Bekijk Volledige Versie : Bugtraq mailing lijst
- [ GLSA 200606-11 ] JPEG library: Denial of Service
- [ GLSA 200606-12 ] Mozilla Firefox: Multiple vulnerabilities
- [ GLSA 200606-13 ] MySQL: SQL Injection
- Mydeardiary.com - XSS
- Diaryland.com - XSS
- Lycos.com - XSS vulnerability
- Hotbot.com - XSS vulnerability in search engine
- 5 Star Review - review-script.com - XSS w/ cookie output
- vbulletin.com Multiple XSS Vulnerabilities
- Secunia Research: MyBB "domecode()" PHP Code Execution
- WinSCP - URI Handler Command Switch Parsing
- Re: iFoto v0.20-06/06/06
- RCblog 1.03 Directory Traversal [index.php]
- CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path
- Myscrapbook v3.1 - XSS
- Wanderlist.com - XSS vuln with sessions disclosure
- PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities
- [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~
- tempnam() Bypass unique file name PHP 5.1.4
- Opengaia.com - XSS Vuln & Session Include
- Foing (manage_songs.php) Remote File Inclusion[phpBB]
- sorry i wrong something, this is original AWF CMS 1.11 adv
- Nowtalking.com - XSS
- ThWboard 3.0 <= SQL Injection
- Stargazer.org - XSS with Session output
- cescripts.com - XSS
- Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- Wireclub.com - XSS & cookie disclosure
- Re: igloo DoubleSpeak v 0.1 Multiple remote file inclusion
- Virtualtourist.com - XSS with cookie disclosure
- rPSA-2006-0100-1 freetype
- [ MDKSA-2006:099 ] - Updated freetype2 packages fixes multiple vulnerabilities.
- Re: SSL VPNs and security
- RE: Internet Explorer vulnerbility
- myPHP Guestbook 2.0.2 XSS Vulnerabilitie
- Flork.com
- [ GLSA 200606-14 ] GDM: Privilege escalation
- Vampirefreaks.com - XSS with cookie disclosure
- # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.
- Re: SSL VPNs and security
- [EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow
- Onlinenode.com - XSS
- Re: Internet Explorer vulnerbility
- Re: SSL VPNs and security
- Yourfacesucks.com - XSS & cookie disclosure
- [ GLSA 200606-09 ] SpamAssassin: Execution of arbitrary code
- Blackplanet.com - XSS & cookie disclosure vuln.
- Meefo.com - XSS with cookie include
- Re: Ie opera dos exploit
- Invision Power Board XSS
- Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory)
- Re: Internet Explorer vulnerbility
- internet explorer vulnerability based on MarjinZ & Mr.Niega discovered
- [FSA013] phpCMS 1.2.1pl2, Remote command execution
- Call For Papers - No cON Name 2006 Edition Spain
- Emllabs.com - XSS
- Content-Builder (CMS) 0.7.5, Remote command execution
- DCP-Portal 6.1.x, Remote command execution
- Re: BUGTRAQ:20060611 ThWboard 3.0 <= SQL Injection
- Re: SSL VPNs and security
- [SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution
- VBZooM <<--V1.11 "subject.php" SQL injection
- VBZooM <<--V1.02 "meaning.php" SQL injection
- VBZooM <<--V1.01 "language.php" SQL injection
- Simpnews <= All version - Remote File Include Vulnerabilities
- multiple Xss exploits in 35mmslidegallery V6
- High Risk Vulnerability in Microsoft Windows RASMAN Service
- iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk
- iDefense Security Advisory 06.13.06: Microsoft Internet Explorer
- ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow
- PHP MESSENGER 1.0 Version - Remote File Include Vulnerability
- Jobline 1 1 1 Version - Remote File Include Vulnerability
- Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities
- S H O U T B O X (v1.5) Version - Remote File Include Vulnerability
- Re: Shoutpro 1.0 Version - Remote File Include Vulnerability
- iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk
- Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities
- [REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege
- Re: Simpnews <= All version - Remote File Include Vulnerabilities
- # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc.
- [REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock.
- Web-CMS <<--1.0 "print.php" SQL injection
- TikiWiki Sql injection & XSS Vulnerabilities
- Re: vbulletin.com Multiple XSS Vulnerabilities
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability
- blur6ex <= 0.3.462 'ID' blind sql injection
- REMOTE FILE INCLUSION ( ALL )
- RE: Dell Openmanage CD Vulnerability
- Chipmailer <= 1.09 Multiple Vulnerabilities
- RE: Windows Software Restriction Policy Protection Bypass
- iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk
- GamePlay.co.uk XSS
- PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path
- Oracle DBMS_STANDARD security problem
- Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities
- file include exploits in mcGuestbook 1.3
- SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could
- Simpleshout 1.6.0 Version - Remote File Include Vulnerability
- ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory
- VBZooM <<-- V1.11 "show.php" SQL injection
- Shoutpro 1.0 Version - Remote File Include Vulnerability
- [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory
- G Shout 1.3.1 Version - Remote File Include Vulnerability
- Barracuda Spam Firewall: Administrator Level Remote Command Execution
- [ GLSA 200608-07 ] libTIFF: Multiple vulnerabilities
- vBulletin 3.0.14 ~ init.php~ registerring global arbitary
- Tinyportal Shoutbox
- [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
- MyBloggie <= 2.1.4 trackback.php SQL injection / admin
- XSS Vulnerability in FTD v3.7.3
- Re: flatnuke <= 2.5.7 arbitrary php file upload
- XennoBB <= 2.1.0 "birthday" SQL injection
- SAPID CMS remote File Inclusion vulnerabilities
- 0-day XP SP2 wmf exploit
- [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File
- SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File
- 0-day XP SP2 wmf exploit (some details)
- NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion
- blur6ex 0.3 Comment title HTML inyection vuln.
- when will AV vendors fix this???
- PHP: Zend_Hash_Del_Key_Or_Index Vulnerability
- IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY
- Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)
- [ GLSA 200608-10 ] pike: SQL injection vulnerability
- php local buffer underflow could lead to arbitary code execution
- [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure
- [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability
- Virtual War v1.5.0 Remote File Include (vwar_root)
- Re: when will AV vendors fix this???
- [SECURITY] [DSA 1144-1] New chmlib packages fix denial of service
- linksys WRT54g authentication bypass
- [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code
- Will Microsoft patch remarkable old Msjet40.dll issue?
- Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
- RE: linksys WRT54g authentication bypass
- Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion
- DeluxeBB Multiple Vulnerabilities
- simplog 0.9.3 and prior XSS
- TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest
- TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update
- Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
- Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File
- ARES 2007: Call for workshop proposals, deadline Sept 10, 2006
- Attacking the local LAN via XSS
- Re: [Full-disclosure] Attacking the local LAN via XSS
- Re: [Full-disclosure] Attacking the local LAN via XSS
- Re: [Full-disclosure] Attacking the local LAN via XSS
- Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
- Re[2]: [Full-disclosure] Attacking the local LAN via XSS
- Re: vbulletin 3.5.4 IE exploit xss
- AUTODAFE: an Act of Software Torture [FUZZER]
- phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File
- [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow
- Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]
- [ GLSA 200608-13 ] ClamAV: Heap buffer overflow
- ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory
- ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory
- [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities
- Archangel Weblog 0.90.02 and prior Multiple HTML injections
- docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability
- rPSA-2006-0147-1 mysql mysql-bench mysql-server
- phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability
- Microsoft PowerPoint Malformed Record Memory Corruption
- [ GLSA 200608-14 ] DUMB: Heap buffer overflow
- unwrapping PL/SQL
- MojoScripts' xss vulnerable
- TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent
- MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
- Re: Will Microsoft patch remarkable old Msjet40.dll issue?
- ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability
- AW: Virtual War v1.5.0 Remote File Include (vwar_root)
- rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test
- [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow
- SUSE Security Announcement: clamav (SUSE-SA:2006:046)
- PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities
- [USN-333-1] libwmf vulnerability
- Latinchat Denial Of Service
- Assessment of Vista Kernel Mode Security
- [SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
- [ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability
- CivicSpace Version 0.8.5 HTML injection
- BlogHoster v2.2 Post Comment Html Injection
- Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability
- [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)
- [ MDKSA-2006:139 ] - Updated krb5 packages fix local privilege escalation vulnerability
- TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow
- Multiple buffer-overflows in AlsaPlayer 0.99.76
- Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and
- TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption
- TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption
- [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities
- [SECURITY] [DSA 1147-1] New drupal packages fix cross-site scripting
- [ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability
- XChat <= 2.6.4-1 (win version) Remote Denial of Service Exploit (php)
- PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection
- Yabb XSS
- TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
- [SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution
- Sending multipart/form-data requests from Flash (with arbitrary
- Directory Traversal vulnerability in IPCheck Monitor Server
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS)
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS)
- PocketPC MMS - Remote Code Injection/Execution Vulnerability and
- [ GLSA 200608-15 ] MIT Kerberos 5: Multiple local privilege escalation (test Falco for security@)
- [ GLSA 200608-17 ] libwmf: Buffer overflow vulnerability
- [ GLSA 200608-18 ] Net::Server: Format string vulnerability
- [ GLSA 200608-16 ] Warzone 2100 Resurrection: Multiple buffer overflows
- Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure
- Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path)
- Netgear FVG318 is vunerable to DOS attack
- Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion
- InfanView 3.98 (with plugins) - Access violation at processing
- myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion
- Compersus ASP shopping cart <= DataBase Downloading vuln.
- Virtual War v1.5.0 <= Sql Injection vuln.
- XennoBB <= "avatar gallery" Directory Transversal
- CGI Script Source Code Disclosure Vulnerability in Apache for Windows
- Simple one-file GuestBook 1.0
- Dragonfly CMS 9.0.6.1 and prior XSS
- Security Contact
- Re: when will AV vendors fix this???
- RE: when will AV vendors fix this???
- Re: when will AV vendors fix this???
- RE: [Full-disclosure] RE: when will AV vendors fix this???
- Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
- Re: [Full-disclosure] Attacking the local LAN via XSS
- Re: linksys WRT54g authentication bypass
- Re: linksys WRT54g authentication bypass
- Re: linksys WRT54g authentication bypass
- RE: linksys WRT54g authentication bypass
- RE: linksys WRT54g authentication bypass
- Re: when will AV vendors fix this???
- Bypassing script filters with variable-width encodings
- Re: linksys WRT54g authentication bypass
- XSSing the Lan 3 (web trojans.. not a new idea)
- Re: linksys WRT54g authentication bypass
- Security Vulnerability in Ruby on Rails 1.1.x
- [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code
- [security bulletin] HPSBUX02124 SSRT061159 rev.2 - HP-UX Sendmail MIME Remote Denial of Service (DoS)
- TSLSA-2006-0046 - multi
- Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
- miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
- [ GLSA 200608-19 ] WordPress: Privilege escalation
- Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
- rPSA-2006-0152-1 squirrelmail
- WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
- Re: [ GLSA 200608-12 ] x11vnc: Authentication bypass in included
- wheatblog ُSession.php Remote File Inclusion
- UPDATE: [ GLSA 200511-12 ] Scorched 3D: Multiple vulnerabilities
- VWar <= 1.50 R14 (n) Remote SQL Injection