Bugtraq
[Prev Page][Next Page]
- [ GLSA 200506-03 ] Dzip: Directory traversal vulnerability,
Thierry Carrez
- SQL Injection Exploit for Portail PHP < 1.3,
Alberto Trivero
- `tattle` -- automatic reporting of SSH brute-force attacks,
C.J. Steele, CISSP
- Server termination in Raknet 2.33 (before 30 May 2005),
Luigi Auriemma
- GIPTables Firewall <= v1.1 insecure temporary file creation,
ZATAZ Audits
- LutelWall <= 0.97 insecure temporary file creation,
ZATAZ Audits
- Popper webmail remote code execution vulnerability - advisory fix,
LSS Security
- everybuddy <= 0.4.3 insecure temporary file creation,
Eric Romang / DATACENTER Luxembourg
- A new whitepaper by Watchfire - HTTP Request Smuggling,
Ory Segal
- [ GLSA 200506-04 ] Wordpress: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Malicious Bundles on Mac OS X,
Braden Thomas
- [FLSA-2005:152532] Updated kernel packages fix security issues,
Marc Deslauriers
- Israeli industrial espionage Trojan horse sample + snort sigs,
Gadi Evron
- [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue,
Uwe Hermann
- CastleCops phpBB bbcode Input Validation Disclosure,
Paul Laudanski
- XCon’2005 CALL FOR PAPER,
alert7@xxxxxxxxxx
- [SECURITY] [DSA 732-1] New mailutils packages fix several vulnerabilities,
Martin Schulze
- RE: Backdoor in Fortinet´s firewall Fortigate,
Matt Gibson
- [security bulletin] SSRT5962 rev.0 HP OpenView Radia mgmt - Remote access and DoS,
Boren, Rich (SSRT)
- SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection,
Bernhard Müller
- SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x,
Bernhard Müller
- HP Radia Notify Daemon: Multiple Buffer Overflow Vulnerabilities,
John Cartwright
- Backdoor in Fortinet´s firewall Fortigate,
Johan Andersson
- [ECHO_ADV_14$2005] Multiple Vulnerabilities in Liberum Help Desk,
the_day
- PHP Execution Vulnerability in CuteNews,
John Cantu
- [SECURITY] [DSA 731-1] New krb4 packages fix arbitrary code execution,
Martin Schulze
- [ZH2005-13SA] NEXTWEB (i)Site website management multiple vulnerabilities,
Jim Pangalos
- Reminder: XGrabKeyboard is not a security interface,
Florian Weimer
- A short warning on the X11 Editres protocol,
Florian Weimer
- [ GLSA 200506-01 ] Binutils, elfutils: Buffer overflow,
Sune Kloppenborg Jeppesen
- 504T and now also 604T remote access.,
alessandro
- Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4,
Alberto Trivero
- multiple vulnerability Calendarix Advanced,
DarkBicho
- Wide-scale industrial espionage using Trojan horses in Israel,
Gadi Evron
- [Argeniss] MS05-012 Exploit,
Cesar
- SyScAN'05,
organiser@xxxxxxxxxx
- PowerDownload Remote File Inclusion,
SoulBlack Group
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3,
Xnuxer Security
- Nortel VPN Router Malformed Packet DoS Vulnerability,
Roy Hills
- RE: Microsoft Internet Explorer - Crash on adding sites to restri cted zone (05/28/2005),
Hohn, Joerg
- TSL-2005-0025 - binutils,
Trustix Security Advisor
- Spam exploiting MS05-016,
Nick FitzGerald
- TSL-2005-0026 - multi,
Trustix Security Advisor
- MDKSA-2005:095 - Updated gdb packages fix vulnerabilities,
Mandriva Security Team
- Multiple vulnerabilities in x-cart Gold,
CENSORED
- MyBB 1.0 RC4 XSS Bug,
August Christopher
- CYBSEC - PHPMailer Infinite Loop Denial of Service,
Mariano Nuñez Di Croce
- Crash in Stronghold 2 1.2,
Luigi Auriemma
- Compuware Softice (DbgMsg driver) Local Denial Of Service,
Piotr Bania
- Format String Vulnerability In Peercast 0.1211 And Earlier,
GulfTech Security Research
- PicoWebServer Remote Unicode Stack Overflow,
Dennis Elser
- Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005),
Benjamin Tobias Franz
- Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005),
Benjamin Tobias Franz
- Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005),
Benjamin Tobias Franz
- Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005),
Benjamin Tobias Franz
- SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2,
Alberto Trivero
- [SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification,
Martin Schulze
- Citrix security contact,
Eyal Udassin
- DSL-504T (and maybe many other) remote access without password bug,
alessandro
- [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability,
Team SHATTER
- [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability,
Team SHATTER
- User32.dll Icon Size Crash,
- k -
- [USN-136-2] Fixed packages for USN-136-1,
Martin Pitt
- [USN-136-1] binutils vulnerability,
Martin Pitt
- [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail,
Thierry Carrez
- [USN-135-1] gdb vulnerabilities,
Martin Pitt
- [USN-114-2] Fixed packages for USN-114-1,
Martin Pitt
- PostNuke Critical SQL Injection and XSS 0.750=>x,
sp3x
- PHP Stat Administrative User Authentication Bypass,
SoulBlack Group
- [security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access,
Boren, Rich (SSRT)
- Buffer-overflow in C'Nedra 0.4.0,
Luigi Auriemma
- Buffer-overflow and crash in Terminator 3: War of the Machines 1.16,
Luigi Auriemma
- [security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS),
Boren, Rich (SSRT)
- Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability,
jamesbug
- [security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS),
Boren, Rich (SSRT)
- Meteor FTP Server: PoC Exploit,
Dim K0r0l
- Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.,
security curmudgeon
- [USN-134-1] Firefox vulnerabilities,
Martin Pitt
- [USN-133-1] Apache utility vulnerability,
Martin Pitt
- [ GLSA 200505-19 ] gxine: Format string vulnerability,
Thierry Carrez
- Invision Power Board 1.* and 2.* Exploit (BID 13529),
Petey Beege
- Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability,
Piotr Bania
- [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service,
Martin Schulze
- [SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting,
Martin Schulze
- davfs2 does not honour Unix permissions,
martin f krafft
- Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability,
Zone Labs Product Security
- OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation,
please_reply_to_security
- High Risk Vulnerability in L-Soft's LISTSERV Server,
NGSSoftware Insight Security Research
- shtool insecure temporary file creation,
ZATAZ.net
- PHP Injection in PHP Poll Creator,
rash ilusion
- iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability,
iDEFENSE Labs
- exim 4.40 exploit,
plugger
- [SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting,
Martin Schulze
- [USN-132-1] ImageMagick vulnerabilities,
Martin Pitt
- [USN-131-1] Linux kernel vulnerabilities,
Martin Pitt
- [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability,
Thierry Carrez
- Javamail Multiple Information Disclosure Vulnerabilities,
Ricky Latt
- iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability,
iDEFENSE Labs
- Endless loop in Halo 1.06,
Luigi Auriemma
- ACROS Security: HTML Injection in BEA WebLogic Server Console (1),
ACROS Security
- ACROS Security: HTML Injection in BEA WebLogic Server Console (2),
ACROS Security
- Gforge - viewFile.php security flaw,
Filippo Spike Morelli
- Blue Coat Reporter multiple remote vulnerabilities,
Oliver Karow
- CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability,
Williams, James K
- [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation,
Sune Kloppenborg Jeppesen
- [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities,
Sune Kloppenborg Jeppesen
- Meteor FTP Server v1.5 Buffer Overflow,
Auston J
- Format string and crash in Warrior Kings 1.3 and Battles 1.23,
Luigi Auriemma
- Cookie Cart Default Installation Multiple Vulnerabilities,
SoulBlack Group
- SQL injections in PortailPHP,
CENSORED
- Computer Associates Vet Antivirus Library Remote Heap Overflow,
list
- [SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x,
Maksymilian Arciemowicz
- pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows,
yan feng
- [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x,
Maksymilian Arciemowicz
- [SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x,
Maksymilian Arciemowicz
- [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3},
Maksymilian Arciemowicz
- [UPDATE] UNICODE BUFFER OVERFLOW IN MS-WORD,
Bahaa Naamneh
- [BuHa Security] Wordpress SQL-Injection,
Thomas Waldegger
- Security contact for Trillian,
Suramya Tomar
- episodex guestbook security bypass & html injection,
farhad koosha
- worm "postcard" e-mail issue,
M. Perri
- picasm error handling stack overflow vulnerability,
Shaun Colley
- [SECURITY] [DSA 727-1] New libconvert-uulib-perl packages fix arbitrary code execution,
Martin Schulze
- pst.advisory: gedit fun. opensource is god .lol windows,
yan feng
- [ GLSA 200505-15 ] gdb: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
- UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 726-1] New oops packages fix format string vulnerability,
Martin Schulze
- [USN-130-1] TIFF library vulnerability,
Martin Pitt
- [FLSA-2005:152815] Updated libtiff packages fix security issues,
Marc Deslauriers
- phpATM arbitrary PHP code inclusion,
Ingvar Gilbert
- UNICODE BUFFER OVERFLOW IN MS-WORD,
Bahaa Naamneh
- JavaMail Information Disclosure (msgno),
Ricky Latt
- [ GLSA 200505-14 ] Cheetah: Untrusted module search path,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 725-1] New ppxp packages fix local root exploit,
Martin Schulze
- D-Link DSL routers authentication bypass,
Francesco Orro
- MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities,
Mandriva Security Team
- MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities,
Mandriva Security Team
- MDKSA-2005:090 - Updated nasm packages fix vulnerability,
Mandriva Security Team
- MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability,
Mandriva Security Team
- UnixWare 7.1.4 : Updated mozilla fixes many security issues,
please_reply_to_security
- Security issue in Microsoft Outlook,
Bakchodiya
- [FLSA-2005:152771] Updated pam packages fix security issue,
Marc Deslauriers
- [FLSA-2005:152883] Updated mozilla packages fix security issues,
Marc Deslauriers
- NOVELL ZENWORKS MULTIPLE REMØTE STACK & HEAP OVERFLOWS,
list
- Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit],
Vade 79
- Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine,
Torseq Tech.
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05),
Steven M. Christey
- [USN-129-1] Squid vulnerability,
Martin Pitt
- Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack.,
Konrad Malewski
- [USN-128-1] nasm vulnerability,
Martin Pitt
- [SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting,
Martin Schulze
- [USN-127-1] bzip2 vulnerabilities,
Martin Pitt
- Help Center Live Vulnerabilities,
GulfTech Security Research
- Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine,
Torseq Tech.
- Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected],
bugs
- MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions,
Mandriva Security Team
- OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues,
please_reply_to_security
- [ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability,
Sune Kloppenborg Jeppesen
- [CLA-2005:953] Conectiva Security Announcement - kde,
Conectiva Updates
- Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability,
alert7
- cdrdao exploit for mandrake 10.2 ( Mandriva 2005),
newbug Tseng
- [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05),
deluxe
- Mac OS X - Adobe Version Cue local root exploit [c version exploit],
ali reza AcTiOnSpIdEr
- Pico Server (pServ) Remote Command Injection,
Claus R. F. Overbeck
- Pico Server (pServ) Information Disclosure Of CGI Sources,
Claus R. F. Overbeck
- Pico Server (pServ) Local Information Disclosure,
Claus R. F. Overbeck
- Woltlab Burning Board SQL Injection Vulnerability,
GulfTech Security Research
- DotNetNuke (Multiple XSS),
Mark Woan
- Postnuke 0.750 - 0.760rc4 local file inclusion,
pokley
- Multiple Vulnerabilities in MetaCart e-Shop,
dedi dwianto
- [ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- [ GLSA 200505-11 ] Mozilla Suite, Mozilla Firefox: Remote compromise,
Sune Kloppenborg Jeppesen
- [FLSA-2005:152871] Updated nfs-utils package fixes security issue,
Marc Deslauriers
- [FLSA-2005:152912] Updated imap packages fix security issues,
Marc Deslauriers
- [FLSA-2005:152856] Updated sudo packages fix security issue,
Marc Deslauriers
- MDKSA-2005:088 - Updated mozilla packages fix multiple vulnerabilities,
Mandriva Security Team
- [FLSA-2005:152804] Updated openmotif packages fix image vulnerability,
Marc Deslauriers
- Skull-Splitter's Guestbook Multiple XXS/HTML injection,
Morinex Eneco
- [FLSA-2005:152768] Updated ruby package fixes security issues,
Marc Deslauriers
- [USN-126-1] GNU TLS library vulnerability,
Martin Pitt
- [FLSA-2005:152763] Updated qt packages fixes security issues,
Marc Deslauriers
- Gaim 1.2.1 -- PoC Stack Overflow,
Ron
- [ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability,
Sune Kloppenborg Jeppesen
- Yahoo! Chat Add Buddy Without Consent Privacy Issue,
Torseq Tech.
- PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy,
Megasky
- Yahoo! Messenger URL Handler Remote DoS Vulnerability,
Torseq Tech.
- OpenBB SQL Injection & Cross-site Scripting Vulnerability,
Megasky
- cross-domain cookie theft: who's to blame?,
Tim Tompkins
- Windows image size crash,
RSnake
- Willings WebCam - Password Disclosure Issue,
SecuBox fRoGGz
- OllyDbg "INT3 AT" Format String Vulnerability,
Piotr Bania
- [FLSA-2005:154988] Updated openoffice.org packages fix security issues,
Marc Deslauriers
- [FLSA-2005:155508] Updated cvs package fixes security issues,
Marc Deslauriers
- Netvault Remote Heap Overflow (another one),
nolimit bugtraq
- OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage,
please_reply_to_security
- Ultimate PHP Board (UPB) Security Advisory,
Morinex Eneco
- 32-bit qmail fun (qmail-pop3d) (fwd),
Lars Olsson
- ITU 2005 Call For Papers,
Michal Szymanski
- FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED],
FreeBSD Security Advisories
- [USN-124-2] Fixed packages for USN-124-1,
Martin Pitt
- [USN-124-1] Mozilla and Firefox vulnerabilities,
Martin Pitt
- [USN-125-1] Gaim vulnerabilities,
Martin Pitt
- htdigest exploit code [bid 13537],
K sPecial
- [ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties,
Sune Kloppenborg Jeppesen
- MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities,
Mandriva Security Team
- MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities,
Mandriva Security Team
- MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities,
Mandriva Security Team
- MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities,
Mandriva Security Team
- Acrowave AAP-3100AR authetication bypass,
Martin Tornwall
- Directtopics Multiple Vulnerabilities (Security Advisory),
Morinex Eneco
- Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk,
Thor Arne Johansen
- Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8,
Max Kanat-Alexander
- Firefox 1.0.4 released. Several vulnerabilities fixed,
Paul
- [DR018] Quartz Composer / QuickTime 7 information leakage,
David Remahl
- Yappa-NG Multiple Vulnerabilities,
GulfTech Security Research
- [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS,
Zinho
- OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison.,
please_reply_to_security
- BakBone NetVault last warning,
class
- Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit,
Shaun Colley
- Guesbook Pro XSS & HTML Injection,
SoulBlack Group
- Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk,
Arne Vidström
- [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability,
pokley
- Linux kernel ELF core dump privilege elevation,
Paul Starzetz
- Cisco Security Advisory: FWSM URL Filtering Solution TCP ACL Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Metasploit Framework v2.4,
H D Moore
- MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities,
Mandriva Security Team
- WowBB view_user.php SQL Injection Vulnerability,
Megasky
- remote root security bug in ethereal 0.9.13 >= and <= 0.10.10,
suresec advisories
- [ GLSA 200505-08 ] HT Editor: Multiple buffer overflows,
Sune Kloppenborg Jeppesen
- [ GLSA 200505-07 ] libTIFF: Buffer overflow,
Sune Kloppenborg Jeppesen
- CAIF 1.2 released,
Oliver Goebel
- Gamespy cd-key validation system: "Cd-key in use" DoS versus many games,
Luigi Auriemma
- Firefox Crash??,
orebla Orebla
- TCP/IP implementations do not adequately validate ICMP error messages,
Alok Menghrajani - Ilion Security SA
- TSLSA-2005-0021 - squid,
Trustix Security Advisor
- New Macromedia Security Zone Bulletin Posted,
Macromedia Security Zone
- Crash in Zoidcom 1.0 beta 4,
Luigi Auriemma
- Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues,
Tirath Rai
- [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
- [ GLSA 200505-05 ] gzip: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Viruses can evade Sophos Anti-Virus,
xerces8
- Easy Message Board Directory Traversal and Remote Command,
SoulBlack Group
- Advanced Guestbook 2.3.1,
Spy Hat
- phpbb 2.0.15 released - patches high critical vuln,
Paul Laudanski
- [SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow,
Ejovi Nuwere
- Announcement: The Web Security Mailing List,
contact
- Firefox Remote Compromise Leaked,
Paul
- NISCC Vulnerability Advisory IPSEC - 004033,
albatross
- [SECURITY] [DSA 722-1] New smail packages fix arbitrary code execution,
Martin Schulze
- Firefox Remote Compromise Technical Details,
Paul
- PwsPHP v1.2.2 Final - Multiples vulnerabilities,
SecuBox fRoGGz
- [SECURITY] [DSA 723-1] New XFree86 packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability,
Matthias Geerdsen
- firefox 1.0.3 spoof+auto dl,
john smith
- 4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow,
Braden Thomas
- [ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 721-1] New squid packages fix ACL bypass,
Martin Schulze
- [USN-123-1] Xine library vulnerabilities,
Martin Pitt
- Secure Science Corporation Advisory CSA-056,
SSC Advisory Notice
- [USN-120-1] Apache 2 vulnerability,
Martin Pitt
- [USN-121-1] OpenOffice.org vulnerability,
Martin Pitt
- [USN-122-1] Squid vulnerability,
Martin Pitt
- [USN-119-1] tcpdump vulnerabilities,
Martin Pitt
- [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow,
Gary O'leary-Steele
- PHP Advanced Transfer Manager v1.21,
tjomi4
- FreeBSD Security Advisory FreeBSD-SA-05:08.kmem,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-05:07.ldt,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-05:06.iir,
FreeBSD Security Advisories
- MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities,
Mandriva Security Team
- Multiple Vulnerabilities In Invision Power Board,
GulfTech Security Research
- Gamespy cd-key validation system: Cd-key never in use,
Luigi Auriemma
- MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability,
Mandriva Security Team
- Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords,
Markus Wörle
- Sql Injection in CJ Ultra Plus v1.0.3-1.0.4,
Kold
- [ GLSA 200505-02 ] Oops!: Remote code execution,
Luke Macken
- Multiple vulnearabilities in e107 cms,
hennoj
- [USN-115-1] Kommander vulnerability,
Martin Pitt
- [USN-117-1] cvs vulnerability,
Martin Pitt
- [USN-114-1] kimgio vulnerability,
Martin Pitt
- [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart,
Exoduks
- DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities',
Kevin Finisterre
- [USN-118-1] PostgreSQL vulnerabilities,
Martin Pitt
- [USN-116-1] gzip vulnerabilities,
Martin Pitt
- [USN-113-1] libnet-ssleay-perl vulnerability,
Martin Pitt
- Local root vuln in VPN daemon on MacOS X,
Pieter de Boer
- Multiple Vulnerabilities In SitePanel2,
GulfTech Security Research
- Multiple Vulnerabilities In osTicket,
GulfTech Security Research
- Multiple vulnerabilities in myBloggie 2.1.1,
Alberto Trivero
- dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit,
cybertronic
- Oracle 10g DBMS_SCHEDULER SESSION_USER issue,
Alexander Kornbrust
- Oracle 9i / 10g Fine Grained Auditing Issue,
Alexander Kornbrust
- MegaBook V2.0 - Cross Site Scripting Exploit,
Spy Hat
- MRO Maximo v4 & v5,
Felix
- directory traversal in SimpleCam 1.2,
Donato Ferrante
- iDEFENSE Security Advisory 05.04.05: Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability,
iDEFENSE Labs
- Local file detection bug found through Adobe SVG Viewer,
Hyperdose Security
- leafnode security announcement leafnode-SA-2005-01,
Matthias Andree
- Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2,
ShineShadow
- Gossamer Threads Links SQL login XSS Vulnerability,
Nathan House
- iDEFENSE Security Advisory 05.03.05: Mac OS X Server NeST -target Buffer Overflow Vulnerability,
iDEFENSE Labs
- Golden Ftp Server Pro - Directory Traversal Vuln,
Lachlan. H
- Authentication bypass, sql injections and xss in ArticleLive 2005,
dcrab
- Multiple SQL injections and XSS in FishCart 3.1,
dcrab
- Advisories for 4 vulnerabilities addressed by Apple SU 2005-005,
David Remahl
- [HSC Security Group] ASP Inline Corporate Calendar SQL injection,
Zinho
- [SECURITY] [DSA 720-1] New smartlist packages fix unauthorised un/subscription,
Martin Schulze
- ASP.NET __VIEWSTATE crypto validation prone to replay attacks,
Michal Zalewski
- tHorK FrameWork Beta v0.1::: another exploit framework,
gilbert nzeka
- [CLA-2005:952] Conectiva Security Announcement - kernel,
Conectiva Updates
- Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241,
Lachlan. H
- Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC],
Jerome ATHIAS
- Can't trust COMODO,
Gunter Ollmann (NGS)
Regions bank phishing scam,
Ryan S
JGS-Portal 3.0.1 SQL-Injection,
admin
Golden FTP Server Pro Remote Buffer Overflow Exploit,
mohamed amhemed
[ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation,
Sune Kloppenborg Jeppesen
Defcon Capture the Flag registration is open,
Kenshoto
Microsoft WINS Vulnerability + OS/SP Scanner,
class
Insecure pty permissions in OS X < 10.4,
Matt Johnston
Clients format string and server crash in Mtp-Target 1.2.2,
Luigi Auriemma
[ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities,
Luke Macken
Multiple Vulnerabilities in Video Cam Server 1.0.0,
Donato Ferrante
DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite',
KF (lists)
Apache hacks (./atac, d0s.txt),
Andrew Y Ng
- Re: Apache hacks (./atac, d0s.txt),
a.list.address@xxxxxxxxx
- Re: Apache hacks (./atac, d0s.txt),
Chris Umphress
- Re: Apache hacks (./atac, d0s.txt),
Sagiko
- Re: Apache hacks (./atac, d0s.txt),
Daniel Cid
- Re: Apache hacks (./atac, d0s.txt),
Luiz Henrique
- Re: Apache hacks (./atac, d0s.txt),
Skip Carter
- Re: Apache hacks (./atac, d0s.txt),
Robert Zilbauer
- Re: Apache hacks (./atac, d0s.txt),
KF (lists)
- Re: Apache hacks (./atac, d0s.txt),
Jay D. Dyson
- Re: Apache hacks (./atac, d0s.txt),
Steve Kemp
Snmppd SNMP proxy daemon format string exploit,
cybertronic
Mac OS X Cocktail 3.5.4 admin password disclosure,
sonderling
DEF CON - New CTF Organizers chosen!,
The Dark Tangent
[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking,
Secure Computer Group
[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service,
Secure Computer Group
MDKSA-2005:078 - Updated squid packages fix vulnerability,
Mandriva Security Team
MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability,
Mandriva Security Team
Multiples Full Path Disclosure in php-nuke 7.6 (and below),
Luis Fernando
MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities,
Mandriva Security Team
Golden FTP Server Pro remote stack BOF exploit (IHSTeam),
c0d3r
NY sues Spyware Intermix, funded by Tiaa-Cref,
Paul Laudanski
Safari HTTPS Overflow,
Gilbert Verdian
Multiple Sql injections in phpCoin v1.2.2 and below,
dcrab
DHS Security Contact,
Jason Coombs
[Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS),
Boren, Rich (SSRT)
Cross Site Scripting in BEA Admin Console,
Alexander Kornbrust
[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection,
Zinho
File appending vulnerability in Oracle Webcache 9i,
Alexander Kornbrust
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application,
Alexander Kornbrust
Webcache Client Requests Bypass OHS mod_access Restrictions,
Alexander Kornbrust
insecure user account lam-runtime-7.0.6-2mdk rpm,
Scott Grayban
Borland Security Contact,
Dave Armstrong
Netflix Site may assist Phishing,
Sara Togian
OT: Two Factor Authentication on Linux / Mac / Windows,
Mohit Muthanna
phpBB Notes Mod SQL Injection Vulnerability,
GulfTech Security Research
High risk flaw in HP OpenView Radia Management Agent,
NGSSoftware Insight Security Research
[SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow,
Martin Schulze
[SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow,
Martin Schulze
[ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities,
Sune Kloppenborg Jeppesen
Security contact at sourceforge?,
Joxean Koret
ZRCSA-200501 - Multiple vulnerabilities in Claroline,
Sieg Fried
Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005),
Reed Arvin
[CLA-2005:948] Conectiva Security Announcement - squid,
Conectiva Updates
Privilege escalation in BulletProof FTP Server v2.4.0.31,
Reed Arvin
Privilege escalation in BakBone NetVault 7.1,
Reed Arvin
iDEFENSE Labs Releases dltrace,
iDEFENSE Labs
SQL-injections in koobi-cms,
CENSORED
[CLA-2005:950] Conectiva Security Announcement - evolution,
Conectiva Updates
[CLA-2005:949] Conectiva Security Announcement - gaim,
Conectiva Updates
[SECURITY] [DSA 716-1] New gaim packages fix denial of service,
Martin Schulze
[SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities,
Martin Schulze
[ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities,
Thierry Carrez
[SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access,
Martin Schulze
[HSC Security Group] Comersus v6 Script injection,
Zinho
myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof',
Terencentanio Enache
Black Hat USA 2005 Reminder CFP closing soon!,
Jeff Moss
SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028),
Marcus Meissner
[ GLSA 200504-26 ] Convert-UUlib: Buffer overflow,
Sune Kloppenborg Jeppesen
New Whitepaper: Stopping Automated Attack Tools,
Gunter Ollmann (NGS)
ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit,
shadown
[ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation,
Sune Kloppenborg Jeppesen
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability,
iDEFENSE Labs
Discovering and Stopping Phishing/Scam Attacks,
steven
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability,
iDEFENSE Labs
[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability,
Zinho
SQL-injections in Invision Power Board v2.0.1,
CENSORED
IE - cross site click detection?,
ViPeR
[PLSN-0005] new cvs package available,
Peachtree Linux Security Team
[PLSN-0006] new libexif package available,
Peachtree Linux Security Team
[PLSN-0007] new libcdaudio package available,
Peachtree Linux Security Team
tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.,
Vade 79
tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.,
Vade 79
GrayCMS php code injection,
Kold
[exploits] phpMyVisites 1.3 local file retrieval,
Max Cerny
E-Cart E-Commerce Software EXPLOIT,
Emanuele "z\" Gentili
Multiple SQL Injections in MetaBid Auctions,
dcrab
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities,
dcrab
Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K,
dcrab
Multiple SQL Injections in MetaCart2 for PayPal,
dcrab
Multiple SQL Injections in MetaCart e-Shop V-8,
dcrab
iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability,
iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability,
iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow,
iDEFENSE Labs
[SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution,
Martin Schulze
dBpowerAMP Auxiliary - Abnormal execution,
SecuBox fRoGGz
[security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS),
Boren, Rich (SSRT)
[ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities,
Matthias Geerdsen
remote command execution in ad.cgi script,
fireboy fireboy
Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned],
Dave Aitel
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05),
admin
remote command execution in forum.pl script,
fireboy fireboy
index.cgi script XSS + file show,
fireboy fireboy
remote command execution in text.cgi script,
fireboy fireboy
MailEnable HTTPS Buffer Overflow [x0n3-h4ck],
CorryL
[Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow,
Damian Put
E-Cart v1.1 Remote Command Execution Vulnerability,
Emanuele "z\" Gentili
Yager <= 5.24 Remote Buffer Overflow Exploit,
cybertronic
Possible XSS in User-Agent,
Nicolas Montoza
remote command execution in includer.cgi script,
fireboy fireboy
remote command execution in citat.pl script,
fireboy fireboy
hyper.cgi script file show bug,
fireboy fireboy
[INetCop Security Advisory] Snmppd potentially format string vulnerability.,
dong-hun you
MS05-019 Windows IP options DoS exploit,
GomoR
remote command execution in include.cgi script,
fireboy fireboy
Multiple SQL Injections in StorePortal 2.63,
dcrab
DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow',
KF (lists)
Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?,
Erich Klaus
remote command execution in inserter.cgi script,
fireboy fireboy
[CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service,
CIRT.DK Advisory
[SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability,
snsadv
TSLSA-2005-0015 - postgresql,
Trustix Security Advisor
E-Cart v1.1 Remote Command Execution,
Nicolas Montoza
Local file detection found through Adobe Reader ActiveX control,
Hyperdose Security
Multiple Sql injection and XSS in CartWIZ ASP Cart,
dcrab
artmedic_links5 remote file access exploit,
Adam n30n Simuntis
-==phpBB 2.0.14 Multiple Vulnerabilities==-,
HaCkZaTaN
New auto download / install / exploit URL?,
Gandalf The White
ACSblog bug,
farhad koosha
Multiple Sql injection vulnerabilities in BK Forum v.4,
dcrab
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05),
deluxe
FreeBSD Security Advisory FreeBSD-SA-05:05.cvs,
FreeBSD Security Advisories
BitDefender 8 - Race condition vulnerability,
SecuBox fRoGGz
[ GLSA 200504-23 ] Kommander: Insecure remote script execution,
Sune Kloppenborg Jeppesen
[ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow,
Sune Kloppenborg Jeppesen
[PLSN-0001] - Multiple vulnerabilities in Gaim,
Peachtree Linux Security Team
[ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability,
Thierry Carrez
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Mark Senior
Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6,
ShineShadow
[KDE Security Advisory]: Kommander untrusted code execution,
Dirk Mueller
[KDE Security Advisory]: kimgio input validation errors,
Dirk Mueller
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included),
dcrab
[PLSN-0003] - Remote exploits in mplayer,
Peachtree Linux Security Team
UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling,
Sune Kloppenborg Jeppesen
UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[ GLSA 200504-20 ] openMosixview: Insecure temporary file creation,
Thierry Carrez
[PLSN-0002] - Multiple vulnerabilities in Gaim,
Peachtree Linux Security Team
Canonicalization and directory traversal in iSeries FTP security products,
Shalom Carmel
MDKSA-2005:077 - Updated cdrecord packages fix vulnerability,
Mandriva Security Team
TSLSA-2005-0013 - cvs,
Trustix Security Advisor
APG Classmaster Workstation Windows SMB share access vulnerability,
Alex Garrett
[PLSN-0001] - Multiple PHP vulnerabilities,
Peachtree Linux Security Team
[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities,
Martin Schulze
xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients,
Michael Roitzsch
MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability,
Mandriva Security Team
Vulnerability kali's tagboard,
piker piker
MDKSA-2005:073 - Updated cvs packages fix vulnerability,
Mandriva Security Team
directory traversal in Yawcam 0.2.5,
Donato Ferrante
[SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash,
Martin Schulze
MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability,
Mandriva Security Team
MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities,
Mandriva Security Team
[PLSN-0004] - Buffer overflow in PostgreSQL,
Peachtree Linux Security Team
cpio directory traversal vulnerability,
Imran Ghory
PMsoftware mini http server remote stack overflow exploit (IHSTeam),
c0d3r
gzip directory traversal vulnerability,
Imran Ghory
Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Stephen Frost
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
David F. Skoll
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tom Lane
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim C. Nasby
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tom Lane
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Bruce Momjian
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim C. Nasby
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Stephen Frost
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Joshua D. Drake
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tino Wildenhain
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim Knoble
- <Possible follow-ups>
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Josh Berkus
Secure Science Corporation Application Software Advisory 055,
SSC Advisory Notice
[OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql),
OpenPKG
Linux vsyscalls may be used as attack vectors,
Clad Strife
Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck],
CorryL
Ecommerce-Carts SQL injection vulnerability ( IHSTeam ),
c0d3r
[waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2,
Janek Vind
Annuaire Netref v4.2 [ fwrite php ] vulnerability,
jaguar
Multiple Security Issues Found In AZBB,
GulfTech Security Research
RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability,
Boyce, Nick
Multiple eGroupware Vulnerabilities,
GulfTech Security Research
ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412),
houseofdabus HOD
Neslo Desktop Rover Remote DoS Vulnerability,
Adam Baldwin
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow,
Piotr Bania
[ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities,
Matthias Geerdsen
[HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection,
Zinho
SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026),
Marcus Meissner
SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027),
Marcus Meissner
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files,
Martin Schulze
DUportal Pro 3.4 has MANY Sql injection and Sql Errors.,
dcrab
[CLA-2005:947] Conectiva Security Announcement - MySQL,
Conectiva Updates
Capital One's website inadvertently assists phishing,
Joseph Barillari
Re: Capital One's website inadvertently assists phishing,
Allen Parker
<Possible follow-ups>
RE: Capital One's website inadvertently assists phishing,
Rager, Anton (Anton)
Announcing PAKCON II (2005)!,
Ayaz Ahmed Khan
PAKCON II: Call for Papers (CfP - 2005),
Ayaz Ahmed Khan
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC,
Evgeny Pinchuk
CAU - New Tool: hcraft - HTTP Vuln Request Crafter,
I)ruid
[ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities,
Thierry Carrez
[SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations,
Martin Schulze
File Selection May Lead to Command Execution (GM#015-IE),
GreyMagic Security
UBB Thread printthread.php SQL Injection,
Hillel Himovich
RE: ERNW Security Advisory 01/2005 [ EXPLOIT ],
cybertronic
Directoy Traversal Attack in apexec.pl (.%00./-Bug),
msdarkflyer
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability,
Martin Schulze
Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability,
Paul J Docherty
[ GLSA 200504-17 ] XV: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities,
Mandriva Security Team
- Argeniss - Oracle exploits and workarounds,
Cesar
iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability,
iDEFENSE Labs
The first open source spyware,
gilbert nzeka
[ GLSA 200504-16 ] CVS: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
[AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure,
Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package,
Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia,
Team SHATTER
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure,
Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages,
Team SHATTER
ERNW Security Advisory 01/2005,
Mailinglists
[SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service,
Martin Schulze
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure,
deluxe
Firesearching 1 + 2 [Firefox 1.0.2],
mikx
[ECL] Windows IP Options DoS POC [ECL],
Yuri Gushin
[ GLSA 200504-15 ] PHP: Multiple vulnerabilities,
Thierry Carrez
Firelinking [Firefox 1.0.2],
mikx
Vulnerability in Coppermine Photo Gallery 1.3.*,
GHC team
SUSE Security Announcement: cvs (SUSE-SA:2005:024),
Sebastian Krahmer
Require many large corporate emails for contact regarding vulnerability.,
dcrab
phpBB datenbank mod has XSS/SQL Injection in the id variable,
tom cruise
[DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability,
David Remahl
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below,
dcrab
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]