BugTraq@security-focus.com List Archive

• Date Index

• [SECURITY] [DSA 1252-1] New vlc packages fix arbitrary code execution, Martin Schulze
• [SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
• local Calendar System v1.1 (lcStdLib.inc) Remote File Include, trzindan
• AdMentor (banners) admin SQL injection, sn0oPy . team
• [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security
• Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan
• [USN-398-4] Firefox regression, Kees Cook
• Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872, Chris Travers
• stompy the session stomper - tool availability, Michal Zalewski
• [ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability, security
• WS_FTP 2007 Professional SCP handling format string vulnerability, Michal Bucko
• Dexia website security alert, Jos Kirps
• rPSA-2007-0020-1 rmake, rPath Update Announcements
• rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements
• iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs
• S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs
• FdScript <= v1.3.2 Remote File Disclosure Vulnerability, ajannhwt
• PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ
• Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, hainamluke
  • RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani
  • <Possible follow-ups>
  • Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw
• [ GLSA 200701-23 ] Cacti: Command execution and SQL injection, Matthias Geerdsen
• [ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities, security
• Movable Type <= 3.33 XSS Exploit, teracci2002
• [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
  • Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
• [ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen
• [USN-410-2] teTeX vulnerability, Kees Cook
• Medium Risk Vulnerability in PGP Desktop, NGSSoftware Insight Security Research
• RubyGems 0.9.0 and earlier installation exploit, Eric Hodel
• Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide
• Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities, DoZ
• Vulnerability disclosure comments, Shawna McAlearney
• high5 Review script Security Risk, anon
• Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux, Sebastian Wolfgarten
• The certification password of Internet Explorer 7 and operation of auto complete, support
• [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities, Matthias Geerdsen
• [NETRAGARD-20061218 SECURITY ADVISORY] suppressed WebMail Cross Site Request Forgery], Netragard Security Advisories
• GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability, ajannhwt
• [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
• [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta
• phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, me you
  • Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, str0ke
• Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig
  • <Possible follow-ups>
  • Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig
• BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.], Lebbeous Weekley
• makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability, ajannhwt
• EzDatabase Multiple Cross-Site Scripting Vulnerability, DoZ
• ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability, ajannhwt
• Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity, xorontr
• uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability, ajannhwt
• rPSA-2007-0019-1 gtk, rPath Update Announcements
• ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability, ajannhwt
• Remove all admin->root authorization prompts from OSX, K F (lists)
  • RE: Remove all admin->root authorization prompts from OSX, Marvin Simkin
    • Re: Remove all admin->root authorization prompts from OSX, Baptiste Malguy
    • Re: Remove all admin->root authorization prompts from OSX, Ben Bucksch
    • Re: Remove all admin->root authorization prompts from OSX, John Smith
  • Re: Remove all admin->root authorization prompts from OSX, A. Shaw
• [USN-414-1] Squid vulnerabilities, Kees Cook
• Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Team SHATTER
  • <Possible follow-ups>
  • Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Steven M. Christey
• [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, Williams, James K
• Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD, Team SHATTER
• Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY, Team SHATTER
• Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Team SHATTER
  • <Possible follow-ups>
  • Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Steven M. Christey
• Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE, Team SHATTER
• Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT, Team SHATTER
• ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, me you
  • <Possible follow-ups>
  • Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, anonym
• Multiple Remote Vulnerabilities in Wordpress, bmatheny
• ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability, zdi-disclosures
• [security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access, security-alert
• DoS against Telligent Community Server, bmatheny
• [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution, Matthias Geerdsen
• Weaknesses in Pingback Design, bmatheny
• [Aria-Security Team] MyBB Cross-Site Scripting, Advisory
• [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed, Matteo Beccati
• Cisco Security Advisory: Crafted IP Option Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: IPv6 Routing Header Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service, Cisco Systems Product Security Incident Response Team
• Maxtricity Tagger Password Disclosure Vulnerability, beks
• [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities, Williams, James K
• Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
• Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
  • Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
• Toxiclab Shoutbox Password Disclosure Vulnerability, beks
• [USN-413-1] BlueZ vulnerability, Kees Cook
• [USN-412-1] GeoIP vulnerability, Kees Cook
• [ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling, Raphael Marichez
• [ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities, security
• SUSE Security Announcement: xine (SUSE-SA:2007:013), Thomas Biege
• Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, me you
  • Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, Stefano Zanero
• PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability, ProCheckUp Research
• [USN-411-1] libsoup vulnerability, Kees Cook
• rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements
• [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation, Raphael Marichez
• subscribe (pwd.txt) Remote Password Disclosur, the . tiger100
• [ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities, security
• [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities, Raphael Marichez
• Re: DoS against AVM Fritz!Box 7050 (and others), Matthias Wenzel
• RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur, the . tiger100
• SUSE Security Announcement: squid (SUSE-SA:2007:012), Thomas Biege
• [ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security
• Re: Multiple SQL injections and XSS in FishCart 3.1, michael
• rPSA-2007-0014-1 libgtop, rPath Update Announcements
• [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion, y3dips
• Re: Windows logoff bug possible security vulnerability and exploit., Bart ....
• rPSA-2007-0015-1 libsoup, rPath Update Announcements
• Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, nospam
• [ GLSA 200701-17 ] libgtop: Privilege escalation, Matthias Geerdsen
• Adobe ColdFusion Information Disclosure, zck zck
• Re: Bluetooth DoS by obex push [readable], hornung
• xss filter to protect from xss attacks, Anurag Agarwal
• rPSA-2007-0012-1 ed, rPath Update Announcements
• Bluetooth DoS by obex push, hornung
  • <Possible follow-ups>
  • Bluetooth DoS by obex push, Armin Hornung
• AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct
  • Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct
  • <Possible follow-ups>
  • Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, mail
  • Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, bounce
• [ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability, security
• Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Jose Avila III
  • Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Robert Tasarz
• rPSA-2007-0011-1 wget, rPath Update Announcements
  • Re: [Full-disclosure] rPSA-2007-0011-1 wget, Ron DuFresne
• [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities, Raphael Marichez
• [ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez
• [ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service, Raphael Marichez
• SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before, Rolf Huisman
• [ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure, Matthias Geerdsen
• Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability, me you
• UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability, me you
• [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit, corrado . liotta
• Check Point Connectra End Point security bypass, Roni Bachar
  • Re: [Full-disclosure] Check Point Connectra End Point security bypass, Felix Lindner
• Fantastic News <=- (news.php) Remote File Include Vulnerability, me you
  • Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again, Mailinglists Address
• Full Path Disclosure in Open-Realty ( v2.3.4 ), xx_hack_xx_2004
• PHP Link Directory XSS Vulnerability version <= 3.0.6, jussi . vuokko
• phpAdsNew 2.0.7 Remote File Include, mr alkomandoz
  • <Possible follow-ups>
  • Re: phpAdsNew 2.0.7 Remote File Include, l . d . 0
  • Re: phpAdsNew 2.0.7 Remote File Include, matteo
• Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability, porkythepig
• cmsimple 2.7 Remote File Include, mr alkomandoz
• SQL Injection in Unique Ads ( UDS ), xx_hack_xx_2004
• XSS in Guestbook ( v.4.00 beta ), xx_hack_xx_2004
• XMB "U2U Instant Messenger" Cross-Site Scripting, Advisory
• [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution, Steve Kemp
• Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, jn
  • <Possible follow-ups>
  • Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, suppressed
• FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, me you
  • Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, Stefano Zanero
• Re: Multiple OS kernel insecure handling of stdio file descriptor, Carson Gaspar
  • <Possible follow-ups>
  • Re: Multiple OS kernel insecure handling of stdio file descriptor, eugeny gladkih
    • Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Troy Bollinger
• FishCart [injection sql], saps . audit
  • Re: FishCart [injection sql], Michael Brennen
• Re: SMF "index.php?action=pm" Cross Site-Scripting, lfx4sodas
  • <Possible follow-ups>
  • Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, alexbove
  • Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw
  • Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, sirdarckcat
  • Re: SMF "index.php?action=pm" Cross Site-Scripting, Lise Moorveld
• Wiki-how path disclosure, iamtheevil1
• Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit, luoluonet
• XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ), xx_hack_xx_2004

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.