BugTraq@security-focus.com List Archive

• Thread Index

• Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, public,
• Informix - Discovery, Attack and Defense, David Litchfield,
• Informix Long Username Buffer Overflow Vulnerability, NGSSoftware Insight Security Research,
• Error logging buffer overflow in Informix, NGSSoftware Insight Security Research,
• Re: myEvent <= 1.4 Multiple Remote File Include Vulnerabilities, Carsten Eilers,
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers,
• Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability, noname,
• [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability, erdc,
• RE: [Full-disclosure] RE: when will AV vendors fix this???, Dmitry Yu. Bolkhovityanov,
• Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability, Carsten Eilers,
• Google Picasa Listening on Port 80?, Geoff Vass,
• SQLIDEBUG envariable overflow on Informix, NGSSoftware Insight Security Research,
• XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution, rgod,
• Re: Yabb XSS - or NOT, Volker Tanger,
• BlaBla 4U XSS Vulnerabilite, vampire_chiristof,
• Virtual War v1.5.0 SQL injection and XSS, vampire_chiristof,
• Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Allie Daneman,
• JavaScript get Internal Address (thanks to DanBUK), pdp (architect),
• RE: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Lance Seelbach,
• Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, Carsten Eilers,
• HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution, security-alert,
• Kaspersky Anti-Hacker personal firewall unstealthy stealth mode, tbratusa,
• Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability, ss_team,
• Arbitrary Library Loading in Informix, NGSSoftware Insight Security Research,
• Multiple Arbitrary Command Execution Vulnerabilities, NGSSoftware Insight Security Research,
• InfanView 3.98 (with plugins) - Access violation at processing images CUR files, sehato,
• Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack, Michael Engert,
• Technical note: under some conditions, it's possible to steal HTTP credentials using Flash, Amit Klein (AKsecurity),
• Unauthorized Database Creation Privilege on Informix, NGSSoftware Insight Security Research,
• Local privilege Escalation in SmartLine DeviceLock 5.73, seppi,
• Multiple Password Exposures Flaws, NGSSoftware Insight Security Research,
• Re: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, mr,
• osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed, vijay,
• RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers,
• Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability, noname,
• Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities, matdhule,
• Multiple buffer-overflows in libmusicbrainz 2.1.2, Luigi Auriemma,
• [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow, Damian Put,
• (somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns,
• Multiple Buffer Overflow Vulnerabilities in Informix, NGSSoftware Insight Security Research,
• Joomla Webring Component (component_dir) Remote File Inclusion Vulnerabilities, x0r0n,
• [ GLSA 200608-20 ] Ruby on Rails: Several vulnerabilities, Raphael Marichez,
• RE: linksys WRT54g authentication bypass, TeamXMM Consulting, Inc.,
• Multiple Arbitrary File Access (Write/Read) Vulnerabilities, NGSSoftware Insight Security Research,
• Opera 9 Remote Denial of Service, NNP,
• Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP],
• Re: RE: linksys WRT54g authentication bypass, gooorguss,
• Re: Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability, istgha,
• Security contact from Critical Path Inc, Guillermo Marro,
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Steven M. Christey,
• [ MDKSA-2006:142 ] - Updated heartbeat packages fix vulnerability, security,
• [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability, security,
• Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability, Carsten Eilers,
• local file include in PHP-Nuke (autohtml.php), MosT3mR,
• Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), Gerardo Richarte,
• [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability, nop,
• Re: Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability, Carsten Eilers,
• Koobi Pro CMS 5.6 SQL injection & XSS, vampire_chiristof,
• [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability, nop,
• [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service, Martin Schulze,
• [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability, nop,
• [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS), security-alert,
• otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln, vampire_chiristof,
• Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski,
• Lizge V.20 Web Portal File Include Vulnerability, crackers_child,
• fusionnews 3,7 Remote File Inclusion, Outlaw,
• CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service, Core Security Technologies advisories,
• [USN-334-1] krb5 vulnerabilities, Martin Pitt,
• [XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue., root,
• Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, Joe Orton,
• Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability, tinywebgallery,
• Mambo com_lm component (archive.php) Remote File Include Vulnerabilities, crackers_child,
• [USN-335-1] heartbeat vulnerability, Martin Pitt,
• [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing, Marc Ruef,
• [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting, Marc Ruef,
• MS Terminal Server application session breakout, pedantic1,
• ShockwaveFlash 9 (Stack overflow), Mr . Niega,
• [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS), security-alert,
• Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)", Amit Klein (AKsecurity),
• [ MDKSA-2006:143 ] - Updated Firefox packages fix multiple vulnerabilities, security,
• Re: MS Terminal Server application session breakout, Thor (Hammer of God),
• SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege, Mike Prosser,
• Reporter Mambo Component Remote File &#304;nclude, crackers_child,
• Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow, Daniel Kobras,
• discloser 0.0.4 Remote File Inclusion (with Exploit), dr . t3rr0r1st,
• [USN-337-1] imagemagick vulnerability, Martin Pitt,
• [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability, eEye Advisories,
• Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA, Richard Lindberg,
• [USN-336-1] binutils vulnerability, Martin Pitt,
• CubeCart <= 3.0.11 SQL injection & cross site scripting, rgod,
• Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows, nareshhacker,
• [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability, nop,
• Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Steven M. Christey,
• World Summit on Intrusion Prevention, wsip,
• UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities, Tom Yu,
• Re: discloser 0.0.4 Remote File Inclusion (with Exploit), Carsten Eilers,
• RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Michael Wojcik,
• powergap <= (s0x.php) Remote File Inclusion, saudi . unix,
• Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege, secure,
• [security bulletin] HPSBUX02139 SSRT5981 rev.1 - HP-UX Running the LP Subsystem, remote Denial of Service (DoS), security-alert,
• [ MDKSA-2006:143-1 ] - Updated Firefox packages fix multiple vulnerabilities, security,
• [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability, nop,
• RE: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), Marc Maiffret,
• ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added, suppressed,
• Secunia Research: AOL Insecure Default Directory Permissions, Jakob Balle,
• mtg_myhomepage Component For Mambo R.F.I, Outlaw,
• Joomla x-shop <= 1.7 Remote File Include Vulnerability, crackers_child,
• anjel Mambo Component Remote File Include, crackers_child,
• Joomla Rssxt <= 1.0 Remote File Include Vulnerability, crackers_child,
• mambo-phphop Product Scroller Module R.F.I, Outlaw,
• [SECURITY] [DSA 1152-1] New trac packages fix information disclosure, Martin Schulze,
• Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability, David Matousek,
• Mambo jim Component Remote Include Vulnerability, x0r0n,
• Re: when will AV vendors fix this???, Andreas Marx,
• Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski,
• Re: [Full-disclosure] RE: when will AV vendors fix this???, Paul Schmehl,
• Multiple xxs cPanel 10, preth00nker,
• Re: [Full-disclosure] Re: when will AV vendors fix this???, Paul Schmehl,
• RE: Google Picasa Listening on Port 80?, Kameron Gasso,
• UPDATE vBulletin Version 3.5.4 exploit, dicomdk,
• RE: Security contact from Critical Path Inc, Tony Maupin,
• Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers,
• OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS, vampire_chiristof,
• Re: [Full-disclosure] RE: when will AV vendors fix this???, Bipin Gautam,
• contentpublisher Mambo Component Remote File Include Vulnerabilities, crackers_child,
• JavaScript Lazy Authorization Forcer and Visited Link Scaner, pdp (architect),
• Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), naveed,
• Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability, bilkopat,
• [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution, Martin Schulze,
• Re: UPDATE vBulletin Version 3.5.4 exploit, scott,
• Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino,
• Re: Concurrency-related vulnerabilities in browsers - expect problems, mannion,
• Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability, camino,
• [KAPDA::#55] - Joomla poll component vulnerability, alireza hassani,
• Joomla RF&#304; ( ERNE ), erne,
• Sonium Enterprise Adressbook Version 0.2 (folder) RFI, philipp . niedziela,
• Re: Concurrency-related vulnerabilities in browsers - expect problems, Michal Zalewski,
• Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit), dr . t3rr0r1st,
• Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool,
• Modification For OpenSEF Remote file Inclusion, Outlaw,
• Ako Comments (mod) Remote File Inclusion, Outlaw,
• [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability, botan,
• Mambo CatalogShop Remote File Inclusion, Outlaw,
• Mambo com_cropimage 1.0 Component Remote Include Vulnerability, x0r0n,
• XennoBB <= 2.2.1 "icon_topic" SQL Injection, c . boulton,

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.