BugTraq@security-focus.com List Archive

• Date Index

• PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability, paisterist
• Trevorchan <= v0.7 Remote File Include Vulnerability, ilkerkandemir
• Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability, sapheal
• [ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability, security
• [SECURITY] [DSA 1248-1] New libsoup packages fix denial of service, Moritz Muehlenhoff
• [ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities, Raphael Marichez
• [ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities, Raphael Marichez
• [ GLSA 200701-06 ] w3m: Format string vulnerability, Raphael Marichez
• [ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service, Raphael Marichez
• Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, me you
  • <Possible follow-ups>
  • Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability, maxpost
• AIOCP Login Bypass Vulnerability, coloss7
• AIOCP SQL Injection Vulnerability, coloss7
• [ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
• Wordpress disclosure of Table Prefix Weakness, process
• seeking comments on disclosure articles, smcalearney
  • <Possible follow-ups>
  • RE: seeking comments on disclosure articles, Michael Scheidell
• [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities, Williams, James K
• Micro CMS <= 3.5 Remote File Include Exploit, ilkerKandemir
• Web Honeynet Project: announcement, exploit URLs this Wednesday, Gadi Evron
  • Re: [Full-disclosure] Web Honeynet Project: announcement,, bugtraq
    • Re: [Full-disclosure] Web Honeynet Project: announcement,, Gadi Evron
• Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, advisories
  • Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue, Jim Manico
• Re (3): Circumventing CSFR Form Token Defense, bugtraq
• [USN-406-1] OpenOffice.org vulnerability, Kees Cook
• [ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
• xss in phpmyadmin <= 2.8.1, alfa
  • <Possible follow-ups>
  • Re: xss in phpmyadmin <= 2.8.1, alfa
• Ezboxx multiple vulnerabilities., Info
• LunarPoll (PollDir) Remote File Include Vulnerabilities, ilkerKandemir
• Nwom topsites v3.0, lunY
• LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability, advisories
• [security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, security-alert
• [ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities, security
• Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability, info
  • Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability], Lubomir Kundrak
• [USN-405-1] fetchmail vulnerability, Kees Cook
• easy-content filemanager, hackerbinhphuoc
• ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability, zdi-disclosures
• LayerOne 2007 CFP Announced, Layer One
• [security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files, security-alert
• ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability, zdi-disclosures
• ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability, zdi-disclosures
• rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation, rPath Update Announcements
• FreeBSD Security Advisory FreeBSD-SA-07:01.jail, FreeBSD Security Advisories
• Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability, Calyptix Advisories
• phpBB (privmsg.php) XSS Exploit, info
  • <Possible follow-ups>
  • Re: phpBB (privmsg.php) XSS Exploit, neothermic
  • Re: phpBB (privmsg.php) XSS Exploit, neothermic
• [ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability, security
• Jshop Server 1.3, irvian
• Xine-ui format string Vulnerabilties., saik0pod
• WMF CreateBrushIndirect vulnerability (DoS), Alexander Sotirov
• Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability, advisories
• [ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability, security
• [ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability, security
• DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS, K F (lists)
• VMware ESX server security updates, VMware Security team
• sazcart v1.5 (cart.php) Remote File include, emel_gw_ini
• A Major design Bug in Camouflage 1.2.1 (latest), thesinoda
• CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability, ahmed_labib_hilmy
• [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities, Raphael Marichez
• VLC Format String Vulnerability also in XINE, Sven . Czaja
• A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), thesinoda
  • Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), Dave \"No, not that one\" Korn
  • Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version), hlangos-bugtraq
• [ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability, security
• iDefense Q-1 2007 Challenge, contributor
• Cisco Security Advisory: DLSw Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability, Cisco Systems Product Security Incident Response Team
• [OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos), OpenPKG GmbH
• Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite, Piotr Bania
• slocate leaks filenames of protected directories, steven
  • <Possible follow-ups>
  • Re: slocate leaks filenames of protected directories, Dennis Jackson
    • Re: slocate leaks filenames of protected directories, Ben Wheeler
      • Re: slocate leaks filenames of protected directories, Dave Moore
      • Re: slocate leaks filenames of protected directories, Ben Wheeler
• iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability, iDefense Labs
• edit-x ecommerce (include_dir) Remote File include, emel_gw_ini
• iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability, iDefense Labs
• iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability, iDefense Labs
• [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities, security
• rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements
• iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability, iDefense Labs
• rPSA-2007-0004-1 bzip2, rPath Update Announcements
• Circumventing CSFR Form Token Defense, Jim Manico
  • Re: Circumventing CSFR Form Token Defense, Florian Weimer
  • Re: Circumventing CSFR Form Token Defense, Peter Watkins
  • <Possible follow-ups>
  • Re: Circumventing CSFR Form Token Defense, bugtraq
    • RE: Circumventing CSFR Form Token Defense, James C. Slora Jr.
• CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice, Williams, James K
• Easy Banner Pro Version 2.8 <= Remote File Inclusion, stormhacker
• [USN-404-1] MadWifi vulnerability, Kees Cook
• iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability, iDefense Labs
• iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability, iDefense Labs
• MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers, Tom Yu
• MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer, Tom Yu
• [USN-403-1] X.org vulnerabilities, Kees Cook
• Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico
• rPSA-2007-0003-1 fetchmail, rPath Update Announcements
• magic photo storage website Multiple Remote File Inclusion, emel_gw_ini
• Sina UC ActiveX Multiple Remote Stack Overflow, Sowhat
• Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit, yorn
• ppc engine Multiple file inclusion, emel_gw_ini
• Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, recklessb
  • <Possible follow-ups>
  • Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability, null_hack
• [KDE Security Advisory] ksirc Denial of Service vulnerability, Dirk Mueller
• [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability, security
• Re: Sun java System Messenger Express XSS, b2wang
• [SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service, Noah Meyerhans
• rPSA-2007-0001-1 openoffice.org, rPath Update Announcements
• [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution, Martin Schulze
• Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], Jim Manico
• Re: Universal XSS with PDF files: highly dangerous, Jeff Williams
  • <Possible follow-ups>
  • Re: Universal XSS with PDF files: highly dangerous, The Anarcat
• cisco nac bypass vulnerability - cisco trust agent, thorben schroeder
  • Re: cisco nac bypass vulnerability - cisco trust agent, Stefano Zanero
• [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service, Moritz Muehlenhoff
• Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect)
• TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling, Lolek of TK53
• Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws), socket69
• Vendor guidelines regarding security contacts, Steven M. Christey
  • Re: Vendor guidelines regarding security contacts, security curmudgeon
  • Re: Vendor guidelines regarding security contacts, Chris Wysopal
  • Re: Vendor guidelines regarding security contacts, Ben Bucksch
    • Re: Vendor guidelines regarding security contacts, Steven M. Christey
  • <Possible follow-ups>
  • Re: Vendor guidelines regarding security contacts, Juha-Matti Laurio
• RFID open source library - RFIDIOt code release - version 0.1k, Adam Laurie
• Packeteer PacketWise CLI overflow DoS, kian . mohageri
• createauction (cats.asp) Remote SQL Injection Vulnerability, emel_gw_ini
• [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability, security
• Re: FON Router allows anonymous web access, Thierry Zoller
• Dayfox Blog Remote File Include Vuln., ShaFuq31
• GeoBB Georgian Bulletin Board Remote File Include Vuln., ShaFuq31
• GForge Cross Site Scripting vulnerability, jose . palanco
• QASEC Announcement: Writing Software Security Test Cases, bugtraq
• Re: Perforce client: security hole by design, The Fungi
  • <Possible follow-ups>
  • Re: Perforce client: security hole by design, Crispin Cowan
• HP Multiple Products PML Driver Local Privilege Escalation, Sowhat
• MKPortal Full Path Disclosure, info
• magic photo storage website Remote File Inclusion, k1tk4t
• Re: SAP Security Contact, Nicob
  • Re: SAP Security Contact, Stan Bubrouski
  • Re: SAP Security Contact, Nick Boyce
    • Re: SAP Security Contact, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
  • <Possible follow-ups>
  • Re: SAP Security Contact, Ansgar -59cobalt- Wiechers
  • Re: SAP Security Contact, Thor (Hammer of God)
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal
  • <Possible follow-ups>
  • Re: Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, rudeyak
  • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal
  • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Brian Eaton
      • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Marvin Simkin
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Ralph Angenendt
    • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Guy Podjarny
      • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Spector
  • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
  • Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
  • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Stripling
• Re: a cheesy Apache / IIS DoS vuln (+a question), Gadi Evron
  • <Possible follow-ups>
  • Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq
    • Re: a cheesy Apache / IIS DoS vuln (+a question), William A. Rowe, Jr.
      • Re: a cheesy Apache / IIS DoS vuln (+a question), bugtraq
• Cracking Steganography Application in less than ONE minute, thesinoda
  • Re: Cracking Steganography Application in less than ONE minute, Michal Spadlinski
• NUNE News Script (custom_admin_path) Remote File Include Vulnerablity, xorontr
• Uguestbook Remote Password Disclosure Vulnerability, beks
• Webulas Remote Password Disclosure Vulnerability, beks
• HarikaOnline v2.0 Remote Password Disclosure Vulnerability, beks
• M-Core Remote Password Disclosure Vulnerability, beks
• MitiSoft Remote Password Disclosure Vulnerability, beks
• EMembersPro 1.0 Remote Password Disclosure Vulnerability, beks
• AJLogin v3.5 Remote Password Disclosure Vulnerability, beks
• @lex Guestbook <= 4.0.2 Remote Command Execution Exploit, gmdarkfig
• 0trace - traceroute on established connections, Michal Zalewski
  • Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski
  • Re: [Full-disclosure] 0trace - traceroute on established connections, Alessandro Dellavedova
    • Re: [Full-disclosure] 0trace - traceroute on established connections, Michal Zalewski
    • Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide
  • Re: [DCC SPAM] 0trace - traceroute on established connections, Lance James
• Re: OpenPinboard <= Remote File Include, jgraef
  • <Possible follow-ups>
  • Re: OpenPinboard <= Remote File Include, Steven M. Christey

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.