BugTraq@security-focus.com List Archive

• Date Index

• mAlbum v0.3 local file inclusion, tux025
• Free tool for pattern identification (for researchers), Gary Golomb
• AttackAPI 2.0 alpha, pdp (architect)
• Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74
• Siap Cms Sql Injection (login.asp), nagazakig74
• Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise
  • Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl
  • <Possible follow-ups>
  • Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
    • Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
  • Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God)
• New Windows tool - NBTEnum 3.3, Reed Arvin
• DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar
  • <Possible follow-ups>
  • Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz
• WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory
• CPanel 11 Multiple Cross-Site Scription, Advisory
• [ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen
• PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child
• Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig
• [Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory
• [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen
• Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij
  • <Possible follow-ups>
  • Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer
• [Aria-Security Team] iNews News Manager SQL Injection, Advisory
• [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory
• [Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory
• [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory
• Wolflab Burning Board Lite 1.0.2 two sql injections, retrog
• mmgallery Multiple vulnerabilities, saudi
• PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst
• Cross site scripting & fullpath disclosure, saudi
• [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory
• [ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen
• Cracking String Encryption in Java Obfuscated Bytecode, subere
  • Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico
    • Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET
• Active PHP Bookmarks (apb.php) Remote file include, philip anselmo
  • <Possible follow-ups>
  • Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto
• [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen
• LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories
• Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include, webmaster
• [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security
• Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI
  • <Possible follow-ups>
  • Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin
• Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell
  • <Possible follow-ups>
  • Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio
• CFP - VII National Computer and Information Security Conference, Jeimy Cano
• NVIDIA nView (keystone) local Denial Of service, no-reply
• [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc
• Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on
  • Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A
• XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14
• Perl proxy checker using samair.ru, Iko Riyadi
• CONFidence 2007 CFP, andrzej . targosz
• Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
  • Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik
  • <Possible follow-ups>
  • Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito
• [ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security
• Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato
• Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim
• Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research
• *BSD banner INT overflow vulnerability, Gruzicki Wlodek
  • Re: *BSD banner INT overflow vulnerability, Steve Shockley
    • Re: *BSD banner INT overflow vulnerability, admin
  • <Possible follow-ups>
  • Re: Re: *BSD banner INT overflow vulnerability, evilrabbi
    • Re: *BSD banner INT overflow vulnerability, Bob Beck
• [USN-381-1] Firefox vulnerabilities, Kees Cook
• RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K
• Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
• Vulnerability in PostNuke, sni-labs
• VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team
• Clarifying integer overflows vs. signedness errors, Steven M. Christey
  • Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti
  • Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky
• Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI
• JiRos Links Manager[injection sql & xss permanent], saps . audit
• creadirectory [injection sql & xss], saps . audit
• Link Exchange Lite [injection sql], saps . audit
• Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin
• [USN-382-1] Thunderbird vulnerabilities, Kees Cook
• ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge
• aBitWhizzy [local file include], saps . audit
• [SECURITY] [DSA 1218-1] New proftpd packages fix denial of service, Moritz Muehlenhoff
• Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research
• [ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen
• [ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen
• New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev
• [KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani
• LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories
  • RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K
• Which is more secure? Oracle vs. Microsoft, David Litchfield
  • "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover
    • Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield
• [USN-384-1] OpenLDAP vulnerability, Kees Cook
• The Classified Ad System [multiple xss & injection sql], saps . audit
• [ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security
• [SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression, Moritz Muehlenhoff
• ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r
• Re: GPhotos 1.5 Multiple vulnerabilities, packet
• Classified System [injection sql], saps . audit
• [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
  • <Possible follow-ups>
  • Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit
    • Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni
• my little weblog => Cross Site Scripting, the_3dit0r
• mAlbum v0.3 Multiple vulnerabilitizzz, tux025
• [SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code, Moritz Muehlenhoff
• Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r
• BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r
• [ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security
• [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service, Moritz Muehlenhoff
• [ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen
• [ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
• MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r
• [SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass, Moritz Muehlenhoff
• [ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen
• The Week of Oracle Database Bugs, Cesar
• [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security
  • Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research
• [SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution, Moritz Muehlenhoff
• Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r
• mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r
• mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r
• iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r
• PHPOLL => 0.96 Cross Site Scripting, the_3dit0r
• ehomes [multiples injections sql], saps . audit
• PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r
• Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit
• Shopping_Catalog Remote File Include exploit, the_3dit0r
• ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt
• eClassifieds [injection sql], saps . audit
• Rialto 1.6[admin login bypass & multiples injections sql], saps . audit
• LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r
• RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen
• gNews Publisher SQL Injection Vulnerabilites, Advisory
• Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis
• Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r
• PhpBB Module Dimension Remote File Include, bluespy . ok
• klf-realty [injection sql], saps . audit
• DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r
• [SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities, Moritz Muehlenhoff
• Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
  • Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
  • Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev
    • Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl
• Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen
• enomphp => 4.0 Remote Traversal Directory, the_3dit0r
• dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r
• Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.