BugTraq@security-focus.com List Archive

• Thread Index

• Mercury Messenger, Hans Wolters,
• Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God),
• PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion, chris_hasibuan,
• Calendar Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule,
• Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs, Juha-Matti Laurio,
• Plesk Control Panel <= 8.0.0 XSS vulnerability, vuln . invent,
• Re: Phorum 5.1.14 XSS SQL injection Vulnerability, Maurice Makaay,
• Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities, Secunia Research,
• [SECURITY] [DSA 1109-1] New rssh packages fix privilege escalation, Moritz Muehlenhoff,
• RE: Bybass HTTP ( extension files ) in ISA 2004, Edward Tripovich,
• rPSA-2006-0130-1 kernel, Justin M. Forbes,
• [EEYEB-20060227] D-Link Router UPNP Stack Overflow, eEye Advisories,
• Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities, Secunia Research,
• [SECURITY] [DSA 1110-1] New samba packages fix denial of service, Moritz Muehlenhoff,
• Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability, Secunia Research,
• PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30), Dragos Ruiu,
• boastMachine <= 3.1 SQL Injection Exploit, gmdarkfig,
• Multiple vulnerabilities in UFO2000 svn 1057, Luigi Auriemma,
• ListMessenger v0.9.3 Remote File Inclusion Vulnerability, x0r0n,
• [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation, Moritz Muehlenhoff,
• About the latest three Powerpoint vulnerabilities: exploitable?, ewt,
• [SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service, Moritz Muehlenhoff,
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul dansing,
• ToorCon 2006 Call for Papers, suppressed,
• RUXCON 2006 Final Call For Papers, cfp,
• Re: Securing PHP or finding PHP alternatives, Crispin Cowan,
• [USN-319-1] Linux kernel vulnerability, Martin Pitt,
• Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround, Michal Zalewski,
• Re: LAMP vs Microsoft, George Capehart,
• Re: LAMP vs Microsoft, Darren Reed,
• Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form, pagvacito,
• New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities, matdhule,
• 23rd Chaos Communication Congress 2006: Call for Participation, fukami,
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection, str0ke,
• Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities, matdhule,
• Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Mark Litchfield,
• [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability, farhadkey,
• Cross Site Scripting Vulnerability in Zoho Virtual Offica, ss_team,
• Professional PHP Tools Guestbook Multiple Vulnerabilities, tamriel,
• [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability, security,
• Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download, x0r0n,
• ToendaCMS <= 1.0.0 arbitrary file upload, rgod,
• Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam,
• Re: Invision Power Board 2.1 <= 2.1.6 sql injection, mattmecham,
• DeluxeBB mutiple vulnerabilities, Jessica Hope,
• Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03], ak,
• $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes,
• Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01], ak,
• WebScarab <= 20060621-0003 cross site scripting, security,
• [SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure, Moritz Muehlenhoff,
• RE: [lists] Re: PHP security (or the lack thereof), Curt Purdy,
• Re: Bybass HTTP ( extension files ) in ISA 2004, medozero,
• PcAnywhere > 12 Local Privilege Escalation, root,
• Re: Bybass HTTP ( extension files ) in ISA 2004, medozero,
• Consumers of Broadband Providers (ISP) may be open to hijack attacks, peter_philipp,
• ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, saudi . unix,
• Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21], ak,
• Invision Power Board v2.1 <= 2.1.6 sql injection exploit, paul14075,
• [security bulletin] HPSBTU02132 SSRT061154 rev.1 - HP Tru64 UNIX running NIS ypserv, Remote Denial of Service (DoS), security-alert,
• Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22], ak,
• hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities, tamriel,
• ASP.DLL Include File Buffer Overflow, Brett Moore,
• Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior, mullware,
• Re: Re: Invision Power Board 2.1 <= 2.1.6 sql injection, paul14075,
• Re: LAMP vs Microsoft, Bob Beck,
• Re: XSS phpBB 2.0.21 in administration, Jessica Hope,
• Re: LAMP vs Microsoft, Hugo van der Kooij,
• Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit, str0ke,
• osDate 1.1.7 multiple vulnerabilities, binary . loc,
• Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl, Alexander Hristov,
• Re: crashing firefox <= 1.5.0.4, bugtraq,
• New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio,
• [USN-320-1] PHP vulnerabilities, Martin Pitt,
• [ MDKSA-2006:125 ] - Updated webmin packages fix arbitray file read vulnerability., security,
• [ MDKSA-2006:127 ] - Updated gimp packages fix buffer overflow vulnerability., security,
• [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities., security,
• [ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities, security,
• Re: Bybass HTTP ( extension files ) in ISA 2004, Thor (Hammer of God),
• rPSA-2006-0132-1 tshark wireshark, Justin M. Forbes,
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Systems Product Security Incident Response Team,
• VMSA-2006-0003 VMware possible incorrect permissions on SSL key files, VMware Security Team,
• [ GLSA 200607-06 ] libpng: Buffer overflow, Thierry Carrez,
• [USN-319-2] Linux kernel vulnerability, Martin Pitt,
• [USN-313-2] OpenOffice.org vulnerabilities, Martin Pitt,
• Re: imageVue16.1 upload vulnerability, info,
• AFCommerce Shopping Cart, sledge,
• Security point-of-contact for Ameritrade?, James M. Blackburn,
• Re: osDate 1.1.7 multiple vulnerabilities, binary . loc,
• rPSA-2006-0133-1 libpng, Justin M. Forbes,
• Cisco MARS < 4.2.1 remote compromise, Jon Hart,
• [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion, matdhule,
• Advisory: Remote command execution in planetGallery, RedTeam Pentesting,
• [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability, admin,
• [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability, admin,
• [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin,
• [ MDKSA-2006:129 ] - Updated freetype2 packages fixes overflow vulnerability., security,
• [security bulletin] HPSBUX02108 SSRT061133 rev.12 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert,
• rPSA-2006-0134-1 sendmail sendmail-cf, Justin M. Forbes,
• [USN-321-1] mysql-dfsg-4.1 vulnerability, Martin Pitt,
• [SECURITY] [DSA 1117-1] New libgd2 packages fix denial of service, Moritz Muehlenhoff,
• [security bulletin] HPSBMA02133 SSRT061201 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update July 2006, security-alert,
• SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1, armin390,
• [ GLSA 200607-07 ] xine-lib: Buffer overflow, Thierry Carrez,
• [SECURITY] [DSA 1115-1] New GnuPG2 packages fix denial of service, Martin Schulze,
• LoudBlog <=0.5 Sql injection, rgod,
• TSLSA-2006-0042 - multi, Trustix Security Advisor,
• Unidomedia Chameleon LE/Pro Directory Traversal, kicktd,
• Samba Internal Data Structures DOS Vulnerability Exploit, Alexander Hristov,
• [ MDKSA-2006:130 ] - Updated kdelibs packages fix konqueror crash vulnerability., security,
• [SECURITY] [DSA 1114-1] New hashcash packages fix arbitrary code execution, Martin Schulze,
• SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion, chris_hasibuan,
• [SECURITY] [DSA 1116-1] New gimp packages fix arbitrary code execution, Moritz Muehlenhoff,
• Re: Samba Internal Data Structures DOS Vulnerability Exploit, Gerald (Jerry) Carter,
• Re: Securing PHP or finding PHP alternatives, Crispin Cowan,
• MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php), AG Spider,
• iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, labs-no-reply,
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, kala_z,
• RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes,
• Re: LAMP vs Microsoft, Darren Reed,
• Re: ATutor 1.5.3 Cross Site Scripting, Steven M. Christey,
• Re: Securing PHP or finding PHP alternatives, Michael Cordover,
• RE: XSS phpBB 2.0.21 in administration, David Thomson,
• Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Micheal Turner,
• Microsoft Internet Explorer DOS Vulnerability, SnoBmsn,
• MicroGuestBook Remote XSS Attack, omnipresent,
• [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities, admin,
• RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, m,
• [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting, admin,
• Low security hole affecting IPCalc's CGI wrapper, Tim Brown,
• [SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities, Martin Schulze,
• about bid 17404, crack,
• [SECURITY] [DSA 1119-1] New hiki packages fix denial of service, Martin Schulze,
• Re: XSS phpBB 2.0.21 in administration, Jessica Hope,
• Re: SubberZ[Lite] - Remote File Include, the . jalal,
• RE: $100 plus several of my books if you can crack my Windows password hashes., Roger A. Grimes,
• New CVE identifiers for separate PowerPoint 0-day issues assigned, Juha-Matti Laurio,
• RE: $100 plus several of my books if you can crack my Windows password hashes., Michael Scheidell,
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, scott,
• new shell bypass safe mode, d3nger,
• SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path), mail,
• Re: XSS phpBB 2.0.21 in administration, Jessica Hope,
• [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla], botan,
• Re: AFCommerce Shopping Cart, contact,
• Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities, matdhule,
• Re: New PowerPoint Trojan installs itself as LSP, Mike Healan,
• MiniBB Forum <= 1.5a Remote File Include (news.php), AG Spider,
• [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure, admin,
• Com Multibanners Remote File Inclusion (mosConfig_absolute_path), mail,
• Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability, harbl,
• Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure, admin,
• Re: [Full-disclosure] Re: New PowerPoint Trojan installs itself as LSP, Juha-Matti Laurio,
• Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability, sales,
• Map MS Security Bulletins to MS KB numbers, Matthew Leeds,
• DotClear : Multiples Full Path Disclosure, Silitix,

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.