BugTraq@security-focus.com List Archive
- XennoBB <= 2.2.1 "icon_topic" SQL Injection,
c . boulton
- Mambo com_cropimage 1.0 Component Remote Include Vulnerability,
x0r0n
- Mambo CatalogShop Remote File Inclusion,
Outlaw
- [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability,
botan
- Ako Comments (mod) Remote File Inclusion,
Outlaw
- Modification For OpenSEF Remote file Inclusion,
Outlaw
- Sonium Enterprise Adressbook Version 0.2 (folder) RFI,
philipp . niedziela
- Joomla RFİ ( ERNE ),
erne
- [KAPDA::#55] - Joomla poll component vulnerability,
alireza hassani
- Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability,
camino
- Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability,
camino
- [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution,
Martin Schulze
- Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability,
bilkopat
- JavaScript Lazy Authorization Forcer and Visited Link Scaner,
pdp (architect)
- contentpublisher Mambo Component Remote File Include Vulnerabilities,
crackers_child
- OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS,
vampire_chiristof
- Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA,
Dave Wichers
- UPDATE vBulletin Version 3.5.4 exploit,
dicomdk
- Multiple xxs cPanel 10,
preth00nker
- Re: when will AV vendors fix this???,
Andreas Marx
- Mambo jim Component Remote Include Vulnerability,
x0r0n
- Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability,
David Matousek
- [SECURITY] [DSA 1152-1] New trac packages fix information disclosure,
Martin Schulze
- mambo-phphop Product Scroller Module R.F.I,
Outlaw
- Joomla Rssxt <= 1.0 Remote File Include Vulnerability,
crackers_child
- anjel Mambo Component Remote File Include,
crackers_child
- Joomla x-shop <= 1.7 Remote File Include Vulnerability,
crackers_child
- mtg_myhomepage Component For Mambo R.F.I,
Outlaw
- Secunia Research: AOL Insecure Default Directory Permissions,
Jakob Balle
- ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added,
suppressed
- [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability,
nop
- [ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- [security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS),
security-alert
- powergap <= (s0x.php) Remote File Inclusion,
saudi . unix
- RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems,
Michael Wojcik
- UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities,
Tom Yu
- World Summit on Intrusion Prevention,
wsip
- [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability,
nop
- CubeCart <= 3.0.11 SQL injection & cross site scripting,
rgod
- [USN-336-1] binutils vulnerability,
Martin Pitt
- [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability,
eEye Advisories
- [USN-337-1] imagemagick vulnerability,
Martin Pitt
- discloser 0.0.4 Remote File Inclusion (with Exploit),
dr . t3rr0r1st
- Reporter Mambo Component Remote File İnclude,
crackers_child
- SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege,
Mike Prosser
- [ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities,
security
- Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)",
Amit Klein (AKsecurity)
- [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS),
security-alert
- ShockwaveFlash 9 (Stack overflow),
Mr . Niega
- MS Terminal Server application session breakout,
pedantic1
- [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting,
Marc Ruef
- [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing,
Marc Ruef
- [USN-335-1] heartbeat vulnerability,
Martin Pitt
- Mambo com_lm component (archive.php) Remote File Include Vulnerabilities,
crackers_child
- Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability,
tinywebgallery
- Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows,
Joe Orton
- [XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue.,
root
- [USN-334-1] krb5 vulnerabilities,
Martin Pitt
- CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service,
Core Security Technologies advisories
- fusionnews 3,7 Remote File Inclusion,
Outlaw
- Lizge V.20 Web Portal File Include Vulnerability,
crackers_child
- Re: Concurrency-related vulnerabilities in browsers - expect problems,
Michal Zalewski
- otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln,
vampire_chiristof
- [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS),
security-alert
- [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability,
nop
- [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service,
Martin Schulze
- [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability,
nop
- Koobi Pro CMS 5.6 SQL injection & XSS,
vampire_chiristof
- [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability,
nop
- Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942),
Gerardo Richarte
- local file include in PHP-Nuke (autohtml.php),
MosT3mR
- Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability,
Carsten Eilers
- [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability,
security
- [ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability,
security
- Security contact from Critical Path Inc,
Guillermo Marro
- Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability,
istgha
- Opera 9 Remote Denial of Service,
NNP
- Multiple Arbitrary File Access (Write/Read) Vulnerabilities,
NGSSoftware Insight Security Research
- RE: linksys WRT54g authentication bypass,
TeamXMM Consulting, Inc.
- [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities,
Raphael Marichez
- Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities,
x0r0n
- Multiple Buffer Overflow Vulnerabilities in Informix,
NGSSoftware Insight Security Research
- (somewhat) breaking the same-origin policy by undermining dns-pinning,
Martin Johns
- [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow,
Damian Put
- Multiple buffer-overflows in libmusicbrainz 2.1.2,
Luigi Auriemma
- Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities,
matdhule
- RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA,
Dave Wichers
- osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed,
vijay
- Multiple Password Exposures Flaws,
NGSSoftware Insight Security Research
- Local privilege Escalation in SmartLine DeviceLock 5.73,
seppi
- Unauthorized Database Creation Privilege on Informix,
NGSSoftware Insight Security Research
- Technical note: under some conditions, it's possible to steal HTTP credentials using Flash,
Amit Klein (AKsecurity)
- Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack,
Michael Engert
- InfanView 3.98 (with plugins) - Access violation at processing images CUR files,
sehato
- Multiple Arbitrary Command Execution Vulnerabilities,
NGSSoftware Insight Security Research
- Arbitrary Library Loading in Informix,
NGSSoftware Insight Security Research
- Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability,
ss_team
- Kaspersky Anti-Hacker personal firewall unstealthy stealth mode,
tbratusa
- HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution,
security-alert
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability,
Carsten Eilers
- RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory,
Lance Seelbach
- JavaScript get Internal Address (thanks to DanBUK),
pdp (architect)
- Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack,
Allie Daneman
- Virtual War v1.5.0 SQL injection and XSS,
vampire_chiristof
- BlaBla 4U XSS Vulnerabilite,
vampire_chiristof
- Re: Yabb XSS - or NOT,
Volker Tanger
- XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution,
rgod
- SQLIDEBUG envariable overflow on Informix,
NGSSoftware Insight Security Research
- Google Picasa Listening on Port 80?,
Geoff Vass
- Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability,
Carsten Eilers
- RE: [Full-disclosure] RE: when will AV vendors fix this???,
Dmitry Yu. Bolkhovityanov
- [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability,
erdc
- Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability,
noname
- Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability,
Carsten Eilers
- Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities,
Carsten Eilers
- Error logging buffer overflow in Informix,
NGSSoftware Insight Security Research
- Informix Long Username Buffer Overflow Vulnerability,
NGSSoftware Insight Security Research
- Informix - Discovery, Attack and Defense,
David Litchfield
- Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability,
public
Mail converted by MHonArc
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.