Bugtraq

Date Index

[Prev Page][Next Page]

Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, (continued)
- Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, Amit Klein (AKsecurity)
- Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, JeiAr
  - Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, Paul Laudanski
[Overflow.pl] Libsafe - Safety Check Bypass Vulnerability, Overflow.pl
Mafia Blog, Francisco Alisson
[ECHO_ADV_12$2005] Vulnerabilities in sphpblog, echo staff
Vulnerabilities in sphpblog, echo staff
[ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Enumeration of AS/400 users and their status via POP3, Shalom Carmel
Arbitrary file overwrite possible by Musicmatch ActiveX control, Hyperdose Security
myBloggie 2.1.1, Francisco Alisson
Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability, Jordi Corrales
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service, Martin Schulze
[Overflow.pl] GOCR - Multiple vulnerabilities, Overflow.pl
windux-linux-gui-rainbow-lanman-cracker released, Philippe Oechslin
[ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution, Martin Schulze
Improper log file storage in Musicmatch software, Hyperdose Security
FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf, FreeBSD Security Advisories
[USN-112-1] PHP4 vulnerabilities, Martin Pitt
[USN-111-1] Squid vulnerability, Martin Pitt
Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch, Hyperdose Security
Trojan file issue in Musicmatch software, Hyperdose Security
Multiple vulnerabilities in Yager 5.24, Luigi Auriemma
Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore, dcrab
BCS Asia 2005 Slides and pictures, Anthony Zboralski
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability, Williams, James K
Security Contact for NetApp ?, Fabrice Marie
- Re: Security Contact for NetApp ?, Antonio Varni
sumus[v0.2.2]: (httpd) remote buffer overflow exploit., Vade 79
All4WWW-Homepagecreator Remote Command Execution, Francisco Alisson
MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities, Mandriva Security Team
Internet Explorer wininet.dll URL parsing memory corruption technical details, 3APA3A
[ GLSA 200504-12 ] rsnapshot: Local privilege escalation, Thierry Carrez
serendipity SQL Injection vulnerability, kreon
- <Possible follow-ups>
- Re: serendipity SQL Injection vulnerability, sebastian
Windows kernel overflow fixed, NGSSoftware Insight Security Research
[ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules., dcrab
Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities, Berend-Jan Wever
LG U8120 Mobile Phone Denial of Service, Luca Ercoli
HTTP RESPONSE SPLITTING by Diabolic Crab, dcrab
- Re: HTTP RESPONSE SPLITTING by Diabolic Crab, Amit Klein (AKsecurity)
[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
ms05016 POC, zwell zwell
MDKSA-2005:070 - Updated MySQL packages fix vulnerability, Mandrakelinux Security Team
[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution, Martin Schulze
NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities, Bahaa Naamneh
[SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities, Martin Schulze
cpio TOCTOU file-permissions vulnerability, Imran Ghory
- <Possible follow-ups>
- Re: cpio TOCTOU file-permissions vulnerability, Steve G
IBM WebSphere Widespread configuration JSP disclosure, SPI Labs
Multiple High Risk flaws fixed in Oracle, NGSSoftware Insight Security Research
Multiple medium risk flaws fixed in new version of PHP (late advisory), NGSSoftware Insight Security Research
Gld 1.5 released (security fix), Salim Gasmi
Patch available for critical Veritas i3 Server vulnerability, NGSSoftware Insight Security Research
zOOM Media Gallery - Simple SQL Injection discovery, Andreas Constantinides
'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal', KF (lists)
GLD (Greylisting daemon for Postfix) multiple vulnerabilities., dong-hun you
WordPress XSS and HTML injection, Nicolas Montoza
Window Washer 6.0: False Sense of Security, WBG Links
DoKuWiki file-upload vulnerabilities, kreon
JavaMail allows directory traversal in attachments, Rafael San Miguel Carrasco
[ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling, vorlon
QuickTime for Windows malformed GIF DoS, liquid
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, Dionysios G. Synodinos
Centra 7 XSS Exploit, Clorox
Remote Buffer Overflow in Lotus Domino, Next Generation Insight Security Research (NGS Software)
eGroupWare Leaks Files, Gerald Quakenbush
IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS, IRM Advisories
iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability, iDEFENSE Labs
WebCT 4.1 vulnerable to XSS attacks, lacertosum
7a69Adv#23 - Jar tool directory transversal vulnerability, Pluf
Microsoft Jet (msjet40.dll) Exploit, Stuart Pearson
rsnapshot Security Advisory 001, security
rpdump TOCTOU file-permissions vulnerability, Imran Ghory
XV multiple buffer overflows (update), Greg Roelofs
- <Possible follow-ups>
- Re: XV multiple buffer overflows (update), kvea
AzDGDatingPlatinum multiple vulnerabilities, kre0n
Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2, dcrab
Sql injection in jPortal version 2.3.1 (module banner), Marcin "CiNU5" Krupowicz
- <Possible follow-ups>
- Sql injection in jPortal version 2.3.1 (module banner), Marcin "CiNU5" Krupowicz
- Re: Sql injection in jPortal version 2.3.1 (module banner), anonymous
  - Re: Sql injection in jPortal version 2.3.1 (module banner), exon
[WHITEPAPER] Bugger The Debugger, Brett Moore
Microsoft Windows image rendering DoS vuln, Andrew
- Re: Microsoft Windows image rendering DoS vuln, patrick
  - Message not available
    - Message not available
      - Message not available
        
        Re: Microsoft Windows image rendering DoS vuln, patrick
        
        Re: Microsoft Windows image rendering DoS vuln, Randy
        
        Re: Microsoft Windows image rendering DoS vuln, Jesse Morgan
- <Possible follow-ups>
- Microsoft Windows image rendering DoS vuln, Luis Alberto Cortes Zavala
OpenOffice DOC document Heap Overflow, lee xiaojun
Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED], dcrab
[ GLSA 200504-08 ] phpMyAdmin: Cross-site scripting vulnerability, Luke Macken
Zone-H 2004 statistics are ready to be downloaded, Gerardo Astharot Di Giacomo
iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs
Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code, Kozan
- RE: Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code, Richard Stanway
================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor, Imran Ghory
- Re: ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5., Pavel Kankovsky
TowerBlog <= 0.6 Admin Account View [x0n3-h4ck], CorryL
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities, GulfTech Security Research
SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022), Marcus Meissner
OpenText FirstClass 8.0 Client Arbitrary File Execution, dila
UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez
[ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow, Thierry Carrez
[USN-110-1] Linux kernel vulnerabilities, Martin Pitt
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues, please_reply_to_security
How to Report a Security Vulnerability to Microsoft, Microsoft Security Response Center
iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs
- RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, Larry Seltzer
Double Choco Latte Remote Code Execution, JeiAr
Pafiledb ACTION Parameter XSS, tom cruise
PunBB <= 1.2.4 - change email to become admin exploit, exploits@xxxxxxxxxxx
phpBB Upload Script "up.php" Arbitrary File Upload, Status-x
MDKSA-2005:069 - Updated gdk-pixbuf packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability, Mandrakelinux Security Team
MacOSX Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability, Marc Schoenefeld
Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, dcrab
- <Possible follow-ups>
- Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, Maksymilian Arciemowicz
MDKSA-2005:067 - Updated sharutils packages fix multiple vulnerabilities, Mandrakelinux Security Team
OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files, please_reply_to_security
UnixWare 7.1.4 : cdrecord local root exploit, please_reply_to_security
UnixWare 7.1.4 : libtiff Multiple vulnerabilities, please_reply_to_security
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free, please_reply_to_security
OpenServer 5.0.6 OpenServer 5.0.7 : termsh atcronsh auditsh environment buffer overflows, please_reply_to_security
Macromedia Security Bulletin - ColdFusion MX 6.1, Macromedia Security Zone
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14, Maksymilian Arciemowicz
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13, Maksymilian Arciemowicz
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability, iDEFENSE Labs
[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability, chewkeong
[ GLSA 200504-06 ] sharutils: Insecure temporary file creation, Luke Macken
[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module, Janek Vind
LiteCommerce Sql injection and reveling errors vulnerability, dcrab
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, John Cobb
- RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, Ravish Ahuja
- <Possible follow-ups>
- RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, John Cobb
iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability, iDEFENSE Labs
Cisco Security Advisory: Vulnerabilities in Cisco IOS Secure Shell Server, Cisco Systems Product Security Incident Response Team
[USN-108-1] GDK vulnerability, Martin Pitt
[ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client, Thierry Carrez
FreeBSD Security Advisory FreeBSD-SA-05:03.amd64, FreeBSD Security Advisories
Active Auction House has multiple Sql injection, error and XSS vulnerabilities, dcrab
OSX - trojan apps can bypass authentication controls and gain root privilages, bert
- Re: OSX - trojan apps can bypass authentication controls and gain root privilages, KF (lists)
Cisco Security Advisory: Vulnerabilities in the Internet Key Exchange Xauth Implementation, Cisco Systems Product Security Incident Response Team
runcms/e-xoops 1.1A and below file upload vulnerability, pokley
Microsoft Explorer Denial of Service, Luca Ercoli
- RE: Microsoft Explorer Denial of Service, Larry Seltzer
- <Possible follow-ups>
- Re: Microsoft Explorer Denial of Service, Des Ward
- Re: Microsoft Explorer Denial of Service, Luca Ercoli
drone armies C&C report - March/2005, Gadi Evron
[USN-109-1] MySQL vulnerability, Martin Pitt
[ GLSA 200504-05 ] Gaim: Denial of Service issues, Luke Macken
crontab from vixie-cron allows read other users crontabs, Karol Więsek
- Re: crontab from vixie-cron allows read other users crontabs, Richard Moore
- Re: crontab from vixie-cron allows read other users crontabs, David Malone
- Re: crontab from vixie-cron allows read other users crontabs, Gadi Evron
MailEnable Smtpd remote Dos [x0n3-h4ck], CorryL
iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS, iDEFENSE Labs
[OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd), OpenPKG
Sybase ASE Multiple Security Issues (#NISR05042005), NGSSoftware Insight Security Research
[USN-107-1] racoon vulnerability, Martin Pitt
[USN-106-1] Gaim vulnerabilities, Martin Pitt
Sanboxed browsing and authentication credentials, Max Moser
[USN-105-1] PHP4 vulnerabilities, Martin Pitt
SQL INJECTION in DLMan Pro. PHPBB Mod., rock master
iDEFENSE Labs Releases OllyDbg Breakpoint Manager, iDEFENSE Labs
TSLSA-2005-0011 - kernel, Trustix Security Advisor
FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile, FreeBSD Security Advisories
[SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3, sp3x
Logics Software BS2000 Host to Web Client ALL PLATFORMS, Román Ramírez
SQL INJECTION in LinksLinks Pro. PHPBB Mod., rock master
gzip TOCTOU file-permissions vulnerability, Imran Ghory
- Re: gzip TOCTOU file-permissions vulnerability, Martin Pitt
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin
  - Re: gzip TOCTOU file-permissions vulnerability, Peter J. Holzer
  - Re: gzip TOCTOU file-permissions vulnerability, Joey Hess
    - Re: gzip TOCTOU file-permissions vulnerability, psz
    - Re: gzip TOCTOU file-permissions vulnerability, Theodor Milkov
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin
- <Possible follow-ups>
- RE: gzip TOCTOU file-permissions vulnerability, Mark Senior
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin
  - Re: gzip TOCTOU file-permissions vulnerability, devnull
    - Re: gzip TOCTOU file-permissions vulnerability, Dmitry Yu. Bolkhovityanov
  - Re: gzip TOCTOU file-permissions vulnerability, Peter J. Holzer
  - Re: gzip TOCTOU file-permissions vulnerability, Scott Gifford
- Re: gzip TOCTOU file-permissions vulnerability, Steve Grubb
Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software, dcrab
RE: PayPal "security" measures, McAllister, Andrew
- Re: PayPal "security" measures, sh0rtie
- <Possible follow-ups>
- RE: PayPal "security" measures, McAllister, Andrew
phpMyAdmin Cross-site Scripting Vulnerability, Oriol Torrent Santiago
Disclosure of AS/400 user accounts via the FTP server, Shalom Carmel
[ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities, Thierry Carrez
SonicWALL SOHO/10 - XSS vulnerability, Oliver Karow
[USN-104-1] unshar vulnerability, Martin Pitt
[CLA-2005:946] Conectiva Security Announcement - MySQL, Conectiva Updates
ArGoSoft FTP Server is still vuln + PoC exploit code (IHSTeam), c0d3r
[SECURITY] [DSA 704-1] New remstats packages fix several vulnerabilities, Martin Schulze
Full path disclosure and XSS in PHPNuke, SecurityReason
[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, Maksymilian Arciemowicz
- Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, Paul Laudanski
- <Possible follow-ups>
- Re: Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, phpnuke
[SECURITY] [DSA 705-1] New wu-ftpd packages fix denial of service, Martin Schulze
Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit, class101@xxxxxxxxxxxxx
Local buffer overflow on Aeon<=0.2a, patr0n
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:021), Marcus Meissner
[ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display, Thierry Carrez
Yet Another Forum.net XSS vulnerabilities, maty siman
How to write remote exploits ( V. 1.1), Sumy
AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities, dcrab
MDKSA-2005:065 - Updated ImageMagick packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:066 - Updated grip packages fix vulnerability, Mandrakelinux Security Team
In-game server crash in Call of Duty 1.5b and United Offensive 1.51b, Luigi Auriemma
In-game server buffer-overflow in Jedi Academy 1.011, Luigi Auriemma
In-game players kicking in the Quake 3 engine, Luigi Auriemma
multiple remote denial of service vulnerabilities in Gaim, Jean-Yves Lefort
[ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows, Thierry Carrez
Information leak in the Linux kernel ext2 implementation, Arkoon Security Team
Solaris 10 Containers / Zones Security Flaw, jim allan
- Re: Solaris 10 Containers / Zones Security Flaw, Robert Escue
- Re: Solaris 10 Containers / Zones Security Flaw, Jonathan Katz
- <Possible follow-ups>
- Re: Solaris 10 Containers / Zones Security Flaw, jim allan
  - Re: Solaris 10 Containers / Zones Security Flaw, Darren Reed
(Paper) Programming: The Heart of Web Security, Sumy
DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal', KF (Lists)
[USN-103-1] Linux kernel vulnerabilities, Martin Pitt
Buffer Overflow within the RUMBA product, Bahaa Naamneh
[Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities, Hat-Squad Security Team
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities, iDEFENSE Labs
[SECURITY] [DSA 702-1] New ImageMagick packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution, Martin Schulze
Security holes in the iTunes Music Store, Charles M. Hannum
Reverse shell using netcat on AS/400, Shalom Carmel
- PayPal "security" measures, Jeremy Rasmussen
  - AW: PayPal "security" measures, Michael Rueve
    - Re: AW: PayPal "security" measures, David F. Russell
    - Re: AW: PayPal 'security' measures, mike
    - RE: AW: PayPal "security" measures, J B
    - Re: AW: PayPal "security" measures, Rainer Duffner
[HV-HIGH] Microsoft Jet DB engine vulnerabilities, vuln
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Thor (Hammer of God)
  - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Denis Jedig
    - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Thor (Hammer of God)
    - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Steve Shockley
      - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Son SonOfLilit
(PAPER) "Vision of danger: The Firefox Greasemonkey", Piotr Bania
RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole, Rager, Anton (Anton)
WindowsXP malformed .wmf files DoS, liquid
MDKSA-2005:063 - Updated htdig packages fix vulnerability, Mandrakelinux Security Team
Bay Technical Associates telnet server logon bypass, nolimit bugtraq
- Re: Bay Technical Associates telnet server logon bypass, Michael Brennen
MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability, Mandrakelinux Security Team
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities, dcrab
[ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information, Thierry Carrez
MDKSA-2005:064 - Updated libexif packages fix vulnerability, Mandrakelinux Security Team
[ GLSA 200503-36 ] netkit-telnetd: Buffer overflow, Thierry Carrez
Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System, Paul J Docherty
cPanel/WHM demo account problems, Richard Stanway
- Re: cPanel/WHM demo account problems, Beau Henderson
- <Possible follow-ups>
- Re: cPanel/WHM demo account problems, Darren
bzip2 TOCTOU file-permissions vulnerability, Imran Ghory
- <Possible follow-ups>
- Re: bzip2 TOCTOU file-permissions vulnerability, Steve Grubb
  - Re: bzip2 TOCTOU file-permissions vulnerability, Jason V. Miller
- Re: bzip2 TOCTOU file-permissions vulnerability, Steve Grubb
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution, Martin Schulze
[CLA-2005:945] Conectiva Security Announcement - kernel, Conectiva Updates
Multiple sql injection, and xss vulnerabilities in Pay pal Storefront, Diabolic Crab
PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability, dcrab
[SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability, Martin Schulze
[ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack, Cisco Systems Product Security Incident Response Team
MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability, Mandrakelinux Security Team
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team
Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Kurt Seifried
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Chris Paget
- <Possible follow-ups>
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
Multiple phpCoin Vulnerabilities, GulfTech Security Research
abuse & security issues > Israel, Gadi Evron
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities, PersianHacker Team
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution, Martin Schulze
Code insertion in Blogger comments, Antone Roundy
- <Possible follow-ups>
- Code insertion in Blogger comments, Antone Roundy
Multiple sql injection, and xss vulnerabilities in PortalApp, dcrab
Invision Power Board v2.0.3 XSS vulnerabilities, hoang yen
- RE: Invision Power Board v2.0.3 XSS vulnerabilities, alex
Multiple sql injection, and xss vulnerabilities in AspApp, dcrab
directory traversal in FastStone 4in1 Browser 1.2, Donato Ferrante
MITKRB5-SA-2005-001: buffer overflows in telnet client, Tom Yu
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution, Martin Schulze
[USN-102-1] shar vulnerabilities, Martin Pitt
THai's Shoutbox XSS (Spoofing URL) BUG, CorryL
[SECURITY] [DSA 698-1] New mc packages fix buffer overflow, Martin Schulze
DoS of LAN via D-Link switches, Frank Bures
- RE: DoS of LAN via D-Link switches, David Gillett
  - Re: DoS of LAN via D-Link switches, Tarmo Mamers
    - Re: DoS of LAN via D-Link switches, Neil Watson
      - Re: DoS of LAN via D-Link switches, Joel Maslak
      - Re: DoS of LAN via D-Link switches, Scott Nelson
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software, dcrab
phishing sites report - March/2005, Gadi Evron
- Re: phishing sites report - March/2005, Paul Laudanski
  - Re: phishing sites report - March/2005, Gadi Evron
  - possible privilege escalation on Sco OpenServer 5.0.7, pasquale minervini
Multiple XSS issues in Sun AnswerBook2, B00B00
Multiple XSS vulnerabilities in ACS Blog, Dan Crowley
- <Possible follow-ups>
- Multiple XSS vulnerabilities in ACS Blog, Dan Crowley
[USN-101-1] telnet vulnerabilities, Martin Pitt
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab
- <Possible follow-ups>
- Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab
local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5, advisories
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab
- RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., GulfTech Security Research
- <Possible follow-ups>
- Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab
Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0, dcrab
Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others), Luigi Auriemma
[ GLSA 200503-34 ] mpg321: Format string vulnerability, Sune Kloppenborg Jeppesen
[CLA-2005:942] Conectiva Security Announcement - ethereal, Conectiva Updates
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, iDEFENSE Labs
- Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Solar Designer
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Tavis Ormandy
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Ga=EBl?= Delalleau
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability, iDEFENSE Labs
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet, FreeBSD Security Advisories
Brute-Force scanning the entire 32-bit IP space using Javascript., cyber_flash
Re: smail remote and local root holes (no, not really ;-), Greg A. Woods
- Re: smail remote and local root holes (no, really ;-), sean
- Re: smail remote and local root holes (really, it is exploitable), sean
File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition, dcrab
QuickTime malformed JPEG buffer overflow, liquid
AS/400 LDAP user accounts disclosure, Shalom Carmel
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Gerardo Astharot Di Giacomo
- Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Paul Laudanski
phpbb 2.0.13 Exploit (bug), tOnk3r
TCP timestamp & advanced fingerprinting, Erwan Arzur
- <Possible follow-ups>
- RE: TCP timestamp & advanced fingerprinting, Bruce Klein
  - Re: TCP timestamp & advanced fingerprinting, Erwan Arzur
[ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service, Matthias Geerdsen
[ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez
[FLSA-2005:2268] Updated spamassassin package fixes security issues, Marc Deslauriers
[FLSA-2005:2129] Updated mysql packages fix security issues, Marc Deslauriers
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev
[FLSA-2005:2155] Updated sharutils package fixes security issues, Marc Deslauriers
Netcomm 1300NB DSL Modem Denial of Service, Chris Rock
smail remote and local root holes, sean
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit, rexolab
phpMyDirectory 10.1.3-rel Cross site scripting, mircia mircia
Security Flaw with Digital signatures in Microsoft Outlook, Roberto Franceschetti
- RE: Security Flaw with Digital signatures in Microsoft Outlook, Adrian Floarea
- Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Erwann ABALEA
  - RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Lyal Collins
- Re: Security Flaw with Digital signatures in Microsoft Outlook, Anthony G. Atkielski
- <Possible follow-ups>
- Re: Security Flaw with Digital signatures in Microsoft Outlook, dori
Which anti-spyware cleaner is the best?, Paul Laudanski
LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1, Matt Hargett
[ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability, Thierry Carrez
[ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack, Thierry Carrez
Secure Science issues preview of their upcoming block cipher, BugTraq
- Re: Secure Science issues preview of their upcoming block cipher, Adam Shostack
  - Re: Secure Science issues preview of their upcoming block cipher, Jerrold Leichter
    - Re: Secure Science issues preview of their upcoming block cipher, Ralf-Philipp Weinmann
  - Re: Secure Science issues preview of their upcoming block cipher, David Covin
  - Re: Secure Science issues preview of their upcoming block cipher, devnull
[USN-99-2] Fixed php4 packages for USN-99-1, Martin Pitt
[USN-100-1] cdrecord vulnerability, Martin Pitt
SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019), Marcus Meissner
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018), Marcus Meissner
Oracle Reports Server 10g Vulnerable to XSS, Paolo Paolo
Firescrolling 2 [Firefox 1.0.1], mikx
- Re: Firescrolling 2 [Firefox 1.0.1], John Madden
Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering), Peter J. Holzer
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB, Alberto Trivero
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11, Maksymilian Arciemowicz
Vortex Portal, Francisco Alisson
Interspire ArticleLive 2005 (php version) is vulnerable to XSS, mircia mircia
- <Possible follow-ups>
- Re: Interspire ArticleLive 2005 (php version) is vulnerable to XSS, eddie
Notacon: Apr. 8-10, 2005 in Cleveland, OH, Froggy
SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017), Marcus Meissner
Backdoors in AS/400 emulations allow the server to attack connected PC workstations, Shalom Carmel
[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities, chewkeong
Security Development Lifecycle Whitepaper Available, Michael Howard
root-equivalent groups, psz
RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom
- Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, Peter J. Holzer
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, Chris Wysopal
- <Possible follow-ups>
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, Simple Nomad
    - Re: Details of Sybase ASE bugs withheld, Jay Libove
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, http-equiv@xxxxxxxxxx
osCommerce File Manager Directory Traversal Vulnerability, Megasky
- Re: osCommerce File Manager Directory Traversal Vulnerability, Aikanáro Calaelen
Black Hat Briefings & Trainings: Registration now open!, Jeff Moss
- <Possible follow-ups>
- Black Hat Briefings & Trainings: Registration now open!, Jeff Moss
Nortel VPN Client Issue: Clear-text password stored in memory, Roy Hills
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability, Alexander Anisimov
Possible windows+python bug, liquid
- Re: Possible windows+python bug, Neil Schemenauer
- <Possible follow-ups>
- Re: Possible windows+python bug, azurIt
  - Re: Possible windows+python bug, Kinnell
  - RE: Possible windows+python bug, Peter Oswald
- Re: Possible windows+python bug, liquid
[SECURITY] [DSA 696-1] New perl packages fix privilege escalation, Martin Schulze
RUXCON 2005 Call for Papers, RUXCON Call for Papers
Mac OSX[CF_CHARSET_PATH]: local root exploit., Vade 79
Kayako eSupport Cross Site Scripting, GulfTech Security Research
MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities, Mandrakelinux Security Team
Re: [ISN] How To Save The Internet, Jason Coombs
- RE: [ISN] How To Save The Internet, David Gillett
- <Possible follow-ups>
- Re: [ISN] How To Save The Internet, Jason Coombs
  - Re: [ISN] How To Save The Internet, Thor (Hammer of God)
- RE: [ISN] How To Save The Internet, Arndt . WA
  - Re: [ISN] How To Save The Internet, Derek Martin
SecurityForest Exploitation Framework Beta has been released!, Alon Swartz
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability, iDefense Customer Service
New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann (NGS)
- Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity)
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann
    - Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity)
- Re: New Whitepaper: Anti Brute Force Resource Metering, Peter J. Holzer
- <Possible follow-ups>
- Re: New Whitepaper: Anti Brute Force Resource Metering, Jason W
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Joachim Schipper
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Luca Berra
Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research
- Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, David Litchfield
    - Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
- <Possible follow-ups>
- RE: Details of Sybase ASE bugs withheld, Evans, Arian
[ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows, Thierry Carrez
[ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities, Thierry Carrez
phpMyFamily 1.4.0 SQL vulnerabilities, kreon
- <Possible follow-ups>
- phpMyFamily 1.4.0 SQL vulnerabilities, kre0n
-==PVDasm Long Name Debug Vulnerability==-, HaCkZaTaN
Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
- <Possible follow-ups>
- Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, BoneMachine
- Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Scrimsher, John P
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities, Martin Schulze
TSL-2005-0009 - multi, Trustix Security Advisor
2 vulnerabilities in BetaParticle, farhad koosha
[CLA-2005:940] Conectiva Security Announcement - curl, Conectiva Updates
-==CoolForum Path Disclosure & Possible SQL Injection==-, HaCkZaTaN
[ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow, Luke Macken
[ GLSA 200503-24 ] LTris: Buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200503-23 ] rxvt-unicode: Buffer overflow, Sune Kloppenborg Jeppesen
OllyDbg long process Module debug Vulnerability, ATmaCA ATmaCA
[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, PersianHacker Team
- <Possible follow-ups>
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
- Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
Ciamos Highlight.php Security Hole(IHS), Majid NT
Ciamos Installation path(IHS), Majid NT
[ GLSA 200503-22 ] KDE: Local Denial of Service, Sune Kloppenborg Jeppesen
IceCast up to v2.20 multiple vulnerabilities, Patrick
[phpbb <= 2.0.13 full path disclosure & directory listing], JoCaNoR SeCuRiTy TeaM
- RE: [phpbb <= 2.0.13 full path disclosure & directory listing], Paul S. Owen
Java Web Start argument injection vulnerability, Jouko Pynnonen
- RE: Java Web Start argument injection vulnerability, James C Slora Jr
PHP-Post Exploit, Terencentanio Enache
runcms highlight.php hole, Majid NT
- <Possible follow-ups>
- runcms highlight.php hole, Security Lists
runcms installation path, Majid NT
[USN-99-1] PHP4 vulnerabilities, Martin Pitt
Social Engineering: You Have Been A Victim, Paul Laudanski
- Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Ron DuFresne
possible SQL injection in Subdreamer, GHC team
- <Possible follow-ups>
- Re: possible SQL injection in Subdreamer, ziad
myPHP Forum v1, 2 & 3, Terencentanio Enache
[PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability, PersianHacker Team
Security Contact at RSA?, Gary O'leary-Steele
Cain & Abel PSK Sniffer Heap overflow, Gary O'leary-Steele
Linux ISO9660 handling flaws, Michal Zalewski
- Re: Linux ISO9660 handling flaws, Dan Yefimov
Kevin Walsh: LimeWire Gnutella client two vulnerabilities, Ill will
LLSSRV Redux, Dave Aitel
[USN-98-1] OpenSLP vulnerabilities, Martin Pitt
Another includer.cgi problem?, cout
MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities, Mandrakelinux Security Team
PHP mcNews arbitrary file inclusion, Jonathan Whiteley
XSS in ACS blog, farhad koosha
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability, Hongzhen Zhou
[CLA-2005:937] Conectiva Security Announcement - cyrus-imapd, Conectiva Updates
See-security Advisory: Format string vulnerability in MailEnable 1.8, a a
[ GLSA 200503-21 ] Grip: CDDB response overflow, Luke Macken
MDKSA-2005:059 - Updated evolution packages fix crasher, Mandrakelinux Security Team
LLSSRV Clarifications <Immunity>, Dave Aitel
Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT], cybertronic
[USN-96-1] mySQL vulnerabilities, Martin Pitt
[ GLSA 200503-19 ] MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability, Piotr Bania
[ GLSA 200503-20 ] curl: NTLM response buffer overflow, Sune Kloppenborg Jeppesen
Servers Alive: Local Privilege Escalation, Michael Starks
ASPjar Tell-a-Friend, farhad koosha
[USN-97-1] libxpm vulnerability, Martin Pitt
PlatinumFTPserver format string vulnerability ( IHSTeam ), c0d3r
- Re: PlatinumFTPserver format string vulnerability ( IHSTeam ), Gary H. Jones II
[CLA-2005:934] Conectiva Security Announcement - kdenetwork, Conectiva Updates
SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016), Marcus Meissner
MDKSA-2005:057 - Updated gnupg packages fix vulnerability, Mandrakelinux Security Team
Multiple KDE Security Advisories (2005-03-16), Waldo Bastian
MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities, Mandrakelinux Security Team
GoodTech Telnet Server Buffer Overflow Vulnerability, Komrade
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa
  - Message not available
    - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa
      - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Tomasz Papszun
- <Possible follow-ups>
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, bipin gautam
[ISR] - Novell iChain Mini FTP Server Bruteforce Problem, Francisco Amato
UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities, Thierry Carrez
[USN-95-1] Linux kernel vulnerabilities, Martin Pitt
[ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability, Luke Macken
Denial of Service Vulnerability in MySQL Server for Windows, Luca Ercoli
- <Possible follow-ups>
- RE: Denial of Service Vulnerability in MySQL Server for Windows, BugTrap
[ISR] Insecure communication and Reproduce the Session authentication, Francisco Amato
[ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability, Francisco Amato
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability, Francisco Amato
Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access, Virginity Security
Few remote bugs in zPanel, Mik-
- <Possible follow-ups>
- Re: Few remote bugs in zPanel, Kris Anderson
SAV9 Functionality Hole - misses virus files, me3
- Re: SAV9 Functionality Hole - misses virus files, Harry Hoffman
- Re: SAV9 Functionality Hole - misses virus files, Ben Blakely
- RE: SAV9 Functionality Hole - misses virus files, batchelornpe
- <Possible follow-ups>
- RE: SAV9 Functionality Hole - misses virus files, Polazzo Justin
- RE: SAV9 Functionality Hole - misses virus files, Dewyngaert Brian Contr ANG/C4
- SAV9 Functionality Hole - misses virus files, secure
- Re: SAV9 Functionality Hole - misses virus files, patrickwm71
- Re: SAV9 Functionality Hole - misses virus files, secure
phpbb cookie admin access, pureone
phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit, bad boy
Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- Message not available
  - Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- <Possible follow-ups>
- Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Thierry Zoller
PlantinumFTP server <= 1.0.18 Remote DOS exploit, Exoduks
- Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit, Gary H. Jones II
html code include in phpnuke news crash IE 6, WoRmZ Web
- Re: html code include in phpnuke news crash IE 6, Berend-Jan Wever
Not SQL injection and XSS in paFileDB?, saudi linux
iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, iDEFENSE Labs
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow', Kevin Finisterre
"Drop to STARTUP Folder II" published on 2005/02/08, Liu Die Yu
YaBB2 rc1 XSS, alireza hassani
[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9, Maksymilian Arciemowicz
3 XSS Vulnerabilities in Phorum <= 5.0.14, Jon Oberheide
Ethereal 0.10.9 and below remote root exploit, Diego Giagio
...::: hotforum.nl XSS exploit :::..., Rebyte Security
Master RPC program number data base (/etc/rpc), Eilon Gishri
SimpGB SQL Injection Vulnerability, Alexander Müller
[XSS] paBox 2.0, Rift
[ZH2005-02SA] Insecure tmp file creation in Wine, Giovanni Delvecchio
[HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit, class 101
New Version of WinBlox is Available, Liu Die Yu
LimeWire Gnutella client two vulnerabilities, Kevin Walsh
[SECURITY] [DSA 693-1] New luxman packages fix local root exploit, Martin Schulze
SUSE Security Announcement: openslp (SUSE-SA:2005:015), Sebastian Krahmer
[CLA-2005:933] Conectiva Security Announcement - gaim, Conectiva Updates
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression, Martin Schulze
[ GLSA 200503-17 ] libexif: Buffer overflow vulnerability, Luke Macken
Ethereal remote buffer overflow #2, LSS Security
Av issues, Bipin Gautam
- <Possible follow-ups>
- RE: Av issues, David Webster
  - Re: Av issues, Thierry Zoller
    - Re: Av issues, Yves Belle-Isle
- Re: Av issues, bipin gautam
KnowledgeBase, Francisco Alisson
aeNovo Database Content Disclosure Vulnerability, farhad koosha
Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access, Virginity Security
[SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB, SecurityReason
PlatinumFTP 1.0.18 remote DoS, ports
- <Possible follow-ups>
- Re: PlatinumFTP 1.0.18 remote DoS, info
Mysql CREATE FUNCTION libc arbitrary code execution., Stefano Di Paola
[ GLSA 200503-15 ] X.org: libXpm vulnerability, Matthias Geerdsen
summercon looking for speakers, louis
Mysql CREATE FUNCTION mysql.func table arbitrary library injection, Stefano Di Paola
[badroot.org] The Includer remote commands execution exploit, Federico Ozak
- <Possible follow-ups>
- [badroot.org] The Includer remote commands execution exploit, mozako
PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities, Igor Franchuk
[SECURITYREASON.COM] SQL injection and XSS in paFileDB, SecurityReason
[ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities, Luke Macken
[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8], Maksymilian Arciemowicz
Security Masters Dojo, Dragos Ruiu
UBB.threads 6 SQL Injection, kre0n
iDownload/iSearch responds to Spyware Critics, Paul Laudanski
- Re: iDownload/iSearch responds to Spyware Critics, bkfsec
Wfsection 1.07 vulnerabilities, kreon
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability, iDEFENSE Labs
XCode 1.5 and distcc 2.x Exploit, Ray Slakinski
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., Bipin Gautam
- <Possible follow-ups>
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., secure
[Updated][FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers
Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability, Marc Maiffret
[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS), Boren, Rich (SSRT)
[USN-94-1] Perl vulnerability, Martin Pitt
RE: Ethereal remote buffer overflow - addon, LSS Security
[USN-93-1] Squid vulnerability, Martin Pitt
[FLSA-2005:2404] Updated less package fixes security issue, Marc Deslauriers
Ethereal remote buffer overflow, LSS Security
- Re: Ethereal remote buffer overflow, Gerald Combs
- Re: Ethereal remote buffer overflow, Diego Giagio
[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak, Martin Schulze
failles dans ProjectBB v0.4.5.1, [hacktinium]@securityfocus.com@xxxxxxxxxxxxxxxxxxxxx
ArGoSoft FTP Server 1.4.2.8 Buffer Overflow, CorryL
Multiple vulnerabilities in paFileDB, sp3x
[CLA-2005:931] Conectiva Security Announcement - squid, Conectiva Updates
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation, pokley
PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.), Altrus Wollesen
Multiples Vulnerabilities, Francisco Alisson
iDEFENSE Labs Releases IDA RPC Enumerator, iDEFENSE Labs
UnixWare 7.1.4 : squid updated package fixes several security issues, please_reply_to_security
Hosting Controller Multiple Unauthenticated information disclose, small mouse
UnixWare 7.1.4 : Samba multiple security issues, please_reply_to_security
[ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation, Sune Kloppenborg Jeppesen
[USN-92-1] LessTif vulnerabilities, Martin Pitt
phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx), Filip Groszynski
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx), Filip Groszynski
[CLA-2005:930] Conectiva Security Announcement - kernel, Conectiva Updates
- Argeniss - Oracle Database Server Directory transversal, Cesar
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow, tal zeltzer
drone armies C&C report - Feb/2005, Gadi Evron
PHP-FUSION 5.* XSS VULNERABILITY, FireSt0rm
phpBB 2.0.13 - user level exploit, Some one
vBulletin Worm - perl.Santy variant, The Prohacker
PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit, mozako
Remote Testing SocialMPN Remote File Inclusion by y3dips, echo staff
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
  - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Ryan Cummings
    - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
Gene6 FTP Server Local Privilege Escalation Vulnerability, Sowhat
- <Possible follow-ups>
- Re: Gene6 FTP Server Local Privilege Escalation Vulnerability, Matthieu
thoughts and a possible solution on homograph attacks, Michael Roitzsch
- Re: thoughts and a possible solution on homograph attacks, Michael Silk
- Re: thoughts and a possible solution on homograph attacks, Kevin Day
  - Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov
    - Re: thoughts and a possible solution on homograph attacks, Michael Roitzsch
  - Re: thoughts and a possible solution on homograph attacks, Denis Jedig
- Re: thoughts and a possible solution on homograph attacks, James Youngman
- Re: thoughts and a possible solution on homograph attacks, Thomas Wana
- Re: thoughts and a possible solution on homograph attacks, Benjamin Franz
- Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks, Scovetta, Michael V
  - Re: thoughts and a possible solution on homograph attacks, Mike Nice
  - Re: houghts and a possible solution on homograph attacks, Sven Putteneers
    - Re: houghts and a possible solution on homograph attacks, Nick FitzGerald
      - Re: Thoughts and a possible solution on homograph attacks, Paul Smith
        
        Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri
        
        Re: Thoughts and a possible solution on homograph attacks, Valdis . Kletnieks
        
        Re: Thoughts and a possible solution on homograph attacks, khockenb
        
        Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri
- Re: Thoughts and a possible solution on homograph attacks, Duncan Simpson
  - Re: Thoughts and a possible solution on homograph attacks, Nick FitzGerald
phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, thephuket
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]