|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
807 messages sorted by: [ author ] [ date ] [ thread ]
Starting: Mon May 01 2006 - 11:53:14 CDT
Ending: Mon Jun 05 2006 - 18:52:38 CDT
- # MHG Security Team --- DuGallery V2.x SQL Injection
- # MHG Security Team --- Gallery Upload Vulnerabilities
- # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit
- # MHG Security Team --- OzzyWork Gallery SQL Injection
- # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities
- # MHG Security Team --- PHP NUKE All version Remote File Inc.
- # MHG Security Team ---Rumble 1.02 version Remote File Inc.
- 321soft PhP Gallery 0.9 - directory travel & XSS
- 4images<-- 1.7.1 SQL Injection
- 4nNukeWare<--V 0.91 SQL Injection exploits
- 90% of programs made in PHP5 and prior Full Path Disclosure vuln.
- [ GLSA 200605-01 ] MPlayer: Heap-based buffer overflow
- [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension
- [ GLSA 200605-03 ] ClamAV: Buffer overflow in Freshclam
- [ GLSA 200605-04 ] phpWebSite: Local file inclusion
- [ GLSA 200605-05 ] rsync: Potential integer overflow
- [ GLSA 200605-06 ] Mozilla Firefox: Potential remote code execution
- [ GLSA 200605-07 ] Nagios: Buffer overflow
- [ GLSA 200605-08 ] PHP: Multiple vulnerabilities
- [ GLSA 200605-09 ] Mozilla Thunderbird: Multiple vulnerabilities
- [ GLSA 200605-10 ] pdnsd: Denial of Service and potential arbitrary code execution
- [ GLSA 200605-11 ] Ruby: Denial of Service
- [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow
- [ GLSA 200605-13 ] MySQL: Information leakage
- [ GLSA 200605-14 ] libextractor: Two heap-based buffer overflows
- [ GLSA 200605-15 ] Quagga Routing Suite: Multiple vulnerabilities
- [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability
- [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities
- [ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability
- [ MDKSA-2006:081 ] - Updated xorg-x11 packages fix vulnerability
- [ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability
- [ MDKSA-2006:082 ] - Updated libtiff packages fix vulnerabilities
- [ MDKSA-2006:083 ] - Updated gdm package fixes symlink attack vulnerability
- [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities
- [ MDKSA-2006:085 ] - Updated xine-ui packages fix format string vulnerabilities
- [ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities
- [ MDKSA-2006:087 ] - Updated kernel packages fixes netfilter SNMP NAT memory corruption
- [ MDKSA-2006:088 ] - Updated hostapd package to address DoS vulnerability
- [ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc
- [ MDKSA-2006:090 ] - Updated shadow-utils packages fix mailbox creation vulnerability
- [ MDKSA-2006:091 ] - Updated php packages fix vulnerabilities
- [ MDKSA-2006:092 ] - Updated mpg123 packages fix DoS vulnerability.
- [ MDKSA-2006:093 ] - Updated dia packages fix string format vulnerabilities.
- [ MDKSA-2006:094 ] - Updated evolution packages fix DoS (crash) vulnerability on certain messages.
- [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL
- [BuHa-Security] DoS Vulnerability in MS IE 6 SP2
- [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2
- [CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other.
- [cosmoshop again] sql injection + view all files as admin user
- [DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue
- [DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue
- [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue
- [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue
- [ECHO_ADV_32$2006] SCart 2.0 Remote Code Execution
- [EEYEB-20060307] Apple QuickTime FPX Integer Overflow
- [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow
- [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service
- [FLSA-2006:152868] Updated tetex packages fix security issues
- [FLSA-2006:152898] Updated emacs packages fix a security issue
- [FLSA-2006:152904] Updated ncpfs package fixes security issues
- [FLSA-2006:152923] Updated xloadimage package fixes security issues
- [FLSA-2006:164512] Updated fetchmail packages fix security issues
- [FLSA-2006:185355] Updated gnupg package fixes security issues
- [Full Disclosure] [Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability
- [Full-disclosure] ASLR now built into Vista
- [Full-disclosure] bug in oscomerce
- [Full-disclosure] How secure is software X?
- [Full-disclosure] POC exploit for freeSSHd version 1.0.9
- [Full-disclosure] RealVNC 4.1.1 Remote Compromise
- [Full-disclosure] What's Up Professional Spoofing Authentication Bypass
- [Info Disclosure] Diesel PHP Job Site Latest Version
- [KAPDA::#43] - phpwcms multiple vulnerabilities
- [KAPDA::#44] - NewsCMSLite Login ByPass by Cookie
- [KAPDA::#45] - geeklog multiple vulnerabilities
- [KAPDA::#46] - Nukedit Unauthorized Admin Add
- [KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection
- [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack
- [Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability
- [Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability
- [Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB)
- [Kurdish Security # 5] phpRaid Remote File Include [SMF]
- [Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]
- [MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability
- [MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
- [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability
- [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability
- [MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability
- [OpenPKG-SA-2006.008] OpenPKG Security Advisory (openldap)
- [OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils)
- [Reversemode] Microsoft Infotech Storage library Heap Corruption
- [REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability
- [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability
- [security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation
- [security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution
- [security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS)
- [security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access
- [security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
- [security bulletin] HPSBUX02108 SSRT061133 rev.11 - HP-UX Running Sendmail, Remote Execution of Arbitrary Code
- [security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege
- [security bulletin] HPSBUX02117 SSRT2400 rev.1 - HP-UX Running BINDv4 Domain Name Server (DNS) Remote Unauthorized Access, Denial of Service (DoS)
- [security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)
- [security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS)
- [security bulletin] HPSBUX02122 SSRT061158 rev.1 - HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [SECURITY] [DSA 1047-1] New resmgr packages fix unauthorised access
- [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution
- [SECURITY] [DSA 1049-1] New Ethereal packages fix several vulnerabilities
- [SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution
- [SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
- [SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution
- [SECURITY] [DSA 1053-1] New Mozilla packages fix arbitrary code execution
- [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
- [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution
- [SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
- [SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting
- [SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
- [SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
- [SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation
- [SECURITY] [DSA 1061-1] New popfile packages fix denial of service
- [SECURITY] [DSA 1062-1] New kphone packages fix information disclosure
- [SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code
- [SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution
- [SECURITY] [DSA 1065-1] New hostapd packages fix denial of service
- [SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code
- [SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
- [SECURITY] [DSA 1068-1] New fbi packages fix denial of service
- [SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
- [SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities
- [SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities
- [SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution
- [SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities
- [SECURITY] [DSA 1074-1] New mpg123 packages fix arbitrary code execution
- [SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
- [SECURITY] [DSA 1076-1] New lynx packages fix denial of service
- [SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service
- [SECURITY] [DSA 1078-1] New tiff packages fix denial of service
- [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities
- [SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal
- [SECURITY] [DSA 1081-1] New libextractor packages fix arbitrary code execution
- [SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
- [SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution
- [SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution
- [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities
- [SECURITY] [DSA 1086-1] New xmcd packages fix denial of service
- [SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities
- [SECURITY] [DSA 1088-1] New centericq packages fix arbitrary code execution
- [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution
- [security] A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
- [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
- [TZO-042006] Insecure Auto-Update and File execution
- [TZO-042006] Insecure Auto-Update and File execution (2)
- [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart
- [USN-274-2] MySQL vulnerability
- [USN-276-1] Thunderbird vulnerabilities
- [USN-277-1] TIFF library vulnerabilities
- [USN-278-1] gdm vulnerability
- [USN-279-1] libnasl/nessus vulnerability
- [USN-280-1] X.org server vulnerability
- [USN-281-1] Linux kernel vulnerabilities
- [USN-282-1] Nagios vulnerability
- [USN-283-1] MySQL vulnerabilities
- [USN-284-1] Quagga vulnerabilities
- [USN-285-1] awstats vulnerability
- [USN-286-1] Dia vulnerabilities
- [USN-287-1] Nagios vulnerability
- [USN-288-1] PostgreSQL server/client vulnerabilities
- A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
- ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service
- ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability
- Addendum
- Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker
- Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability
- Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.
- Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability
- Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability
- Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities
- Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities
- Advisory: F<img src="/imgs/at.gif" border=0 align=middle>cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities.
- Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities
- Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.
- Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability.
- Advisory: Quezza BB <= 1.0 File Inclusion Vulnerability.
- Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities.
- Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities.
- Alexadex.com players.py XSS Exploit
- Alstrasoft Article Manager Pro v1.6
- AlstraSoft E-Friends - XSS
- AlstraSoft Web Host Directory v1.2
- AngelineCMS Multiple Vulnerabilities
- Apple Mac OS X Safari 2.0.3 Vulnerability
- Apple QuickDraw/QuickTime Multiple Vulnerabilities
- Apple QuickTime udta ATOM Heap Overflow
- ASLR now built into Vista
- AspBB Forum "profile.asp & default.asp" XSS Vulnerability
- ASPScriptz Guest Book 2.0 XSS
- aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit
- Assetman <= 2.4a XSS
- AZ Photo Album Script Pro
- Azboard <= 1.0 Multiple Sql Injections
- Backdoor in RelevantKnowledge adware (What are we fighting for?)
- BankTown's ActiveX Buffer Overflow Vulnerability
- Beoped Portal XSS
- bigwebmaster guestbook multiply XSS
- BitZipper Archive Extraction Directory traversal
- Blackhat USA 2006 - Review , remarks and proposal agenda
- Blog Mod <= 0.2.x SQL Injection
- Boastmachine Cross Site Scripting Vulnerability
- Bookmark4U Remote File Include
- Bratpack Cross Site Scripting Vulnerability
- Buffer overflow in QuickTime 7.0.4?
- Buffer-overflow and NULL pointer crash in Genecys 0.2
- Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229)
- Bulletin Board Elite-Board v.1.1
- Bytehoard 2.1 Remote File Include
- ByteHoard <= 2.1 multiple vulnerabilities
- CA Forum Remote SQL Injection
- CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability
- CANews Multiple Vulnerabilities
- Captivate 1.0 - XSS Vuln
- Caucho Resin Windows Directory Traversal Vulnerability
- ChatPat v1.0
- Chatty improper input sanitizing
- Checkpoint SYN DoS Vulnerability
- ChipmunkBlogger improper input sanitizing
- ChipmunkBoard Multiple Attack vectors
- Circumventing quarantine control in Windows 2003 and ISA 2004
- Cisco Security Advisory: AVS TCP Relay Vulnerability
- Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation
- Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability
- Claroline Open Source e-Learning 1.7.5 Remote File Include
- Client buffer-overflow in Quake 3 engine (1.32c / rev 795)
- CMS Mundo V1.0
- Cmscout <= V1.10 multiple XSS attack vectors
- Code Injection via Hidden Form Field Manipulation
- CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload
- Confixx 3.1.2 <= Code Injection
- CoolMenus Event Remote File Inclusion exploit
- Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue
- cPanel OpenBaseDir Bypass
- Critical SQL Injection in CoolForum
- Critical sql injection in saphplesson 2.0
- Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)
- cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4
- CuteGuestbook XSS attack
- CuteNews 1.4.1 Multiple vulnerabilities
- CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion
- CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)
- CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector)
- CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command
- D-Link DSA-3100 Cross-Site Scripting
- DB_eSession deleteSession() SQL injection
- Default Screen Saver Vulnerability in Microsoft Windows
- DeluxeBB 1.06 Remote SQL Injection Exploit
- DeluxeBB <= v1.06 attachment mod_mime exploit
- Destiney Links Script v2.1.2
- Destiney Rated Images Script v0.5.0 - XSS Vulnv
- DGbook v1.0 - XSS
- Diesel Joke Site SQL INJECTION
- DIMVA 2006 - Call For Participation
- DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'
- DMCounter Remote File Include
- Dmx Forum <= v2.1a Remote Passwords Disclosure
- Docebo LMS 2.05 Remote File Include
- Dokeos LDAP hole fixed
- Dokeos Learning Management System 1.6.4 Remote File Include
- DotClear <= 1.2.4 'blog_dc_path' (php5) arbitrary remote inclusion
- Dovecot IMAP: Mailbox names list disclosure with mboxes
- Drupal <= 4.7 attachment/mod_mime remote code execution
- DSChat <= 1.0 XSS
- Dynamic Evaluation Vulnerabilities in PHP applications
- Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities
- Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
- Ejabberd : Symlink vulnerability during installation process
- ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow
- ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
- Fast Click <= 2.3.8 Remote File Inclusion
- Fast Click SQL Lite <= 1.1.3 Remote File Inclusion
- file include exploit in Support Cards v1
- FileProtection Express <= 1.0.1 authentification bypass
- Fire fox dos exploit
- Firefox (with IETab Plugin) Null Pointer Dereferences Bug
- Firefox 1.5.0.3 - DoS
- Firefox 1.5.0.3 code execution exploit
- Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions
- FlexCustomer <= 0.0.4 sql injection
- Foing Remote File Include Vulnerability [PHPBB]
- Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???)
- free-php.net Poll 1.0 admin login
- FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv
- FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs
- FrontRange iHeat Vulnerability
- FTP Fuzzer
- FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit
- Gawab.com Register Xss Bugtraq
- gcc 4.1 bug miscompiles pointer range checks, may place you at risk
- Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
- geoBlog Mutiple XSS Vulnerability
- Gmail/Gtalk web client DoS
- Gphotos Directory Traversal and Cross Site Scripting
- GuestbookXL 1.3
- Hackernetwork Mail Xss[Search] Vulnerability
- Hackernetwork.Com Mail XSS Vulnerability
- Hackmaster Group DMCounter Remote File Include
- Hiox Guestbook 3.1
- How secure is software X?
- html Guest Gear
- HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection
- I-RATER Platinum Remote File Inclusion exploit Cod3d by R<img src="/imgs/at.gif" border=0 align=middle>1D3N
- IBM Websphere Application Server Multiple Vulnerabilities
- iBoutique.MALL - Directory Traversal
- IceWarp Cross-Site Scripting(XSS)
- ICQ Client Cross-Application Scripting (XAS)
- iDefense Q2 2006 Vulnerability Challenge
- Idle scan rediscovered!!!
- iFdate v1.2
- iFlance v1.1
- IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- Image file crashes Finder, Safari and other apps
- INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities
- Intel wireless service s24evmon.exe confidential information disclosure.
- Interlink "news_information.php" XSS
- InternerExplorer error: ECMAScript interpreter stack overflow
- Internet explorer Vulnerbility
- Invision Community Blog .. Bugs
- Invision Gallery 2.0.6 ( SQL Injection )
- Invision Power Board v2.1.5 Remote SQL Injection
- IpLogger <= 1.7 XSS
- Ipswitch WhatsUp Professional multiple flaws
- Is MS06-018 a DoS or a system compromise ?
- ISA Server 2004 Log Manipulation
- ishopcart cgi 0day and multiple vulnerabilities
- JAMES 2.2.0 <-- Denial Of Service
- JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space
- Jemscripts Download Control v1.0
- JetBox CMS Remote File Include
- Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.
- JMK's Picture Gallery admin login
- Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities
- JSBoard XSS vulnerability
- Kaspersky antivirus 6: HTTP monitor bypassing
- Kaspersky antivirus 6: POP3 state machine error
- Kerio WinRoute Firewall Protocol Inspection Denial
- Kmita FAQ v1.0
- LabWiki v1.0
- libero.it XSS vulnerability - HTML injection
- LifeType <=1.0.4 'articleId' SQL injection
- Limbo CMS (option=weblinks) SQL injection exploit
- LM hashes in a hot-desking environment
- LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability
- Maksymilian Arciemowicz
- Mambo <= 4.6. RC1 xss
- MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability
- Microsoft Internet Explorer - Crash on mouse button click
- Microsoft MSDTC NdrAllocate Validation Vulnerability
- Milliscript 1.4 Multiple Vulnerabilities
- Mobotix IP Network Cameras Multiple XSS
- modules name(Downloads)SQL Injection Exploit
- modules name(Sections)SQL Injection Exploit
- Morris Guestbook v1
- multiple file include exploits in EzUpload Pro v2.10
- multiple file inclusion exploits in ovidentia v5.8.0
- Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code
- Multiple Vendor NTFS Data Stream Malware Stealth Technique
- Multiple Vulnerabilities In IdealBB ASP Bulletin Board
- Multiple vulnerabilities in Outgun 1.0.3 bot 2
- Multiple vulnerabilities in Raydium rev 309
- Multiple Vulns in Bitrix CMS
- multiple Xss exploits in : vCard 2.9
- Multiple Xss exploits in ar-blog v 5.2
- Multiple Xss exploits in Chipmunk Board
- Multiple Xss exploits in coolphp magazine
- Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
- my Web Server << v-1.0 Denial of Service Exploit
- mybb v1.1.1(rss.php) SQL Injection Exploit
- mybb v1.1.1(showthread.php) SQL Injection Exploit
- myBloggie <= 2.1.3 XSS
- Myspace Friend Train v2.8
- MySQL Anonymous Login Handshake - Information Leakage.
- MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.
- MyTrueHood.com - XSS
- MyYearBook.com - XSS
- NETGEAR WGR614 v6 Wireless DSL router information disclosure vulnerability
- New <<BackTrack release announcement
- new bug
- New SecurityFocus mailing list: Focus-Apple
- New SMB and DCERPC features on Impacket released with doc
- New Snort Bypass - Patch - Bypass of Patch
- newsfactory Cross Site Scripting & SQL injection
- Newsportal <= 0.36 Remote File Inclusion Vulnerability
- Newsportal: code injection vulnerability
- Non eXecutable Stack Lovin on OSX86
- northstudio Cross Site Scripting Vulnerability
- Novell Client login form enables reading and writing from and to the clipboard of the logged-in user
- Novell NDPS Remote Vulnerability (Server & Client)
- NSA Group Security Advisory NSAG-195-23.02.2006 Vulnerability FCKeditor 2.0 FC
- NSA Group Security Advisory NSAG-196-23.02.2006 Vulnerability FCKeditor 2.2
- Nucleus CMS <= 3.22 arbitrary remote inclusion
- OaBoard 1.0 Remote File inclusion
- On the Recent PGP and Truecrypt Posting
- Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities
- OpenBB 1.0.8 Full Path Disclosure
- OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting
- OpenEngine (PHP CMS)
- OpenFAQ - HTML injection and XSS (Cross Site Scripting)
- OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
- OpenWiki<--v0.78 Cross-Site Scripting
- Oracle - the last word
- Oracle 10g 10.2.0.2.0 DBA exploit
- Oracle, where are the patches???
- Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"
- PassMasterFlex (and PassMasterFlex+) XSS injection
- PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn
- Perlpodder Remote Arbitrary Command Execution
- Personal Information Disclosure/Account Hijacking Vulerability in mafia online games
- Phil's Bookmark script admin By-pass
- PHP AGTC-Membership system <= v1.1a XSS
- PHP Easy Galerie Index.PHP Remote File Include Vulnerability
- PHP Live Helper ASP(chat.php) XSS
- PHP ManualMaker v1.0
- PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure
- phpBazar <= 2.1.0 Multiple vulnerabilites
- phpBB "charts.php" XSS and SQL-Injection
- phpBB 2.0.20 Full Path Disclosure and SQL Errors
- PHPBB 2.0.20 persistent issues with avatars
- PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid)
- phpBB2 (template.php) Remote File Inclusion
- phpFoX All Version Login Exploit
- PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities
- phpjobboard Authecnical admin byPass
- PhpListPro 2.01 Remote File Include Vulnerability
- phpMyDesktop|arcade 1.0 FINAL Code Execution
- phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)
- phpRaid "view.php" XSS Vulnerability
- PhpRemoteView Multiple Xss Vulnerabilities
- PHPResidence <= 0.6 XSS
- PHPSimple Choose v0.3
- Pixelpost <= 1-5rc1-2 multiple vulnerabilities
- planetGallery admin login
- plaNetStat Admin ByPass
- Plume CMS Remote File Include
- POC exploit for freeFTPd 1.0.10
- POC exploit for freeSSHd version 1.0.9
- Poll: Emerging Threats
- PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15
- pppBlog <= 0.3.8 administrative credentials/system disclosure
- Pre News Manager v1.0
- Pre Shopping Mall v1.0
- Pretty Guestbook v1
- Pro Publish SQL Injection and XSS Vulnerabilities
- Prodder Remote Arbitrary Command Execution
- Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING
- Publicist v0.95 - XSS And Full Path Errors
- PunBB 1.2.11 Cross site scripting
- PunBB 1.2.11 Cross-Site Scripting
- QBv14 XSS
- qjForum(member.asp) SQL Injection Vulnerability
- QontentOneCMS v1.0
- Quagga RIPD unauthenticated route injection
- Quagga RIPD unauthenticated route table broadcast
- RaceEventManagement <--v0.7.6 SQL injection & XSS
- RadLance Local Inclusion Exploit
- Realty Pro One Property Listing Script
- RealVNC 4.1.1 Remote Compromise
- Redaxo CMS <= 3.2 Remote File Include
- Remote Code Execution in artmedic Newsletter 4.1 [log.php]
- rPSA-2006-0080-1 postgresql postgresql-server
- rPSA-2006-0082-1 vixie-cron
- rPSA-2006-0083-1 enscript
- rPSA-2006-0084-1 fetchmail
- rPSA-2006-0087-1 kernel
- rPSA-2006-0091-1 firefox thunderbird
- Russcom PHPImages lack of validation
- Russcom Ping Remote code execution
- Russcom.net Loginphp multiple vulnerabilties
- SaPHPLesson 3.0 Multbugs
- sBlog SQL Injection and Path Disclosure Vulnerability
- ScanAlert Security Advisory
- SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure
- Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability
- Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability
- Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities
- Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability
- Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability
- Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability
- Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability
- Seditio Cross Site Scripting Vulnerability
- Server crash in Empire 4.3.2
- Server termination in netPanzer 0.8 (rev 952)
- Several flaws in e-business designer (eBD)
- SF-Users V1.0 XSS injection
- singapore v0.9.7 XSS Vulnerabilities
- SkyeShoutbox <= v.1.2.0 XSS
- Skype - URI Handler Command Switch Parsing
- SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability
- Smile Guestbook v1
- SMS "messages.php" SQL injection
- Snort HTTP Inspect Pre-Processor Uricontent Bypass
- Socket unreachable in GNUnet rev 2780
- SOE's implementation of Lithium Forums Software allows users to log on as each other.
- Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit
- Sphider Multiple Xss Vulnerabilities
- sql injection in PHPcafe.net Tutorial Manager
- sql injection in phpWebSite 0.8.3
- SQL-Injection in e107 allows attacker to become a site admininstrator
- Squirrelmail local file inclusion
- Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit
- Sun single-CPU DOS
- Super Link Exchange Script v1.0
- SUSE Security Announcement: rug (SUSE-SA:2006:029)
- SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023)
- Symantec antivirus software exposes computers
- SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure
- SYMSA-2006-003: Cisco Secure ACS for Windows - AdministratorPassword Disclosure
- SyScan'06 - The Hackers' Conference in Asia
- TAL RateMyPic v1.0
- Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
- The Weakness of Windows Impersonation Model
- Thyme 1.3 Cross Site Scripting
- Timberland Search XSS Vulnerability
- Toasts Forums 1.6.44 in Xss
- toendaCMS 0.7.0 Cross Site Scripting
- tseekdir.cgi<--Local File Include
- TSLSA-2006-0024 - multi
- TSLSA-2006-0026 - kernel
- TSLSA-2006-0028 - multi
- TSLSA-2006-0030 - multi
- TSLSA-2006-0032 - multi
- Two heap overflow in libextractor 0.5.13 (rev 2832)
- Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games
- tyree[at]users.sourceforge.net
- TyroCms beta V1.0 multiple XSS injections
- UBBThreads 5.x,6.x md5 hash disclosure
- UBlog Remote XSS Exploit
- Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion
- Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1
- UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage
- URL Bug On 1ASPHost and DomainDLX Hosting Services
- V-Webmail 1.6.4 Remote File Include
- Vacation Retal Script v1.0
- VARIOMAT(advanced cms tool)SQL injection/XSS
- vbulletin security Alert
- Verizon Voicewing and Linksys PAP2-VN
- VHCS --- Virtual Hosting Control System Cross Site Scripting
- VisionSource CMS <= 0.6 XSS vectors
- VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue
- VMSA-2006-0002 - VMware Server sensitive information lifetime issue
- VNC_bypauth: vnc scanner multithreaded linux & windows
- Vodafone.de XSS Vulnerability
- VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow
- VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
- vulnerability details
- Vulnerability in the way Ultr<img src="/imgs/at.gif" border=0 align=middle>VNC-1.0.1 handles MS-Logon Authentication.
- Wargamming Network..
- Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password
- WBB<--v2.3.4"misc.php" SQL injection Vulnerability
- WebCalendar User Account Enumeration Weakness
- WebCalendar-1.0.3 reading of any files
- Weblog Oggi v1.0
- WebsiteBaker CMS lack of sanitizing
- What's Up Professional Spoofing Authentication Bypass
- WikiNi Persistent Cross Site Scripting Vulnerability
- Wordpress <=2.0.2 'cache' shell injection
- Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"
- X-POLL admin By-Pass
- X7 Chat <=2.0 remote commands execution
- X7Chat <= 2.0.2 avatar XSS injection
- XINE format string bugs when handling non existen file
- XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit
- Xss exploit in Chipmunk directory
- Xss exploit in Chipmunk guestbook
- Xss exploit in Photoalbum B&W v1.3
- XSS in FreeTextBox and FCKEditor Basic Toolbar Selection
- XSS in ICQ.com
- XSS in Monster Top List | MTL 1.4
- XSS in Omegasoft's Insel
- XSS in orkut.com
- XSS Vulnerability on Vodafone
- XSS Vulnerability on www.my6d.com Connection Work System
- Xtremescripts Topsites v1.1
- YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability
- yet more XSS in older versions of ColdFusion
- YLZH(right.php)Cross Site Scripting
- Yourfreeworld Styleish Text Ads Script
- Yourfreeworld.com Short Url & Url Tracker Script
- zawhttpd - Buffer Overflow
- ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability
- ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability
- ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
- ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability
- ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability
- Zen Cart login.php SQL Injection Vulnerability
- zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities
- Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
hotmail.com
Last message date: Mon Jun 05 2006 - 18:52:38 CDT
Archived on: Mon Jun 05 2006 - 18:52:38 CDT
807 messages sorted by: [ author ] [ date ] [ thread ]