Next generation malware for stealing databases (Paper) Cesar (Nov 22)
MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .. security (Nov 22)
- Message not available
  - Re: MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection .. BlackHawk (Nov 23)
Re: Simple Machines Forum multiple sql injection flaws with exploit code. root (Nov 22)
VigileCMS <= 1.8 Stealth Remote Command Execution Exploit bugtraq (Nov 22)
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability DoZ (Nov 22)
Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx (Nov 22)
- <Possible follow-ups>
- Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gg_vuln (Nov 22)
- Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25 (Nov 23)
- Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx (Nov 23)
- Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael (Nov 23)
- Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability sdfkjsomcoismwevoiweo (Nov 23)
- Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25 (Nov 23)
- Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael (Nov 23)
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities Steve Kemp (Nov 22)
Using CSRF to Attack Mobile Phones avivra (Nov 22)
[ MDKSA-2007:231 ] - Updated cacti packages fix SQL injection vulnerability security (Nov 22)
Aria-Security.net: Irola My-Time v3.5 SQL Injection no-reply (Nov 23)
[0day Remote Command Execution] VigileCMS <= 1.8 Stealth wegotyourbox (Nov 23)
Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability cybermilitan (Nov 23)
[ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities security (Nov 23)
Bitcomet Resource Browser v1.1 XSS jplopezy (Nov 24)
Aria-Security.net: CoolShot E-Lite POS 1.0 no-reply (Nov 24)
- <Possible follow-ups>
- Re: Aria-Security.net: CoolShot E-Lite POS 1.0 coolshot (Nov 30)
PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution kingoftheworld92 (Nov 24)
[ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check ISecAuditors Security Advisories (Nov 24)
vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable cybermilitan (Nov 24)
Amber Script 1.0 (show_content.php id) Local File Inclusion Vulnerability cybermilitan (Nov 24)
NetAuctionHelp Classified Ads v1.0 SQL Injection no-reply (Nov 24)
[SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation Moritz Muehlenhoff (Nov 26)
Aria-Security.Net: Gouae DWD Realty SQL Injection noreply (Nov 26)
[SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation Moritz Muehlenhoff (Nov 26)
[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities Steve Kemp (Nov 26)
[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation Moritz Muehlenhoff (Nov 26)
HPSBST02291 SSRT071498 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062 security-alert (Nov 26)
PHP 5.2.4 mail.force_extra_parameters unsecure cxib (Nov 26)
GWExtranet Script Injections & Privilege Escalation Vulnerability DoZ (Nov 26)
two bytehoard 2.1 bugs Ernesto Alvarez (Nov 26)
Skype DoS mail (Nov 26)
PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability sys-project (Nov 26)
[ GLSA 200711-33 ] nss_ldap: Information disclosure Pierre-Yves Rofes (Nov 26)
Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection sys-project (Nov 26)
Citrix NetScaler Web Management Cookie Weakness nnposter (Nov 26)
FMDeluxe (index.php) Cross-Site Scripting Vulnerability sys-project (Nov 26)
[SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities Noah Meyerhans (Nov 26)
[ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities Pierre-Yves Rofes (Nov 26)
2007-06 Sentinel Protection Server Directory Traversal VulnerabilityResearch (Nov 26)
SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability sys-project (Nov 26)
DeluxeBB E-Mail Address Change Security Bypass bugtraq (Nov 26)
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection kingoftheworld92 (Nov 26)
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92 (Nov 26)
- <Possible follow-ups>
- Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92 (Nov 26)
Directory Traversal in SafeNet Sentinel Protection Server and Keys Server Elliot Kendall (Nov 26)
JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability sys-project (Nov 26)
ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability zdi-disclosures (Nov 26)
FIGIS (FILogin.do) Bypass SQL Injection Vulnerability sys-project (Nov 26)
CONFidence 2008 CfP andrzej . targosz (Nov 26)
[USN-545-1] link-grammar vulnerability Kees Cook (Nov 27)
Creating Backdoors in Cisco IOS using Tcl IRM Research (Nov 27)
- Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl Nicolas FISCHBACH (Nov 27)
- <Possible follow-ups>
- Re: Creating Backdoors in Cisco IOS using Tcl michael (Nov 27)
[USN-546-1] Firefox vulnerabilities Kees Cook (Nov 27)
OWASP Israel Conference 2007, Dec 3rd 2007 Ofer Shezaf (Nov 27)
[USN-547-1] PCRE vulnerabilities Kees Cook (Nov 27)
[security bulletin] HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Nov 27)
Ruby/Gnome2 0.16.0 Format String Vulnerability chris . rohlf (Nov 27)
Announce: RFIDIOt release RFIDIOt-0.1r, November 2007 Adam Laurie (Nov 27)
National Computer and Information Security Conferences ACIS 2008 - COLOMBIA Jeimy Cano (Nov 27)
[SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff (Nov 27)
Eurologon CMS Multiple SQL Injection kingoftheworld92 (Nov 27)
Eurologon CMS Db credentials disclosure / files download kingoftheworld92 (Nov 27)
PHPkit 1.6.1 (include.php?path=) Remote File Inclusion sys-project (Nov 27)
Liferay Enterprise Portal multiple XSS morin . josh (Nov 27)
[SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution Moritz Muehlenhoff (Nov 27)
PHPSlideShow XSS Update morin . josh (Nov 27)
[SECURITY] [DSA 1415-1] New tk8.4 packages fix arbitrary code execution Moritz Muehlenhoff (Nov 27)
Win2K3 Priv Escalation justin (Nov 27)
- RE: Win2K3 Priv Escalation Matt Ausmus (Nov 28)
- Re: Win2K3 Priv Escalation Jan Münther (Nov 28)
- <Possible follow-ups>
- Re: Win2K3 Priv Escalation Justin@ESC (Nov 28)
  - RE: Win2K3 Priv Escalation Thor (Hammer of God) (Nov 28)
CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor Core Security Technologies Advisories (Nov 27)
Microsoft FTP Client Multiple Bufferoverflow Vulnerability Rajesh Sethumadhavan (Nov 28)
- Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability 3APA3A (Nov 29)
  - Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Valdis . Kletnieks (Nov 29)
    - Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Steve Shockley (Nov 29)
    - Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Matthew Leeds (Nov 30)
    - Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Vincent Archer (Nov 30)
    - Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability 3APA3A (Nov 30)
Secunia Research: Symantec Backup Exec Job Engine Denial of Service Secunia Research (Nov 28)
Gekko <=0.8.2 (temp directory) Path Disclosure sys-project (Nov 28)
- Re: Gekko <=0.8.2 (temp directory) Path Disclosure J. Carlos Nieto (Nov 28)
SYM07-029 Symantec BEWS Multiple DoS in Job Engine Secure (Nov 28)
[ MDKSA-2007:232 ] - Updated kernel packages fix multiple vulnerabilities and bugs security (Nov 28)
Some Data of POC2007 poc2007 (Nov 28)
[ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities security (Nov 28)
- <Possible follow-ups>
- [ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities security (Nov 28)
rPSA-2007-0252-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi rPath Update Announcements (Nov 28)
[USN-548-1] Pidgin vulnerability Kees Cook (Nov 28)
[security bulletin] HPSBMA02283 SSRT071319 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) security-alert (Nov 29)
[security bulletin] HPSBUX02292 SSRT071499 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code security-alert (Nov 29)
[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities Steve Kemp (Nov 29)
Digital Armaments November-December Hacking Challenge: Diffuse Client Application (10.000$ extra) info (Nov 29)
APC Management Vulnerability garys (Nov 29)
FreeBSD Security Advisory FreeBSD-SA-07:09.random FreeBSD Security Advisories (Nov 29)
IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS IRM Research (Nov 29)
FreeBSD Security Advisory FreeBSD-SA-07:10.gtar FreeBSD Security Advisories (Nov 29)
ERRATA: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service Pierre-Yves Rofes (Nov 29)
AST-2007-025 - SQL Injection issue in res_config_pgsql Asterisk Security Team (Nov 29)
AST-2007-026 - SQL Injection issue in cdr_pgsql Asterisk Security Team (Nov 29)
[USN-549-1] PHP vulnerabilities Kees Cook (Nov 29)
[ MDKSA-2007:224-3 ] - Updated samba packages fix regressions security (Nov 30)
SCARE metrics and tool release Pete Herzog (Nov 30)
DOS in Realplayer 11 ActiveX on Win Vista and Win XP SP2 thesinoda (Nov 30)
PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script research (Nov 30)
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method research (Nov 30)
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script research (Nov 30)
rPSA-2007-0254-1 idle python rPath Update Announcements (Nov 30)
27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Max Moser (Nov 30)
- Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Jacob Appelbaum (Nov 30)
QEMU code_gen_buffer overflow POC TeLeMan (Nov 30)

Previous period

Next period