BugTraq@security-focus.com List Archive

Date Index

MyBulletinBoard (MyBB) 1.1.5 'CLIENT-IP' sql injection, rgod
Invision Power Board 2.1 <= 2.1.6 sql injection, rst
Re: Buddy Zone Version 1.0.1 - XSS, support
Fantastic Guestbook v2.0.1 Advisory, omnipresent
[OpenPKG-SA-2006.013] OpenPKG Security Advisory (mutt), OpenPKG
VBZooM <=V1.11 "sub-join.php" SQL Injection, Breeeeh
Crtical Shockwave Embeded XSS Execution, spammeanddie
Microsoft PowerPoint 0-day Vulnerability FAQ document written, Juha-Matti Laurio
VBZooM <=V1.11 " ignore-pm.php" SQL Injection, Breeeeh
VBZooM <=V1.11 " reply.php" SQL Injection, Breeeeh
SubberZ[Lite] - Remote File Include, ChironeX . FleckeriX
VBZooM "sendmail.php" SQL Injection, Breeeeh
MiniBB Forum <= 1.5a Remote File Include Vulnerabilities, matdhule
Phorum 5.1.14 XSS SQL injection Vulnerability, securityconnection
[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file, finde_schwachstelle
Rocks Clusters <=4.1 local root, Xavier
MyGallery "Room.php" SQL Injection, Breeeeh
XSS phpBB 2.0.21 in administration, renatrix
saphp "add.php" forumid Parameter SQL Injection, Breeeeh
crashing firefox <= 1.5.0.4, reywen
Linux sys_prctl LKM based hotfix, Abhisek Datta
Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability, David Matousek
Norton Insufficient protection of Norton service registry keys, David Matousek
MS Power Point Multiple Vulnerabilities - (memory corruption) POC, naveed
MS Power Point Multiple Vulnerabilities - (mso.dll) POC, naveed
MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC, naveed
Bybass HTTP ( extension files ) in ISA 2004, medozero
EEYE: McAfee ePolicy Orchestrator Remote Compromise, eEye Advisories
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities, Benjamin Tobias Franz
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion"), Maurice Makaay
IE <= 6 DoS vulnerability, jonasschaub
rPSA-2006-0122-2 kernel, Justin M. Forbes
- Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Caveo Internet BV - Security
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Hugo van der Kooij
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Michael Shigorin
  - Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Lukasz Trabinski
[security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS), security-alert
perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion, endeneu
[ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities, security
phpbb 3.x sql injection (with global moderator rights), rgod
- <Possible follow-ups>
- Re: phpbb 3.x sql injection (with global moderator rights), bugtraq
PHORUM 5 arbitrary local inclusion, rgod
flatnuke <= 2.5.7 arbitrary php file upload, rgod
[ MDKSA-2006:122 ] - Updated php packages fix multiple vulnerabilities, security
[USN-318-1] libtunepimp vulnerability, Martin Pitt
Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability, x0r0n
Orbitmatrix PHP Script v1.0, luny
ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability, x0r0n
Photocycle v1.0 - XSS, luny
- <Possible follow-ups>
- Re: Photocycle v1.0 - XSS, securityfocus
[USN-317-1] zope2.8 vulnerability, Martin Pitt
SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, research
[ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities, matdhule
- Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities, Joxean Koret
[ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability, security
FLV Players Multiple Input Validation Vulnerabilities, xzerox
NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability, NSFOCUS Security Team
Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., Amelie
- <Possible follow-ups>
- Re: # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc., amelie
Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, zck zck
- RE: WordPress 2.0.3 SQL Error and Full Path Disclosure, Aaron Newman
  - Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, nate
- <Possible follow-ups>
- Re: WordPress 2.0.3 SQL Error and Full Path Disclosure, jholguin
New CVE number states Excel Style handling as a separate issue, Juha-Matti Laurio
NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability, NSFOCUS Security Team
[ MDKSA-2006:120 ] - Updated samba packages fix DoS vulnerability, security
Lazarus Guestbook Cross Site Scripting Vulnerabilities, simo64
Re: Browser bugs hit IE, Firefox today (SANS), 3CO
S21Sec-032-en: Vulnerability in Fatwire Content Server, labs
TOPo v.2.2.178 Account Reset, darkz . gsa
Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ), Roman Medina-Heigl Hernandez
- Message not available
  - Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ), Jon Hart
NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability, NSFOCUS Security Team
[ MDKSA-2006:117-1 ] - Updated libmms packages fix buffer overflow vulnerability, security
Microsoft Excel Array Index Error Remote Code Execution, Sowhat
[SECURITY] [DSA 1108-1] New mutt packages fix arbitrary code execution, Moritz Muehlenhoff
SMB Information Disclosure Vulnerability, Avert
Fuzzing Microsoft Office, naveed
rPSA-2006-0128-1 samba samba-swat, Justin M. Forbes
Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service, Cisco Systems Product Security Incident Response Team
[USN-314-1] samba vulnerability, Martin Pitt
Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration, Cisco Systems Product Security Incident Response Team
SQuery <= 4.5(libpath) Remote File Inclusion Exploit, SHiKaA-
Re: ATutor 1.5.3 Cross Site Scripting, info
[ MDKA-2006:119 ] - Updated ppp packages fix plugin vulnerability, security
Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities, Cisco Systems Product Security Incident Response Team
[USN-315-1] libmms, xine-lib vulnerabilities, Martin Pitt
[USN-316-1] installer vulnerability, Martin Pitt
[USN-313-1] OpenOffice.org vulnerabilities, Martin Pitt
ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability, zdi-disclosures
TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, Tippingpoint Security Research Team
CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow, Mariano Nuñez Di Croce
SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability, research
[ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
- Re: [ GLSA 200607-05 ] SHOUTcast server: Multiple vulnerabilities, Cyneox
[ GLSA 200607-02 ] FreeType: Multiple integer overflows, Sune Kloppenborg Jeppesen
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability, Darren Bounds
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability, Saudi . Unix
Local file inclusion in Farsinews3.0BETA1, armin390
[SECURITY] [DSA 1107-1] New GnuPG packages fix denial of service, Martin Schulze
[ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd, Gerald (Jerry) Carter
- Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd, Gerald (Jerry) Carter
Re: Windows Explorer URL File format overflow, naveed
Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, Alexander Hristov
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, José Parrella
Old vulnerable sotwares collection, Jerome Athias
- <Possible follow-ups>
- RE: Old vulnerable sotwares collection, John Rigali
Re: PHP security (or the lack thereof), Darren Reed
Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, info
RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Web Ex
- <Possible follow-ups>
- Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Rowe
Re: Re: vBulletin 3.5.4 (install_path) Exploit, mikathebest2003
- RE: Re: vBulletin 3.5.4 (install_path) Exploit, Robert Marquardt
MS Word Unchecked Boundary Condition Vulnerability, naveed
CC announces new Rootkit help forum insync with Book, Paul Laudanski
RE: MIMESweeper For Web 5.X Cross Site Scripting, Erez Metula
- <Possible follow-ups>
- RE: MIMESweeper For Web 5.X Cross Site Scripting, Erez Metula
[USN-312-1] gimp vulnerability, Martin Pitt
Re: Invision Power Board v1.3 Final SQL Injection, mattmecham
Re: galleria <= 1.0 Remote File Inclusion Vulnerability, counterpoint
phpPolls 1.0.3 Administration ByPass, alp_eren
[SECURITY] [DSA 1106-1] New ppp packages fix privilege escalation, Martin Schulze
Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities, Paul Starzetz
Re: rPSA-2006-0122-1 kernel, Paul Starzetz
[ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities, matdhule
ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton), mozilla
- Message not available
  - Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton), Mailinglists
Re: [KAPDA::#46] - AjaxPortal Authentication Bypass, earthquake
LAMP vs Microsoft, Darren Reed
- Re: LAMP vs Microsoft, Jarrod Frates
- Re: LAMP vs Microsoft, Bob Beck
  - Re: LAMP vs Microsoft, Darren Reed
    - Re: LAMP vs Microsoft, Bob Beck
    - Re: LAMP vs Microsoft, Darren Reed
    - Re: LAMP vs Microsoft, Bob Beck
  - Re: LAMP vs Microsoft, Joel Maslak
- <Possible follow-ups>
- Re: LAMP vs Microsoft, Steven M. Christey
Re: RE: Invision Vulnerabilities, including remote code execution, mattmecham
MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download, StorMBoY
[ GLSA 200607-04 ] PostgreSQL: SQL injection, Sune Kloppenborg Jeppesen
Re: Mico crashes when contected with wrong IOR / DoS, tuergeist
- <Possible follow-ups>
- Re: Mico crashes when contected with wrong IOR / DoS, Karel Gardas
  - Re: Mico crashes when contected with wrong IOR / DoS, tuergeist
    - Re: Mico crashes when contected with wrong IOR / DoS, Karel Gardas
    - Gracenote buffer overflow, MNV
Graffiti Forums v1.0 SQL Injection Vulnerabilities, paisterist . nst
Re: Invision Power Board "v1.X & 2.X" SQL Injection, mattmecham
Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Gezim Hoxha
- Re: Securing PHP or finding PHP alternatives, Crispin Cowan
  - Re: Securing PHP or finding PHP alternatives, SkyFlash
  - Re: Securing PHP or finding PHP alternatives, Sheryl Coppenger
- Re: Securing PHP or finding PHP alternatives, Michael Shigorin
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Matthias Kestenholz
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)), Meet Myself on the Internet
Webvizyon Portal 2006 Version SQL Injection, StorMBoY
[ GLSA 200607-03 ] libTIFF: Multiple buffer overflows, Sune Kloppenborg Jeppesen

Mail converted by MHonArc

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.