BugTraq@security-focus.com List Archive

• Date Index

• MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure, rgod
• [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen
• Tinyportal Shoutbox, exploitex
• vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit, addmimistrator
• [ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
• Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01], Matthew Hall
• phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion, philipp . niedziela
• CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities, Williams, James K
• TSLSA-2006-0044 - multi, Trustix Security Advisor
• [SECURITY] [DSA 1143-1] New dhcp packages fix denial of service, Martin Schulze
• [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion, matdhule
• [SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution, Martin Schulze
• [ECHO_ADV_42$2006] BufferOverflow in Eremove Client, erdc
• [ GLSA 200608-06 ] Courier MTA: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
• [ GLSA 200608-05 ] LibVNCServer: Authentication bypass, Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 1141-1] New GnuPG2 packages fix denial of service, Martin Schulze
• XSS in Vbulletin 3.6.0 in IE 0nly, Stefan
• GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities, Tamriel
• CounterChaos <= 0.48c SQL Injection Vulnerability, Tamriel
• GaesteChaos <= 0.2 Multiple Vulnerabilities, Tamriel
• [security bulletin] HPSBUX02137 SSRT051024 rev.1 - HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation, security-alert
• ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability, x0r0n
• [ GLSA 200608-04 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez
• ME Download System 1.3 Remote File Inclusion, philipp . niedziela
• vbulletin 3.5.4 IE exploit xss, stefan
• [ GLSA 200608-03 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez
• [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue, Uwe Hermann
• SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, chris_hasibuan
• [ GLSA 200608-02 ] Mozilla SeaMonkey: Multiple vulnerabilities, Stefan Cornelius
• SendCard <= 3.4.0 unauthorized administrative access / remote commands execution, rgod
• [SECURITY] [DSA 1140-1] New GnuPG packages fix denial of service, Martin Schulze
• [MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue, admin
• Javascript software authentication brute force attack, Gianstefano Monni
• [SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation, Moritz Muehlenhoff
• Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Philip M. Gollucci
  • Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, William A. Rowe, Jr.
• [USN-332-1] gnupg vulnerability, Martin Pitt
• [USN-331-1] Linux kernel vulnerabilities, Martin Pitt
• CMSimple Cross Site Scripting, Outlaw
• Secunia Research: PC Tools AntiVirus Insecure Default Directory Permissions, Secunia Research
• Vwar v1.5.0 <= Sql Injection and XSS vuln., mfoxhacker
• TSEP <= 0.942 Remote File Include, beford
• Simpliciti Locked Browser Jail Breakout Vulnerability, EvilPacket
• [security bulletin] HPSBUX02087 SSRT4728 rev.3 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 1135-1] New libtunepimp packages fix arbitrary code execution, Martin Schulze
• [SECURITY] [DSA 1138-1] New cfs packages fix denial of service, Moritz Muehlenhoff
• Hobbit monitor security bugfix release - 4.1.2p2, Henrik Stoerner
• [security bulletin] HPSBGN02136 SSRT061173 rev.1 - ProCurve Series 3500yl, 6200yl, and 5400zl Switches Running Software Prior to K.11.33 Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities, Martin Schulze
• OZJournal v1.5 - XSS, luny
• [security bulletin] HPSBUX02124 SSRT061159 rev.1 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 1136-1] New gpdf packages fix denial of service, Martin Schulze
• [security bulletin] HPSBUX02108 SSRT061133 rev.13 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
• [eVuln] MyBB 'Avatar URL' XSS Vulnerability, alex
• [USN-330-1] tiff vulnerabilities, Martin Pitt
• rPSA-2006-0143-1 gnupg, Justin M. Forbes
• Content Management Framework "G3" - XSS Vulnerability in Search Function, Stefan Friedli
• SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability, x0r0n
• Secunia Research: Jetbox Multiple Vulnerabilities, Secunia Research
• [SECURITY] [DSA 1134-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
• EEYE: research.eeye.com, Marc Maiffret
• rPSA-2006-0142-1 libtiff, Justin M. Forbes
• JavaScript port scanning, pdp (architect)
• [SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code, Moritz Muehlenhoff
• [ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities, security
• DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow', K F (lists)
• Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], gssincla
  • Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02], Matthew Hall
• Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], gssincla
  • Re: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], pingywon
  • RE: Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01], Roger A. Grimes
• SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, secure
  • Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, Chris Wysopal
• [ MDKSA-2006:136 ] - Updated kdegraphics packages fix multiple libtiff vulnerabilities, security
• SUSE Security Announcement: libtiff (SUSE-SA:2006:044), Thomas Biege
• SUSE Security Announcement: freetype2 (SUSE-SA:2006:045), Thomas Biege
• [SECURITY] [DSA 1131-1] New apache package fix buffer overflow, Steve Kemp
• [SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow, Steve Kemp
• ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability, David Matousek
• TSEP 0.9.4.2 <= Remote File Inclusion, philipp . niedziela
• [USN-327-2] firefox regression, Martin Pitt
• VMSA-2006-0004 Cross site scripting vulnerability and other fixes, VMware Security Team
• [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities, security
• [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability, vulnpost-remove
• WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider
  • <Possible follow-ups>
  • WoW Roster <= 1.5.x Remote File Include (hsList.php), AG Spider
• [SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting, Martin Schulze
• [Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution, botan
• [Kurdish Security # 20 ] Quickie Remote Command Execution, botan
• [Kurdish Security # 19 ] FileManager Remote Command Execution, botan
• [Kurdish Security # 18 ] FAQ Script Remote Command Execution, botan
• [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution, botan
• [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution, botan
• NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit, tr_zindan
• [ GLSA 200608-01 ] Apache: Off-by-one flaw in mod_rewrite, Matthias Geerdsen
• Re: Xss in MttKe-php v2.6, Steven M. Christey
• Re: Do world's famous companies take care of their security?, Steven M. Christey
• MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability, philipp . niedziela
• Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5, Luigi Auriemma
• Re: [EEYEB-20060227] D-Link Router UPNP Stack Overflow, solutions_PHP
• Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue, advisories
• Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue, advisories
• Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue, advisories
• Oracle and Apache mod_rewrite Vulnerability, tigerblue
• Re: Check Point R55W Directory Traversal, Hugo van der Kooij
• Re: Gdiplus.dll division by 0, Early Warning Team
  • Re: Gdiplus.dll division by 0, giacomo collini
    • Re: Gdiplus.dll division by 0, Dennis Lubert
• Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Pavel Kankovsky
  • Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
• SQL injection Seir Anphin v666 Community Management System, vulnerabilities
• PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI, philipp . niedziela
• ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure, rgod
• com_moskool (admin.moskool.php) Remote File Include Vulnerabilities, saudi . unix
• Re: PHP ip2long() function circumvention, darylf
• Re: Portail PHP v1.7 Remote File Include, x0r0n
• Re: cpanel login problem, Scott Gemma
  • RE: cpanel login problem, Alan
  • <Possible follow-ups>
  • RE: cpanel login problem, Bugs
  • Re: cpanel login problem, usar_y_tirar
• UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities, Sune Kloppenborg Jeppesen

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.