Bugtraq
[Prev Page][Next Page]
- [USN-176-1] kcheckpass vulnerability,
Martin Pitt
- Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow,
Cisco Systems Product Security Incident Response Team
- [USN-177-1] Apache 2 vulnerabilities,
Martin Pitt
- USN-160-2: Apache vulnerability,
Martin Pitt
- [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities,
r . verton
- [ Suresec Advisories ] - Kcheckpass file creation vulnerability,
Suresec Advisories
- Rule bypassing in CheckPoint NGX R60,
fitz
- MDKSA-2005:156 - Updated ntp packages fix small security-related issue.,
Mandriva Security Team
- MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities,
Mandriva Security Team
- MDKSA-2005:158 - Updated mplayer packages fix vulnerabilities,
Mandriva Security Team
- WebArchiveX - Unsafe Methods Vulnerability,
Brett Moore
- PBLang 4.65 (possibly prior versions) remote code execution,
retrogod
- MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability,
Mandriva Security Team
- MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability,
Mandriva Security Team
- [SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files,
Martin Schulze
- SQL Injection[2] In MyBB PR2,
stranger-killer
- Vulnerability In SecureOL VE2 v1.05.1008,
maxim
- FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug,
FreeBSD Security Advisories
- [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities,
Sune Kloppenborg Jeppesen
- Vulnerability in myBloggie 2.1.3-beta and prior,
os2a . bto
- (Annex A) ADSL Road Runner Exploit Description & Theory,
gp32boy
- Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability,
Secunia Research
- [SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability,
Michael Stone
- [security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access,
security-alert
- USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness,
unsecure
- [OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre),
OpenPKG
- [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh),
OpenPKG
- Revised paper on "ICMP attacks against TCP",
Fernando Gont
- [SECURITY] [DSA 801-1] New ntp packages fix group id confusion,
Martin Schulze
- phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting,
retrogod
- [NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability,
4Degrees
- Re: FileZilla weakly-encrypted password vulnerability,
Luigi Auriemma
- SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051),
Marcus Meissner
- Land Down Under 'events.php' Cross Site Scripting Vulnerability,
conor . e . buckley
- UNB 1.5.3 cross site scripting,
retrogod
- Multiple vulnerabilities in FreeBSD 'urban',
Shaun Colley
- PHP-Nuke,
bhfh
- [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities,
Stefan Cornelius
- [OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl),
OpenPKG
- [USN-145-2] wget bug fix,
Martin Pitt
- [ GLSA 200509-04 ] phpLDAPadmin: Authentication bypass,
Thierry Carrez
- [ GLSA 200509-05 ] Net-SNMP: Insecure RPATH,
Thierry Carrez
- [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE library,
Thierry Carrez
- [OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd),
OpenPKG
- Microsoft Windows keybd_event validation vulnerability,
Frederic Charpentier
- MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure,
retrogod
- [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities,
John Cobb
- [KDE Security Advisory] kcheckpass local root vulnerability,
Dirk Mueller
- IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV,
inge . henriksen
- I have discovered small xss error in open webmail 2.41,
s3cure
- FileZilla weakly-encrypted password vulnerability: advisory + PoC,
[#*at*#]
- CodePimps e-zine #0x07 was released,
codepimps
- [SECURITY] [DSA 799-1] New webcalendar packages fix remote code execution,
Michael Stone
- [SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities,
Martin Schulze
- [SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 794-1] New polygen packages fix denial of service,
Martin Schulze
- CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability,
Mariano Nuñez Di Croce
- iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap Overflow,
iDEFENSE Labs
- iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal Vulnerability,
iDEFENSE Labs
- SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050),
Marcus Meissner
- [SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze
- [security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote Access,
Boren, Rich (HP SSRT)
- re: Ariba Spend Management System,
gerald626
- silc server and toolkit insecure temporary file creation,
Eric Romang / ZATAZ.com
- [SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting,
Martin Schulze
- File aribitary read access in frox,
un4m31
- [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory,
Francois Harvey
- [ GLSA 200509-01 ] MPlayer: Heap overflow in ad_pcm.c,
Thierry Carrez
- UMN gopher[v3.0.9+] multiple(2) client buffer overflows.,
v9
- Adobe Version Cue exploits.,
v9
- [USN-173-4] PCRE vulnerabilities,
Martin Pitt
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x],
secure
- Ariba password exposure vulnerability,
gerald626
- Vulnerability in Symantec Anti Virus Corporate Edition v9.x,
golovast
- CMS Made Simple <= 0.10 - PHP injection,
groszynskif
- Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure,
retrogod
- Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure,
retrogod
- Obsidis #1 Call for Papers,
angelo
- XSS in GreyMatter blog,
poizon
- [SECURITY] [DSA 792-1] New pstotext packages fix arbitrary command execution,
Martin Schulze
- [security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access,
security-alert
- [ GLSA 200508-21 ] phpWebSite: Arbitrary command execution through XML-RPC and SQL injection,
Sune Kloppenborg Jeppesen
- [ GLSA 200508-22 ] pam_ldap: Authentication bypass vulnerability,
Sune Kloppenborg Jeppesen
- secure client-side platform,
liudieyu
- Indiatimes Messenger 6.0 Buffer Overflow (Remote),
ViPeR
- [security bulletin] SSRT051004 rev.0 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege,
security-alert
- Call for new mailing lists @ SecurityFocus,
Alfred Huger
- MS05-042 Security Update Problems,
Andrew McCullough
- [SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution,
Martin Schulze
- Fetchmail 6.2.5 exploit for Bugtraq ID: 14349,
bannedit
- [SECURITY] [DSA 790-1] New phpldapadmin packages fix unauthorised access,
Martin Schulze
- e107 0.6 forum_post.php create new topics in non-existing forums,
Marc Ruef
- [UNTRUE] Gadu-Gadu supposedly fixed the invisible detection vulnerability?,
Maciej Soltysiak
- [ GLSA 200508-20 ] phpGroupWare: Multiple vulnerabilities,
Thierry Carrez
- [USN-173-3] Fixed apache2 packages for USN-173-2,
Martin Pitt
- [ GLSA 200508-19 ] lm_sensors: Insecure temporary file creation,
Thierry Carrez
- phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,,
retrogod
- iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability,
iDEFENSE Labs
- SUSE Security Announcement: pcre integer overflows (SUSE-SA:2005:048),
Marcus Meissner
- BNBT EasyTracker Remote Denial of Service Vulnerability,
Sowhat .
- SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049),
Marcus Meissner
- AutoLinks Pro 2.1,
none
- [SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities,
Martin Schulze
- Member.php SQL Injection in MyBB,
W7ED
- PunBB BBCode IMG Tag Script Injection Vulnerability,
y3dips
- WASC-Articles: 'Preventing Log Evasion in IIS',
contact
- Vulnerability in Helpdesk software Hesk 0.92,
s2b
- SimplePHPBlog Arbitrary File Deletion and Sample Exploit,
'ken'@FTU
- [cosmoshop <= 8.10.78] be the shopadmin in one step,
innate
- Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities,
h4cky0u . org
- [SECURITY] [DSA 788-1] New kismet packages fix arbitrary code execution,
Martin Schulze
- Multiple CMS/Forum Vulnablilties,
pacifico", 0] //--></script>a
- FUD Forum < 2.7.1 PHP code injection vurnelability,
riklaunim
- Multiple vulnerabilities in BFCommand & Control for Battlefield 1942 and Vietnam,
Luigi Auriemma
- Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability,
Secunia Research
- Xcon2005 papers released,
alert7
- Land Down Under,
bendeniz_avci
- PHP-Fusion <= v6.00.107 XSS exploit,
slacker4ever_1
- MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability,
Mandriva Security Team
- XSS security hole in phpwebnotes.,
nf2
- MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability,
Mandriva Security Team
- Looking Glass v20040427 arbitrary commands execution / cross site scripting,
retrogod
- Sophos Antivirus Library Remote Heap Overflow,
list
- MDKSA-2005:149 - Updated lm_sensors packages fix temporary file vulnerability,
Mandriva Security Team
- [SECURITY] [DSA 786-1] New simpleproxy packages fix arbitrary code execution,
Martin Schulze
- DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()',
KF (lists)
- Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities,
Scott Dewey
- Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities,
Cedric Cochin
- [ GLSA 200508-18 ] PhpWiki: Arbitrary command execution through XML-RPC,
Thierry Carrez
- MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability,
Mandriva Security Team
- MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability,
Mandriva Security Team
- [security bulletin] SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access,
Boren, Rich (HP SSRT)
- AWstats Path Disclosure Vulnerability,
fournaux
MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability,
Mandriva Security Team
[SECURITY] [DSA 787-1] New backup-manager package fixes several vulnerabilities,
Martin Schulze
22nd Chaos Communication Congress 2005: Call for Papers,
fukami
[USN-174-1] courier vulnerability,
Martin Pitt
CORRECTION: Remote IIS 5.x and IIS 6.0 Server Name Spoof,
Mark Burnett
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness,
oliver karow
Tool Announcement: AIRT -- the Advanced Incident Response Tool 0.4.2 released,
madsys
[ GLSA 200508-16 ] Tor: Information disclosure,
Sune Kloppenborg Jeppesen
ssl-login-checkbox faked in Lycos webmail-frontend,
Fischer, Andreas
An Illustrated Guide to IPSec,
Steve Friedl
Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?,
nukemmeister
Tool for Identifying Rogue Linksys Routers,
Martin Mkrtchian
[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access,
Boren, Rich (HP SSRT)
MS05_039 Exploitation (different languages),
Roman Medina-Heigl Hernandez
[ GLSA 200508-17 ] libpcre: Heap integer overflow,
Stefan Cornelius
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass,
Martin Schulze
Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability,
Paul J Docherty
[SECURITY] [DSA 784-1] New courier packages fix denial of service,
Martin Schulze
[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
Advisory: iTAN not as secure as claimed,
release
[ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC,
Thierry Carrez
[USN-173-2] PCRE vulnerability,
Martin Pitt
[ GLSA 200508-13 ] PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability,
Thierry Carrez
unload event in ie/mozilla/opera,
Tobias Boonstoppel
Foojan PHP Weblog Information Disclosure - Refferer Html Injection,
ali202
LeapFTP .lsq Buffer Overflow Vulnerability,
Sowhat .
[SECURITY] [DSA 783-1] New mysql packages fix insecure temporary file,
Martin Schulze
Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow,
Secunia Research
PaFileDB 3.1 - SQL-Injection,
astovidatu
Secunia Research: SqWebMail Attached File Script Insertion Vulnerability,
Secunia Research
Cross-site scripting vulnerability in BEA WebLogic administration console,
GomoR
Multiple Vulnerabilities in Home Ftp Server 1.0.7,
Donato Ferrante
New Whitepaper - The Pharming Guide,
NGSSoftware Insight Security Research
[RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability,
julio
MDKSA-2005:147 - Updated slocate packages fix vulnerability,
Mandriva Security Team
ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users,
kozan
[USN-173-1] PCRE vulnerability,
Martin Pitt
[USN-172-1] lm-sensors vulnerability,
Martin Pitt
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users,
kozan
Server crash in Ventrilo 2.3.0,
Luigi Auriemma
[ GLSA 200508-12 ] Evolution: Format string vulnerabilities,
Stefan Cornelius
Oracle Password Checker,
ak
MDKSA-2005:148 - Updated vim packages fix vulnerability,
Mandriva Security Team
MDKSA-2005:146 - Updated php-pear packages fix more PEAR XML-RPC vulnerabilities,
Mandriva Security Team
MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities,
Mandriva Security Team
[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution,
Martin Schulze
[SECURITY] [DSA 781-1] New Mozilla Thunderbird packages fix several vulnerabilities,
Martin Schulze
32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities,
Williams, James K
[ Suresec Advisories ] - Several MacOS X vulnerabilities,
Suresec Advisories
Remote IIS 5.x and IIS 6.0 Server Name Spoof,
inge_eivind . henriksen
[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15,
max
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1,
phuket
Cisco Security Advisory: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation,
Cisco Systems Product Security Incident Response Team
DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse',
KF (lists)
Cisco Security Advisory: SSL Certificate Validation Vulnerability in IDS Management Software,
Cisco Systems Product Security Incident Response Team
SUSE Security Announcement: Adobe Reader Plugin buffer overflow (SUSE-SA:2005:047),
Marcus Meissner
ELM < 2.5.8 Remote Exploit POC,
c0ntexb
Nephp Publisher Enterprise 3.04 Cross Site Scripting,
bl2k
ToorCon 7 Lineup Finalized & Pre-Registration Ending,
h1kari@xxxxxxxxxxx
Bugs Land Down Under v800,
bl2k
[SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities,
Martin Schulze
[USN-171-1] PHP4 vulnerabilities,
Martin Pitt
Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection,
admin
IBM Lotus Notes multiple disclosures of password hashes,
Shalom Carmel
Vul in MyBB,
s2b
[ GLSA 200508-11 ] Adobe Reader: Buffer Overflow,
Thierry Carrez
[USN-169-1] Linux kernel vulnerabilities,
Martin Pitt
Fwd: Tor security advisory: DH handshake flaw,
Chris Palmer
Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal,
Secunia Research
[ GLSA 200508-10 ] Kismet: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
WinAce Temporary File Parsing Buffer Overflow Vulnerability,
atmaca
[USN-170-1] gnupg vulnerability,
Martin Pitt
Cisco Clean Access Agent (Perfigo) bypass,
llhansen-bugtraq
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities,
Martin Schulze
ATutor 1.5.1 and prior multiple XSS Vulnerabilities,
h4cky0u
w-agora 4.2.0 and prior Remote Directory Travel Vulnerability,
h4cky0u
UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed.,
please_reply_to_security
MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities,
Mandriva Security Team
DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod),
retrogod
PHPFreeNews V1.40 and prior Multiple Vulnerabilities,
h4cky0u
MDKSA-2005:141 - Updated evolution packages fixes format string vulnerabilities,
Mandriva Security Team
MDKSA-2005:142 - Updated libtiff packages fixes vulnerability,
Mandriva Security Team
MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability,
Mandriva Security Team
BBCaffe 2.0 cross site scripting poc,
retrogod
Bluez hcid popen() explained.,
KF (lists)
Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product,
Jason Coombs
Password Disclosure in Whisper32,
Alexey Agapov
Zorum 3.5 remote code execution poc exploit,
retrogod
mutt buffer overflow,
Peter Valchev
Juniper Netscreen VPN Username Enumeration Vulnerability,
Roy Hills
Internet Explorer 6 Meta Refresh Parsing Weakness,
Moritz Naumann
MSN Messenger Password Decrypter for WinXP/2003,
ViPeR
[ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability,
Sune Kloppenborg Jeppesen
[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities,
Matteo Beccati
Unicode Buffer Overflow in WinFtp Server 1.6.8,
Donato Ferrante
PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities,
goszynskif
[SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability,
Martin Schulze
SQL injection in mediabox404 v1.2,
cedric
Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0,
Luigi Auriemma
[SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16,
max
NOVL-2005010098073 GroupWise Password Caching,
Ed Reed
Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access,
Cisco Systems Product Security Incident Response Team
[security bulletin] SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access,
Boren, Rich (HP SSRT)
Win32 Port of Nessusd,
Tom Stracener
Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3),
NoBrain NoPain
Hummingbird FTP Weak Password Encryption,
nnposter
SQL injection in Persianblog,
alireza hassani
[ GLSA 200508-08 ] Xpdf, Kpdf, GPdf: Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
[ GLSA 200508-07 ] AWStats: Arbitrary code execution using malicious Referrer information,
Sune Kloppenborg Jeppesen
[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities,
John Cobb
SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046),
Marcus Meissner
[SECURITY] [DSA 776-1] New clamav packages fix several problems,
Martin Schulze
Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue,
advisories
249bytes reverse shellcode with "nooil tricks methods",
msuiche
MDKSA-2005:140 - Updated proftpd packages fix format string vulnerabilities,
Mandriva Security Team
Corsaire Security Advisory: HP Ignite-UX passwd file disclosure issue,
advisories
MDKSA-2005:139 - Updated gaim packages fix yet more vulnerabilities,
Mandriva Security Team
Serious flaw in Linksys wireless AP password security,
Steve Scherf
Technical Note by Amit Klein: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Le,
Amit Klein (AKsecurity)
[ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code,
Sune Kloppenborg Jeppesen
[SECURITY] [DSA 775-1] New Mozilla packages fix frame injection spoofing vulnerability,
Martin Schulze
drone armies C&C report - July/2005,
Gadi Evron
[SECURITY] [DSA 761-2] New heartbeat packages fix insecure temporary files,
Martin Schulze
Vulnerability found in CPAINT Ajax Toolkit,
wiley14
Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability,
Stefan Esser
Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability,
Stefan Esser
[DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue,
Uwe Hermann
SQL in PHPTB Topic Boards 2.0,
almaster
JaguarControl Activex Buffer Overflow,
Tacettin Karadeniz
Low security hole affecting Mentor's ADSLFR4II router,
Tim Brown
[USN-168-1] Gaim vulnerabilities,
Martin Pitt
Grandstream Budge Tone 101/102 DoS Vulnerability,
Kroma Pierre
Bluetooth: Theft of Link Keys for Fun and Profit?,
KF (lists)
Privilege escalation in Linksys WLAN Monitor v2.0,
Reed Arvin
Windows 2000 universal exploit for MS05-039,
sl0ppy
Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit,
Dr. Peter Bieringer
My Bulletin Board RC 4 Vulnerabilities,
phuket
(MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow (Universal Exploit + no crash shellcode),
houseofdabus
FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030,
Jeff Peadro
Xoops 2.2.1 Full Path Disclosure,
none
[SECURITY] [DSA 774-1] New fetchmail packages fix arbitrary code execution,
Martin Schulze
Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3),
Reed Arvin
MDKSA-2005:134 - Updated xpdf packages fix vulnerability,
Mandriva Security Team
MDKSA-2005:136 - Updated gpdf packages fix vulnerability,
Mandriva Security Team
[FLSA-2005:157696] Updated gzip package fixes security issues,
Marc Deslauriers
[FLSA-2005:157701] Updated Apache httpd packages fix security issues,
Marc Deslauriers
[FLSA-2005:152889] Updated mc packages fix security issues,
Marc Deslauriers
[FLSA-2005:129284] Updated spamassassin package fixes security issue,
Marc Deslauriers
MDKSA-2005:135 - Updated kdegraphics packages fix vulnerability,
Mandriva Security Team
MDKSA-2005:137 - Updated ucd-snmp packages fix a DoS vulnerability,
Mandriva Security Team
remote DOS on Wyse thin client 1125SE,
Josh Zlatin-Amishav
MDKSA-2005:138 - Updated cups packages fix vulnerability,
Mandriva Security Team
[SECURITY] [DSA 773-1] New amd64 packages fix several bugs,
Martin Schulze
SUSE Security Announcement: Mozilla various security problems (SUSE-SA:2005:045),
Marcus Meissner
[USN-165-1] heartbeat vulnerability,
Martin Pitt
[USN-166-1] Evolution vulnerabilities,
Martin Pitt
High Risk Vulnerability in Novell eDirectory Server,
NGSSoftware Insight Security Research
[USN-164-1] netpbm vulnerability,
Martin Pitt
ISS vs. Cisco: Chapter 2,
FX
ms05038 exploit poc (down&execute),
zwell
Privilege escalation in Nortel Contivity VPN Client V05_01.030,
Jeff Peadro
Evolution multiple remote format string bugs,
sitic
MDKSA-2005:133 - Updated netpbm packages fix temporary file vulnerabilities,
Mandriva Security Team
MDKSA-2005:132 - Updated heartbeat packages fix temporary file vulnerabilities,
Mandriva Security Team
CoolWebSearch found in massive spyware ring,
Paul Laudanski
Full path disclosure in CaLogic 1.22 and possible in older versions.,
gb . network
Help put a stop to incompetent computer forensics,
Jason Coombs
[KDE Security Advisory] kpdf temp file writing DoS vulnerability,
Dirk Mueller
NSFOCUS SA2005-02 : Microsoft IE Devenum.dll COM Instantiation Remote Code Execution Vulnerability,
NSFOCUS Security Team
[security bulletin] SSRT5998 rev.1 - HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS,
security-alert
[security bulletin] SSRT5957 rev.0 - HP Tru64 UNIX IPSEC Tunnel ESP Mode Remote Unauthorized Disclosure of Encrypted Data,
Security Alert
[security bulletin] SSRT051005 rev.0 - HP ProLiant DL585 Servers Unauthorized Remote Access,
security-alert
Design Flaw at Microsoft's AntiSpyware,
manolisgavriil
[security bulletin] SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code,
security-alert
BID 14355, VERITAS NetBackup 5.1 Time Stamp Vulnerability,
secure
iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability,
iDEFENSE Labs
Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation,
Marc Ruef
Bugtraq ID: 14460 : Coldfusion Fusebox V4.1.0 Vulnerability,
Adrocknaphobia
Sql injection and global variables poisoning in XMB Forum 1.9.1,
heintz
Apple Safari & Javascript - KERN_INVALID_ADDRESS (0x0001),
Patrick Webster
[USN-163-1] xpdf vulnerability,
Martin Pitt
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution,
retrogod
[AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions,
Team SHATTER
[AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions,
Team SHATTER
nbSMTP v0.99 remote format string exploit,
coki
Nate User Password Disclosed By Anonymous,
saintlinu
Creating a secret web site on IIS 5.x using Alternative Data Streams,
inge_eivind . henriksen
[USN-162-1] ekg and Gadu library vulnerabilities,
Martin Pitt
[AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions,
Team SHATTER
Advisory 13/2005: Remote code execution in SysCP,
Christopher Kunz
[SVadvisory#13] - SQL injection in MYFAQ 1.0,
svt
XSS in forums CFBB v1.1.0,
stormhacker
iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability,
iDEFENSE Labs
E107 + IPB XSS Exploit,
edward11
SQL IN Open Bulletin Board,
ABDUCTER_MINDS
Gravity Board X v1.1 multiple vulnerabilities,
retrogod
[ GLSA 200508-05 ] Heartbeat: Insecure temporary file creation,
Sune Kloppenborg Jeppesen
[ GLSA 200508-04 ] Netpbm: Arbitrary code execution in pstopnm,
Thierry Carrez
Vulnerability in ePing and eTrace plugins of e107,
os2a . bto
Root exploits in Lantonix Secure Console Server,
c0ntex
Comdev eCommerce wce.download.php Download Vulnerability,
none
Defeating Citi-Bank Virtual Keyboard Protection,
Debasis Mohanty
ipb Css bug(now public),
virusishacker
tar preserves setuid bit,
Imran Ghory
Comdev eCommerce config.php Vulnerability,
none
TSLSA-2005-0040 - multi,
Trustix Security Advisor
FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod),
retrogod
[HSC Security Group] Multiple XSS in phpopenchat 3.0.2,
zinho
Silvernews 2.0.3 remote command execution exploit, proxy server support!,
[at]
MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities,
Mandriva Security Team
Remote Password Compromise of Microsoft Active Sync 3.7.1,
nospam
MDKSA-2005:130 - Updated apache packages fix vulnerabilities,
Mandriva Security Team
MDKSA-2005:129 - Updated apache2 packages fix vulnerabilities,
Mandriva Security Team
Re: Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities),
asierillo
[USN-161-1] bzip2 utility vulnerability,
Martin Pitt
[ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code,
Stefan Cornelius
SQL IN PortailPHP,
ABDUCTER_MINDS
FINAL Phrack Magazine release #63 is OUT,
phrackstaff
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:044),
Ludwig Nussel
[USN-160-1] Apache 2 vulnerabilities,
Martin Pitt
Scanning Software Bugs,
Dan . Creed
Microsoft ActiveSync information leak and spoofing,
3APA3A
Zone Alarm Security Contact,
David Cross
[security bulletin] SSRT4682 rev.0 - Oracle for Openview (OfO) Critical Patch Update July 2005,
security-alert
Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting,
retrogod
Re: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability,
cybertronic
Coldfusion Fusebox V4.1.0 Vulnerability,
N.N.P
MDKSA-2005:128 - Updated mozilla packages fix multiple vulnerabilities,
Mandriva Security Team
[SECURITY] [DSA 772-1] New apt-cacher package fixes arbitrary command execution,
Martin Schulze
iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow,
iDEFENSE Labs
Zip 2,31 bad default file-permissions vulnerability,
Imran Ghory
[security bulletin] SSRT5998 Rev.0 HP System Management Homepage (v2.0.x) Denial of Service (DoS) & XSS,
security-alert
[ GLSA 200508-03 ] nbSMTP: Format string vulnerability,
Thierry Carrez
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities),
[at]
CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability,
Williams, James K
[NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection,
John Cobb
Arab Portal,
ABDUCTER_MINDS
unzip TOCTOU file-permissions vulnerability,
Imran Ghory
VBZoom Cross Site Scripting Vulnerabilities,
almaster
[ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities,
Sune Kloppenborg Jeppesen
[security bulletin] SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass,
security-alert
ICMP attacks against TCP: Conclusions,
Fernando Gont
[USN-159-1] unzip vulnerability,
Martin Pitt
[ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffer overflow,
Thierry Carrez
[USN-158-1] gzip utility vulnerability,
Martin Pitt
MySQL Eventum Multiple Vulnerabilities,
GulfTech Security Research
[USN-157-1] Mozilla Thunderbird vulnerabilities,
Martin Pitt
Vulnerability in Trendmicro Officescan,
sylvain . roger
TSLSA-2005-0038 - multi,
Trustix Security Advisor
ChurchInfo Multiple Vulnerabilities,
thegreatone2176
[SECURITY] [DSA 771-1] New pdns packages fix denial of service,
Martin Schulze
Buffer overflow in BusinessMail email server system 4.60.00,
Reed Arvin
PHPList Vunerability,
ziot
The Java applet sandbox and stateful firewalls,
Florian Weimer
[SVadvisory] - SQL injection in OpenBook 1.2.2,
svt
[ GLSA 200508-01 ] Compress::Zlib: Buffer overflow,
Sune Kloppenborg Jeppesen
Undisclosed Sudo Vulnerability ?,
Esler, Joel - Contractor
RO CP root exploit,
fjlj
[HSC Security Group] SQL Injection in Product Cart 2.6,
zinho
Trillian Ver 3.1 saves password's in plain Text,
Suramya Tomar
Tool release: Xprobe2 v0.3,
Ofir Arkin
Kent's Guestbook database exploit,
l--s
PC-EXPERIENCE/TOPPE CMS Security Advisory,
rat
Kayako liveResponse Multiple Vulnerabilities,
GulfTech Security Research
Kshout Data Disclosure,
group@xxxxxxxxxxxxxxxx
[SECURITY] [DSA 770-1] New gopher packages fix insecure temporary file creation,
Martin Schulze
[USN-156-1] TIFF vulnerability,
Martin Pitt
[FLSA-2005:163559] Updated php packages fix security issues,
Marc Deslauriers
Cisco Security Advisory: IPv6 Crafted Packet Vulnerability,
Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 769-1] New gaim packages fix denial of service,
Martin Schulze
MDKSA-2005:127 - Updated mozilla-thunderbird packages fix multiple vulnerabilities,
Mandriva Security Team
MDKSA-2005:126 - Updated fetchmail packages fix vulnerability,
Mandriva Security Team
SPIDynamics WebInspect Cross-ApplicationScripting (XAS),
Security-Alert
Advisory 12/2005: UseBB Multiple Vulnerabilities,
Stefan Esser
Website Baker Project Multiple Vulnerabilities,
thegreatone2176
Cross Site Scripting vulnerabilities in GForge,
Joxean Koret
[OpenPKG-SA-2005.015] OpenPKG Security Advisory (spamassassin),
OpenPKG
Thomson Web Skill Vantage Manager,
walter . sobchak
Vulnerability in Linksys Router access,
Nick Simicich
[USN-155-2] Updated Epiphany packages to match Mozilla security update,
Martin Pitt
Re: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities,
at
PhpList Sql Injection and Path Disclosure,
thegreatone2176
[USN-149-3] Ubuntu 4.10 update for Firefox vulnerabilities,
Martin Pitt
RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices,
Bojan Zdrnja
uguestbook exploit,
l--s
GNU Mailutils imap4d v0.6 remote format string exploit,
coki
[OpenPKG-SA-2005.016] OpenPKG Security Advisory (fetchmail),
OpenPKG
HAURI live update. Arbitrary remote file download and execute vulnerability,
saintlinu
SUSE Security Announcement: zlib denial of service (SUSE-SA:2005:043),
Ludwig Nussel
HP OpenView Radia Management Agent remote command execution via directory traversal,
NGSSoftware Insight Security Research
[OpenPKG-SA-2005.014] OpenPKG Security Advisory (zlib),
OpenPKG
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : RPCBind updated to prevent remote Denial of Service attack,
please_reply_to_security
[ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities,
Mandriva Security Team
[ GLSA 200507-24 ] Mozilla Suite: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[SECURITY] [DSA 766-1] New webcalendar package fixes information disclosure,
Martin Schulze
Spyware database lists,
Paul Laudanski
[USN-155-1] Mozilla vulnerabilities,
Martin Pitt
Re: Getting round website authentication with Firefox,
Shalom Carmel
[SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution,
Martin Schulze
FreeBSD Security Advisory FreeBSD-SA-05:18.zlib,
FreeBSD Security Advisories
[ GLSA 200507-26 ] GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library,
Sune Kloppenborg Jeppesen
[SECURITY] [DSA 767-1] New ekg packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting,
Martin Schulze
Shared section vulnerability when opening microsoft office document resulting in DoS,
sylvain . roger
Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS,
sylvain . roger
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec,
FreeBSD Security Advisories
[ GLSA 200507-25 ] Clam AntiVirus: Integer overflows,
Sune Kloppenborg Jeppesen
[ISR] - Novell GroupWise Client Remote Buffer Overflow,
Francisco Amato
[NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability,
Jonglim Yun
CYBSEC - Security Advisory: Default Configuration Information Disclosure in Lotus Domino,
Leandro Meiners
3Com launches vulnerability-buying program,
Ghaith Nasrawi
Internet Explorer AJAX Bug,
anakin
[HSC Security Group] XSS in CartWiz,
zinho
Vulnerability in IBM access,
sylvain . roger
fetchmail security announcement fetchmail-SA-2005-01,
Matthias Andree
SPIDynamics WebInspect Cross-Application Scripting (XAS),
3APA3A
Denial of service vulnerability in FTPshell Server Version 3.38,
Reed Arvin
[USN-153-1] fetchmail vulnerability,
Martin Pitt
Ares FileShare 1.1 'Long Searched String' Buffer Overflow Vulnerability,
kozan
[USN-154-1] vim vulnerability,
Martin Pitt
[USN-149-2] Fixed Firefox packages for USN-149-1,
Martin Pitt
[security bulletin] SSRT4884 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS),
security-alert
[security bulletin] SSRT5954 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS),
security-alert
[ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library,
Sune Kloppenborg Jeppesen
[ GLSA 200507-22 ] sandbox: Insecure temporary file handling,
Sune Kloppenborg Jeppesen
[ GLSA 200507-21 ] fetchmail: Buffer Overflow,
Sune Kloppenborg Jeppesen
[FLSA-2005:154276] Updated krb5 packages fix security issues,
Marc Deslauriers
[FLSA-2005:152842] Updated lvm package fixes security issue,
Marc Deslauriers
Siemens SANTIS 50 Authentication Vulnerability,
luca . carettoni
ClamAV Multiple Rem0te Buffer Overflows,
list
Corsaire Security Advisory: SAP Internet Graphics Server traversal issue,
advisories
Beehive Forum Multiple Vulnerabilities,
thegreatone2176
Chroot Security Group Advisory 2005-07-25 -- ftplocate,
[at]
ECI router login bypass,
D .
PHP FirstPost remote file include vulnerability,
gb . network
[Conectiva-updates] [CLA-2005:980] Conectiva Security Announcement - php4,
Conectiva Updates
Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include,
gr0up . pclabs
Realchat user impersonation - BSA 200506110001,
Andreas Beck
GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow,
Raphaël Rigo
MDKSA-2005:124 - Updated zlib packages fix vulnerability,
Mandriva Security Team
ICMP-based blind connection-reset attack,
Fernando Gont
Critical Patch Update April 2005 for Database 9.2 and 10.1 Update - Correction,
unbelievable
User privilege escalation exploit.,
sunos5 . 8
[USN-151-2] zlib vulnerabilities,
Martin Pitt
[Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package,
Cesar
[PTsecurity] MaxPatrol Network Security Scanner - Free unlimited version has been released.,
Alexander Anisimov
[ GLSA 200507-20 ] Shorewall: Security policy bypass,
Sune Kloppenborg Jeppesen
[ GLSA 200507-19 ] zlib: Buffer overflow,
Sune Kloppenborg Jeppesen
eBay phishing - phishers are getting better,
John Gateley
Advisory 11/2005: Multiple vulnerabilities in Contrexx,
Christopher Kunz
SlimFTPd Server: PoC Exploit,
Dim K0r0l
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)),
Dennis Lubert
Mozilla XPCOM Library Race Condition,
GulfTech Security Research
Multiple vulnerabilities in libgadu and ekg package,
Wojtek Kaniewski
[USN-151-1] zlib vulnerability,
Martin Pitt
[USN-150-1] KDE library vulnerability,
Martin Pitt
[USN-152-1] PAM/NSS LDAP vulnerabilitiy,
Martin Pitt
[USN-149-1] Firefox vulnerabilities,
Martin Pitt
MDKSA-2005:122 - Updated kdelibs packages fix vulnerability in kate and kwrite,
Mandriva Security Team
Oracle and setting the record straight,
David Litchfield
MDKSA-2005:123 - Updated shorewall packages fix vulnerability,
Mandriva Security Team
[KDE Security Advisory] Multiple libgadu vulnerabilities,
Dirk Mueller
Peter Gutmann data deletion theaory?,
Jared Johnson
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
