BugTraq@security-focus.com List Archive

• Thread Index

• Digital Armaments November-Decemberr Hacking Challenge: KERNEL, info,
• dicshunary 0.1 alpha Remote File Inclusion Exploit, the_3dit0r,
• enomphp => 4.0 Remote Traversal Directory, the_3dit0r,
• Dovecot IMAP/POP3 server: Off-by-one buffer overflow, Timo Sirainen,
• Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev,
• [SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities, Moritz Muehlenhoff,
• DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit, the_3dit0r,
• klf-realty [injection sql], saps . audit,
• PhpBB Module Dimension Remote File Include, bluespy . ok,
• Telaen <= 1.1.0 Remote File Include Exploit, the_3dit0r,
• Ixprim CMS 1.2 Remote File Include Vulnerability, vitux . manis,
• gNews Publisher SQL Injection Vulnerabilites, Advisory,
• RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure, Rogier Mulhuijzen,
• LoudMouth => 2.4 Remote File Include Vulnerabilities, the_3dit0r,
• Rialto 1.6[admin login bypass & multiples injections sql], saps . audit,
• eClassifieds [injection sql], saps . audit,
• ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability, ajannhwt,
• Shopping_Catalog Remote File Include exploit, the_3dit0r,
• Rapid Classified v3.1 [multiple xss (get) & injection sql], saps . audit,
• PhpQuickGallery <= 1.9 Remote File Inclusion Exploit, the_3dit0r,
• ehomes [multiples injections sql], saps . audit,
• PHPOLL => 0.96 Cross Site Scripting, the_3dit0r,
• iPrimal Forums (index.php) Remote File Include Exploit, the_3dit0r,
• mg.applanix <= 1.3.1 Remote File Include Exploit, the_3dit0r,
• mxBB calsnails module 1.06 Remote File Inclusion Exploit, the_3dit0r,
• Telaen => 1.1.0 Remote File Include Vulnerability, the_3dit0r,
• [SECURITY] [DSA 1214-1] New gv packages fix arbitrary code execution, Moritz Muehlenhoff,
• [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, security,
• The Week of Oracle Database Bugs, Cesar,
• [ GLSA 200611-13 ] Avahi: "netlink" message vulnerability, Sune Kloppenborg Jeppesen,
• [SECURITY] [DSA 1217-1] New linux-ftpd packages fix access control bypass, Moritz Muehlenhoff,
• MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit, the_3dit0r,
• [ GLSA 200611-12 ] Ruby: Denial of Service vulnerability, Sune Kloppenborg Jeppesen,
• Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev,
• [ GLSA 200611-14 ] TORQUE: Insecure temproary file creation, Sune Kloppenborg Jeppesen,
• [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service, Moritz Muehlenhoff,
• [ MDKSA-2006:215 ] - Updated avahi packages fix netlink vulnerability, security,
• BirdBlog => v1.4.0 Cross Site Scripting, the_3dit0r,
• Wabbit PHP Gallery => 0.9 Remote Traversal Directory, the_3dit0r,
• [SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code, Moritz Muehlenhoff,
• mAlbum v0.3 Multiple vulnerabilitizzz, tux025,
• my little weblog => Cross Site Scripting, the_3dit0r,
• [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Sune Kloppenborg Jeppesen,
• Classified System [injection sql], saps . audit,
• Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Omirjan Batyrbaev,
• Re: GPhotos 1.5 Multiple vulnerabilities, packet,
• ltwCalendar => 4.2.1 Remote File Include Vulnerabilities, the_3dit0r,
• [SECURITY] [DSA 1207-2] New phpmyadmin packages fix regression, Moritz Muehlenhoff,
• [ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability, security,
• The Classified Ad System [multiple xss & injection sql], saps . audit,
• [USN-384-1] OpenLDAP vulnerability, Kees Cook,
• Which is more secure? Oracle vs. Microsoft, David Litchfield,
• Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix, Steve Friedl,
• LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, advisories,
• [KAPDA]::Security analysis of cutenews 1.4.5, alireza hassani,
• New Correction: Re: Serious crypto problem fixed by envelope HMAC method instead of currently used prefix, Omirjan Batyrbaev,
• [ GLSA 200611-15 ] qmailAdmin: Buffer overflow, Sune Kloppenborg Jeppesen,
• Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities, research,
• [ GLSA 200611-16 ] Texinfo: Buffer overflow, Sune Kloppenborg Jeppesen,
• Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, saps . audit,
• Secunia Research: My Firewall Plus Privilege Escalation Vulnerability, Secunia Research,
• [SECURITY] [DSA 1218-1] New proftpd packages fix denial of service, Moritz Muehlenhoff,
• aBitWhizzy [local file include], saps . audit,
• ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities, revenge,
• [USN-382-1] Thunderbird vulnerabilities, Kees Cook,
• Re: Re: Phpjobscheduler 3.0 - Multiple Remote File Include, admin,
• Link Exchange Lite [injection sql], saps . audit,
• creadirectory [injection sql & xss], saps . audit,
• JiRos Links Manager[injection sql & xss permanent], saps . audit,
• Advisory: LDU <= 8.x Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI,
• Clarifying integer overflows vs. signedness errors, Steven M. Christey,
• VMSA-2006-0010 - SSL sessions not authenticated by VC Clients, VMware Security team,
• Vulnerability in PostNuke, sni-labs,
• Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability., Mustafa Can Bjorn IPEKCI,
• RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities., Williams, James K,
• [USN-381-1] Firefox vulnerabilities, Kees Cook,
• Re: [ GLSA 200611-11 ] TikiWiki: Multiple vulnerabilities, Chris Gianelloni,
• *BSD banner INT overflow vulnerability, Gruzicki Wlodek,
• Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions, Secunia Research,
• RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability, Williams, James K,
• Re: *BSD banner INT overflow vulnerability, Steve Shockley,
• Re: Clarifying integer overflows vs. signedness errors, Thiago Zaninotti,
• Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), David Litchfield,
• "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Matthew Conover,
• Re: [ECHO_ADV_53$2006] QnECMS <= 2.5.6 (adminfolderpath) Remote File Inclusion Vulnerability, jim,
• Windows Media ASX PlayList File Denial Of Service Vulnerability, sehato,
• [ MDKSA-2006:208-1 ] - Updated openldap packages fixes Bind vulnerability, security,
• Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito,
• Re: Re: *BSD banner INT overflow vulnerability, evilrabbi,
• Re: *BSD banner INT overflow vulnerability, Bob Beck,
• Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., In Cognito,
• CONFidence 2007 CFP, andrzej . targosz,
• Perl proxy checker using samair.ru, Iko Riyadi,
• XSS in scriptat support InverseFlow Help Desk v2.31, gamr-14,
• Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, fash1on,
• Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders., Casper . Dik,
• [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion, erdc,
• NVIDIA nView (keystone) local Denial Of service, no-reply,
• CFP - VII National Computer and Information Security Conference, Jeimy Cano,
• Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Michael Scheidell,
• Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI,
• Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, 3APA3A,
• Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords, Juha-Matti Laurio,
• [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability, security,
• Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include, webmaster,
• Re: *BSD banner INT overflow vulnerability, admin,
• LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability, advisories,
• [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection, Matthias Geerdsen,
• Active PHP Bookmarks (apb.php) Remote file include, philip anselmo,
• Cracking String Encryption in Java Obfuscated Bytecode, subere,
• Re: Cracking String Encryption in Java Obfuscated Bytecode, Jim Manico,
• [ GLSA 200611-18 ] TIN: Multiple buffer overflows, Sune Kloppenborg Jeppesen,
• [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection, Advisory,
• Cross site scripting & fullpath disclosure, saudi,
• PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities, paisterist . nst,
• Re: Active PHP Bookmarks (apb.php) Remote file include, Mefisto,
• mmgallery Multiple vulnerabilities, saudi,
• Wolflab Burning Board Lite 1.0.2 two sql injections, retrog,
• Re: Cracking String Encryption in Java Obfuscated Bytecode, John GALLET,
• [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection, Advisory,
• [Aria-Security Team] ASP ListPics 5.0 SQL Injection, Advisory,
• [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection, Advisory,
• [Aria-Security Team] iNews News Manager SQL Injection, Advisory,
• Re: Digipass Go3 Token Dumper (at least for 2006), Hugo van der Kooij,
• [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows, Sune Kloppenborg Jeppesen,
• [Aria-Security Team] Ultimate Survey Pro SQL Injection, Advisory,
• Cahier de texte V2.0 SQL Code Execution Exploit, gmdarkfig,
• PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit, crackers_child,
• [ GLSA 200611-20 ] GNU gv: Stack overflow, Sune Kloppenborg Jeppesen,
• CPanel 11 Multiple Cross-Site Scription, Advisory,
• WebHost Manager (WHM) Multiple Cross-Site Scripting, Advisory,
• DoS in Microsoft Windows Live Messenger <= 8.0, dragonjar,
• New Windows tool - NBTEnum 3.3, Reed Arvin,
• Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise,
• Re: tikiwiki 1.9.5 mysql password disclosure & xss, drunken_chin,
• Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God),
• Siap Cms Sql Injection (login.asp), nagazakig74,
• Wisi Portal [Sql Injection By Jesus Tovar], nagazakig74,
• AttackAPI 2.0 alpha, pdp (architect),
• Re: DoS in Microsoft Windows Live Messenger <= 8.0, astralbabz,
• Free tool for pattern identification (for researchers), Gary Golomb,
• Re: Re: Digipass Go3 Token Dumper (at least for 2006), fcollyer,
• Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP],
• Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Steve Friedl,
• Re: Clarifying integer overflows vs. signedness errors, Pavel Kankovsky,
• Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God),
• mAlbum v0.3 local file inclusion, tux025,

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.