Mail Index
- [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities
- From: XFOCUS Security Team
- [ GLSA 200601-01 ] pinentry: Local privilege escalation
- [USN-234-1] cpio vulnerability
- [USN-233-1] fetchmail vulnerability
- Re: WMF Exploit
- [ GLSA 200512-18 ] XnView: Privilege escalation
- Re: RE: WMF Exploit
- NicoFTP Stack Overflow
- [eVuln] PHPjournaler SQL Injection Vulnerability
- Drupal all versiyon xss cehennem.org
- [KAPDA::#19] - Html Injection in vBulletin 3.5.2
- [eVuln] Chipmunk Guestbook XSS Vulnerability
- [eVuln] B-net Software Multiple XSS Vulnerabilities
- [eVuln] inTouch Authentication Bypass
- [eVuln] ScozBook "adminname" Authentication Bypass
- SCO Openserver 5.0.x exploit
- [eVuln] oaBoard PHP Code Execution
- RE: Webwasher CSM Appliance Script Security Restriction Bypass
- Winrar 3.30 Local Buffer Overflow
- Re: WMF Exploit
- WMF round-up, updates and de-mystification
- Re: Drupal all versiyon xss cehennem.org
- WMF SETABORTPROC exploit
- [eVuln] Chimera Web Portal System Multiple Vulnerabilities
- Re: [Full-disclosure] WMF round-up, updates and de-mystification
- [eVuln] VEGO Web Forum SQL Injection Vulnerability
- Re: [Full-disclosure] WMF round-up, updates and de-mystification
- Re: Drupal all versiyon xss cehennem.org
- Re: [funsec] WMF round-up, updates and de-mystification
- RE: [Full-disclosure] WMF round-up, updates and de-mystification
- [eVuln] VEGO Links Builder Authentication Bypass
- Re: WMF round-up, updates and de-mystification
- RE: [funsec] WMF round-up, updates and de-mystification
- RE: WMF Exploit
- [eVuln] phpBook PHP Code Execution
- WSJ: The new "metasploit" computer virus
- [eVuln] PHPenpals SQL Injection Vulnerabilit
- RE: WMF round-up, updates and de-mystification
- WMF exploit
- Another WMF exploit workaround
- Download Accelerator Plus can be tricked to download malicious file
- Re: WMF round-up, updates and de-mystification
- [eVuln] Lizard Cart CMS SQL Injection Vulnerability
- Re: WMF Exploit
- New from the MS Advisory
- Re[2]: [funsec] WMF round-up, updates and de-mystification
- Recruitment Software allows MySQL credentials disclosure
- From: Rafael San Miguel Carrasco
- Dumb IE6/XP denial of service found on the web
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability
- MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability
- From: Mandriva Security Team
- RE: WMF Exploit
- Re: WMF browser-ish exploit vectors
- Re: WTF??
- Mapping and Remote manipulation of databases
- WMF: New Metasploit Framework Module
- Re: WTF??
- Re: WMF browser-ish exploit vectors
- Re: WMF Exploit
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- Open Letter on the Interpretation of "Vulnerability Statistics"
- what we REALLY learned from WMF
- MD:Pro - Malware Distribution Project
- {Filename?} RE: Dumb IE6/XP denial of service found on the web
- What is sbininitd port 65534 ???
- Contact information for Symantec Vulnerability Management
- RE: Download Accelerator Plus can be tricked to download malicious file
- iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- Uninformed Journal Release Announcement: Volume 3
- [USN-236-1] xpdf vulnerabilities
- [USN-235-1] sudo vulnerability
- {Filename?} Windows PHP 4.x "0-day" buffer overflow
- Interview: Ilfak Guilfanov
- Re: Download Accelerator Plus can be tricked to download malicious file
- RE: WMF browser-ish exploit vectors
- MS released a patch today - MS06-001
- [eVuln] ADNForum Multiple Vulnerabilities
- iDefense Security Advisory 01.05.06: Blue Coat WinProxy Telnet DoS Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- APPLE-SA-2006-01-05 AirPort firmware update
- Re: New from the MS Advisory
- [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access
- MD5s of Unofficial patches and other mistakes
- From: Forrest J. Cavalier III
- [eVuln] TheWebForum Script Insertion and Authentication Bypass
- Re: MS released a patch today - MS06-001
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities
- From: Mandriva Security Team
- Did MS pull an Ilfak? (MS patch bindiff results)
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
- From: Mandriva Security Team
- Re: Download Accelerator Plus can be tricked to download malicious file
- [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
- MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
- From: Mandriva Security Team
- [USN-238-1] Blender vulnerability
- Re: what we REALLY learned from WMF
- From: Thor (Hammer of God)
- [USN-237-1] nbd vulnerability
- [eVuln] Proyecto Domus 'email' XSS Vulnerability
- CyberShop User Login Sql Injection
- Re: Dumb IE6/XP denial of service found on the web
- [eVuln] TinyPHPForum Multiple Vulnerabilities
- HylaFAX Security advisory - fixed in HylaFAX 4.2.4
- [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code
- From: Sune Kloppenborg Jeppesen
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities
- From: Mandriva Security Team
- SysCP WebFTP local file inclusion vulnerability
- [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities
- From: Sune Kloppenborg Jeppesen
- [USN-238-2] Blender vulnerability
- Re: Dumb IE6/XP denial of service found on the web
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
- From: Mandriva Security Team
- Re: [USN-237-1] nbd vulnerability
- Re: MD:Pro - Malware Distribution Project
- [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking
- From: Sune Kloppenborg Jeppesen
- Re: Interview: Ilfak Guilfanov
- [eVuln] NavBoard BBcode XSS Vulnerability
- Recon2006 - Call for papers
- Survey on Vuln Disclosure: Request for Participation
- xorg server 6.8.2 and below on 64bit arch
- Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
- [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities
- [SECURITY] [DSA 929-1] New petris packages fix buffer overflow
- [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
- NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure
- From: NetBSD Security Officer
- NetBSD Security Advisory 2006-002: settimeofday() time wrap
- From: NetBSD Security Officer
- [eVuln] Foxrum BBCode XSS Vulnerabilty
- [SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
- [eVuln] Venom Board SQL Injection Vulnerability
- Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability
- [SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution
- Re: Did MS pull an Ilfak? (MS patch bindiff results)
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
- From: Mandriva Security Team
- Html_Injection in vBulletin 3.5.2
- AOL Multiple Cross Site Scripting Vulnerability
- AIM Multiple Cross Site Scripting Vulnerability
- Orjinweb E-commerce
- iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- Php-Nuke Pool and News Module IMG Tag Cross Site
- Re: Interview: Ilfak Guilfanov
- Xoops Pool Module IMG Tag Cross Site Scripting
- [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)
- MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities
- From: Mandriva Security Team
- MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
- From: Mandriva Security Team
- MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities
- From: Mandriva Security Team
- MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
- From: Mandriva Security Team
- MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities
- From: Mandriva Security Team
- Research: Malware Action Detection and Protection
- industry standards - current status [was: what we REALLY learned from WMF]
- [SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution
- [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities
- Re: Html_Injection in vBulletin 3.5.2
- [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability
- [SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution
- Multiple Vulnerabilities in Hummingbird Collaboration
- iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- [USN-239-1] libapache2-mod-auth-pgsql vulnerability
- [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS)
- Re: Html_Injection in vBulletin 3.5.2
- Re: Did MS pull an Ilfak? (MS patch bindiff results)
- [FLSA-2006:136323] Updated gettext package fixes security issues
- [FLSA-2006:152907] Updated htdig packages fix security issues
- Time modification flaw in BSD securelevels on NetBSD and Linux
- [FLSA-2006:152922] Updated ethereal packages fix security issues
- [FLSA-2006:168375] Updated mozilla packages fix security issues
- Malware - future trends
- New PEAR / Apache2Triad Exploit
- MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
- From: Mandriva Security Team
- Re: Dumb IE6/XP denial of service found on the web
- Microsoft Exchange Critical Vulnerability
- From: NGSSoftware Insight Security Research
- Microsoft Outlook Critical Vulnerability
- From: NGSSoftware Insight Security Research
- Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
- From: Cisco Systems Product Security Incident Response Team
- PostgreSQL security releases 8.0.6 and 8.1.2
- From: PostgreSQL Security
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED]
- From: FreeBSD Security Advisories
- SUSE Security Announcement: xpdf,kpdf,gpdf,kword
- eStara Softphone SIP stack Buffer Overflow Vulnerability
- Re: Did MS pull an Ilfak? (MS patch bindiff results)
- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
- [eVuln] MyPhPim Arbitrary File Upload
- [USN-235-2] sudo vulnerability
- FreeBSD Security Advisory FreeBSD-SA-06:01.texindex
- From: FreeBSD Security Advisories
- [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow
- [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server
- MDKSA-2006:010 - Updated cups packages fix several vulnerabilities
- From: Mandriva Security Team
- Advisory: XSS attack on Superonline.com email service.
- [FLSA-2006:167803] Updated mysql packages fix security issues
- BSD Securelevels: Circumventing protection of files flagged immutable
- H-Sphere Security Vulnerability
- Advisory 02/2006: PHP ext/mysqli Format String Vulnerability
- Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution
- Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability
- EUSecWest papers and CanSecWest CFP
- [USN-241-1] Apache vulnerabilities
- Session data pollution vulnerabilities in web applications
- Re: [Full-disclosure] Session data pollution vulnerabilities in web applications
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability
- Cisco, haven't we learned anything? (technician reset)
- Interspire TrackPoint NX XSS Vulnerability
- Multiple PHP Toolkit for PayPal Vulnerabilities
- FogBugz Cross Site Scripting Vulnerability
- [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
- [SECURITY] [DSA 903-2] New unzip packages fix unauthorised permissions modification
- ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability
- [eVuln] TankLogger SQL Injection Vulnerability
- [eVuln] ACal Authentication Bypass & PHP Code Insertion
- [eVuln] Wordcircle Authentication Bypass
- [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities
- Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability
- Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit
- [USN-240-1] bogofilter vulnerability
- Re: industry standards - current status [was: what we REALLY learned from WMF]
- [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service
- [SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution
- [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability
- From: Sune Kloppenborg Jeppesen
- SUSE Security Announcement: novell-nrm remote heap overflow
- MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities
- From: Mandriva Security Team
- [ GLSA 200601-07 ] ClamAV: Remote execution of arbitrary code
- From: Sune Kloppenborg Jeppesen
- [ GLSA 200601-08 ] Blender: Heap-based buffer overflow
- From: Sune Kloppenborg Jeppesen
- iDefense Security Advisory 01.13.06: Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow
- From: labs-no-reply@xxxxxxxxxxxx
- mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation
- FreeBSD Security Advisory FreeBSD-SA-06:03.cpio
- From: FreeBSD Security Advisories
- [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities
- [FLSA-2006:152803] Updated lesstif packages fix security issues
- MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities
- From: Mandriva Security Team
- Serial Line Sniffer 0.4.4 Buffer Overflow
- FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw
- From: FreeBSD Security Advisories
- PayPal Phishing Site Exploits Google XSS Vulnerability
- [Full-disclosure] [USN-236-2] xpdf vulnerabilities in kword, kpdf
- [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities
- Helm XSS Vulnerability
- ezDatabase 2.0 and below
- FullPath disclosure in Xaraya 1.0.1
- [KAPDA::#21] - HomeFtp v1.1 Denial of Service
- RE: Did MS pull an Ilfak? (MS patch bindiff results)
- Hacking With The Google Search Engine
- [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops
- FreeBSD Security Advisory FreeBSD-SA-06:02.ee
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution
- MyBB 1.0.2 SQL injection in usercp.php
- WMF vulnerability was a deliberate backdoor?
- MyBB 1.0.2 SQL injection
- DCP Portal Cross-Site Scripting Vulnerability
- AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability
- [eVuln] Light Weight Calendar PHP Code Execution
- Re: MSN Messenger Password Decrypter for WinXP/2003
- Linksys VPN Router (BEFVP41) DoS Vulnerability
- DIMVA 2006 Call for Papers
- TSLSA-2006-0002 - multi
- From: Trustix Security Advisor
- TSL-2006-0001 - postgresql
- From: Trustix Security Advisor
- DDSN CMS Admin Panel SQL Injection Vulnerability
- [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server
- From: ISecAuditors Security Advisories
- Visual Studio Remote Code Execution
- MDKSA-2006:013 - Updated kolab packages fix vulnerability
- From: Mandriva Security Team
- [SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution
- DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal'
- Directory traversal in phpXplorer
- Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities
- [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation
- [eVuln] Bit 5 Blog JavaScript Insertion Vulnerability
- RE: WMF vulnerability was a deliberate backdoor?
- CounterPath eyeBeam Handing SIP header Vulnerabilities
- WehnTrust - When you have to trust Wehntrust
- Homeftp r1.0.7 Denial of Service
- Re: WMF vulnerability was a deliberate backdoor?
- [USN-242-1] mailman vulnerabilities
- Re: WMF vulnerability was a deliberate backdoor?
- iWar 0.07 PSTN auditing tool released...
- Reverse Proxy Cross Site Scripting
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust
- Re: MyBB 1.0.2 SQL injection in usercp.php
- [eVuln] Benders Calendar SQL Injection
- Re: WMF vulnerability was a deliberate backdoor?
- [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability
- Microsoft knew about the WMF flaw for years
- Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability
- EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability
- Re: MSN Messenger Password Decrypter for WinXP/2003
- PunBB BBCode URL Tag Script Injection Vulnerability
- Announcement: The Web Application Firewall Evaluation Criteria v1 Released
- Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability
- MDKSA-2006:014 - Updated wine packages fix WMF vulnerability
- From: Mandriva Security Team
- MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities
- From: Mandriva Security Team
- MDKSA-2006:016 - Updated clamav packages fix vulnerability
- From: Mandriva Security Team
- IndonesiaHack Advisory HTML injection in PHP Fusebox
- ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability
- From: Sune Kloppenborg Jeppesen
- Re: Reverse Proxy Cross Site Scripting
- From: Amit Klein (AKsecurity)
- XSS in WBNews < = v1.1.0
- [eVuln] BlogPHP Authentication Bypass
- [eVuln] microBlog SQL Injection Vulnerability
- [eVuln] microBlog BBCode XSS Vulnerability
- Re: Microsoft knew about the WMF flaw for years
- Secunia Research: Mozilla Thunderbird Attachment Spoofing Vulnerability
- PowerPortal Cross-Site Scripting Vulnerability
- [SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities
- Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit
- [SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
- Re: Fullpath disclosure in roundcube webmail
- [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution
- Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements
- White Album Sql İnjection biyosecurity.be
- [USN-243-1] tuxpaint vulnerability
- Attacking Automatic Wireless Network Selection
- Oracle DBMS Access Control Bypass in Login
- Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext
- [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1
- Oracle Reports - Read parts of files via desname (fixed after 874 days)
- Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)
- Oracle Critical Patch Update - January 2006
- From: NGSSoftware Insight Security Research
- Oracle Reports - Read parts of files via customize(fixed after 875 days)
- Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
- [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability
- Re: Linksys VPN Router (BEFVP41) DoS Vulnerability
- [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities
- Re: PunBB BBCode URL Tag Script Injection Vulnerability
- [eVuln] Flog Information Disclosure Vulnerability
- [eVuln] aoblogger Multiple Vulnerabilities
- Cerberus FTP Server 2.32 Denial of Service
- Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS
- From: Cisco Systems Product Security Incident Response Team
- Re: Directory traversal in phpXplorer
- WEP-Client-Communication-Dumbdown (WCCD) Vulnerability
- Cisco Security Advisory: Cisco Call Manager Denial of Service
- From: Cisco Systems Product Security Incident Response Team
- ICQ Cross Site Scripting Vulnerability
- XMB Forum HTML Code Injection
- Re: MSN Messenger Password Decrypter for WinXP/2003
- [USN-244-1] Linux kernel vulnerabilities
- MyBB Signature HTML Code Injection
- HITBSecConf2005 Videos Released
- IRM 015: File system path disclosure on TYPO3 Web Content Manager
- [eVuln] WebspotBlogging Authentication Bypass Vulnerability
- Land Down Under Signature HTML Code Injection
- Cisco Security Advisory: Cisco Call Manager Privilege Escalation
- From: Cisco Systems Product Security Incident Response Team
- Re: Re: MSN Messenger Password Decrypter for WinXP/2003
- CAID 33756 - DM Deployment Common Component Vulnerabilities
- -2- [XSS] in ar-blog v 5.2
- Google's Blogger.com classic HTTP response splitting vulnerability
- Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager
- Phpclanwebsite BBCode IMG Tag XSS Vulnerability
- [security bulletin] SSRT5971 rev.1 - HP-UX Running ftpd Remote Denial of Service (DoS)
- FreeBSD Security Advisory FreeBSD-SA-06:05.80211
- From: FreeBSD Security Advisories
- MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability
- From: Mandriva Security Team
- Change passwd 3.1 (SquirrelMail plugin )
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT
- Re: Microsoft knew about the WMF flaw for years
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrd.exe DoS Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- iDefense Security Advisory 01.17.06: EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- phpXplorer file inclusion biyosecurity.be
- DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow'
- MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities
- From: Mandriva Security Team
- Claroline 1.7.2, sso identification vulnerability
- BlogPHP config.php SQL injection login bypass
- BlogPHP config.php SQL injection login bypass
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability
- [SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow
- SUSE Security Announcement: kdelibs3 (SUSE-SA:2006:003)
- MySQL 5.0 information leak?
- [SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow
- [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation
- [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure
- [eVuln] eggblog Multiple SQL Injection & XSS Vulnerabilities
- [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities
- [eVuln] geoBlog SQL Injection Vulnerability
- [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation
- Re: WMF vulnerability was a deliberate backdoor?
- MyBB 1.0.2 Sniffing table perfix bug in search.php
- Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability
- MDKSA-2006:019 - Updated kdelibs packages fix vulnerability
- From: Mandriva Security Team
- Tumbleweed EMF 6.x Processing Issues
- RE: MySQL 5.0 information leak?
- Re: Directory traversal in phpXplorer
- Critical security advisory #006 tftpd32 Format string
- BlogPHP config.php SQL injection login bypassed
- [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution
- MyBB Signature HTML Code Injection
- CodeCon program announced, early registration deadline nearing
- Re: MySQL 5.0 information leak?
- [USN-245-1] KDE library vulnerability
- High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server
- From: NGSSoftware Insight Security Research
- fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)
- [eVuln] e-moBLOG SQL Injection Vulnerability
- [eVuln] Note-A-Day Weblog Sensitive Information Disclosure
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released
- ANN: New release of CORE FORCE free endpoint security package
- [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability
- From: Sune Kloppenborg Jeppesen
- Call For Paper - SyScan'06 Singapore
- From: organiser@xxxxxxxxxx
- [SECURITY] [DSA 955-1] New mailman packages fix denial of service
- Workaround for unpatched Oracle PLSQL Gateway flaw
- [SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution
- HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability
- Technical Note by Amit Klein: "XST Strikes Back"
- From: Amit Klein (AKsecurity)
- [eVuln] CheesyBlog XSS Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-06:07.pf
- From: FreeBSD Security Advisories
- Updated ipsec-tools packages fix vulnerability
- [eVuln] ExpressionEngine 'Referer' XSS Vulnerability
- [SECURITY] [DSA 947-2] New clamav packages fix heap overflow
- Rosiello Security - Eterm-LibAST Advisory
- FreeBSD Security Advisory FreeBSD-SA-06:06.kmem
- From: FreeBSD Security Advisories
- Re: Tumbleweed EMF 6.x Processing Issues
- [security bulletin] SSRT061099 rev.1 - HP-UX Local Increased Privilege
- [eVuln] miniBloggie Authentication Bypass
- [SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting
- [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
- Newsphp Multiple SQL Injection Vulnerabilities
- [eVuln] Text Rider Sensitive Information Disclosure
- Re: IndonesiaHack Advisory HTML injection in PHP Fusebox
- What A Click! [Internet Explorer]
- MyBB 1.0.2 XSS attack in search.php redirection
- Updated mozilla-thunderbird packages fix vulnerability
- Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting
- [SECURITY] [DSA 956-1] New lsh-utils packages fix local vulnerabilities
- [security bulletin] SSRT061104 rev.1 - HP Oracle for OpenView (OfO) Critical Patch Update January 2006
- [ GLSA 200601-12 ] Trac: Cross-site scripting vulnerability
- SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:004)
- HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities
- SUSE Security Announcement: nfs-server/rpc.mountd remote code
- SamiFTPd buffer overflow
- BlackWorm: 2 million infected? ISP notifications.
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
- From: Cisco Systems Product Security Incident Response Team
- [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat
- From: ISecAuditors Security Advisories
- [HSC] Multiple transversal bug in vis
- [eVuln] AndoNET Blog SQL Injection Vulnerability
- Windows mem leakage
- [eVuln] "my little homepage" products [link] BBCode XSS Vulnerability
- [SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution
- Re: MySQL 5.0 information leak?
- Buffer Overflow /Font on mIRC
- From: Crowdat Kurobudetsu
- [SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
- Re: MySQL 5.0 information leak?
- [ Rosiello Security ] Eterm-LibAST Advisory
- iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included)
- [ MDKSA-2006:022 ] - Updated perl-Convert-UUlib packages fix vulnerability
- Re: [Full-disclosure] Urgent Alert: Possible BlackWorm DDay February 3rd (Snort signatures included)
- BitComet URI Proof of Concept
- RE: MySQL 5.0 information leak?
- [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
- hello
- [ MDKSA-2006:023 ] - Updated perl-Net_SSLeay packages fix vulnerability
- [SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities
- [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities
- Re: [security] What A Click! [Internet Explorer]
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
- Shareaza P2P Remote Vulnerability
- Re: [security] What A Click! [Internet Explorer]
- [ MDKSA-2006:024 ] - Updated ImageMagick packages fix vulnerabilities
- Azbb v1.1.00 Cross-Site Scripting
- The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns)
- Ege Internet Web Desing Remote Command Exucetion
- Multiple vulnerabilities in CommuniGate Pro Server
- LibAST 0.7 Release Fixes Security Vulnerability
- [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
- [USN-246-1] imagemagick vulnerabilities
- BlackWorm naming confusing [CME entry now available]
- [eVuln] Pixelpost Photoblog XSS Vulnerability
- [FLSA-2006:152845] Updated perl packages fix security issues
- BlackWorm technical information
- CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability
- [ GLSA 200601-13 ] Gallery: Cross-site scripting vulnerability
- [SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting
- zbattle.net
- Re: MySQL 5.0 information leak?
- Cross Site Cooking
- Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox
- [ GLSA 200601-14 ] LibAST: Privilege escalation
- From: Sune Kloppenborg Jeppesen
- UebiMiau Webmail System Security Vulnerability
- Re: BlackWorm naming confusing [CME entry now available]
- [ GLSA 200601-15 ] Paros: Default administrator password
- From: Sune Kloppenborg Jeppesen
- TSLSA-2006-0004 - multi
- From: Trustix Security Advisor
- [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting
- [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >
- RE: Cross Site Cooking
- Arescom NetDSL-1000 DoS atack source
- Winamp 5.12 - 0day exploit - code execution through playlist
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password
- sPaiz-Nuke Cross-Site Scripting Vulnerability
- MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
- Nuked-klaN Cross-Site Scripting Vulnerability
- EasyCMS vulnerable to XSS injection.
- Re: [security] What A Click! [Internet Explorer]
- Re: Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401)
- BlackWorm: statistics and numbers
- Re: Arescom NetDSL-1000 DoS atack source
- XSS flaw in MG2 Image Gallery (v.0.5.1)
- MyBB 1.2 Local File Incusion
- [SECURITY] [DSA 959-1] New unalz packages fix arbitrary code execution
- CME-24 (BlackWorm) Users' FAQ
- Etomite CMS "Backdoored"
- [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities
- Re: Winamp 5.12 - 0day exploit - code execution through playlist
- New worm crawling trough blogs?!
- Re: CME-24 (BlackWorm) Users' FAQ
- [ MDKSA-2006:027 ] - Updated gzip packages fix zgrep vulnerabilities
- [ GLSA 200601-16 ] MyDNS: Denial of Service
- From: Sune Kloppenborg Jeppesen
- [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
- From: Sune Kloppenborg Jeppesen
- Etomite followup information
- From: security curmudgeon
- BrowserCRM vulnerable for XSS
- Cerberus Helpdesk vulnerable to XSS
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist
- Re: EasyCMS vulnerable to XSS injection.
- Proof of concept for CommuniGate Pro Server vulnerability
- MyCO multiple vulnerabilities
- [SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution
- [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use
- FarsiNews 2.1 PHP Remote File Inclusion
Mail converted by MHonArc
This mailing list archive is a service of Copilotco.