BugTraq@security-focus.com List Archive
- Re: OpenPinboard <= Remote File Include,
jgraef,
- 0trace - traceroute on established connections,
Michal Zalewski,
- Re: [Full-disclosure] 0trace - traceroute on established connections,
Michal Zalewski,
- @lex Guestbook <= 4.0.2 Remote Command Execution Exploit,
gmdarkfig,
- AJLogin v3.5 Remote Password Disclosure Vulnerability,
beks,
- EMembersPro 1.0 Remote Password Disclosure Vulnerability,
beks,
- MitiSoft Remote Password Disclosure Vulnerability,
beks,
- M-Core Remote Password Disclosure Vulnerability,
beks,
- HarikaOnline v2.0 Remote Password Disclosure Vulnerability,
beks,
- Webulas Remote Password Disclosure Vulnerability,
beks,
- Uguestbook Remote Password Disclosure Vulnerability,
beks,
- NUNE News Script (custom_admin_path) Remote File Include Vulnerablity,
xorontr,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
RSnake,
- Cracking Steganography Application in less than ONE minute,
thesinoda,
- Re: a cheesy Apache / IIS DoS vuln (+a question),
Gadi Evron,
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Martin O'Neal,
- Re: SAP Security Contact,
Nicob,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein,
- Re: a cheesy Apache / IIS DoS vuln (+a question),
bugtraq,
- magic photo storage website Remote File Inclusion,
k1tk4t,
- MKPortal Full Path Disclosure,
info,
- HP Multiple Products PML Driver Local Privilege Escalation,
Sowhat,
- Re: Perforce client: security hole by design,
The Fungi,
- QASEC Announcement: Writing Software Security Test Cases,
bugtraq,
- GForge Cross Site Scripting vulnerability,
jose . palanco,
- GeoBB Georgian Bulletin Board Remote File Include Vuln.,
ShaFuq31,
- Dayfox Blog Remote File Include Vuln.,
ShaFuq31,
- Re: FON Router allows anonymous web access,
Thierry Zoller,
- Re: Re: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
rudeyak,
- [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability,
security,
- createauction (cats.asp) Remote SQL Injection Vulnerability,
emel_gw_ini,
- Packeteer PacketWise CLI overflow DoS,
kian . mohageri,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
RSnake,
- RFID open source library - RFIDIOt code release - version 0.1k,
Adam Laurie,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein,
- Re: cisco nac bypass vulnerability - cisco trust agent,
Stefano Zanero,
- Vendor guidelines regarding security contacts,
Steven M. Christey,
- Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws),
socket69,
- TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling,
Lolek of TK53,
- Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous,
pdp (architect),
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Martin O'Neal,
- [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service,
Moritz Muehlenhoff,
- cisco nac bypass vulnerability - cisco trust agent,
thorben schroeder,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein,
- Re: Vendor guidelines regarding security contacts,
security curmudgeon,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
pdp (architect),
- Re: Universal XSS with PDF files: highly dangerous,
Jeff Williams,
- Re: SAP Security Contact,
Ansgar -59cobalt- Wiechers,
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware],
Jim Manico,
- [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution,
Martin Schulze,
- rPSA-2007-0001-1 openoffice.org,
rPath Update Announcements,
- [SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service,
Noah Meyerhans,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Amit Klein,
- Re: Sun java System Messenger Express XSS,
b2wang,
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Guy Podjarny,
- [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability,
security,
- [KDE Security Advisory] ksirc Denial of Service vulnerability,
Dirk Mueller,
- Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability,
recklessb,
- Re: OpenPinboard <= Remote File Include,
Steven M. Christey,
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Tom Stripling,
- ppc engine Multiple file inclusion,
emel_gw_ini,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Brian Eaton,
- Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit,
yorn,
- Re: SAP Security Contact,
Stan Bubrouski,
- Sina UC ActiveX Multiple Remote Stack Overflow,
Sowhat,
- Re: Universal XSS with PDF files: highly dangerous,
The Anarcat,
- magic photo storage website Multiple Remote File Inclusion,
emel_gw_ini,
- Re: [Full-disclosure] 0trace - traceroute on established connections,
Alessandro Dellavedova,
- Re: [Full-disclosure] 0trace - traceroute on established connections,
Michal Zalewski,
- rPSA-2007-0003-1 fetchmail,
rPath Update Announcements,
- Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Jim Manico,
- [USN-403-1] X.org vulnerabilities,
Kees Cook,
- Re: [DCC SPAM] 0trace - traceroute on established connections,
Lance James,
- MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer,
Tom Yu,
- Re: Cracking Steganography Application in less than ONE minute,
Michal Spadlinski,
- MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers,
Tom Yu,
- iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability,
iDefense Labs,
- iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability,
iDefense Labs,
- iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability,
iDefense Labs,
- [USN-404-1] MadWifi vulnerability,
Kees Cook,
- Re: a cheesy Apache / IIS DoS vuln (+a question),
William A. Rowe, Jr.,
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Tom Spector,
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Marvin Simkin,
- Easy Banner Pro Version 2.8 <= Remote File Inclusion,
stormhacker,
- CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice,
Williams, James K,
- Circumventing CSFR Form Token Defense,
Jim Manico,
- rPSA-2007-0004-1 bzip2,
rPath Update Announcements,
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability,
iDefense Labs,
- rPSA-2007-0005-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements,
- [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities,
security,
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability,
iDefense Labs,
- iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability,
iDefense Labs,
- edit-x ecommerce (include_dir) Remote File include,
emel_gw_ini,
- iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability,
iDefense Labs,
- slocate leaks filenames of protected directories,
steven,
- Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite,
Piotr Bania,
- [OpenPKG-SA-2007.006] OpenPKG Security Advisory (kerberos),
OpenPKG GmbH,
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous,
Ralph Angenendt,
- Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability,
Cisco Systems Product Security Incident Response Team,
- Cisco Security Advisory: DLSw Vulnerability,
Cisco Systems Product Security Incident Response Team,
- iDefense Q-1 2007 Challenge,
contributor,
- [ MDKSA-2007:006 ] - Updated OpenOffice.org packages fix WMF vulnerability,
security,
- A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version),
thesinoda,
- Re: Re: Uber Uploader 4.2 Arbitrary File Upload Vulnerability,
null_hack,
- Re: [Full-disclosure] 0trace - traceroute on established connections,
Jon Oberheide,
- VLC Format String Vulnerability also in XINE,
Sven . Czaja,
- [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities,
Raphael Marichez,
- CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability,
ahmed_labib_hilmy,
- Re: slocate leaks filenames of protected directories,
Dennis Jackson,
- Re: a cheesy Apache / IIS DoS vuln (+a question),
bugtraq,
- Re: Circumventing CSFR Form Token Defense,
Florian Weimer,
- Re: SAP Security Contact,
Nick Boyce,
- Re: SAP Security Contact,
Thor (Hammer of God),
- A Major design Bug in Camouflage 1.2.1 (latest),
thesinoda,
- sazcart v1.5 (cart.php) Remote File include,
emel_gw_ini,
- Re: Circumventing CSFR Form Token Defense,
bugtraq,
- Re: Circumventing CSFR Form Token Defense,
Peter Watkins,
- Re: Vendor guidelines regarding security contacts,
Chris Wysopal,
- VMware ESX server security updates,
VMware Security team,
- DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS,
K F (lists),
- Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version),
Dave \"No, not that one\" Korn,
- [ MDKSA-2007:007 ] - Updated nvidia driver packages fix vulnerability,
security,
- [ MDKSA-2007:009 ] - Updated kdenetwork packages fix ksirc vulnerability,
security,
- Re: Vendor guidelines regarding security contacts,
Juha-Matti Laurio,
- Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability,
advisories,
- WMF CreateBrushIndirect vulnerability (DoS),
Alexander Sotirov,
- Xine-ui format string Vulnerabilties.,
saik0pod,
- Jshop Server 1.3,
irvian,
- [ MDKSA-2007:008 ] - Updated kerberos packages fix vulnerability,
security,
- Re: SAP Security Contact,
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP],
- phpBB (privmsg.php) XSS Exploit,
info,
- Re: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version),
hlangos-bugtraq,
- RE: Circumventing CSFR Form Token Defense,
James C. Slora Jr.,
- Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability,
Calyptix Advisories,
- Re: slocate leaks filenames of protected directories,
Ben Wheeler,
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail,
FreeBSD Security Advisories,
- rPSA-2007-0006-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
rPath Update Announcements,
- ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability,
zdi-disclosures,
- ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability,
zdi-disclosures,
- [security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files,
security-alert,
- LayerOne 2007 CFP Announced,
Layer One,
- ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability,
zdi-disclosures,
- easy-content filemanager,
hackerbinhphuoc,
- [USN-405-1] fetchmail vulnerability,
Kees Cook,
- Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability,
info,
- [ MDKSA-2007:010 ] - Updated Firefox packages fix multiple vulnerabilities,
security,
- [security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code,
security-alert,
- Re: Perforce client: security hole by design,
Crispin Cowan,
- LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability,
advisories,
- Nwom topsites v3.0,
lunY,
- LunarPoll (PollDir) Remote File Include Vulnerabilities,
ilkerKandemir,
- Ezboxx multiple vulnerabilities.,
Info,
- xss in phpmyadmin <= 2.8.1,
alfa,
- [ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security,
- [USN-406-1] OpenOffice.org vulnerability,
Kees Cook,
- Re (3): Circumventing CSFR Form Token Defense,
bugtraq,
- Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue,
advisories,
- Web Honeynet Project: announcement, exploit URLs this Wednesday,
Gadi Evron,
- Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability],
Lubomir Kundrak,
- Re: Vendor guidelines regarding security contacts,
Ben Bucksch,
- Re: [Full-disclosure] Web Honeynet Project: announcement,,
bugtraq,
- Micro CMS <= 3.5 Remote File Include Exploit,
ilkerKandemir,
- Re: slocate leaks filenames of protected directories,
Dave Moore,
- [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities,
Williams, James K,
- Re: xss in phpmyadmin <= 2.8.1,
alfa,
- Re: phpBB (privmsg.php) XSS Exploit,
neothermic,
- Re: [Full-disclosure] Web Honeynet Project: announcement,,
Gadi Evron,
- seeking comments on disclosure articles,
smcalearney,
- Wordpress disclosure of Table Prefix Weakness,
process,
- Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue,
Jim Manico,
- [ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security,
- Re: slocate leaks filenames of protected directories,
Ben Wheeler,
- AIOCP SQL Injection Vulnerability,
coloss7,
- AIOCP Login Bypass Vulnerability,
coloss7,
- Naig <= 0.5.2 (this_path) Remote File Include Vulnerability,
me you,
- [ GLSA 200701-05 ] KDE kfile JPEG info plugin: Denial of Service,
Raphael Marichez,
- [ GLSA 200701-06 ] w3m: Format string vulnerability,
Raphael Marichez,
- [ GLSA 200701-07 ] OpenOffice.org: EMF/WMF file handling vulnerabilities,
Raphael Marichez,
- [ GLSA 200701-08 ] Opera: Two remote code execution vulnerabilities,
Raphael Marichez,
- Re: Vendor guidelines regarding security contacts,
Steven M. Christey,
- [SECURITY] [DSA 1248-1] New libsoup packages fix denial of service,
Moritz Muehlenhoff,
- [ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability,
security,
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability,
sapheal,
- RE: seeking comments on disclosure articles,
Michael Scheidell,
- Trevorchan <= v0.7 Remote File Include Vulnerability,
ilkerkandemir,
- Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability,
maxpost,
- PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability,
paisterist,
- Re: phpBB (privmsg.php) XSS Exploit,
neothermic,
Mail converted by MHonArc
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.