Bugtraq

Date Index

[Prev Page][Next Page]

[ GLSA 200506-03 ] Dzip: Directory traversal vulnerability, Thierry Carrez
SQL Injection Exploit for Portail PHP < 1.3, Alberto Trivero
`tattle` -- automatic reporting of SSH brute-force attacks, C.J. Steele, CISSP
- Re: `tattle` -- automatic reporting of SSH brute-force attacks, Anders Henke
- Re: `tattle` -- automatic reporting of SSH brute-force attacks, Sergio Gelato
Server termination in Raknet 2.33 (before 30 May 2005), Luigi Auriemma
GIPTables Firewall <= v1.1 insecure temporary file creation, ZATAZ Audits
LutelWall <= 0.97 insecure temporary file creation, ZATAZ Audits
Popper webmail remote code execution vulnerability - advisory fix, LSS Security
everybuddy <= 0.4.3 insecure temporary file creation, Eric Romang / DATACENTER Luxembourg
A new whitepaper by Watchfire - HTTP Request Smuggling, Ory Segal
[ GLSA 200506-04 ] Wordpress: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Malicious Bundles on Mac OS X, Braden Thomas
[FLSA-2005:152532] Updated kernel packages fix security issues, Marc Deslauriers
Israeli industrial espionage Trojan horse sample + snort sigs, Gadi Evron
[DRUPAL-SA-2005-001] New Drupal release fixes critical security issue, Uwe Hermann
CastleCops phpBB bbcode Input Validation Disclosure, Paul Laudanski
XCon’2005 CALL FOR PAPER, alert7@xxxxxxxxxx
[SECURITY] [DSA 732-1] New mailutils packages fix several vulnerabilities, Martin Schulze
RE: Backdoor in Fortinet´s firewall Fortigate, Matt Gibson
[security bulletin] SSRT5962 rev.0 HP OpenView Radia mgmt - Remote access and DoS, Boren, Rich (SSRT)
SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection, Bernhard Müller
SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x, Bernhard Müller
HP Radia Notify Daemon: Multiple Buffer Overflow Vulnerabilities, John Cartwright
Backdoor in Fortinet´s firewall Fortigate, Johan Andersson
- Re: Backdoor in Fortinet´s firewall Fortigate, Michael J McCafferty
  - Re: Backdoor in Fortinet´s firewall Fortigate, Derek Martin
[ECHO_ADV_14$2005] Multiple Vulnerabilities in Liberum Help Desk, the_day
PHP Execution Vulnerability in CuteNews, John Cantu
[SECURITY] [DSA 731-1] New krb4 packages fix arbitrary code execution, Martin Schulze
[ZH2005-13SA] NEXTWEB (i)Site website management multiple vulnerabilities, Jim Pangalos
Reminder: XGrabKeyboard is not a security interface, Florian Weimer
A short warning on the X11 Editres protocol, Florian Weimer
- Re: A short warning on the X11 Editres protocol, Frank v Waveren
[ GLSA 200506-01 ] Binutils, elfutils: Buffer overflow, Sune Kloppenborg Jeppesen
504T and now also 604T remote access., alessandro
Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4, Alberto Trivero
multiple vulnerability Calendarix Advanced, DarkBicho
Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron
[Argeniss] MS05-012 Exploit, Cesar
SyScAN'05, organiser@xxxxxxxxxx
PowerDownload Remote File Inclusion, SoulBlack Group
[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Xnuxer Security
- Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Marcus Meissner
  - Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Todd C. Miller
  - Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Justin
- Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Ow Mun Heng
Nortel VPN Router Malformed Packet DoS Vulnerability, Roy Hills
RE: Microsoft Internet Explorer - Crash on adding sites to restri cted zone (05/28/2005), Hohn, Joerg
TSL-2005-0025 - binutils, Trustix Security Advisor
Spam exploiting MS05-016, Nick FitzGerald
TSL-2005-0026 - multi, Trustix Security Advisor
MDKSA-2005:095 - Updated gdb packages fix vulnerabilities, Mandriva Security Team
Multiple vulnerabilities in x-cart Gold, CENSORED
MyBB 1.0 RC4 XSS Bug, August Christopher
CYBSEC - PHPMailer Infinite Loop Denial of Service, Mariano Nuñez Di Croce
Crash in Stronghold 2 1.2, Luigi Auriemma
Compuware Softice (DbgMsg driver) Local Denial Of Service, Piotr Bania
Format String Vulnerability In Peercast 0.1211 And Earlier, GulfTech Security Research
PicoWebServer Remote Unicode Stack Overflow, Dennis Elser
Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005), Benjamin Tobias Franz
Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005), Benjamin Tobias Franz
Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benjamin Tobias Franz
- Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benton Lam
- <Possible follow-ups>
- Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), - k -
Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005), Benjamin Tobias Franz
- <Possible follow-ups>
- Re: Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005), Steven M. Christey
SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2, Alberto Trivero
[SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification, Martin Schulze
Citrix security contact, Eyal Udassin
- Re: Citrix security contact, security curmudgeon
DSL-504T (and maybe many other) remote access without password bug, alessandro
[AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability, Team SHATTER
[AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability, Team SHATTER
User32.dll Icon Size Crash, - k -
- Re: User32.dll Icon Size Crash, Daniel Souza
[USN-136-2] Fixed packages for USN-136-1, Martin Pitt
[USN-136-1] binutils vulnerability, Martin Pitt
[ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail, Thierry Carrez
[USN-135-1] gdb vulnerabilities, Martin Pitt
[USN-114-2] Fixed packages for USN-114-1, Martin Pitt
PostNuke Critical SQL Injection and XSS 0.750=>x, sp3x
PHP Stat Administrative User Authentication Bypass, SoulBlack Group
[security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access, Boren, Rich (SSRT)
Buffer-overflow in C'Nedra 0.4.0, Luigi Auriemma
Buffer-overflow and crash in Terminator 3: War of the Machines 1.16, Luigi Auriemma
[security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT)
Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug
[security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT)
Meteor FTP Server: PoC Exploit, Dim K0r0l
Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules., security curmudgeon
[USN-134-1] Firefox vulnerabilities, Martin Pitt
[USN-133-1] Apache utility vulnerability, Martin Pitt
[ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez
Invision Power Board 1.* and 2.* Exploit (BID 13529), Petey Beege
Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability, Piotr Bania
[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service, Martin Schulze
- Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service, John GALLET
[SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting, Martin Schulze
davfs2 does not honour Unix permissions, martin f krafft
Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability, Zone Labs Product Security
OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation, please_reply_to_security
High Risk Vulnerability in L-Soft's LISTSERV Server, NGSSoftware Insight Security Research
shtool insecure temporary file creation, ZATAZ.net
PHP Injection in PHP Poll Creator, rash ilusion
- Re: PHP Injection in PHP Poll Creator, Michael Cordover
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability, iDEFENSE Labs
exim 4.40 exploit, plugger
[SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting, Martin Schulze
[USN-132-1] ImageMagick vulnerabilities, Martin Pitt
[USN-131-1] Linux kernel vulnerabilities, Martin Pitt
[ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability, Thierry Carrez
Javamail Multiple Information Disclosure Vulnerabilities, Ricky Latt
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities, iDEFENSE Labs
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability, iDEFENSE Labs
Endless loop in Halo 1.06, Luigi Auriemma
ACROS Security: HTML Injection in BEA WebLogic Server Console (1), ACROS Security
ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security
- Re: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), Will Schroeder
  - RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security
Gforge - viewFile.php security flaw, Filippo Spike Morelli
Blue Coat Reporter multiple remote vulnerabilities, Oliver Karow
CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K
- <Possible follow-ups>
- RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K
[ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation, Sune Kloppenborg Jeppesen
[ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities, Sune Kloppenborg Jeppesen
Meteor FTP Server v1.5 Buffer Overflow, Auston J
Format string and crash in Warrior Kings 1.3 and Battles 1.23, Luigi Auriemma
Cookie Cart Default Installation Multiple Vulnerabilities, SoulBlack Group
SQL injections in PortailPHP, CENSORED
Computer Associates Vet Antivirus Library Remote Heap Overflow, list
[SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x, Maksymilian Arciemowicz
pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows, yan feng
[SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x, Maksymilian Arciemowicz
[SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x, Maksymilian Arciemowicz
[SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}, Maksymilian Arciemowicz
[UPDATE] UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh
[BuHa Security] Wordpress SQL-Injection, Thomas Waldegger
Security contact for Trillian, Suramya Tomar
episodex guestbook security bypass & html injection, farhad koosha
worm "postcard" e-mail issue, M. Perri
picasm error handling stack overflow vulnerability, Shaun Colley
[SECURITY] [DSA 727-1] New libconvert-uulib-perl packages fix arbitrary code execution, Martin Schulze
pst.advisory: gedit fun. opensource is god .lol windows, yan feng
[ GLSA 200505-15 ] gdb: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability, Sune Kloppenborg Jeppesen
UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 726-1] New oops packages fix format string vulnerability, Martin Schulze
[USN-130-1] TIFF library vulnerability, Martin Pitt
[FLSA-2005:152815] Updated libtiff packages fix security issues, Marc Deslauriers
phpATM arbitrary PHP code inclusion, Ingvar Gilbert
UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh
JavaMail Information Disclosure (msgno), Ricky Latt
[ GLSA 200505-14 ] Cheetah: Untrusted module search path, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 725-1] New ppxp packages fix local root exploit, Martin Schulze
D-Link DSL routers authentication bypass, Francesco Orro
MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities, Mandriva Security Team
MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities, Mandriva Security Team
MDKSA-2005:090 - Updated nasm packages fix vulnerability, Mandriva Security Team
MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability, Mandriva Security Team
UnixWare 7.1.4 : Updated mozilla fixes many security issues, please_reply_to_security
Security issue in Microsoft Outlook, Bakchodiya
- <Possible follow-ups>
- RE: Security issue in Microsoft Outlook, Scovetta, Michael V
[FLSA-2005:152771] Updated pam packages fix security issue, Marc Deslauriers
[FLSA-2005:152883] Updated mozilla packages fix security issues, Marc Deslauriers
NOVELL ZENWORKS MULTIPLE REMØTE STACK & HEAP OVERFLOWS, list
Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit], Vade 79
Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech.
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), Steven M. Christey
[USN-129-1] Squid vulnerability, Martin Pitt
Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack., Konrad Malewski
[USN-128-1] nasm vulnerability, Martin Pitt
[SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting, Martin Schulze
[USN-127-1] bzip2 vulnerabilities, Martin Pitt
Help Center Live Vulnerabilities, GulfTech Security Research
Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech.
Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected], bugs
MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions, Mandriva Security Team
OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues, please_reply_to_security
[ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability, Sune Kloppenborg Jeppesen
[CLA-2005:953] Conectiva Security Announcement - kde, Conectiva Updates
Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability, alert7
cdrdao exploit for mandrake 10.2 ( Mandriva 2005), newbug Tseng
[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe
- <Possible follow-ups>
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe
Mac OS X - Adobe Version Cue local root exploit [c version exploit], ali reza AcTiOnSpIdEr
Pico Server (pServ) Remote Command Injection, Claus R. F. Overbeck
Pico Server (pServ) Information Disclosure Of CGI Sources, Claus R. F. Overbeck
Pico Server (pServ) Local Information Disclosure, Claus R. F. Overbeck
Woltlab Burning Board SQL Injection Vulnerability, GulfTech Security Research
DotNetNuke (Multiple XSS), Mark Woan
Postnuke 0.750 - 0.760rc4 local file inclusion, pokley
Multiple Vulnerabilities in MetaCart e-Shop, dedi dwianto
[ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200505-11 ] Mozilla Suite, Mozilla Firefox: Remote compromise, Sune Kloppenborg Jeppesen
[FLSA-2005:152871] Updated nfs-utils package fixes security issue, Marc Deslauriers
[FLSA-2005:152912] Updated imap packages fix security issues, Marc Deslauriers
[FLSA-2005:152856] Updated sudo packages fix security issue, Marc Deslauriers
MDKSA-2005:088 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team
[FLSA-2005:152804] Updated openmotif packages fix image vulnerability, Marc Deslauriers
Skull-Splitter's Guestbook Multiple XXS/HTML injection, Morinex Eneco
[FLSA-2005:152768] Updated ruby package fixes security issues, Marc Deslauriers
[USN-126-1] GNU TLS library vulnerability, Martin Pitt
[FLSA-2005:152763] Updated qt packages fixes security issues, Marc Deslauriers
Gaim 1.2.1 -- PoC Stack Overflow, Ron
[ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability, Sune Kloppenborg Jeppesen
Yahoo! Chat Add Buddy Without Consent Privacy Issue, Torseq Tech.
PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy, Megasky
Yahoo! Messenger URL Handler Remote DoS Vulnerability, Torseq Tech.
OpenBB SQL Injection & Cross-site Scripting Vulnerability, Megasky
cross-domain cookie theft: who's to blame?, Tim Tompkins
Windows image size crash, RSnake
- Re: Windows image size crash, Giuseppe `lan` Marocchio
- Re: Windows image size crash, Oliver J. Morais
- Re: Windows image size crash, Bernhard Mitterer
- <Possible follow-ups>
- Re: Windows image size crash, cmthemc
Willings WebCam - Password Disclosure Issue, SecuBox fRoGGz
OllyDbg "INT3 AT" Format String Vulnerability, Piotr Bania
[FLSA-2005:154988] Updated openoffice.org packages fix security issues, Marc Deslauriers
[FLSA-2005:155508] Updated cvs package fixes security issues, Marc Deslauriers
Netvault Remote Heap Overflow (another one), nolimit bugtraq
OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage, please_reply_to_security
Ultimate PHP Board (UPB) Security Advisory, Morinex Eneco
32-bit qmail fun (qmail-pop3d) (fwd), Lars Olsson
ITU 2005 Call For Papers, Michal Szymanski
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED], FreeBSD Security Advisories
[USN-124-2] Fixed packages for USN-124-1, Martin Pitt
[USN-124-1] Mozilla and Firefox vulnerabilities, Martin Pitt
[USN-125-1] Gaim vulnerabilities, Martin Pitt
htdigest exploit code [bid 13537], K sPecial
[ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties, Sune Kloppenborg Jeppesen
MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities, Mandriva Security Team
MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities, Mandriva Security Team
MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities, Mandriva Security Team
MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities, Mandriva Security Team
Acrowave AAP-3100AR authetication bypass, Martin Tornwall
Directtopics Multiple Vulnerabilities (Security Advisory), Morinex Eneco
Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Thor Arne Johansen
Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8, Max Kanat-Alexander
Firefox 1.0.4 released. Several vulnerabilities fixed, Paul
[DR018] Quartz Composer / QuickTime 7 information leakage, David Remahl
Yappa-NG Multiple Vulnerabilities, GulfTech Security Research
[HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS, Zinho
OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison., please_reply_to_security
BakBone NetVault last warning, class
Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit, Shaun Colley
Guesbook Pro XSS & HTML Injection, SoulBlack Group
Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström
- Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström
[Scan Associates Advisory] Neteyes Nexusway multiple vulnerability, pokley
Linux kernel ELF core dump privilege elevation, Paul Starzetz
- Re: Linux kernel ELF core dump privilege elevation, Bruno Lustosa
  - Re: Linux kernel ELF core dump privilege elevation, codeQ
- Re: Linux kernel ELF core dump privilege elevation, Greg KH
  - Re: Linux kernel ELF core dump privilege elevation, Greg KH
  - Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths
  - Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), chris
- Re: Linux kernel ELF core dump privilege elevation, antoine
  - Re: Linux kernel ELF core dump privilege elevation, Pedro Venda
Cisco Security Advisory: FWSM URL Filtering Solution TCP ACL Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Metasploit Framework v2.4, H D Moore
MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team
WowBB view_user.php SQL Injection Vulnerability, Megasky
remote root security bug in ethereal 0.9.13 >= and <= 0.10.10, suresec advisories
[ GLSA 200505-08 ] HT Editor: Multiple buffer overflows, Sune Kloppenborg Jeppesen
[ GLSA 200505-07 ] libTIFF: Buffer overflow, Sune Kloppenborg Jeppesen
CAIF 1.2 released, Oliver Goebel
Gamespy cd-key validation system: "Cd-key in use" DoS versus many games, Luigi Auriemma
Firefox Crash??, orebla Orebla
- Re: Firefox Crash??, Christophe Lucas
- Re: Firefox Crash??, Joxean Koret
- Re: Firefox Crash??, Jeremy Kelley
- Re: Firefox Crash??, Peter Bartosch
TCP/IP implementations do not adequately validate ICMP error messages, Alok Menghrajani - Ilion Security SA
- Re: TCP/IP implementations do not adequately validate ICMP error messages, Peter Keel
- Re: TCP/IP implementations do not adequately validate ICMP error messages, Maciej Soltysiak
- Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages, David Nichols
- RE: TCP/IP implementations do not adequately validate ICMP error messages, David Schwartz
TSLSA-2005-0021 - squid, Trustix Security Advisor
New Macromedia Security Zone Bulletin Posted, Macromedia Security Zone
Crash in Zoidcom 1.0 beta 4, Luigi Auriemma
Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues, Tirath Rai
[ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200505-05 ] gzip: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Viruses can evade Sophos Anti-Virus, xerces8
Easy Message Board Directory Traversal and Remote Command, SoulBlack Group
Advanced Guestbook 2.3.1, Spy Hat
phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski
- Re: phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski
[SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow, Ejovi Nuwere
Announcement: The Web Security Mailing List, contact
Firefox Remote Compromise Leaked, Paul
NISCC Vulnerability Advisory IPSEC - 004033, albatross
[SECURITY] [DSA 722-1] New smail packages fix arbitrary code execution, Martin Schulze
Firefox Remote Compromise Technical Details, Paul
PwsPHP v1.2.2 Final - Multiples vulnerabilities, SecuBox fRoGGz
[SECURITY] [DSA 723-1] New XFree86 packages fix arbitrary code execution, Martin Schulze
[ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability, Matthias Geerdsen
firefox 1.0.3 spoof+auto dl, john smith
- <Possible follow-ups>
- Re: firefox 1.0.3 spoof+auto dl, Paul
4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow, Braden Thomas
[ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 721-1] New squid packages fix ACL bypass, Martin Schulze
[USN-123-1] Xine library vulnerabilities, Martin Pitt
Secure Science Corporation Advisory CSA-056, SSC Advisory Notice
[USN-120-1] Apache 2 vulnerability, Martin Pitt
[USN-121-1] OpenOffice.org vulnerability, Martin Pitt
[USN-122-1] Squid vulnerability, Martin Pitt
[USN-119-1] tcpdump vulnerabilities, Martin Pitt
[SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Gary O'leary-Steele
PHP Advanced Transfer Manager v1.21, tjomi4
FreeBSD Security Advisory FreeBSD-SA-05:08.kmem, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-05:07.ldt, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-05:06.iir, FreeBSD Security Advisories
MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities, Mandriva Security Team
Multiple Vulnerabilities In Invision Power Board, GulfTech Security Research
Gamespy cd-key validation system: Cd-key never in use, Luigi Auriemma
MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability, Mandriva Security Team
Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords, Markus Wörle
Sql Injection in CJ Ultra Plus v1.0.3-1.0.4, Kold
[ GLSA 200505-02 ] Oops!: Remote code execution, Luke Macken
Multiple vulnearabilities in e107 cms, hennoj
[USN-115-1] Kommander vulnerability, Martin Pitt
[USN-117-1] cvs vulnerability, Martin Pitt
[USN-114-1] kimgio vulnerability, Martin Pitt
[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart, Exoduks
DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities', Kevin Finisterre
[USN-118-1] PostgreSQL vulnerabilities, Martin Pitt
[USN-116-1] gzip vulnerabilities, Martin Pitt
[USN-113-1] libnet-ssleay-perl vulnerability, Martin Pitt
Local root vuln in VPN daemon on MacOS X, Pieter de Boer
Multiple Vulnerabilities In SitePanel2, GulfTech Security Research
Multiple Vulnerabilities In osTicket, GulfTech Security Research
- <Possible follow-ups>
- Re: Multiple Vulnerabilities In osTicket, eticket
Multiple vulnerabilities in myBloggie 2.1.1, Alberto Trivero
dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit, cybertronic
Oracle 10g DBMS_SCHEDULER SESSION_USER issue, Alexander Kornbrust
Oracle 9i / 10g Fine Grained Auditing Issue, Alexander Kornbrust
MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat
- <Possible follow-ups>
- Re: MegaBook V2.0 - Cross Site Scripting Exploit, Morning Wood
- Re: MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat
MRO Maximo v4 & v5, Felix
directory traversal in SimpleCam 1.2, Donato Ferrante
iDEFENSE Security Advisory 05.04.05: Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability, iDEFENSE Labs
Local file detection bug found through Adobe SVG Viewer, Hyperdose Security
leafnode security announcement leafnode-SA-2005-01, Matthias Andree
Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, ShineShadow
Gossamer Threads Links SQL login XSS Vulnerability, Nathan House
iDEFENSE Security Advisory 05.03.05: Mac OS X Server NeST -target Buffer Overflow Vulnerability, iDEFENSE Labs
Golden Ftp Server Pro - Directory Traversal Vuln, Lachlan. H
Authentication bypass, sql injections and xss in ArticleLive 2005, dcrab
- <Possible follow-ups>
- Re: Authentication bypass, sql injections and xss in ArticleLive 2005, Steven M. Christey
Multiple SQL injections and XSS in FishCart 3.1, dcrab
- <Possible follow-ups>
- Re: Multiple SQL injections and XSS in FishCart 3.1, michael
Advisories for 4 vulnerabilities addressed by Apple SU 2005-005, David Remahl
[HSC Security Group] ASP Inline Corporate Calendar SQL injection, Zinho
[SECURITY] [DSA 720-1] New smartlist packages fix unauthorised un/subscription, Martin Schulze
ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, H D Moore
- <Possible follow-ups>
- RE: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Tim Farley
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski
  - Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski
    - Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Anton Ivanov
tHorK FrameWork Beta v0.1::: another exploit framework, gilbert nzeka
[CLA-2005:952] Conectiva Security Announcement - kernel, Conectiva Updates
Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241, Lachlan. H
Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC], Jerome ATHIAS
Can't trust COMODO, Gunter Ollmann (NGS)
- Message not available
  - Re: Can't trust COMODO - An Update, Gunter Ollmann
Regions bank phishing scam, Ryan S
JGS-Portal 3.0.1 SQL-Injection, admin
Golden FTP Server Pro Remote Buffer Overflow Exploit, mohamed amhemed
[ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation, Sune Kloppenborg Jeppesen
Defcon Capture the Flag registration is open, Kenshoto
Microsoft WINS Vulnerability + OS/SP Scanner, class
Insecure pty permissions in OS X < 10.4, Matt Johnston
Clients format string and server crash in Mtp-Target 1.2.2, Luigi Auriemma
[ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities, Luke Macken
Multiple Vulnerabilities in Video Cam Server 1.0.0, Donato Ferrante
DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite', KF (lists)
Apache hacks (./atac, d0s.txt), Andrew Y Ng
- Re: Apache hacks (./atac, d0s.txt), a.list.address@xxxxxxxxx
  - Re: Apache hacks (./atac, d0s.txt), Nick Bright
- Re: Apache hacks (./atac, d0s.txt), Chris Umphress
- Re: Apache hacks (./atac, d0s.txt), Sagiko
- Re: Apache hacks (./atac, d0s.txt), Daniel Cid
- Re: Apache hacks (./atac, d0s.txt), Luiz Henrique
- Re: Apache hacks (./atac, d0s.txt), Skip Carter
- Re: Apache hacks (./atac, d0s.txt), Robert Zilbauer
- Re: Apache hacks (./atac, d0s.txt), KF (lists)
- Re: Apache hacks (./atac, d0s.txt), Jay D. Dyson
- Re: Apache hacks (./atac, d0s.txt), Steve Kemp
Snmppd SNMP proxy daemon format string exploit, cybertronic
Mac OS X Cocktail 3.5.4 admin password disclosure, sonderling
DEF CON - New CTF Organizers chosen!, The Dark Tangent
[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking, Secure Computer Group
[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service, Secure Computer Group
MDKSA-2005:078 - Updated squid packages fix vulnerability, Mandriva Security Team
MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability, Mandriva Security Team
Multiples Full Path Disclosure in php-nuke 7.6 (and below), Luis Fernando
MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandriva Security Team
Golden FTP Server Pro remote stack BOF exploit (IHSTeam), c0d3r
NY sues Spyware Intermix, funded by Tiaa-Cref, Paul Laudanski
Safari HTTPS Overflow, Gilbert Verdian
- Re: Safari HTTPS Overflow, David Riley
- Re: Safari HTTPS Overflow, Braden Thomas
Multiple Sql injections in phpCoin v1.2.2 and below, dcrab
DHS Security Contact, Jason Coombs
[Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS), Boren, Rich (SSRT)
Cross Site Scripting in BEA Admin Console, Alexander Kornbrust
[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection, Zinho
File appending vulnerability in Oracle Webcache 9i, Alexander Kornbrust
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application, Alexander Kornbrust
Webcache Client Requests Bypass OHS mod_access Restrictions, Alexander Kornbrust
insecure user account lam-runtime-7.0.6-2mdk rpm, Scott Grayban
Borland Security Contact, Dave Armstrong
- Re: Borland Security Contact, KF (lists)
  - Re: [bugtraq] Re: Borland Security Contact, Markus Stenzel
Netflix Site may assist Phishing, Sara Togian
- RE: Netflix Site may assist Phishing, pak_ml
OT: Two Factor Authentication on Linux / Mac / Windows, Mohit Muthanna
phpBB Notes Mod SQL Injection Vulnerability, GulfTech Security Research
High risk flaw in HP OpenView Radia Management Agent, NGSSoftware Insight Security Research
[SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow, Martin Schulze
[SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution, Martin Schulze
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow, Martin Schulze
[ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities, Sune Kloppenborg Jeppesen
Security contact at sourceforge?, Joxean Koret
- Re: Security contact at sourceforge?, Scott Grayban
ZRCSA-200501 - Multiple vulnerabilities in Claroline, Sieg Fried
Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005), Reed Arvin
[CLA-2005:948] Conectiva Security Announcement - squid, Conectiva Updates
Privilege escalation in BulletProof FTP Server v2.4.0.31, Reed Arvin
Privilege escalation in BakBone NetVault 7.1, Reed Arvin
iDEFENSE Labs Releases dltrace, iDEFENSE Labs
SQL-injections in koobi-cms, CENSORED
[CLA-2005:950] Conectiva Security Announcement - evolution, Conectiva Updates
[CLA-2005:949] Conectiva Security Announcement - gaim, Conectiva Updates
[SECURITY] [DSA 716-1] New gaim packages fix denial of service, Martin Schulze
[SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities, Martin Schulze
[ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities, Thierry Carrez
[SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access, Martin Schulze
[HSC Security Group] Comersus v6 Script injection, Zinho
myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof', Terencentanio Enache
Black Hat USA 2005 Reminder CFP closing soon!, Jeff Moss
SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028), Marcus Meissner
[ GLSA 200504-26 ] Convert-UUlib: Buffer overflow, Sune Kloppenborg Jeppesen
New Whitepaper: Stopping Automated Attack Tools, Gunter Ollmann (NGS)
ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit, shadown
[ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation, Sune Kloppenborg Jeppesen
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability, iDEFENSE Labs
Discovering and Stopping Phishing/Scam Attacks, steven
- Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump
- Re: Discovering and Stopping Phishing/Scam Attacks, Crispin Cowan
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability, iDEFENSE Labs
[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability, Zinho
SQL-injections in Invision Power Board v2.0.1, CENSORED
- <Possible follow-ups>
- Re: SQL-injections in Invision Power Board v2.0.1, Steven M. Christey
IE - cross site click detection?, ViPeR
- <Possible follow-ups>
- RE: IE - cross site click detection?, ViPeR
[PLSN-0005] new cvs package available, Peachtree Linux Security Team
[PLSN-0006] new libexif package available, Peachtree Linux Security Team
[PLSN-0007] new libcdaudio package available, Peachtree Linux Security Team
tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits., Vade 79
- Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits., Romain Francoise
tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS., Vade 79
- Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS., Romain Francoise
GrayCMS php code injection, Kold
[exploits] phpMyVisites 1.3 local file retrieval, Max Cerny
E-Cart E-Commerce Software EXPLOIT, Emanuele "z\" Gentili
Multiple SQL Injections in MetaBid Auctions, dcrab
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities, dcrab
Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K, dcrab
Multiple SQL Injections in MetaCart2 for PayPal, dcrab
Multiple SQL Injections in MetaCart e-Shop V-8, dcrab
iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow, iDEFENSE Labs
[SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution, Martin Schulze
dBpowerAMP Auxiliary - Abnormal execution, SecuBox fRoGGz
[security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT)
[ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities, Matthias Geerdsen
remote command execution in ad.cgi script, fireboy fireboy
Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], Dave Aitel
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05), admin
remote command execution in forum.pl script, fireboy fireboy
index.cgi script XSS + file show, fireboy fireboy
- Re: index.cgi script XSS + file show, D.C. van Moolenbroek
remote command execution in text.cgi script, fireboy fireboy
MailEnable HTTPS Buffer Overflow [x0n3-h4ck], CorryL
[Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow, Damian Put
E-Cart v1.1 Remote Command Execution Vulnerability, Emanuele "z\" Gentili
Yager <= 5.24 Remote Buffer Overflow Exploit, cybertronic
Possible XSS in User-Agent, Nicolas Montoza
- <Possible follow-ups>
- RE: Possible XSS in User-Agent, Scovetta, Michael V
remote command execution in includer.cgi script, fireboy fireboy
remote command execution in citat.pl script, fireboy fireboy
hyper.cgi script file show bug, fireboy fireboy
[INetCop Security Advisory] Snmppd potentially format string vulnerability., dong-hun you
MS05-019 Windows IP options DoS exploit, GomoR
remote command execution in include.cgi script, fireboy fireboy
Multiple SQL Injections in StorePortal 2.63, dcrab
DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow', KF (lists)
Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?, Erich Klaus
- <Possible follow-ups>
- Re: Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?, iovdin
remote command execution in inserter.cgi script, fireboy fireboy
[CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service, CIRT.DK Advisory
[SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability, snsadv
TSLSA-2005-0015 - postgresql, Trustix Security Advisor
E-Cart v1.1 Remote Command Execution, Nicolas Montoza
Local file detection found through Adobe Reader ActiveX control, Hyperdose Security
Multiple Sql injection and XSS in CartWIZ ASP Cart, dcrab
artmedic_links5 remote file access exploit, Adam n30n Simuntis
-==phpBB 2.0.14 Multiple Vulnerabilities==-, HaCkZaTaN
- Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-, Paul Laudanski
New auto download / install / exploit URL?, Gandalf The White
- <Possible follow-ups>
- RE: New auto download / install / exploit URL?, Geoff Vass
- Re: New auto download / install / exploit URL?, joke0
  - Re: New auto download / install / exploit URL?, Hermann Arens
    - Re: New auto download / install / exploit URL?, Nicob
ACSblog bug, farhad koosha
Multiple Sql injection vulnerabilities in BK Forum v.4, dcrab
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05), deluxe
FreeBSD Security Advisory FreeBSD-SA-05:05.cvs, FreeBSD Security Advisories
BitDefender 8 - Race condition vulnerability, SecuBox fRoGGz
- Re: BitDefender 8 - Race condition vulnerability, Ovidiu Constantin
[ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen
[ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow, Sune Kloppenborg Jeppesen
[PLSN-0001] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team
[ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability, Thierry Carrez
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mark Senior
Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6, ShineShadow
- <Possible follow-ups>
- Re: Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6, senghooi
[KDE Security Advisory]: Kommander untrusted code execution, Dirk Mueller
[KDE Security Advisory]: kimgio input validation errors, Dirk Mueller
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included), dcrab
[PLSN-0003] - Remote exploits in mplayer, Peachtree Linux Security Team
- <Possible follow-ups>
- [PLSN-0003] - Remote exploits in MPlayer, Peachtree Linux Security Team
UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling, Sune Kloppenborg Jeppesen
UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200504-20 ] openMosixview: Insecure temporary file creation, Thierry Carrez
[PLSN-0002] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team
- <Possible follow-ups>
- [PLSN-0002] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team
Canonicalization and directory traversal in iSeries FTP security products, Shalom Carmel
MDKSA-2005:077 - Updated cdrecord packages fix vulnerability, Mandriva Security Team
TSLSA-2005-0013 - cvs, Trustix Security Advisor
APG Classmaster Workstation Windows SMB share access vulnerability, Alex Garrett
[PLSN-0001] - Multiple PHP vulnerabilities, Peachtree Linux Security Team
[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities, Martin Schulze
xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients, Michael Roitzsch
MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability, Mandriva Security Team
Vulnerability kali's tagboard, piker piker
- Re: Vulnerability kali's tagboard, Jason Dodson
- Re: Vulnerability kali's tagboard, security curmudgeon
  - Re: Vulnerability kali's tagboard, Jesus
MDKSA-2005:073 - Updated cvs packages fix vulnerability, Mandriva Security Team
directory traversal in Yawcam 0.2.5, Donato Ferrante
[SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash, Martin Schulze
MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability, Mandriva Security Team
MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities, Mandriva Security Team
[PLSN-0004] - Buffer overflow in PostgreSQL, Peachtree Linux Security Team
cpio directory traversal vulnerability, Imran Ghory
PMsoftware mini http server remote stack overflow exploit (IHSTeam), c0d3r
gzip directory traversal vulnerability, Imran Ghory
Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, David F. Skoll
  - Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane
  - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim C. Nasby
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruce Momjian
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, David F. Skoll
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim C. Nasby
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruno Wolff III
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Antoine Martin
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Stephen Frost
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Antoine Martin
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Joshua D. Drake
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Lance James
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tino Wildenhain
      - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Rod Taylor
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Tino Wildenhain
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Michael Samuel
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim Knoble
      - RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
        
        RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
        
        RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto
        
        Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim Knoble
- <Possible follow-ups>
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Josh Berkus
Secure Science Corporation Application Software Advisory 055, SSC Advisory Notice
[OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql), OpenPKG
Linux vsyscalls may be used as attack vectors, Clad Strife
- <Possible follow-ups>
- Linux vsyscalls may be used as attack vectors, Clad Strife
Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck], CorryL
Ecommerce-Carts SQL injection vulnerability ( IHSTeam ), c0d3r
[waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2, Janek Vind
Annuaire Netref v4.2 [ fwrite php ] vulnerability, jaguar
Multiple Security Issues Found In AZBB, GulfTech Security Research
RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability, Boyce, Nick
Multiple eGroupware Vulnerabilities, GulfTech Security Research
ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412), houseofdabus HOD
Neslo Desktop Rover Remote DoS Vulnerability, Adam Baldwin
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow, Piotr Bania
- Re: RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow, Göran Sandahl
[ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities, Matthias Geerdsen
[HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection, Zinho
SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026), Marcus Meissner
SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027), Marcus Meissner
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files, Martin Schulze
DUportal Pro 3.4 has MANY Sql injection and Sql Errors., dcrab
[CLA-2005:947] Conectiva Security Announcement - MySQL, Conectiva Updates
Capital One's website inadvertently assists phishing, Joseph Barillari
- Message not available
  - Re: Capital One's website inadvertently assists phishing, Joseph Barillari
- Re: Capital One's website inadvertently assists phishing, Allen Parker
- <Possible follow-ups>
- RE: Capital One's website inadvertently assists phishing, Rager, Anton (Anton)
Announcing PAKCON II (2005)!, Ayaz Ahmed Khan
PAKCON II: Call for Papers (CfP - 2005), Ayaz Ahmed Khan
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC, Evgeny Pinchuk
CAU - New Tool: hcraft - HTTP Vuln Request Crafter, I)ruid
[ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities, Thierry Carrez
[SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations, Martin Schulze
File Selection May Lead to Command Execution (GM#015-IE), GreyMagic Security
UBB Thread printthread.php SQL Injection, Hillel Himovich
RE: ERNW Security Advisory 01/2005 [ EXPLOIT ], cybertronic
Directoy Traversal Attack in apexec.pl (.%00./-Bug), msdarkflyer
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability, Martin Schulze
Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability, Paul J Docherty
- RE: Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability, GulfTech Security Research
[ GLSA 200504-17 ] XV: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities, Mandriva Security Team
- Argeniss - Oracle exploits and workarounds, Cesar
iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability, iDEFENSE Labs
The first open source spyware, gilbert nzeka
[ GLSA 200504-16 ] CVS: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure, Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package, Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia, Team SHATTER
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure, Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages, Team SHATTER
ERNW Security Advisory 01/2005, Mailinglists
[SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service, Martin Schulze
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure, deluxe
Firesearching 1 + 2 [Firefox 1.0.2], mikx
[ECL] Windows IP Options DoS POC [ECL], Yuri Gushin
[ GLSA 200504-15 ] PHP: Multiple vulnerabilities, Thierry Carrez
Firelinking [Firefox 1.0.2], mikx
Vulnerability in Coppermine Photo Gallery 1.3.*, GHC team
- <Possible follow-ups>
- Re: Vulnerability in Coppermine Photo Gallery 1.3.*, nibbler999
SUSE Security Announcement: cvs (SUSE-SA:2005:024), Sebastian Krahmer
Require many large corporate emails for contact regarding vulnerability., dcrab
phpBB datenbank mod has XSS/SQL Injection in the id variable, tom cruise
[DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability, David Remahl
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, dcrab

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]