BugTraq@security-focus.com List Archive

• Date Index

• GPhotos 1.5 Multiple vulnerabilities, tux025
• A-Cart 2.0 SQL Injection, Advisory
• Re: Airmagnet management interfaces multiple vulnerabilities, ckuan
• linksys wrt54g v5 authentication bypass fixed, Ginsu Rabbit
• [ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability, security
• [MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues, admin
• [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, Advisory
  • <Possible follow-ups>
  • Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite, gmdarkfig
• Infinitytechs Restaurants CM, saps . audit
• BLOG:CMS <= 4.1.3 XSS, katatafish
• Vikingboard (0.1.2) [ multiples vulnerability ], saps . audit
• Drone Armies C&C Report - 17 Nov 2006, c2report
• [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite, Advisory
• [ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security
• Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection, gmdarkfig
• PhpBB Module Dimension Remote File Include, bluespy . ok
• Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING, pagvac
• [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues, admin
• A-Cart PRO SQL Injection, Advisory
  • <Possible follow-ups>
  • Re: A-Cart PRO SQL Injection, gmdarkfig
• 20/20 datashed [ multiples injection sql ], saps . audit
• Dating Site [ login bypass & xss], saps . audit
• MosReporter Joomla Component Remote File Inclusion Exploi, crackers_child
• XSS vBulletin 3.6.X Admin Control Painel, insanity
• igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote, info
• Aspmforum [ multiples injection sql (get&post)], saps . audit
• Sphpblog => 0.8 Remote File Include Vulnerabilities, the_3dit0r
• [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Reversemode
• TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability, liuqx
• 20/20 real estate [ multiples injection sql ], saps . audit
• 20/20 auto gallery [ multiples injection sql ], saps . audit
• [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory], Advisory
• [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
• TSLSA-2006-0065 - libpng, Trustix Security Advisor
• [ GLSA 200611-09 ] libpng: Denial of Service, Sune Kloppenborg Jeppesen
• [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS), security-alert
• [USN-383-1] libpng vulnerability, Kees Cook
• [OpenPKG-SA-2006.036] OpenPKG Security Advisory (png), OpenPKG
• [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities, security
• [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities, security
• Active News Manager [ injection sql (post&get)], saps . audit
• [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd), OpenPKG
• [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities, security
• [ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities, security
• Kerio WebSTAR local privilege escalation, K F (lists)
• [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities, security
• Pilot Cart V.7.2 [ injection sql (post) ], saps . audit
• Storystream => 4.0 Remote File Include Vulnerability Exploit, the_3dit0r
• RED Blog => Remote File Include Vulnerability Exploit, the_3dit0r
• blogcms => 4.0.0 Remote File Include, the_3dit0r
  • Re: blogcms => 4.0.0 Remote File Include, Stefano Zanero
• My-BIC => 0.6.5 Remote File Include Vulnerability Exploit, the_3dit0r
• Image gallery with Access Database SQL Injection, Advisory
• rPSA-2006-0211-1 libpng, rPath Update Announcements
• Links smbclient command execution, Teemu Salmela
• UK Security Convention - Continuity 2006, Manchester 2600
• Secunia Research: Panda ActiveScan Multiple Vulnerabilities, Secunia Research
• eggblog=> 3.1.0 Cross Site Scripting, the_3dit0r
• Hot Links download backup authorized vulnerabilities (re-post with some edit), hack2prison
• worksystem => Remote File Include Vulnerability Exploit, the_3dit0r
• ASP Cart [multiples injection sql (post & get)], saps . audit
• Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include, AG- Spider
• BlogTorrent-preview => 0.92 Cross Site Scripting, the_3dit0r
• Sphpblog => 0.8 Cross Site Scripting, the_3dit0r
• i-Gallery 3.4 Cross Site Scripting, Advisory
• Myphotos => Remote File Include Vulnerability Exploit, the_3dit0r
• Helm Cross Site Scripting, Advisory
• ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability, zdi-disclosures
• BaalAsp forum [login bypass ,injections sql(post), xss(post)], saps . audit
• CandyPress Store[ multiples injection sql ], saps . audit
• Vulnerabilities in Client Service for NetWare, Avert
• Whitepaper: Implementing and Detecting a PCI Rootkit, John Heasman
• eShopping Cart [injection sql], saps . audit
• Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), revenge
  • <Possible follow-ups>
  • Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ), dean
• discloser => 0.0.4 Remote File Include Vulnerability Exploit, the_3dit0r
• dev_wms => 1.5 Remote File Include Vulnerabilities, the_3dit0r
  • Re: dev_wms => 1.5 Remote File Include Vulnerabilities, Stefano Zanero
• Secunia Research: MDaemon Insecure Default Directory Permissions, Secunia Research
• Chetcpasswd 2.x: multiple vulnerabilities, riclem
• Team Evil - Incident #2, beSIRT
• Bloo => 1.00 Remote File Include Vulnerability, the_3dit0r
• OdysseusBlog => 1.0.0 Cross Site Scripting, the_3dit0r
• [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues, admin
• PhpMyAdmin all version [multiples vulnerability], saps . audit
• Hot Links download backup authorized vulnerabilities, hack2prison
• discloser => 0.0.4 Remote File Include Vulnerabilities, the_3dit0r
• Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection, Advisory
• MetaCart e-Shop [multiples injection sql (get & post)], saps . audit
• E-commerce Kit 1 PayPal Edition [ injection sql ], saps . audit
• Bloo => 1.00 Cross Site Scripting, the_3dit0r
• [ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability, security
• FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
  • Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Lucas Holt
• Helm Cross-Site Scripting (XSS), Advisory
• E-Calendar Pro 3.0 [ login bypass & injection sql (post)], saps . audit
• Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability, Matousec - Transparent security Research
• [SECURITY] [DSA 1212-1] New openssh packages fix denial of service, Noah Meyerhans
• [ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability, security
• TSLSA-2006-0063 - multi, Trustix Security Advisor
• TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
• DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
• [OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo), OpenPKG
• NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rodrigo Rubira Branco (BSDaemon)
• MultiCalendars [ multiples injection sql ], saps . audit
• [SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution, Moritz Muehlenhoff
• Dragon calendar [ login bypass & injection sql ], saps . audit
• hpecs shopping cart[login bypass & injection sql (post)], saps . audit
• A-Cart pro[ injection sql (post&get)], saps . audit
• A+ Store E-Commerce[ injection sql & xss (post) ], saps . audit
• ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability, zdi-disclosures
• ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, zdi-disclosures
  • Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability, Micheal Turner
• EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, eEye Advisories
  • Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow, security-list
• [Fwd: OpenBase SQL multiple vulnerabilities Part Deux], K F (lists)
• [Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'], K F (lists)
• Property Site Manager [login bypass ,multiples injection sql & xss (get)], saps . audit
• Blogme v3 [admin login bypass & xss (post)], saps . audit
• FunkyASP Glossary v1.0 [injection sql], saps . audit
• Car Site Manager [injection sql & xss (get)], saps . audit
• Inventory Manager [injection sql & xss (get)], saps . audit
• Evolve Merchant[ injection sql ], saps . audit
• Apple Safari "match" Buffer Overflow Vulnerability, jbh_cg
  • Re: Apple Safari "match" Buffer Overflow Vulnerability, J. Oquendo
• BPG Content Management System SQL Injection, Advisory
• Engine Manager SQL Injection, Advisory
• ECommerce Store Shop Builder, Advisory
• Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Stefan Esser
  • Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability, Marcello Barnaba
• eShopping SQL Injection, Advisory
• Ustore SQL Injection, Advisory
• WWWeb Cocepts SQL Injection, Advisory
• SiteXpress SQL Injection, Advisory
• ASPintranet SQL Injection, Advisory
  • <Possible follow-ups>
  • ASPintranet SQL Injection, Advisory
• Real Estate Listing System SQL Injection, Advisory
• [SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
• Re: GNU gv Stack Overflow Vulnerability, Noam Rathaus
• [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows, Raphael Marichez
• VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2, VMware Security team
• VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue, VMware Security team
• VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1, VMware Security team
• Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit, ajannhwt
• VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2, VMware Security team
• New Bug MiniBB Forum <= 2 Remote File Include (index.php), philip anselmo
  • <Possible follow-ups>
  • Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php), navairum
• [ GLSA 200611-08 ] RPM: Buffer overflow, Raphael Marichez
• iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability, iDefense Labs
• [ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities, Raphael Marichez
• SinFP 2.04 release, works under Windows, GomoR
• VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4, VMware Security team
• Challenges faced by automated web application security assessment tools, bugtraq
• DirectAdmin Multiple Cross Site Scription, Advisory
• [SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
• [FLSA-2006:211760] Updated gzip package fixes security issues, David Eisenstein
• UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability, ajannhwt
• ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit, ajannhwt
• Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow, Noam Rathaus
• Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
• Old SAP exploits, Nicob
• CPanel Multiple Cross Site Scription, Advisory
• Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability, ajannhwt
• UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability, ajannhwt
• ELOG Web Logbook Remote Denial of Service Vulnerability, OS2A BTO
• Phpdebug 1.1.0 - Remote File Include by Firewall, Firewall1954
• Phpjobscheduler 3.0 - Multiple Remote File Include, Firewall1954
  • Re: Phpjobscheduler 3.0 - Multiple Remote File Include, Stefano Zanero
    • Re: Phpjobscheduler 3.0 - Multiple Remote File Include, str0ke
• ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow, zdi-disclosures
• Digipass Go3 Token Dumper (at least for 2006), fcollyer
• VBulletin DoS Exploit [ all Versions ], root
  • RE: VBulletin DoS Exploit [ all Versions ], Bart Seresia
• Web Interface remote file inclusion, navairum
• Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", rvirtue
• shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit, crackers_child
• infinicart [ multiples injection sql & xss (post) ], saps . audit
• XSS in Email Signature Script, miladkaleh
• [SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities, Moritz Muehlenhoff
• NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit, ajannhwt
• NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability, ajannhwt
• Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick Boyce
  • Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Raphael Marichez
    • Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Nick FitzGerald
  • Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability, Glynn Clements
• NuRems 1.0 Remote XSS/SQL Injection Exploit, ajannhwt
• Re: feedsplitter considered harmful, wmodes
• NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit, ajannhwt
• AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit, ajannhwt
• UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability, ajannhwt
• phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit, ajannhwt
• [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue, admin
• Wordpress File Inclusion, vannovax
  • Re: Wordpress File Inclusion, Expanders
  • <Possible follow-ups>
  • Re: Wordpress File Inclusion, emc3
• Exophpdesk V1.2 - Remote File Include, firewall1954
• PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, philipp . niedziela
• [SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery, Moritz Muehlenhoff
• TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability, stormhacker
• MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure], benjilenoob
• Mega Mall [ multiples injection sql & full path disclosure ], saps . audit
• Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability, ajannhwt
• encapscms 0.3.6 - Remote File Include by Firewall, firewall1954

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.