BugTraq@security-focus.com List Archive
- XSS Vulnerability in FTD v3.7.3,
try_og,
- Re: flatnuke <= 2.5.7 arbitrary php file upload,
segatom,
- [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion,
erdc,
- SAPID CMS remote File Inclusion vulnerabilities,
simo64,
- XennoBB <= 2.1.0 "birthday" SQL injection,
c . boulton,
- 0-day XP SP2 wmf exploit,
cyanid-E,
- SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion,
chris_hasibuan,
- 0-day XP SP2 wmf exploit (some details),
cyanid-E,
- NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion,
philipp . niedziela,
- when will AV vendors fix this???,
Bipin Gautam,
- blur6ex 0.3 Comment title HTML inyection vuln.,
piiiiiii pppiiiiiiii,
- IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY,
king_purba,
- PHP: Zend_Hash_Del_Key_Or_Index Vulnerability,
Stefan Esser,
- Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006),
Luigi Auriemma,
- php local buffer underflow could lead to arbitary code execution,
heintz,
- [ GLSA 200608-10 ] pike: SQL injection vulnerability,
Sune Kloppenborg Jeppesen,
- Re: when will AV vendors fix this???,
Denis Jedig,
- [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure,
Sune Kloppenborg Jeppesen,
- Virtual War v1.5.0 Remote File Include (vwar_root),
AG Spider,
- [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability,
vulnpost-remove,
- Will Microsoft patch remarkable old Msjet40.dll issue?,
Juha-Matti Laurio,
- Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.,
dinoboff,
- [SECURITY] [DSA 1144-1] New chmlib packages fix denial of service,
Moritz Muehlenhoff,
- linksys WRT54g authentication bypass,
Ginsu Rabbit,
- [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code,
Sune Kloppenborg Jeppesen,
- DeluxeBB Multiple Vulnerabilities,
darkz . gsa,
- RE: linksys WRT54g authentication bypass,
Andy Meyers,
- simplog 0.9.3 and prior XSS,
piiiiiii pppiiiiiiii,
- Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability,
x0r0n,
- TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability,
TSRT,
- TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability,
TSRT,
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released,
Steve VanDevender,
- Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion,
Mailinglists Address,
- ARES 2007: Call for workshop proposals, deadline Sept 10, 2006,
Manh Tho,
- Attacking the local LAN via XSS,
pdp (architect),
- Re: [Full-disclosure] Attacking the local LAN via XSS,
Schanulleke,
- Re: [Full-disclosure] Attacking the local LAN via XSS,
Thierry Zoller,
- Re: [Full-disclosure] Attacking the local LAN via XSS,
pdp (architect),
- Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS,
pdp (architect),
- Re[2]: [Full-disclosure] Attacking the local LAN via XSS,
Thierry Zoller,
- Re: vbulletin 3.5.4 IE exploit xss,
james,
- AUTODAFE: an Act of Software Torture [FUZZER],
Martin Vuagnoux,
- phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability,
sh3ll,
- [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow,
eEye Advisories,
- Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper],
SPI Labs,
- [ GLSA 200608-13 ] ClamAV: Heap buffer overflow,
Matthias Geerdsen,
- ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability,
zdi-disclosures,
- ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability,
zdi-disclosures,
- [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities,
Moritz Muehlenhoff,
- Archangel Weblog 0.90.02 and prior Multiple HTML injections,
piiiiiii pppiiiiiiii,
- docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability,
x0r0n,
- rPSA-2006-0147-1 mysql mysql-bench mysql-server,
Justin M. Forbes,
- phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability,
tr_zindan,
- Microsoft PowerPoint Malformed Record Memory Corruption,
Sowhat,
- TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities,
TSRT,
- [ GLSA 200608-14 ] DUMB: Heap buffer overflow,
Sune Kloppenborg Jeppesen,
- unwrapping PL/SQL,
pete,
- MojoScripts' xss vulnerable,
tugra,
- MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities,
Tom Yu,
- Re: Will Microsoft patch remarkable old Msjet40.dll issue?,
Juha-Matti Laurio,
- AW: Virtual War v1.5.0 Remote File Include (vwar_root),
Frank Reißner,
- ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability,
Sune Kloppenborg Jeppesen,
- rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
Justin M. Forbes,
- [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow,
pucik,
- SUSE Security Announcement: clamav (SUSE-SA:2006:046),
Ludwig Nussel,
- PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities,
x0r0n,
- [USN-333-1] libwmf vulnerability,
Martin Pitt,
- Assessment of Vista Kernel Mode Security,
ATR-Bugtraq,
- Latinchat Denial Of Service,
Vicente Perez,
- [SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation,
Martin Schulze,
- [ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability,
security,
- CivicSpace Version 0.8.5 HTML injection,
HeLiOsZ RooT,
- BlogHoster v2.2 Post Comment Html Injection,
piiiiiii pppiiiiiiii,
- [ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability,
security,
- Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability,
philipp . niedziela,
- [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting),
Francisco Amato,
- TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability,
TSRT,
- Multiple buffer-overflows in AlsaPlayer 0.99.76,
Luigi Auriemma,
- TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability,
TSRT,
- Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8,
Luigi Auriemma,
- TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability,
TSRT,
- [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities,
Moritz Muehlenhoff,
- [SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting,
Moritz Muehlenhoff,
- [ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability,
security,
- XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php),
ratboy727,
- PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection,
simo64,
- Yabb XSS,
Outlaw,
- TinyWebGallery v1.5 ( image ) Remote Include Vulnerability,
x0r0n,
- [SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution,
Martin Schulze,
- Sending multipart/form-data requests from Flash (with arbitrary headers),
Amit Klein (AKsecurity),
- Directory Traversal vulnerability in IPCheck Monitor Server,
auuw73,
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service,
Mariano Nuñez Di Croce,
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow,
Mariano Nuñez Di Croce,
- PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service,
Collin R. Mulliner,
- [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@),
Raphael Marichez,
- [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability,
Sune Kloppenborg Jeppesen,
- [ GLSA 200608-18 ] Net::Server: Format string vulnerability,
Sune Kloppenborg Jeppesen,
- [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows,
Sune Kloppenborg Jeppesen,
- Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure,
dm,
- Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability,
camino,
- Netgear FVG318 is vunerable to DOS attack,
root,
- Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability,
sh3ll,
- InfanView 3.98 (with plugins) - Access violation at processing images ANI files,
sehato,
- myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability,
sh3ll,
- Compersus ASP shopping cart <= DataBase Downloading vuln.,
mfoxhacker,
- Virtual War v1.5.0 <= Sql Injection vuln.,
mfoxhacker,
- XennoBB <= "avatar gallery" Directory Transversal,
c . boulton,
- CGI Script Source Code Disclosure Vulnerability in Apache for Windows,
susam . pal,
- Simple one-file GuestBook 1.0,
omnipresent,
- Dragonfly CMS 9.0.6.1 and prior XSS,
HeLiOsZ RooT,
- Security Contact,
Sean Warnock,
- Re: when will AV vendors fix this???,
Marius Huse Jacobsen,
- RE: when will AV vendors fix this???,
Thomas D.,
- Re: when will AV vendors fix this???,
Paul Schmehl,
- RE: [Full-disclosure] RE: when will AV vendors fix this???,
Thomas D.,
- Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory,
henry . sieff,
- Re: [Full-disclosure] Attacking the local LAN via XSS,
Nikolay Kubarelov,
- Re: linksys WRT54g authentication bypass,
Nicholas Knight,
- Re: linksys WRT54g authentication bypass,
Rodrigo Barbosa,
- Re: linksys WRT54g authentication bypass,
Ginsu Rabbit,
- RE: linksys WRT54g authentication bypass,
Miguel Valentin,
- RE: linksys WRT54g authentication bypass,
Ginsu Rabbit,
- Re: when will AV vendors fix this???,
Bipin Gautam,
- Bypassing script filters with variable-width encodings,
Cheng Peng Su,
- Re: linksys WRT54g authentication bypass,
guant a,
- XSSing the Lan 3 (web trojans.. not a new idea),
pdp (architect),
- Re: linksys WRT54g authentication bypass,
Ginsu Rabbit,
- Security Vulnerability in Ruby on Rails 1.1.x,
michael,
- [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code,
security-alert,
- [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS),
security-alert,
- TSLSA-2006-0046 - multi,
Trustix Security Advisor,
- Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory,
Henry Sieff,
- miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability,
sh3ll,
- [ GLSA 200608-19 ] WordPress: Privilege escalation,
Raphael Marichez,
- Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability,
sh3ll,
- rPSA-2006-0152-1 squirrelmail,
Justin M. Forbes,
- WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI,
philipp . niedziela,
- Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code,
xvml,
- wheatblog ُSession.php Remote File Inclusion,
Outlaw,
- UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities,
Raphael Marichez,
- VWar <= 1.50 R14 (n) Remote SQL Injection,
brom0815,
- Nokia Browser Crash,
qode,
- SquirrelMail 1.4.8 released - fixes variable overwriting attack,
Thijs Kinkhorst,
- Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack,
Yves Goergen,
- Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability,
sh3ll,
- myEvent <= 1.4 Multiple Remote File Include Vulnerabilities,
sh3ll,
- Concurrency-related vulnerabilities in browsers - expect problems,
Michal Zalewski,
- [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation,
Martin Schulze,
- Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities,
Benjamin Tobias Franz,
- Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability,
nukedx,
- Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss,
blood2_20032003,
- (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow,
Secure,
- ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability,
ScatterChat Advisories,
- Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities,
Reversemode,
Mail converted by MHonArc
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.