BugTraq@security-focus.com List Archive

• Date Index

• Virtual Law Office (phpc_root_path) Remote File Include Vulnerability, xorontr
• Hustle Labs & MNIN eDirectory Vulnerability, Ryan Smith
• Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability, xorontr
• [OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal), OpenPKG
• PHPLibrary-1.5.3(Description.php) Remote File Include, arab_anaconda
• Advisory for Oneorzero helpdesk, Mike Klingler
• [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation, Reversemode
• PHP Poll Creator 1.04 (poll_vote.php)File Include, mahmood ali
• [security bulletin] HPSBTU02163 SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code, security-alert
• [ GLSA 200610-08 ] Cscope: Multiple buffer overflows, Raphael Marichez
• PHP Classifieds 7.1 - Remote File Include Vulnerability, Le . CoPrA
• Simple Machines Forum (SMF) XSS issue, josecarlos . norte
  • <Possible follow-ups>
  • Re: Simple Machines Forum (SMF) XSS issue, mrapples
• HPSBUX02162 SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code, security-alert
• [KAPDA::#60] Mambo V4.6.x vulnerabilities, alireza hassani
• [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED), Williams, James K
• iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, iDefense Labs
  • <Possible follow-ups>
  • Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, abel . andrade
  • Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability, Steven M. Christey
• [ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability, security
• TORQUE Spool Job Race condition (torque <= 2.0.0p8), Luís Miguel Silva
• [Xss] IN SMF 1.1 RC2, the_free_kernel
• PHP "exec", "system", "popen" problem, Дмитрий Borgir
  • Re: PHP "exec", "system", "popen" (+small POC), Bernhard Mueller
• ERRATA: [ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez
• ATutor 1.5.3.2=> Remote File Include Vulnerability, subzero . 0000
• Multiple XSS Vulnerabilities in KnowledgeBank 1.01, security
• KICS CMS sql injection, fireboy2006
• SQL Injection simplog, navairum
• UltraCMS 0.9 sql injection, fireboy2006
• DigitalHive 2.0 RC2 (base_include.php)File Include, mahmood ali
• [DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue, Uwe Hermann
• [DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue, Uwe Hermann
• [DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues, Uwe Hermann
• Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities, Stefan Esser
• [OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk), OpenPKG
• [SECURITY] [DSA 1196-1] New clamav packages fix arbitrary code execution, Moritz Muehlenhoff
• [security bulletin] HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065, security-alert
• [USN-367-1] Pike vulnerability, Kees Cook
• rPSA-2006-0195-1 kdelibs, rPath Update Announcements
• [USN-366-1] binutils vulnerability, Kees Cook
• Security-Assessment.com Advisory: Asterisk remote heap overflow, Adam Boileau
• Static fmat exploits with random va, root
• Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions, Secunia Research
• Secunia Research: Joomla BSQ Sitestats Script Insertion and SQL Injection, Secunia Research
• {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit, corrado . liotta
• Re: Utimaco Safeguard Easy vulnerability, Juha-Matti Laurio
• Airmagnet management interfaces multiple vulnerabilities, noreply
• Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface, noreply
• Call for Papers - First International Workshop on Secure Software Engineering (SecSE 2007), Lillian Røstad
• PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, CarcaBotx
  • Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, str0ke
  • <Possible follow-ups>
  • Re: PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit, theif
• PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, mahmood ali
  • <Possible follow-ups>
  • Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability, neothermic
• CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability, mahmood ali
• TSLSA-2006-0057 - multi, Trustix Security Advisor
• Analysis of the Oracle October 2006 Critical Patch Update, David Litchfield
• [ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion, erdc
• zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit, MoHaNdKo
• Simplog 0.9.3.1 SQL Injection, disfigure
• Boonex Dolphin 5.2 Remote File Inclusion, disfigure
• Comdev One Admin 4.1 Remote File Inclusion, disfigure
• [ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities, security
• [ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities, security
• [ MDKSA-2006:183 ] - Updated libksba packages correct DoS vulnerability, security
• iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability, iDefense Labs
• Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin, advisory
• [ GLSA 200610-07 ] Python: Buffer Overflow, Raphael Marichez
• rPSA-2006-0194-1 kernel, rPath Update Announcements
• phpAdsNew include bug!, wacky
  • Re: phpAdsNew include bug!, Wim Godden
  • <Possible follow-ups>
  • Re: phpAdsNew include bug!, matteo
• [ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery, Raphael Marichez
• [ GLSA 200610-05 ] CAPI4Hylafax fax receiver: Execution of arbitrary code, Raphael Marichez
• [security bulletin] HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges, security-alert
• Flaw in Firefox 2.0 RC2, Mike
  • Re: Flaw in Firefox 2.0 RC2, Jose Nazario
    • Re: Flaw in Firefox 2.0 RC2, Eliah Kagan
      • Re: Flaw in Firefox 2.0 RC2, Paul Schmehl
      • Re: Flaw in Firefox 2.0 RC2, arny
  • Re: Flaw in Firefox 2.0 RC2, jm
    • Re: Flaw in Firefox 2.0 RC2, Mark A Basil
      • Re: Flaw in Firefox 2.0 RC2, Jure Pečar
    • RE: Flaw in Firefox 2.0 RC2, Aras \"Russ\" Memisyazici
  • Re: Flaw in Firefox 2.0 RC2, Shane Lahey
  • Re: Flaw in Firefox 2.0 RC2, Lubomir Kundrak
  • RE: Flaw in Firefox 2.0 RC2, Sean Warnock
• [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability, erdc
• [OpenPKG-SA-2006.023] OpenPKG Security Advisory (php), OpenPKG
• TorrentFlux user_id Script Insertion, 3cab7cc7
• TorrentFlux file Script Insertion, 3cab7cc7
• TorrentFlux action Script Insertion, 3cab7cc7
• Re: Directory Traversal Vulnerability in Goop Gallery 2.0.2, gene
• PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting, research
• [USN-365-1] libksba vulnerability, Kees Cook
• [Xss] IN phplist v 2.10.2,, the-free_kernel
• About.com contact, C. Hamby
• Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability, Stefan Esser
• PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability, mahmood ali
• Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux, advisory
• patchlodel-0.7.3 - Remote File Include Vulnerabilities, erne
• iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability, iDefense Labs
• Full Path Disclosure in PHP-Wyana (2), xx_hack_xx_2004
• iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability, iDefense Labs
• osprey 1.0 (ListRecords.php) Remote File Include Vulnerability, KaBaRa . HaCk . eGy
• [ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities, Raphael Marichez
• [USN-364-1] Xsession vulnerability, Kees Cook
• WebYep-1.1.9 - Remote File Include Vulnerabilities, erne
• VoMM: Taking browser exploits to the next level, avivra
• MOStlyCEV454 - Remote File Include Vulnerabilities, erne
• :ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities, 3APA3A
• Full Path Disclosure in PHP-Wyana, xx_hack_xx_2004
• maintain-3.0.0-RC2 - Remote File Include Vulnerabilities, erne
• Back-end ( File Include Vulnerability Exploit ), h4ck3riran
• SYMSA-2006-010: Directory Traversal in IronWebMail, research
• bbsNew ( File Include Vulnerability Exploit ), h4ck3riran
• vbulletin Exploit Tool Box, [dot]
  • <Possible follow-ups>
  • Re: vbulletin Exploit Tool Box, scottREMOVE
• Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2, mkanat
• Kmail <= 1.9.1 (table/frameset) DOS, nnp
• Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS, Vidar Løkken
• Re: @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit, ptitgal
• ISS BlackICE PC Protection Filelock protection bypass Vulnerability, Matousec - Transparent security Research

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.