BugTraq@security-focus.com List Archive

Date Index

[ GLSA 200607-11 ] TunePimp: Buffer overflow, Stefan Cornelius
[ GLSA 200607-13 ] Audacious: Multiple heap and buffer overflows, Matthias Geerdsen
Gdiplus.dll division by 0, Mr . Niega
[ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities, security
[ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities, Stefan Cornelius
artlinks Mambo Component <= Remote Include Vulnerability, Dr . Jr7
mambatstaff Mambo Component <= Remote Include Vulnerability, Dr . Jr7
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities, A-S-T2006
[ MDKSA-2006:133 ] - Updated apache packages fix mod_rewrite vulnerability, security
[KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php, roozbeh_afrasiabi
XSS vulnerability on AWBS, newbinaryfile
Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities, A-S-T2006
PHP ip2long() function circumvention, rgod
[USN-329-1] Thunderbird vulnerabilities, Martin Pitt
rPSA-2006-0139-1 httpd mod_ssl, Justin M. Forbes
PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability, tr_zindan
Hustle -- Tumbleweed Email Firewall Remote Vulnerability, Ryan Smith
cpanel login problem, ali
- Re: cpanel login problem, nate
Lan-Aces Office Logic, Mike
Re: Fusion Polls (xtrphome) Remote File Inclusion, security curmudgeon
Guestbook Mambo Module <== v1.3.0 Multiple Remote File Include Vulnerabilities, matdhule
PHP-Nuke INP XSS, l2odon
[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution, Martin Schulze
Apache mod_rewrite Buffer Overflow Vulnerability, Avert
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, William A. Rowe, Jr.
Remote Include Vulnerability ====> in Dr.Jr7 Gallery 3.2 RC1, R0t-K33Y
[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype), OpenPKG
[OpenPKG-SA-2006.016] OpenPKG Security Advisory (ruby), OpenPKG
[ MDKSA-2006:132 ] - Updated libwmf packages fixes integer overflow vulnerability, security
Portail PHP v1.7 Remote File Include, Meftun
[SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service, Martin Schulze
[OpenPKG-SA-2006.015] OpenPKG Security Advisory (apache), OpenPKG
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities, Moritz Muehlenhoff
[FLSA-2006:175040] Updated php packages fix security issues, Marc Deslauriers
[USN-328-1] Apache vulnerability, Martin Pitt
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
[USN-327-1] firefox vulnerabilities, Martin Pitt
Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection, Steven M. Christey
Oracle 10g R2 and, probably, all previous versions, putosoft softputo
- <Possible follow-ups>
- Oracle 10g R2 and, probably, all previous versions, Russell Lowenthal
AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC), c0rrupt
Xss in MttKe-php v2.6, R0t-K33Y
rPSA-2006-0137-1 firefox, Justin M. Forbes
ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability, zdi-disclosures
Bypassing Oracle dbms_assert, ak
- Re: Bypassing Oracle dbms_assert, David Litchfield
  - RE: Bypassing Oracle dbms_assert, Alexander Kornbrust
    - Re: Bypassing Oracle dbms_assert, David Litchfield
Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption, Secunia Research
[SECURITY] [DSA 1125-2] New drupal packages fix execution of arbitrary web script code (revised packages), Moritz Muehlenhoff
[USN-326-1] heartbeat vulnerability, Martin Pitt
[USN-325-1] ruby1.8 vulnerability, Martin Pitt
[USN-324-1] freetype vulnerability, Martin Pitt
Re: Low security hole affecting IPCalc's CGI wrapper, krischan
Buffer Overflow Vulnerability in Winlpd, Meftun
Cross-Site Scripting and Local File Inclusion in Phorum, Meftun
[SECURITY] [DSA 1126-1] New Asterisk packages fix denial of service, Martin Schulze
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting, securityconnection
a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability, Dr . Jr7
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability, NSFOCUS Security Team
Re: new shell bypass safe mode, cxib
Phpprobid <= 5.24 XSS SQL injection Vulnerability, securityconnection
Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow, Secunia Research
[OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela), OpenPKG
[vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability, vulnpost-remove
[ECHO_ADV_41$2006] BufferOverflow in Midirecord2, the_day
[USN-323-1] mozilla vulnerabilities, Martin Pitt
Etomite CMS <= 0.6.1 'rfiles.php' remote command execution, rgod
Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
- <Possible follow-ups>
- Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Eloy Paris
[SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code, Moritz Muehlenhoff
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities, TSRT
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability, TSRT
- RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability, Desai, Deepen
ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability, zdi-disclosures
ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability, zdi-disclosures
TP-Book <= 1.00 Cross Site Scripting Vulnerabilities, tamriel
Zyxel Prestige 660H-61 Cross-Site Scripting, jose . palanco
PHP-Auction SQL injection, l2odon
Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities, tamriel
wwwThreads XSS, l2odon
[SECURITY] [DSA 1111-2] New Linux kernel 2.6.8 packages fix privilege escalation, Moritz Muehlenhoff
Multiple vulnerabilities in OpenCMS, Meder Kydyraliev
EzUpload multi file vulnerabilities, hack2prison
[USN-320-2] php4 regression, Martin Pitt
[USN-297-3] Thunderbird vulnerabilities, Martin Pitt
Secunia Research: AutoVue SolidModel Professional Buffer Overflow Vulnerability, Secunia Research
MS06-034 lies? IIS 6 can still be owned?, Cesar
Full Path Disclosure xGuestBook v1.02, dicomdk
[ MDKSA-2006:131 ] - Updated perl-Net-Server packages fix format string vulnerability, security
Re: Ashop Search Module SQL injection, security curmudgeon
[security bulletin] HPSBUX02087 SSRT4728 rev.2 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties, simo64
[vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow, vulnpost-remove
[vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability, vulnpost-remove
[vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities, vulnpost-remove
Advisory: VMware Possible Incorrect Permissions On SSL Key Files, Nick Breese
[USN-296-2] Firefox vulnerabilities, Martin Pitt
[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006), Luigi Auriemma
[SECURITY] [DSA 1122-1] New Net::Server packages fix denial of service, Martin Schulze
Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127), Luigi Auriemma
SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced, research
Opsware NAS 6.0 reveals MySQL 'root' password, Freeman, Michael
- <Possible follow-ups>
- Re: Opsware NAS 6.0 reveals MySQL 'root' password, security-alert
Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability, info
rPSA-2006-0135-1 gimp, Justin M. Forbes
Heap overflow in the GT2 loader of libmikmod 3.2.2, Luigi Auriemma
[SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution, Moritz Muehlenhoff
SQuery v.x (devi.php) (armygame.php) Remote File Inclusion, saudi . unix
Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
- Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
  - Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", 3CO
    - Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities, admin
ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow, Sune Kloppenborg Jeppesen
Windows XP/NT/SMB2003/2000 Denial of Service attack, J. Oquendo
[SECURITY] [DSA 1124-1] New fbi packages fix potential deletion of user data, Moritz Muehlenhoff
MusicBox <= 2.3.4 XSS SQL injection Vulnerability, securityconnection
[USN-322-1] Konqueror vulnerability, Martin Pitt
Check Point R55W Directory Traversal, Sec-Tec Lists
- <Possible follow-ups>
- Re: Check Point R55W Directory Traversal, dave_kwek
Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Micheal Turner
PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities, saudi . unix
[SECURITY] [DSA 1121-1] New postgrey packages fix denial of service, Martin Schulze
Buffer-overflow in the XM loader of Cheese Tracker 0.9.9, Luigi Auriemma
[CYBSEC] TippingPoint detection bypass, Andres Riancho
[ GLSA 200607-08 ] GIMP: Buffer overflow, Sune Kloppenborg Jeppesen
- Re: [ GLSA 200607-08 ] GIMP: Buffer overflow, Michael Shigorin
Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln., mfoxhacker
[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla], botan
[SECURITY] [DSA 1120-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze

Mail converted by MHonArc

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.