BugTraq@security-focus.com List Archive

• Date Index

• ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability, ScatterChat Advisories
• (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow, Secure
• Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss, blood2_20032003
• Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities, Benjamin Tobias Franz
  • Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities, Reversemode
• [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation, Martin Schulze
• Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski
• myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, sh3ll
• Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, sh3ll
• SquirrelMail 1.4.8 released - fixes variable overwriting attack, Thijs Kinkhorst
  • Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Yves Goergen
• Nokia Browser Crash, qode
• VWar <= 1.50 R14 (n) Remote SQL Injection, brom0815
• UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities, Raphael Marichez
• wheatblog &#1615;Session.php Remote File Inclusion, Outlaw
• WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI, philipp . niedziela
• rPSA-2006-0152-1 squirrelmail, Justin M. Forbes
• Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, sh3ll
• [ GLSA 200608-19 ] WordPress: Privilege escalation, Raphael Marichez
• miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, sh3ll
• TSLSA-2006-0046 - multi, Trustix Security Advisor
• [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code, security-alert
• Security Vulnerability in Ruby on Rails 1.1.x, michael
• XSSing the Lan 3 (web trojans.. not a new idea), pdp (architect)
• Bypassing script filters with variable-width encodings, Cheng Peng Su
• Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, henry . sieff
  • Message not available
    • Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Henry Sieff
• RE: [Full-disclosure] RE: when will AV vendors fix this???, Thomas D.
• Security Contact, Sean Warnock
• Dragonfly CMS 9.0.6.1 and prior XSS, HeLiOsZ RooT
• Simple one-file GuestBook 1.0, omnipresent
• CGI Script Source Code Disclosure Vulnerability in Apache for Windows, susam . pal
• XennoBB <= "avatar gallery" Directory Transversal, c . boulton
• Virtual War v1.5.0 <= Sql Injection vuln., mfoxhacker
• Compersus ASP shopping cart <= DataBase Downloading vuln., mfoxhacker
• myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, sh3ll
  • <Possible follow-ups>
  • Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, nukedx
• InfanView 3.98 (with plugins) - Access violation at processing images ANI files, sehato
• Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, sh3ll
• Netgear FVG318 is vunerable to DOS attack, root
• Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability, camino
• Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure, dm
• [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows, Sune Kloppenborg Jeppesen
• [ GLSA 200608-18 ] Net::Server: Format string vulnerability, Sune Kloppenborg Jeppesen
• [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen
• [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@), Raphael Marichez
• PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service, Collin R. Mulliner
• CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow, Mariano Nuñez Di Croce
• CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service, Mariano Nuñez Di Croce
• Directory Traversal vulnerability in IPCheck Monitor Server, auuw73
• Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity)
• [SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution, Martin Schulze
• TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, x0r0n
• Yabb XSS, Outlaw
• PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection, simo64
• XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php), ratboy727
• [ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability, security
• [SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting, Moritz Muehlenhoff
• [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities, Moritz Muehlenhoff
• TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability, TSRT
• Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8, Luigi Auriemma
• TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability, TSRT
• Multiple buffer-overflows in AlsaPlayer 0.99.76, Luigi Auriemma
• TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability, TSRT
• [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting), Francisco Amato
• Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability, philipp . niedziela
• [ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability, security
• BlogHoster v2.2 Post Comment Html Injection, piiiiiii pppiiiiiiii
• CivicSpace Version 0.8.5 HTML injection, HeLiOsZ RooT
• [ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability, security
• [SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation, Martin Schulze
• Latinchat Denial Of Service, Vicente Perez
• Assessment of Vista Kernel Mode Security, ATR-Bugtraq
• [USN-333-1] libwmf vulnerability, Martin Pitt
• PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities, x0r0n
• SUSE Security Announcement: clamav (SUSE-SA:2006:046), Ludwig Nussel
• [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow, pucik
• rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, Justin M. Forbes
• ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability, Sune Kloppenborg Jeppesen
• MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities, Tom Yu
• MojoScripts' xss vulnerable, tugra
• unwrapping PL/SQL, pete
• [ GLSA 200608-14 ] DUMB: Heap buffer overflow, Sune Kloppenborg Jeppesen
• TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities, TSRT
• Microsoft PowerPoint Malformed Record Memory Corruption, Sowhat
• phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability, tr_zindan
• rPSA-2006-0147-1 mysql mysql-bench mysql-server, Justin M. Forbes
• docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability, x0r0n
• Archangel Weblog 0.90.02 and prior Multiple HTML injections, piiiiiii pppiiiiiiii
• [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities, Moritz Muehlenhoff
• ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability, zdi-disclosures
• ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability, zdi-disclosures
• [ GLSA 200608-13 ] ClamAV: Heap buffer overflow, Matthias Geerdsen
• Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs
• [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow, eEye Advisories
• phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, sh3ll
• AUTODAFE: an Act of Software Torture [FUZZER], Martin Vuagnoux
• Re: vbulletin 3.5.4 IE exploit xss, james
• Attacking the local LAN via XSS, pdp (architect)
  • Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke
  • Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
    • Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect)
      • Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
      • Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect)
      • Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov
• ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho
• Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion, Mailinglists Address
• Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released, Steve VanDevender
• TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability, TSRT
• TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability, TSRT
• Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability, x0r0n
• simplog 0.9.3 and prior XSS, piiiiiii pppiiiiiiii
• DeluxeBB Multiple Vulnerabilities, darkz . gsa
• [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, Sune Kloppenborg Jeppesen
  • <Possible follow-ups>
  • Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code, xvml
• linksys WRT54g authentication bypass, Ginsu Rabbit
  • RE: linksys WRT54g authentication bypass, Andy Meyers
    • RE: linksys WRT54g authentication bypass, Miguel Valentin
      • RE: linksys WRT54g authentication bypass, Ginsu Rabbit
  • Re: linksys WRT54g authentication bypass, Nicholas Knight
  • Re: linksys WRT54g authentication bypass, Rodrigo Barbosa
    • Re: linksys WRT54g authentication bypass, Ginsu Rabbit
  • <Possible follow-ups>
  • Re: linksys WRT54g authentication bypass, guant a
    • Re: linksys WRT54g authentication bypass, Ginsu Rabbit
• [SECURITY] [DSA 1144-1] New chmlib packages fix denial of service, Moritz Muehlenhoff
• Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln., dinoboff
• Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio
  • <Possible follow-ups>
  • Re: Will Microsoft patch remarkable old Msjet40.dll issue?, Juha-Matti Laurio
• [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability, vulnpost-remove
• Virtual War v1.5.0 Remote File Include (vwar_root), AG Spider
  • AW: Virtual War v1.5.0 Remote File Include (vwar_root), Frank Reißner
• [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure, Sune Kloppenborg Jeppesen
• [ GLSA 200608-10 ] pike: SQL injection vulnerability, Sune Kloppenborg Jeppesen
• php local buffer underflow could lead to arbitary code execution, heintz
• Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006), Luigi Auriemma
• PHP: Zend_Hash_Del_Key_Or_Index Vulnerability, Stefan Esser
• IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY, king_purba
• blur6ex 0.3 Comment title HTML inyection vuln., piiiiiii pppiiiiiiii
• when will AV vendors fix this???, Bipin Gautam
  • Re: when will AV vendors fix this???, Denis Jedig
  • Re: when will AV vendors fix this???, Marius Huse Jacobsen
  • RE: when will AV vendors fix this???, Thomas D.
  • Re: when will AV vendors fix this???, Paul Schmehl
    • Re: when will AV vendors fix this???, Bipin Gautam
• NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion, philipp . niedziela
• 0-day XP SP2 wmf exploit (some details), cyanid-E
• SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion, chris_hasibuan
• 0-day XP SP2 wmf exploit, cyanid-E
• XennoBB <= 2.1.0 "birthday" SQL injection, c . boulton
• SAPID CMS remote File Inclusion vulnerabilities, simo64
• [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion, erdc
• Re: flatnuke <= 2.5.7 arbitrary php file upload, segatom
• XSS Vulnerability in FTD v3.7.3, try_og

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.