BugTraq@security-focus.com List Archive

Date Index

DotClear : Multiples Full Path Disclosure, Silitix
Map MS Security Bulletins to MS KB numbers, Matthew Leeds
Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales
Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio
Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability, harbl
Com Multibanners Remote File Inclusion (mosConfig_absolute_path), mail
[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure, admin
MiniBB Forum <= 1.5a Remote File Include (news.php), AG Spider
[Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla], botan
SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path), mail
new shell bypass safe mode, d3nger
New CVE identifiers for separate PowerPoint 0-day issues assigned, Juha-Matti Laurio
Re: SubberZ[Lite] - Remote File Include, the . jalal
[SECURITY] [DSA 1119-1] New hiki packages fix denial of service, Martin Schulze
about bid 17404, crack
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities, Martin Schulze
Low security hole affecting IPCalc's CGI wrapper, Tim Brown
[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting, admin
[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities, admin
MicroGuestBook Remote XSS Attack, omnipresent
Microsoft Internet Explorer DOS Vulnerability, SnoBmsn
Re: ATutor 1.5.3 Cross Site Scripting, Steven M. Christey
iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, labs-no-reply
- Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Micheal Turner
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php), AG Spider
[SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution, Moritz Muehlenhoff
SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion, chris_hasibuan
[SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution, Martin Schulze
[ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability., security
Samba Internal Data Structures DOS Vulnerability Exploit, Alexander Hristov
- Re: Samba Internal Data Structures DOS Vulnerability Exploit, Gerald (Jerry) Carter
Unidomedia Chameleon LE/Pro Directory Traversal, kicktd
TSLSA-2006-0042 - multi, Trustix Security Advisor
LoudBlog <=0.5 Sql injection, rgod
[SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service, Martin Schulze
[ GLSA 200607-07 ] xine-lib: Buffer overflow, Thierry Carrez
SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1, armin390
[security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006, security-alert
[SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service, Moritz Muehlenhoff
[USN-321-1] mysql-dfsg-4.1 vulnerability, Martin Pitt
rPSA-2006-0134-1 sendmail sendmail-cf, Justin M. Forbes
[security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
[ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability., security
[MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin
- <Possible follow-ups>
- Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin
[MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability, admin
[MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability, admin
Advisory: Remote command execution in planetGallery, RedTeam Pentesting
[ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion, matdhule
Cisco MARS < 4.2.1 remote compromise, Jon Hart
rPSA-2006-0133-1 libpng, Justin M. Forbes
Security point-of-contact for Ameritrade?, James M. Blackburn
AFCommerce Shopping Cart, sledge
- <Possible follow-ups>
- Re: AFCommerce Shopping Cart, contact
Re: imageVue16.1 upload vulnerability, info
[USN-313-2] OpenOffice.org vulnerabilities, Martin Pitt
[USN-319-2] Linux kernel vulnerability, Martin Pitt
[ GLSA 200607-06 ] libpng: Buffer overflow, Thierry Carrez
VMSA-2006-0003 VMware possible incorrect permissions on SSL key files, VMware Security Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Systems Product Security Incident Response Team
rPSA-2006-0132-1 tshark wireshark, Justin M. Forbes
[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities, security
[ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities., security
[ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability., security
[ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability., security
[USN-320-1] PHP vulnerabilities, Martin Pitt
New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio
- Re: New PowerPoint Trojan installs itself as LSP, Mike Healan
Re: crashing firefox <= 1.5.0.4, bugtraq
Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl, Alexander Hristov
osDate 1.1.7 multiple vulnerabilities, binary . loc
- <Possible follow-ups>
- Re: osDate 1.1.7 multiple vulnerabilities, binary . loc
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, str0ke
Re: XSS phpBB 2.0.21 in administration, Jessica Hope
- RE: XSS phpBB 2.0.21 in administration, David Thomson
  - Re: XSS phpBB 2.0.21 in administration, Jessica Hope
- Message not available
  - Re: XSS phpBB 2.0.21 in administration, Jessica Hope
Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior, mullware
ASP.DLL Include File Buffer Overflow, Brett Moore
hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities, tamriel
Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22], ak
[security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS), security-alert
Invision Power Board v2.1 <= 2.1.6 sql injection exploit, paul14075
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21], ak
ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, saudi . unix
- <Possible follow-ups>
- Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, matdhule
Consumers of Broadband Providers (ISP) may be open to hijack attacks, peter_philipp
PcAnywhere > 12 Local Privilege Escalation, root
RE: [lists] Re: PHP security (or the lack thereof), Curt Purdy
[SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure, Moritz Muehlenhoff
WebScarab <= 20060621-0003 cross site scripting, security
Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01], ak
$100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
- <Possible follow-ups>
- RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
- RE: $100 plus several of my books if you can crack my Windows password hashes., Michael Scheidell
  - RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes
Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03], ak
DeluxeBB mutiple vulnerabilities, Jessica Hope
Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam
ToendaCMS <= 1.0.0 arbitrary file upload, rgod
Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download, x0r0n
[ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability, security
Professional PHP Tools Guestbook Multiple Vulnerabilities, tamriel
Cross Site Scripting Vulnerability in Zoho Virtual Offica, ss_team
[KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability, farhadkey
Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Litchfield
Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule
23rd Chaos Communication Congress 2006: Call for Participation, fukami
New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities, matdhule
Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form, pagvacito
Re: LAMP vs Microsoft, George Capehart
- Re: LAMP vs Microsoft, Darren Reed
- <Possible follow-ups>
- Re: LAMP vs Microsoft, Bob Beck
  - Re: LAMP vs Microsoft, Darren Reed
- Re: LAMP vs Microsoft, Hugo van der Kooij
Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Michal Zalewski
[USN-319-1] Linux kernel vulnerability, Martin Pitt
Re: Securing PHP or finding PHP alternatives, Crispin Cowan
- <Possible follow-ups>
- Re: Securing PHP or finding PHP alternatives, Crispin Cowan
- Re: Securing PHP or finding PHP alternatives, Michael Cordover
RUXCON 2006 Final Call For Papers, cfp
ToorCon 2006 Call for Papers, suppressed
Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul dansing
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection, str0ke
- <Possible follow-ups>
- Re: Invision Power Board 2.1 <= 2.1.6 sql injection, mattmecham
- Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul14075
[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service, Moritz Muehlenhoff
About the latest three Powerpoint vulnerabilities: exploitable?, ewt
[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation, Moritz Muehlenhoff
ListMessenger v0.9.3 Remote File Inclusion Vulnerability, x0r0n
Multiple vulnerabilities in UFO2000 svn 1057, Luigi Auriemma
boastMachine <= 3.1 SQL Injection Exploit, gmdarkfig
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30), Dragos Ruiu
Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability, Secunia Research
[SECURITY] [DSA 1110-1] New samba packages fix denial of service, Moritz Muehlenhoff
Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities, Secunia Research
[EEYEB-20060227] D-Link Router UPNP Stack Overflow, eEye Advisories
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, scott
- <Possible follow-ups>
- Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, kala_z
  - RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, m
rPSA-2006-0130-1 kernel, Justin M. Forbes
[SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation, Moritz Muehlenhoff
Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities, Secunia Research
Re: Phorum 5.1.14 XSS SQL injection Vulnerability, Maurice Makaay
Plesk Control Panel <= 8.0.0 XSS vulnerability, vuln . invent
Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs, Juha-Matti Laurio
Calendar Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion, chris_hasibuan
Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God)
- <Possible follow-ups>
- RE: Bybass HTTP ( extension files ) in ISA 2004, Edward Tripovich
- Re: Bybass HTTP ( extension files ) in ISA 2004, medozero
  - Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God)
- Re: Bybass HTTP ( extension files ) in ISA 2004, medozero
Mercury Messenger, Hans Wolters

Mail converted by MHonArc

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.