|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
375 messages sorted by: [ author ] [ date ] [ thread ]
Starting: Fri Jun 01 2007 - 09:45:16 CDT
Ending: Sat Jun 30 2007 - 12:15:59 CDT
- "run as" local denial-of-service enables administrative account processes to be killed
- 2007-06-03: PeerCast streaming server submits cleartext password
- [ GLSA 200706-01 ] libexif: Integer overflow vulnerability
- [ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code
- [ GLSA 200706-03 ] ELinks: User-assisted execution of arbitrary code
- [ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities
- [ GLSA 200706-05 ] ClamAV: Multiple Denials of Service
- [ GLSA 200706-06 ] Mozilla products: Multiple vulnerabilities
- [ GLSA 200706-07 ] PHProjekt: Multiple vulnerabilities
- [ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabilities
- [ GLSA 200706-09 ] libexif: Buffer overflow
- [ MDKSA-2007:110 ] - Updated php-pear packages fix directory traversal vulnerability
- [ MDKSA-2007:111 ] - Updated util-linux packages address login access policies bypassing issue
- [ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow vulnerability
- [ MDKSA-2007:113 ] - Updated mutt packages fix vulnerabilities
- [ MDKSA-2007:114 ] - Updated file packages fix vulnerabilities
- [ MDKSA-2007:115 ] - Updated clamav packages fix vulnerabilities
- [ MDKSA-2007:116 ] - Updated libpng packages fix vulnerability
- [ MDKSA-2007:117 ] - Updated lha packages fix unsafe temporary files creation issue
- [ MDKSA-2007:118 ] - Updated libexif packages fix crash and possible arbitrary code execution issue
- [ MDKSA-2007:119 ] - Updated Thunderbird packages fix multiple vulnerabilities
- [ MDKSA-2007:120 ] - Updated Firefox packages fix multiple vulnerabilities
- [ MDKSA-2007:121 ] - Updated freetype2 packages fix integer overflow vulnerability
- [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
- [ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability
- [ MDKSA-2007:124 ] - Updated tetex packages fix vulnerability
- [ MDKSA-2007:125 ] - Updated spamassassin packages fix possible DoS condition
- [ MDKSA-2007:126 ] - Updated Firefox packages fix multiple vulnerabilities
- [ MDKSA-2007:126-1 ] - Updated Firefox packages fix multiple vulnerabilities
- [ MDKSA-2007:127 ] - Updated apache packages fix mod_mem_cache issue
- [ MDKSA-2007:128 ] - Updated libexif packages fix integer overflow flaw
- [ MDKSA-2007:129 ] - Updated jasper packages fix vulnerability
- [ MDKSA-2007:130 ] - Updated proftpd packages fix authentication bypass vulnerability
- [ MDKSA-2007:131 ] - Updated Thunderbird packages fix multiple vulnerabilities
- [ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities
- [ MDKSA-2007:133 ] - Updated emacs packages fix DoS vulnerability
- [ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue
- [ MDKSA-2007:135 ] - Updated webmin packages fix XSS vulnerability
- [ MDKSA-2007:136 ] - Updated evolution packages fix vulnerability
- [ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities
- [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities
- [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities
- [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
- [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples
- [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager
- [Full-disclosure] Apple Safari: cookie stealing
- [Full-disclosure] Apple Safari: idn urlbar spoofing
- [Full-disclosure] Apple Safari: urlbar/window title spoofing
- [Full-disclosure] Safari for Windows,0day URL protocol handler command injection
- [Full-disclosure] Windows Oday release
- [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write
- [GOODFELLAS - VULN] BarCodeAx.dll v. 4.9 ActiveX Control Remote Stack Buffer Overflow
- [GOODFELLAS - VULN] hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write.
- [ISR] :: Infobyte Security Research :: release (ISR-sqlget.pl) v1.0.0
- [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue
- [MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue
- [MajorSecurity Advisory #50]chameleon cms - Session fixation Issue
- [OpenPKG-SA-2007.020] OpenPKG Security Advisory (php)
- [OpenPKG-SA-2007.021] OpenPKG Security Advisory (wordpress)
- [PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability
- [SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow
- [security bulletin] HPSBGN02199 SSRT071312 rev.3 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Executio
- [security bulletin] HPSBMA02224 SSRT071334 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Privileged Access
- [security bulletin] HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access
- [security bulletin] HPSBTU02218 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation
- [security bulletin] HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)
- [security bulletin] HPSBUX02217 SSRT071337 rev.2 - HP-UX running Kerberos, Remote Arbitrary Code Execution
- [security bulletin] HPSBUX02218 SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution
- [security bulletin] HPSBUX02219 SSRT061273 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02225 SSRT071295 rev.1 - HP-UX Running Xserver, Local Denial of Service (DoS)
- [SECURITY] [DSA 1291-4] New samba packages fix regression
- [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
- [SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
- [SECURITY] [DSA 1301-1] New Gimp packages fix arbitrary code execution
- [SECURITY] [DSA 1302-1] New freetype packages fix integer overflow
- [SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service
- [SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
- [SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
- [SECURITY] [DSA 1306-1] New xulrunner packages fix several vulnerabilities
- [SECURITY] [DSA 1307-1] New OpenOffice.org packages fix arbitrary code execution
- [SECURITY] [DSA 1308-1] New iceweasel packages fix several vulnerabilities
- [SECURITY] [DSA 1309-1] New libexif packages fix integer overflow
- [SECURITY] [DSA 1309-1] New PostgreSQL 8.1 packages fix privilege escalation
- [SECURITY] [DSA 1310-1] New libexif packages fix integer overflow
- [SECURITY] [DSA 1311-1] New PostgreSQL 7.4 packages fix privilege escalation
- [SECURITY] [DSA 1312-1] New libapache-mod-jk packages fix information disclosure
- [SECURITY] [DSA 1313-1] New MPlayer packages fix arbitrary code execution
- [SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities
- [SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution
- [SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service
- [SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow
- [SECURITY] [DSA 1318-1] New ekg packages fix denial of service
- [SECURITY] [DSA 1319-1] New maradns packages fix denial of service
- [SECURITY] [DSA 1320-1] New clamav packages fix several vulnerabilities
- [SECURITY] [DSA 1321-1] New evolution-data-server packages fix arbitrary code execution
- [SECURITY] [DSA 1322-1] New wireshark packages fix denial of service
- [SECURITY] [DSA 1323-1] New krb5 packages fix several vulnerabilities
- [SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising
- [SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution
- [TOOL] w3af - Web Application Attack and Audit Framework
- [USN-439-2] file vulnerability
- [USN-468-1] Firefox vulnerabilities
- [USN-469-1] Thunderbird vulnerabilities
- [USN-470-1] Linux kernel vulnerabilities
- [USN-471-1] libexif vulnerability
- [USN-472-1] libpng vulnerability
- [USN-473-1] libgd2 vulnerabilities
- [USN-474-1] xscreensaver vulnerability
- [USN-475-1] evolution-data-server vulnerability
- [USN-476-1] redhat-cluster-suite vulnerability
- [USN-477-1] krb5 vulnerabilities
- [USN-478-1] libexif vulnerability
- [USN-479-1] MadWifi vulnerabilities
- Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users)
- All Of the Mambo & Joomla Script Remote File Inclussion Bugs..
- Announce - Release RFIDIOt ver 0.1n (June 2007)
- Apache Prefork MPM vulnerabilities - Report
- Apple Safari: cookie stealing
- Apple Safari: idn urlbar spoofing
- ASP Folder Gallery Vulnerabilities
- Assorted browser vulnerabilities
- Atom PhotoBlog v1.0.9 XSS vulnerability
- BCS'07 Call For Papers
- BlackBoard Multiple Vulnerabilities (XSS)
- Buffer overflow in BusinessMail email server system 4.60.00
- bugtraq submission
- ByPass In PortalApp
- CACTUSHOP 6 Default Installation Allows Remote Database Disclosure
- Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities
- Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities
- Calendarix version 0.7. 20070307 Multiple XSS Attacks
- Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe<img src="/imgs/at.gif" border=0 align=middle>Office Device
- CERN İmage Map Dispatcher
- CfP: 5th ACM Workshop on Recurring Malware (WORM) - Deadline extension
- CFP: ISOI III (a DA workshop)
- CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability
- Cisco Trust Agent Vulnerability
- Comdev eCommerce 4.1 RFI Vulnerability
- Comdev Web Blogger 4.1 RFI Vulnerability
- Comersus Shop Cart 7.07 SQL Injection & XSS
- Comicsense SQL Injection Advisory/Exploit
- Contact request - nVidia
- Conti FTP Server v1.0 DoS
- CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
- CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files
- Dansie Cart Script Exploit Reported
- Disinfectors for the calculator virus (ti89.Gaara)
- EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows
- Elxis CMS <= 2006.4 - banner module - sql injection
- eNdonesia 8.4 [multiple injection sql]
- eTicket version 1.5.5 Path Disclosure Vulnerability
- eTicket version 1.5.5 XSS Attack Vulnerability
- Evenzia CMS XSS
- flac123 0.0.9 - Stack overflow in comment parsing
- FLEA-2007-0021-2: madwifi
- FLEA-2007-0024-1: libexif
- FLEA-2007-0025-1: openoffice.org
- FLEA-2007-0026-1: evolution-data-server
- FLEA-2007-0027-1: thunderbird
- FLEA-2007-0028-1: libexif
- FLEA-2007-0029-1: krb5 krb5-workstation
- FLEA-2007-0030-1: avahi avahi-glib avahi-sharp
- Full Path Disclosure in SendCard
- fusetalk CSS (autherror.cfm)
- fusetalk CSS (comfinish.cfm)
- fusetalk SQL (autherror.cfm)
- Fusetalk SQL injection submission.
- fuzzylime (forum) XSS
- Having Fun With PostgreSQL
- High risk vulnerability in OpenOffice RTF parser
- Hnkaray Duyuru Script Remote SQL İnjection
- HPSBST02231 SSRT071438 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-030 to MS07-035
- HPSBTU02207 SSRT061239 rev.2 - HP Tru64 UNIX OpenSSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)
- HTTP SERVER (httpsv1.6.2) 404 Denial of Service
- HTTP SERVER (httpsv1.6.2) source code disclosure
- iDefense Security Advisory 06.01.07: Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability
- iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities
- iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability
- iDefense Security Advisory 06.12.07: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability
- iDefense Security Advisory 06.13.07: Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability
- iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability
- iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability
- iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities
- iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability
- iDefense Security Advisory 06.26.07: RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability
- IE 6 / MS Office Outlook Express Address Book Activex DoS
- IE 6/Microsoft Html Popup Window (mshtml.dll) DoS
- iG Shop 1.4 eval Inclusion Vulnerability
- Ingres stack overflow in uuid_from_char function
- Ingres Unauthenticated Pointer Overwrite 1
- Ingres Unauthenticated Pointer Overwrite 2
- Ingres verifydb local stack overflow
- Ingres wakeup setuid(ingres) file truncation
- jumping sudo using ptrace on Linux/i386
- Juniper SBR V 6.0.1 CRL-Checking problem
- Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability
- KF Web Server 3.1.0 admin console XSS
- Light Blog 4.1 XSS Vulnerability
- Linker index.php - Cross-Site Scripting Vulnerability
- LiteWEB 2.7 404 Denial of Services
- Local Denial of Service in Safari
- Local File Include Vulnerabilities in YaBB <= 2.1(all version)
- LuckyBot v3 Remote File Include
- MaraDNS denial of service vulnerabilities
- Maran Blog XSS vulnerability
- Menu Manager Mod for WebAPP - No Input Filtering
- MIT krb5: makes sudo authentication issue MUCH worse.
- MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities
- MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
- MLabs is Shifted Fully : SecNiche Initiative
- Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy
- MS07-034: Executing arbitrary script with mhtml: protocol handler
- My Datebook SQL Injection + XSS
- myBloggie 2.1.5 Remote File Include
- MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
- MyNews version 0.10 SQL Injection Vulnerability
- MyServer-0.8.9 - source code disclosure
- MyServer-0.8.9 - xss in sample cgi page
- n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory
- n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory
- n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory
- NetClassifieds [multiple vulnerabilities]
- New Include Redirect Bug XSS All vBulletin v 3.x.x
- New Include Redirect Bug XSS All vBulletin(r) v 3.x.x
- New post Topic Hijacking XSS All vBulletin v 3.x.x (2)
- Openedge _mprosrv buffer overflow
- Outpost Enforcing system reboot with 'outpost_ipc_hdr' mutex Vulnerability
- OWASP and WASC Cocktail party at Blackhat USA 2007
- Packeteer PacketShaper Web Management Denial of Service
- Papoo CMS - Multiple Cross Site Scripting
- Papoo CMS 3.6 - Access Restriction Bypass
- Papoo CMS 3.6 - SQL Injection
- PBSite - PHP Bulletin Site | CMS ====> RFI
- Persistent cross-site scripting in wordpress.com dashboard
- PHP 4/5 htaccess safemode and open_basedir Bypass
- PHP hosting Biller
- PHP parse_str() arbitrary variable overwrite
- PhpListPro Persistent XSS Vulnerability
- PHPMailer command execution
- PHPMyDesk Beta Release 1.0b ==> RFI
- phpreactor <===1.2.7 remote file include
- phpTrafficA < 1.4.2
- phpWebThings ==>1.5.2 RFI
- Pixy - An Open-Source Vulnerability Scanner for PHP Applications
- Pluxml 0.3.1 Remote Code Execution Exploit
- POWER PHLOGGER v.2.2.5 (username) SQL Injection
- Progress Webspeed exploit for all releases
- Project CERA Is Up Again : Secniche Initiative
- Prototype of an PHP application ===> RFI
- Recent OpenSSL exploits
- Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration
- RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
- Remote log injection on DenyHosts, Fail2ban and BlockHosts
- RevokeBB Blind SQL Injection / Hash Extractor
- RFI In Script SH-News 3.1
- rPSA-2007-0114-1 mutt
- rPSA-2007-0115-1 libexif
- rPSA-2007-0117-1 gd php php-mysql php-pgsql
- rPSA-2007-0119-1 spamassassin
- rPSA-2007-0122-1 evolution-data-server
- rPSA-2007-0123-1 squirrelmail
- rPSA-2007-0124-1 kernel xen
- rPSA-2007-0126-1 util-linux
- rPSA-2007-0127-1 fetchmail
- rPSA-2007-0131-1 libexif
- rPSA-2007-0133-1 emacs emacs-leim
- rPSA-2007-0135-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
- rPSA-2007-0136-1 httpd mod_ssl
- RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0
- S21Sec-035: F5 FirePass command execution vulnerability
- Safari Bookmarks Buffer Overflow Vulnerability
- Safari for Windows, 0day URL protocol handler command injection
- Safari XMLHttpRequest HTTP header injection
- SAP Internet Communication Framework (BC-MID-ICF) Vulnerability
- SAP Web Dynpro Java (BC-WD-JAV) Vulnerability
- SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow
- SECNICHE : Dwelling Security is On the Run
- Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
- Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability
- Secunia Research: Symantec Mail Security for SMTP Boundary Errors
- Serious holes affecting JFFNMS
- ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection
- SHTTPD V1.38 server source code disclosure
- Singapore Gallery fullpath disclosure
- Sitellite cms <= 4.2.12 RFI Vuln
- SpyBye 0.3 released
- SQL Injection In Script VBZooM V1.12
- static XSS / SQL-Injection in Omegasoft Insel
- Sudo: local root compromise with krb5 enabled
- SYM07-009,Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass and Potential Code Execution in Scheduler Service
- SYM07-011 Symantec Reporting Server password disclosure
- SYM07-012 Symantec Reporting Server elevation of privilege
- SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products
- TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
- TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability
- TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability
- TSLSA-2007-0020 - clamav
- TSLSA-2007-0021 - kerberos5
- Unpatched input validation flaw in Firefox 2.0.0.4
- Utopia News Pro version 1.4.0 XSS Attack Vulnerability
- uTorrent overflow
- VLC 0.8.6b format string vulnerability & integer overflow
- vSupport Integrated Ticket System 3.*.* SQL injection
- W1L3D4 WEBmarket Remote SQL İnjection
- W1L3D4 WEBmarket v0,1 SQL Injection Vuln
- Webif.cgi local file inclusion
- WebStudio Multiple XSS Vulnerabilities
- Webwiz vulnerable
- WheatBlog 1.1 RFI/SQL Injection
- Windows Oday release
- WinPT User ID Spoofing Vulnerability
- WmsCMS < = 2.0 Multiple XSS Vulnerabilities
- Wordpress default theme XSS (admin) and other problems
- WSPortal version 1.0 Path Disclosure Vulnerability
- WSPortal version 1.0 SQL Injection Vulnerability
- XEForum Cookie Modification Privilege Escalation Vulnerability
- Z-Blog 1.7 Authentication Bypass Database Download Vulnerability
- ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability
- ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
- ZDI-07-036: Arris Cadant C3 CMTS Remote DoS Vulnerability
- ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
- ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
- Zen Help Desk ==> Version 2.1 Bypass/
freeshells.ch
Last message date: Sat Jun 30 2007 - 12:15:59 CDT
Archived on: Sat Jun 30 2007 - 12:15:59 CDT
375 messages sorted by: [ author ] [ date ] [ thread ]