BugTraq@security-focus.com List Archive
- encapscms 0.3.6 - Remote File Include by Firewall,
firewall1954,
- Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability,
ajannhwt,
- Mega Mall [ multiples injection sql & full path disclosure ],
saps . audit,
- MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure],
benjilenoob,
- TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability,
stormhacker,
- [SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery,
Moritz Muehlenhoff,
- PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit,
philipp . niedziela,
- Exophpdesk V1.2 - Remote File Include,
firewall1954,
- Wordpress File Inclusion,
vannovax,
- [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue,
admin,
- phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit,
ajannhwt,
- UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability,
ajannhwt,
- AspPired2 Poll <= 1.0 (MoreInfo.asp) Remote SQL Injection Exploit,
ajannhwt,
- NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit,
ajannhwt,
- Re: feedsplitter considered harmful,
wmodes,
- Re: Wordpress File Inclusion,
emc3,
- NuRems 1.0 Remote XSS/SQL Injection Exploit,
ajannhwt,
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability,
Nick Boyce,
- NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability,
ajannhwt,
- NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit,
ajannhwt,
- [SECURITY] [DSA 1208-1] New bugzilla packages fix several vulnerabilities,
Moritz Muehlenhoff,
- XSS in Email Signature Script,
miladkaleh,
- infinicart [ multiples injection sql & xss (post) ],
saps . audit,
- shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit,
crackers_child,
- Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech",
rvirtue,
- Web Interface remote file inclusion,
navairum,
- VBulletin DoS Exploit [ all Versions ],
root,
- Digipass Go3 Token Dumper (at least for 2006),
fcollyer,
- ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow,
zdi-disclosures,
- Phpjobscheduler 3.0 - Multiple Remote File Include,
Firewall1954,
- Phpdebug 1.1.0 - Remote File Include by Firewall,
Firewall1954,
- ELOG Web Logbook Remote Denial of Service Vulnerability,
OS2A BTO,
- UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability,
ajannhwt,
- Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability,
ajannhwt,
- CPanel Multiple Cross Site Scription,
Advisory,
- Old SAP exploits,
Nicob,
- Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability,
ajannhwt,
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow,
Noam Rathaus,
- ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit,
ajannhwt,
- UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability,
ajannhwt,
- [FLSA-2006:211760] Updated gzip package fixes security issues,
David Eisenstein,
- [SECURITY] [DSA 1209-2] New trac packages fix cross-site request forgery,
Moritz Muehlenhoff,
- DirectAdmin Multiple Cross Site Scription,
Advisory,
- Challenges faced by automated web application security assessment tools,
bugtraq,
- VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4,
VMware Security team,
- SinFP 2.04 release, works under Windows,
GomoR,
- [ GLSA 200611-06 ] OpenSSH: Multiple Denial of Service vulnerabilities,
Raphael Marichez,
- iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability,
iDefense Labs,
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability,
Raphael Marichez,
- [ GLSA 200611-08 ] RPM: Buffer overflow,
Raphael Marichez,
- New Bug MiniBB Forum <= 2 Remote File Include (index.php),
philip anselmo,
- VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2,
VMware Security team,
- Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit,
ajannhwt,
- VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1,
VMware Security team,
- VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue,
VMware Security team,
- VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2,
VMware Security team,
- [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows,
Raphael Marichez,
- Re: Wordpress File Inclusion,
Expanders,
- Re: GNU gv Stack Overflow Vulnerability,
Noam Rathaus,
- [SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze,
- Real Estate Listing System SQL Injection,
Advisory,
- ASPintranet SQL Injection,
Advisory,
- SiteXpress SQL Injection,
Advisory,
- WWWeb Cocepts SQL Injection,
Advisory,
- Ustore SQL Injection,
Advisory,
- eShopping SQL Injection,
Advisory,
- Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability,
Stefan Esser,
- ECommerce Store Shop Builder,
Advisory,
- Engine Manager SQL Injection,
Advisory,
- BPG Content Management System SQL Injection,
Advisory,
- Apple Safari "match" Buffer Overflow Vulnerability,
jbh_cg,
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability,
Nick FitzGerald,
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability,
Glynn Clements,
- Evolve Merchant[ injection sql ],
saps . audit,
- Inventory Manager [injection sql & xss (get)],
saps . audit,
- Car Site Manager [injection sql & xss (get)],
saps . audit,
- Re: New Bug MiniBB Forum <= 2 Remote File Include (index.php),
navairum,
- FunkyASP Glossary v1.0 [injection sql],
saps . audit,
- Blogme v3 [admin login bypass & xss (post)],
saps . audit,
- Property Site Manager [login bypass ,multiples injection sql & xss (get)],
saps . audit,
- [Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'],
K F (lists),
- Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability,
Micheal Turner,
- [Fwd: OpenBase SQL multiple vulnerabilities Part Deux],
K F (lists),
- EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow,
eEye Advisories,
- ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability,
zdi-disclosures,
- ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability,
zdi-disclosures,
- A+ Store E-Commerce[ injection sql & xss (post) ],
saps . audit,
- A-Cart pro[ injection sql (post&get)],
saps . audit,
- hpecs shopping cart[login bypass & injection sql (post)],
saps . audit,
- Dragon calendar [ login bypass & injection sql ],
saps . audit,
- [SECURITY] [DSA 1211-1] New pdns packages fix arbitrary code execution,
Moritz Muehlenhoff,
- MultiCalendars [ multiples injection sql ],
saps . audit,
- NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure,
Rodrigo Rubira Branco (BSDaemon),
- [OpenPKG-SA-2006.034] OpenPKG Security Advisory (texinfo),
OpenPKG,
- DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure,
Rodrigo Rubira Branco (BSDaemon),
- TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure,
Rodrigo Rubira Branco (BSDaemon),
- TSLSA-2006-0063 - multi,
Trustix Security Advisor,
- [ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability,
security,
- [SECURITY] [DSA 1212-1] New openssh packages fix denial of service,
Noah Meyerhans,
- Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability,
Matousec - Transparent security Research,
- E-Calendar Pro 3.0 [ login bypass & injection sql (post)],
saps . audit,
- Helm Cross-Site Scripting (XSS),
Advisory,
- FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure,
Rodrigo Rubira Branco (BSDaemon),
- [ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability,
security,
- Bloo => 1.00 Cross Site Scripting,
the_3dit0r,
- E-commerce Kit 1 PayPal Edition [ injection sql ],
saps . audit,
- MetaCart e-Shop [multiples injection sql (get & post)],
saps . audit,
- Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection,
Advisory,
- discloser => 0.0.4 Remote File Include Vulnerabilities,
the_3dit0r,
- Hot Links download backup authorized vulnerabilities,
hack2prison,
- PhpMyAdmin all version [multiples vulnerability],
saps . audit,
- [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues,
admin,
- OdysseusBlog => 1.0.0 Cross Site Scripting,
the_3dit0r,
- Bloo => 1.00 Remote File Include Vulnerability,
the_3dit0r,
- Team Evil - Incident #2,
beSIRT,
- Chetcpasswd 2.x: multiple vulnerabilities,
riclem,
- Secunia Research: MDaemon Insecure Default Directory Permissions,
Secunia Research,
- Re: Apple Safari "match" Buffer Overflow Vulnerability,
J. Oquendo,
- dev_wms => 1.5 Remote File Include Vulnerabilities,
the_3dit0r,
- discloser => 0.0.4 Remote File Include Vulnerability Exploit,
the_3dit0r,
- Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ),
revenge,
- Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability,
Marcello Barnaba,
- eShopping Cart [injection sql],
saps . audit,
- Whitepaper: Implementing and Detecting a PCI Rootkit,
John Heasman,
- Vulnerabilities in Client Service for NetWare,
Avert,
- CandyPress Store[ multiples injection sql ],
saps . audit,
- BaalAsp forum [login bypass ,injections sql(post), xss(post)],
saps . audit,
- ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability,
zdi-disclosures,
- Helm Cross Site Scripting,
Advisory,
- Myphotos => Remote File Include Vulnerability Exploit,
the_3dit0r,
- i-Gallery 3.4 Cross Site Scripting,
Advisory,
- Sphpblog => 0.8 Cross Site Scripting,
the_3dit0r,
- BlogTorrent-preview => 0.92 Cross Site Scripting,
the_3dit0r,
- Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include,
AG- Spider,
- ASP Cart [multiples injection sql (post & get)],
saps . audit,
- worksystem => Remote File Include Vulnerability Exploit,
the_3dit0r,
- Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure,
Lucas Holt,
- Hot Links download backup authorized vulnerabilities (re-post with some edit),
hack2prison,
- eggblog=> 3.1.0 Cross Site Scripting,
the_3dit0r,
- Secunia Research: Panda ActiveScan Multiple Vulnerabilities,
Secunia Research,
- RE: VBulletin DoS Exploit [ all Versions ],
Bart Seresia,
- UK Security Convention - Continuity 2006,
Manchester 2600,
- Links smbclient command execution,
Teemu Salmela,
- rPSA-2006-0211-1 libpng,
rPath Update Announcements,
- Image gallery with Access Database SQL Injection,
Advisory,
- My-BIC => 0.6.5 Remote File Include Vulnerability Exploit,
the_3dit0r,
- ASPintranet SQL Injection,
Advisory,
- blogcms => 4.0.0 Remote File Include,
the_3dit0r,
- RED Blog => Remote File Include Vulnerability Exploit,
the_3dit0r,
- Storystream => 4.0 Remote File Include Vulnerability Exploit,
the_3dit0r,
- Pilot Cart V.7.2 [ injection sql (post) ],
saps . audit,
- [ MDKSA-2006:209 ] - Updated libpng packages fix vulnerabilities,
security,
- Kerio WebSTAR local privilege escalation,
K F (lists),
- [ MDKSA-2006:211 ] - Updated pxelinux packages to fix embedded libpng vulnerabilities,
security,
- [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities,
security,
- [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd),
OpenPKG,
- Active News Manager [ injection sql (post&get)],
saps . audit,
- [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities,
security,
- [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities,
security,
- [OpenPKG-SA-2006.036] OpenPKG Security Advisory (png),
OpenPKG,
- [USN-383-1] libpng vulnerability,
Kees Cook,
- [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS),
security-alert,
- [ GLSA 200611-09 ] libpng: Denial of Service,
Sune Kloppenborg Jeppesen,
- TSLSA-2006-0065 - libpng,
Trustix Security Advisor,
- [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen,
- Re: Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ),
dean,
- [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory],
Advisory,
- 20/20 auto gallery [ multiples injection sql ],
saps . audit,
- 20/20 real estate [ multiples injection sql ],
saps . audit,
- TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability,
liuqx,
- [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.,
Reversemode,
- Sphpblog => 0.8 Remote File Include Vulnerabilities,
the_3dit0r,
- Aspmforum [ multiples injection sql (get&post)],
saps . audit,
- igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote,
info,
- XSS vBulletin 3.6.X Admin Control Painel,
insanity,
- MosReporter Joomla Component Remote File Inclusion Exploi,
crackers_child,
- Dating Site [ login bypass & xss],
saps . audit,
- 20/20 datashed [ multiples injection sql ],
saps . audit,
- A-Cart PRO SQL Injection,
Advisory,
- [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues,
admin,
- Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING,
pagvac,
- PhpBB Module Dimension Remote File Include,
bluespy . ok,
- Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection,
gmdarkfig,
- [ MDKSA-2006:164-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security,
- [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite,
Advisory,
- Drone Armies C&C Report - 17 Nov 2006,
c2report,
- Vikingboard (0.1.2) [ multiples vulnerability ],
saps . audit,
- BLOG:CMS <= 4.1.3 XSS,
katatafish,
- Infinitytechs Restaurants CM,
saps . audit,
- [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite,
Advisory,
- [MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues,
admin,
- Re: dev_wms => 1.5 Remote File Include Vulnerabilities,
Stefano Zanero,
- [ MDKSA-2006:214 ] - Updated gv packages fix buffer overflow vulnerability,
security,
- linksys wrt54g v5 authentication bypass fixed,
Ginsu Rabbit,
- Re: Airmagnet management interfaces multiple vulnerabilities,
ckuan,
- A-Cart 2.0 SQL Injection,
Advisory,
- Re: [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite,
gmdarkfig,
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include,
Stefano Zanero,
- Re: A-Cart PRO SQL Injection,
gmdarkfig,
- Re: blogcms => 4.0.0 Remote File Include,
Stefano Zanero,
- GPhotos 1.5 Multiple vulnerabilities,
tux025,
- Re: EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow,
security-list,
- Re: Phpjobscheduler 3.0 - Multiple Remote File Include,
str0ke,
Mail converted by MHonArc
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.