Bugtraq mailing lijst [Archief] - Pagina 85

Re: First (Major) web hacking incidents for 2008. Sign of the year to
[USN-564-1] Net-SNMP vulnerability
[USN-561-1] pwlib vulnerability
[ GLSA 200801-02 ] R: Multiple vulnerabilities
[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service
[USN-563-1] CUPS vulnerabilities
iDefense Security Advisory 01.09.08: Novell NetWare Client nicm.sys
my mum and sister kissing
[ GLSA 200801-03 ] Claws Mail: Insecure temporary file creation
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service
[ GLSA 200801-05 ] Squid: Denial of Service
[USN-565-1] Squid vulnerability
[ GLSA 200801-04 ] OpenAFS: Denial of Service
[ MDVSA-2008:005 ] - Updated libexif packages fix multiple
[SECURITY] [DSA 1457-1] New dovecot packages fix information disclosure
Simple Machines Forum Cross-Site Scripting Vulnerabilities
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS,
[USN-566-1] OpenSSH vulnerability
uCon 2008 call for participation - Recife, Brazil
Digital Armaments January-February Hacking Challenge: Special
[ GLSA 200801-06 ] Xfce: Multiple vulnerabilities
BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP
Word 2007 Email as PDF path disclosure flaw
MTCMS <=2.0 SQL Injection Vulnerbility
Buffer-overflow in Quicktime Player 7.3.1.70
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
[ MDVSA-2008:006 ] - Updated exiv2 packages fix vulnerability
Re: Buffer-overflow in Quicktime Player 7.3.1.70
[USN-567-1] Dovecot vulnerability
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70
At long last -- Extra Outlooks!
[ MDVSA-2008:007 ] - Updated madwifi-source,
SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7
Re: Linksys WRT54 GL - Session riding (CSRF)
SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial
re-resting of zzuf results
ImageAlbum Remote SQL Injection Vulnerabilities
Re: Buffer-overflow in Quicktime Player 7.3.1.70
CFP: EuroSec Workshop (March 31st, 2008)
Member Area System (MAS) Remote File Include Vulnerability
Naymz multiple XSS
Re: At long last -- Extra Outlooks!
Re: Buffer-overflow in Quicktime Player 7.3.1.70
Cross site scripting (XSS) in Moodle 1.8.3
[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability
[ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass
Safari 2 Denial of Service
[ MDVSA-2008:009 ] - Updated autofs packages fix insecure hosts
[ MDVSA-2008:008 ] - Updated kernel packages fix multiple
Garment Center (index.cgi) Local File Inclusion
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation
what is this?
Re: what is this?
RE: Linksys WRT54 GL - Session riding (CSRF)
Re: [Full-disclosure] what is this?
F5 BIG-IP Web Management List Search XSS
Re: [Full-disclosure] what is this?
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several
Re: [Full-disclosure] what is this?
SQID v0.3 - SQL Injection Digger.
[ MDVSA-2008:009-1 ] - Updated autofs packages fix insecure hosts
Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70
Re: At long last -- Extra Outlooks!
RE: At long last - Extra Outlooks!
RE: At long last -- Extra Outlooks!
Re: At long last -- Extra Outlooks!
Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70
Re: what is this?
[SECURITY] [DSA 1459-1] New gforge packages fix SQL injection
Re: what is this?
Re: what is this?
Re: what is this?
Re: Buffer-overflow in Quicktime Player 7.3.1.70
RE: what is this?
Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily
Re: Garment Center (index.cgi) Local File Inclusion
Re: Buffer-overflow in Quicktime Player 7.3.1.70
Hacking The Interwebs
[SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several
Re[2]: [Full-disclosure] what is this?
Re: what is this?
[USN-568-1] PostgreSQL vulnerabilities
[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service
Re: what is this?
[security bulletin] HPSBUX02303 SSRT071468 rev.1 - HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code
[security bulletin] HPSBST02304 SSRT080003 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-001 to MS08-002
[ MDVSA-2008:012 ] - Updated python packages fix vulnerabilities
[ MDVSA-2008:013 ] - Updated python packages fix vulnerability in
FreeBSD Security Advisory FreeBSD-SA-08:01.pty
Re: what is this?
Defeating audio captcha systems
Country by Country ISA Computer Sets
Re: Linksys WRT54 GL - Session riding (CSRF)
Re: what is this?
Re: [Full-disclosure] what is this?
Re: [Full-disclosure] what is this?
Re[2]: what is this?
SecurityReason - Apache (mod_status) Refresh Header - Open
Re[2]: what is this?
Article DashBoard all version SQL Injection Vulnerability
Max's File Uploader File Upload Vulnerability
MicroNews Admin Direct Access vulnerability
Re: what is this?
RE: what is this?
Re: [Full-disclosure] what is this?
Re: [Full-disclosure] what is this?
Re[2]: what is this?
Re: Linksys WRT54 GL - Session riding (CSRF)
Re: Linksys WRT54 GL - Session riding (CSRF)
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer
Pipe to FOR Crashes CMD
Re: Defeating audio captcha systems
Re: what is this?
[DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities
RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service
rPSA-2008-0015-1 cairo
cPanel Hosting Manager (dohtaccess.html)
rPSA-2008-0016-1 postgresql postgresql-server
rPSA-2008-0017-1 libxml2
[DSECRG-08-002] Local File Include in arias 0.99-6
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability
8e6 Technologies R3000 Internet Filter Bypass by Request Split
[Aria-Security.Net] Real Estate Web SQL Injection
Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow
iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource
mcGuestbook v1.2 Remote File Inc.
Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5
Country by Country Computer Sets now available for ISA 2004
TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability
SQL scalar function to convert big int to dot notation
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion
[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple
[USN-570-1] boost vulnerabilities
[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple
[security bulletin] HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution
JoomlaFlash Component Multiple Remote File Inclusion
PHPEchoCMS Multible remote vulnerabilitis
rPSA-2008-0018-1 mysql mysql-bench mysql-server
Re: [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP
[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple
rPSA-2008-0021-1 kernel
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution
Re: Utimaco Safeguard Easy vulnerability
Clever Copy <=3.0 Multiple Remote Vulnerabilities
[CSNC] OKI C5510MFP Printer Password Disclosure
RE: Skype videomood XSS
CORE-2007-1119: CORE FORCE Kernel Buffer Overflow
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput
iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP
iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc
IMF 2008 - Call for Papers
[FIXED] Remote Denial of Service for SSH service at Dell DRAC4
[USN-571-1] X.org vulnerabilities
Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities
common dns misconfiguration can lead to "same site" scripting
New search engine for exploits
Re: Member Area System (MAS) Remote File Include Vulnerability
Making big money...
SocksCap Stack Overflow (<= 2.40-051231)
Re: Country by Country ISA Computer Sets
Re: Country by Country ISA Computer Sets
SinFP fingerprinting tool online demo
RE: Country by Country ISA Computer Sets
Re: mcGuestbook v1.2 Remote File Inc.
Re: Article DashBoard all version SQL Injection Vulnerability
RE: Country by Country ISA Computer Sets
Re: Country by Country ISA Computer Sets
Re: Tiger Team: New TV series about pen testers airing on CourtTV
MyBB 1.2.11 Multiple XSRF Vulnerabilities
Re: Re: Utimaco Safeguard Easy vulnerability
RE: Country by Country ISA Computer Sets
[USN-572-1] apt-listchanges vulnerability
[USN-571-2] X.org regression
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
[SECURITY] [DSA 1467-1] New mantis packages fix several vulnerabilities
Re: common dns misconfiguration can lead to "same site" scripting
Make MoneY EaSy n FaST !!!!!!! 100% Working..Tested!
RE: Country by Country ISA Computer Sets
Bloofox CMS SQL Injection (Authentication bypass) , Source code
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities
Php Search Remote Inclusion
AXIGEN 5.0.x AXIMilter Format String Exploit
MegaBBS ASP Forum Cross-Site Scripting
Re: common dns misconfiguration can lead to "same site" scripting
WifiZoo v1.3 released (minor release)
Flaw in Alice gate2 pluswifi adsl modem
boastMachine <=3.1 SQL Injection Vulnerbility
[ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities
Call Jacking: Phreaking the BT Home Hub
BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include
[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service
[SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution
Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication
Pass-The-Hash Toolkit v1.2 released.
[ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities
[ GLSA 200801-08 ] libcdio: User-assisted execution of arbitrary code
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite
[ MDVSA-2008:017 ] - Updated MySQL packages fix multiple
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11
[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities
[SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution
Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split
PR07-38: XSS on sIFR
[ MDVSA-2008:019 ] - Updated cairo packages fix vulnerability
Some hashes for the record
Troopers 08 Security Conference, Call for Papers
RE: Country by Country ISA Computer Sets
Re: common dns misconfiguration can lead to "same site" scripting
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution
[ MDVSA-2008:018 ] - Updated gFTP packages fix vulnerabilities
Re: common dns misconfiguration can lead to "same site" scripting
PacerCMS Multiple Vulnerabilities (XSS/SQL)
DeluxeBB 1.1 XSS Vulnerabilitie
Re: PR07-38: XSS on sIFR
=?UTF-8?Q?XSRF_under_Dean=E2=80=99s_Permalinks_Migration _1.0?=
Apache mod_negotiation Xss and Http Response Splitting
SDL_Image 1.2.6 and prior GIF handling buffer overflow
PHP 5.2.5 cURL safe_mode bypass
[security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS)
UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication
Web Wiz Forums Directory traversal
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file
Web Wiz NewsPad Directory traversal
[ MDVSA-2008:020 ] - Updated xine-lib packages fix remote code
Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability
Cisco Security Advisory: Default Passwords in the Application Velocity System
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation
Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection
RE: Cisco Security Advisory: Cisco PIX and ASA Time-to-Live Vulnerability
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
[SECURITY] [DSA 1474-1] New exiv2 packages fix arbitrary code execution
[ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities
[SECURITY] [DSA 1444-2] New php5 packages fix regression
PIX Privilege Escalation Vulnerability
[ MDVSA-2008:025 ] - Updated x11-server-xgl packages fix multiple
ImageShack Toolbar FileUploader Class insecurities
[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple
[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple
[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple
[ MDVSA-2008:024 ] - Updated libxfont packages fix font handling
Tiger PHP News System SQL Injection