BugTraq@security-focus.com List Archive

• Thread Index

• XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ), xx_hack_xx_2004,
• Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit, luoluonet,
• Wiki-how path disclosure, iamtheevil1,
• Re: [Full-disclosure] Check Point Connectra End Point security bypass, Felix Lindner,
• Re: SMF "index.php?action=pm" Cross Site-Scripting, lfx4sodas,
• FishCart [injection sql], saps . audit,
• Re: Multiple OS kernel insecure handling of stdio file descriptor, Carson Gaspar,
• FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, me you,
• Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, jn,
• [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution, Steve Kemp,
• Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor, Troy Bollinger,
• XMB "U2U Instant Messenger" Cross-Site Scripting, Advisory,
• Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass, suppressed,
• XSS in Guestbook ( v.4.00 beta ), xx_hack_xx_2004,
• SQL Injection in Unique Ads ( UDS ), xx_hack_xx_2004,
• cmsimple 2.7 Remote File Include, mr alkomandoz,
• Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability, porkythepig,
• phpAdsNew 2.0.7 Remote File Include, mr alkomandoz,
• PHP Link Directory XSS Vulnerability version <= 3.0.6, jussi . vuokko,
• Full Path Disclosure in Open-Realty ( v2.3.4 ), xx_hack_xx_2004,
• Fantastic News <=- (news.php) Remote File Include Vulnerability, me you,
• Check Point Connectra End Point security bypass, Roni Bachar,
• Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, alexbove,
• [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit, corrado . liotta,
• UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability, me you,
• Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability, me you,
• [ GLSA 200701-13 ] Fetchmail: Denial of Service and password disclosure, Matthias Geerdsen,
• Re: FishCart [injection sql], Michael Brennen,
• SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before, Rolf Huisman,
• [ GLSA 200701-14 ] Mod_auth_kerb: Denial of Service, Raphael Marichez,
• [ GLSA 200701-15 ] Sun JDK/JRE: Multiple vulnerabilities, Raphael Marichez,
• [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities, Raphael Marichez,
• rPSA-2007-0011-1 wget, rPath Update Announcements,
• Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Jose Avila III,
• Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw,
• Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again, Mailinglists Address,
• [ MDKSA-2007:024 ] - Updated kdegraphics packages fix crafted pdf file vulnerability, security,
• AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct,
• Bluetooth DoS by obex push, hornung,
• Bluetooth DoS by obex push, Armin Hornung,
• rPSA-2007-0012-1 ed, rPath Update Announcements,
• xss filter to protect from xss attacks, Anurag Agarwal,
• Re: Bluetooth DoS by obex push [readable], hornung,
• Re: Multiple OS kernel insecure handling of stdio file descriptor, eugeny gladkih,
• Adobe ColdFusion Information Disclosure, zck zck,
• [ GLSA 200701-17 ] libgtop: Privilege escalation, Matthias Geerdsen,
• Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, nospam,
• Re: phpAdsNew 2.0.7 Remote File Include, l . d . 0,
• rPSA-2007-0015-1 libsoup, rPath Update Announcements,
• Re: Windows logoff bug possible security vulnerability and exploit., Bart ....,
• [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion, y3dips,
• rPSA-2007-0014-1 libgtop, rPath Update Announcements,
• Re: Multiple SQL injections and XSS in FishCart 3.1, michael,
• [ MDKSA-2007:025 ] - Updated kernel packages fix multiple vulnerabilities and bugs, security,
• SUSE Security Announcement: squid (SUSE-SA:2007:012), Thomas Biege,
• RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur, the . tiger100,
• Re: DoS against AVM Fritz!Box 7050 (and others), Matthias Wenzel,
• [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities, Raphael Marichez,
• [ MDKSA-2006:217-2 ] - Updated proftpd packages fix vulnerabilities, security,
• subscribe (pwd.txt) Remote Password Disclosur, the . tiger100,
• [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation, Raphael Marichez,
• rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements,
• [USN-411-1] libsoup vulnerability, Kees Cook,
• PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability, ProCheckUp Research,
• Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, me you,
• SUSE Security Announcement: xine (SUSE-SA:2007:013), Thomas Biege,
• [ MDKSA-2007:026 ] - Updated squid packages fix vulnerabilities, security,
• [ GLSA 200701-20 ] Centericq: Remote buffer overflow in LiveJournal handling, Raphael Marichez,
• [USN-412-1] GeoIP vulnerability, Kees Cook,
• [USN-413-1] BlueZ vulnerability, Kees Cook,
• Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability, Robert Tasarz,
• Toxiclab Shoutbox Password Disclosure Vulnerability, beks,
• Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research,
• Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research,
• [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities, Williams, James K,
• Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, mail,
• Maxtricity Tagger Password Disclosure Vulnerability, beks,
• Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability, Stefano Zanero,
• Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability, Stefano Zanero,
• Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research,
• Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service, Cisco Systems Product Security Incident Response Team,
• Cisco Security Advisory: IPv6 Routing Header Vulnerability, Cisco Systems Product Security Incident Response Team,
• Cisco Security Advisory: Crafted IP Option Vulnerability, Cisco Systems Product Security Incident Response Team,
• [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed, Matteo Beccati,
• Re: phpAdsNew 2.0.7 Remote File Include, matteo,
• [Aria-Security Team] MyBB Cross-Site Scripting, Advisory,
• Weaknesses in Pingback Design, bmatheny,
• [ GLSA 200701-21 ] MIT Kerberos 5: Arbitrary Remote Code Execution, Matthias Geerdsen,
• DoS against Telligent Community Server, bmatheny,
• [security bulletin] HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access, security-alert,
• ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability, zdi-disclosures,
• Multiple Remote Vulnerabilities in Wordpress, bmatheny,
• ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, me you,
• Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT, Team SHATTER,
• Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE, Team SHATTER,
• Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Team SHATTER,
• Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY, Team SHATTER,
• Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD, Team SHATTER,
• [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, Williams, James K,
• Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Team SHATTER,
• [USN-414-1] Squid vulnerabilities, Kees Cook,
• Remove all admin->root authorization prompts from OSX, K F (lists),
• Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, bounce,
• ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability, ajannhwt,
• rPSA-2007-0019-1 gtk, rPath Update Announcements,
• uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability, ajannhwt,
• Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity, xorontr,
• ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability, ajannhwt,
• EzDatabase Multiple Cross-Site Scripting Vulnerability, DoZ,
• Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, str0ke,
• makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability, ajannhwt,
• BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.], Lebbeous Weekley,
• Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig,
• phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability, me you,
• [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta,
• [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability, corrado . liotta,
• GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability, ajannhwt,
• [NETRAGARD-20061218 SECURITY ADVISORY] suppressed WebMail Cross Site Request Forgery], Netragard Security Advisories,
• Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL, Steven M. Christey,
• [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnerabilities, Matthias Geerdsen,
• The certification password of Internet Explorer 7 and operation of auto complete, support,
• Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux, Sebastian Wolfgarten,
• RE: Remove all admin->root authorization prompts from OSX, Marvin Simkin,
• high5 Review script Security Risk, anon,
• Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability, C0r3 1mp4ct,
• Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit, gmdarkfig,
• Re: Remove all admin->root authorization prompts from OSX, A. Shaw,
• Vulnerability disclosure comments, Shawna McAlearney,
• Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities, DoZ,
• Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME, Steven M. Christey,
• Re: [Full-disclosure] 0trace - traceroute on established connections, Jon Oberheide,
• Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability, anonym,
• RubyGems 0.9.0 and earlier installation exploit, Eric Hodel,
• Medium Risk Vulnerability in PGP Desktop, NGSSoftware Insight Security Research,
• Re: [Full-disclosure] rPSA-2007-0011-1 wget, Ron DuFresne,
• [USN-410-2] teTeX vulnerability, Kees Cook,
• [ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen,
• [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati,
• Movable Type <= 3.33 XSS Exploit, teracci2002,
• Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, sirdarckcat,
• [ MDKSA-2007:027 ] - Updated xine-ui packages fix vulnerabilities, security,
• Re: SMF "index.php?action=pm" Cross Site-Scripting, Lise Moorveld,
• [ GLSA 200701-23 ] Cacti: Command execution and SQL injection, Matthias Geerdsen,
• Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, hainamluke,
• PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ,
• FdScript <= v1.3.2 Remote File Disclosure Vulnerability, ajannhwt,
• S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs,
• iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs,
• Re: Remove all admin->root authorization prompts from OSX, Baptiste Malguy,
• Re: Remove all admin->root authorization prompts from OSX, Ben Bucksch,
• Re: Remove all admin->root authorization prompts from OSX, John Smith,
• rPSA-2007-0021-1 bind bind-utils, rPath Update Announcements,
• rPSA-2007-0020-1 rmake, rPath Update Announcements,
• Dexia website security alert, Jos Kirps,
• WS_FTP 2007 Professional SCP handling format string vulnerability, Michal Bucko,
• Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati,
• [ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability, security,
• stompy the session stomper - tool availability, Michal Zalewski,
• Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872, Chris Travers,
• [USN-398-4] Firefox regression, Kees Cook,
• Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw,
• Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan,
• [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security,
• AdMentor (banners) admin SQL injection, sn0oPy . team,
• local Calendar System v1.1 (lcStdLib.inc) Remote File Include, trzindan,
• RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani,
• [SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze,
• [SECURITY] [DSA 1252-1] New vlc packages fix arbitrary code execution, Martin Schulze,

This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.
The main JSW4.NET technical listserv archive and search page.
The main archive page for this list.