Bugtraq

Date Index

[Prev Page][Next Page]

Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, (continued)
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat
[USN-91-1] EXIF library vulnerability, Martin Pitt
CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow, CIRT Advisory
[Hat-Squad] Computer-Associates, License Manager POC Exploit, Hat-Squad Security Team
Real Realplayer 10 .smil local buffer overflow POC, nolimit bugtraq
[FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers
[FLSA-2005:1748] Updated subversion packages fix security issues, Marc Deslauriers
[ GLSA 200503-12 ] Hashcash: Format string vulnerability, Thierry Carrez
- <Possible follow-ups>
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Adam Back
[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability, Thierry Carrez
[SECURITY] [DSA 691-1] New abuse packages fix local root exploit, Martin Schulze
[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability, Luke Macken
Windows Server 2003 and XP SP2 LAND attack vulnerability, Dejan Levaja
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Jon O.
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Patrick Chipman
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miroslav Kubik
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, killer_loop@xxxxxxxx
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, exon
- <Possible follow-ups>
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, paul14075
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Grndahl
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, caldcv
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Detection Services - IS Security
  - RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miguel Angel Rodríguez Jódar
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Evans, Arian
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Daniel Cross
MDKSA-2005:050 - Updated gftp packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:048 - Updated curl packages fix vulnerability, Mandrakelinux Security Team
PaX privilege elevation security bug, pageexec
LOOKNMEET HTML INJECT EXPLOIT, Wesley aka PPC
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Wesley aka PPC
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Matthias
Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora
- Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Trog
  - Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora
[ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities, Thierry Carrez
[ GLSA 200503-09 ] xv: Filename handling vulnerability, Thierry Carrez
[ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows, Thierry Carrez
-==phpBB 2.0.13 Full path disclosure==-, HaCkZaTaN
PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx), Filip Groszynski
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx), Filip Groszynski
GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Frank Denis (Jedi/Sector One)
- <Possible follow-ups>
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou
PHP News <= 1.2.4 - Remote File Inclusion Exploit, mozako
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200503-06 ] BidWatcher: Format string vulnerability, Sune Kloppenborg Jeppesen
My-forum.org cookies vulnerability - data bug, Black Angel
Microsoft Antispyware Beta window docking issue, Jeroen van Rijn
- Re: Microsoft Antispyware Beta window docking issue, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
TYPO3 SQL Injection vunerabilitie, Fabian Becker
- Re: TYPO3 SQL Injection vunerabilitie, Sebastian Wolfgarten
  - RE: TYPO3 SQL Injection vunerabilitie, GulfTech Security Research
  - Re: TYPO3 SQL Injection vunerabilitie, Michael Shigorin
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability, Michael Shigorin
- <Possible follow-ups>
- Re: TYPO3 SQL Injection vunerabilitie, Dennis Shewmaker
- Re: TYPO3 SQL Injection vunerabilitie, Michael Stucki
- Re: TYPO3 SQL Injection vunerabilitie, Karsten Dambekalns
[CLA-2005:928] Conectiva Security Announcement - clamav, Conectiva Updates
[XSS] paBox 1.6, Rift
Microsoft AntiSpyware Beta and Windows Scripting Host, Joe Stocker
- RE: Microsoft AntiSpyware Beta and Windows Scripting Host, alex cottle
Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Paisterist
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, vzmule
- <Possible follow-ups>
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Some one
[USN-90-1] Imagemagick vulnerability, Martin Pitt
[SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access, Boren, Rich (SSRT)
EEYE: Computer Associates License Manager Remote Vulnerabilities, Karl Lynn
iDEFENSE Labs Releases IDA Sync, iDEFENSE Labs
Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities, Kristof Philipsen
Golden Ftp server 1.29 Username remote Buffer Overflow, Carlos Ulver
[ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities, Thierry Carrez
Vulnerabilities in Aura CMS, echo staff
[FLSA-2005:2314] Updated XFree86 packages fix security flaws, Dominic Hargreaves
Foxmail server "USER" command Multiple remote buffer overflow, Xin Ouyang
RealOne Player / Real .WAV Heap Overflow File Format Vulnerability, Mark Litchfield
[CLA-2005:926] Conectiva Security Announcement - mod_python, Conectiva Updates
License Patches Are Now Available To Address Buffer Overflows, Williams, James K
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow, iDEFENSE Labs
[USN-87-1] Cyrus IMAP server vulnerability, Martin Pitt
[USN-86-1] cURL vulnerability, Martin Pitt
[USN-88-1] reportbug information disclosure, Martin Pitt
[USN-89-1] XML library vulnerabilities, Martin Pitt
[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200503-02 ] phpBB: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure, Thierry Carrez
[ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues, Sune Kloppenborg Jeppesen
PHP News <= 1.2.4 - Remote File Inclusion (VXSfx), Filip Groszynski
iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability, Michael Sutton
[ GLSA 200503-01 ] Qt: Untrusted library search path, Sune Kloppenborg Jeppesen
Forumwa search.php xss vulnerability, Raven
Software PBLang 4.63 sendpm.php reply file read vulnerability, Raven
Software PBLang 4.63 delpm.php authentication vulnerability, Raven
[KDE Security Advisory] kppp Privileged fd Leak Vulnerability, Dirk Mueller
427BB profile.php XSS vulnerability., Raven
- <Possible follow-ups>
- 427BB profile.php XSS vulnerability., Raven
OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP, please_reply_to_security
phpBB <= 2.0.12 UID Exploit, federico gonzales
- Re: phpBB <= 2.0.12 UID Exploit, Nicob
IObjectSafety and Internet Explorer, Shane Hird
Kernelpanik Labs Digest 2005-2, Kernelpanik Labs - Security Lists
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities, chewkeong
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], JoCaNoR SeCuRiTy TeaM
- <Possible follow-ups>
- Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Maksymilian Arciemowicz
- [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Jose Pedro Andres
iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability, iDEFENSE Labs
Badblue HTTP Server Exploit, Miguel Tarascó Acuña
Firefox Software Update, Kai Howells
- Re: Firefox Software Update, Michael Hampton
  - Re: Firefox Software Update, Stan Bubrouski
- Re: Firefox Software Update, Matt Venzke
- Re: Firefox Software Update, Beau Henderson
- Re: Firefox Software Update, Adam Kane
  - Re: Firefox Software Update, Kai Howells
    - Re: Firefox Software Update, Gilles DEMARTY
- Re: Firefox Software Update, Kurt Seifried
  - Re: Firefox Software Update, Rainer Duffner
[SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1, Maksymilian Arciemowicz
- Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1, Linux php
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2, Maksymilian Arciemowicz
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3, Maksymilian Arciemowicz
[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage, Hat-Squad Security Team
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, iDEFENSE Labs
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, Miles Beck
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, dveditz
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein, robert
7a69Adv#22 - UNIX unzip keep setuid and setgid files, Albert Puigsech Galicia
- Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, John Simpson
  - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, Han Boetes
    - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, devnull
    - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, exon
[ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability, Thierry Carrez
Mozilla Firefox 1.0.1 Javascript Images are Draggable, Paul
- Re: Mozilla Firefox 1.0.1 Javascript Images are Draggable, Jay D. Dyson
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Paul
- Re: Office 10 applications & flashdrives can be used to browse restricted drives, Jay D. Dyson
  - Re: Office 10 applications & flashdrives can be used to browse restricted drives, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
    - Re: Office 10 applications & flashdrives can be used to browse restricted drives, Jay D. Dyson
Knet <= 1.04c Buffer Overflow Bug, CorryL
-==phpBB 2.0.12 Full path disclosure==-, HaCkZaTaN
CIS WebServer Directory Traversal Bug, CorryL
iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, iDEFENSE Labs
- Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, Stan Bubrouski
- Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, Rainer Schöpf
[USN-85-1] Gaim vulnerabilities, Martin Pitt
[FLSA-2005:2336] Updated kernel packages fix security issues, Marc Deslauriers
AW: phpWebSite-0.10.0_exploit, webmaster
CFP: WORM 2005, David Moore
Announce: RSBAC v1.2.4 released, Amon Ott
[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution, Martin Schulze
Firescrolling [Firefox 1.0], mikx
- <Possible follow-ups>
- RE: Firescrolling [Firefox 1.0], Beauford, Jason
  - Re: Firescrolling [Firefox 1.0], btrq
  - Re: Firescrolling [Firefox 1.0], Stan Bubrouski
- RE: Firescrolling [Firefox 1.0], Eric McCarty
phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN.
- <Possible follow-ups>
- phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN
[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4, Maksymilian Arciemowicz
- Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion, Calum Power
[FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws, Marc Deslauriers
[FLSA-2005:2343] Updated vim packages fix security issues, Marc Deslauriers
phpWebSite-0.10.0_exploit, tjomka
[FLSA-2005:2043] Updated zlib package fixes security issues, Marc Deslauriers
MDKSA-2005:047 - Updated squid packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:046 - Updated uim packages fix vulnerability, Mandrakelinux Security Team
Multiple vulns in punBB, John Gumbel
In-game cl_guid crash in Soldier of Fortune II 1.03, Luigi Auriemma
[Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access, Boren, Rich (SSRT)
Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities, Cisco Systems Product Security Incident Response Team
iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability, iDEFENSE Labs
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, Walton, John Michael (John)
- <Possible follow-ups>
- RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, PASTOR ADRIAN
- RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, Walton, John Michael (John)
Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com, Josh884
Office 10 applications & flashdrives can be used to browse restricted drives, Discini, Sonny
- Re: Office 10 applications & flashdrives can be used to browse restricted drives, Denis Jedig
[Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue], Maciej Bogucki
Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594], Arnaud Spicht
Robustness patch for TWiki, vulnerability in ImageGalleryPlugin, Florian Weimer
[ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities, Matthias Geerdsen
Incorrect Classification of iDownload's Product as Spyware..., Paul Laudanski
- <Possible follow-ups>
- RE: Incorrect Classification of iDownload's Product as Spyware..., Roger A. Grimes
[SECURITY] [DSA 689-1] New mod_python packages fix information leak, Martin Schulze
[SECURITY] [DSA 688-1] New squid packages fix denial of service, Martin Schulze
Software PBLang 4.65 pm.php XSS vulnerability, Raven
Software PBLang 4.65 pmpshow.php XSS vulnerability, Raven
Software PBLang 4.65 search.php XSS vulnerability, Raven
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability, iDEFENSE Labs
Cross Site Scripting exploitation via malformed files, Jerome ATHIAS
- <Possible follow-ups>
- Re: Cross Site Scripting exploitation via malformed files, http-equiv@xxxxxxxxxx
paNews v2.0b4 - PHP Injection, tjomka
[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection, pokley
The WebConnect 6.4.4 and 6.5 contains several vulnerabilities, CIRT Advisory
[NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection, John Cobb
SD Server 4.0.70 Directory Traversal Bug, CorryL
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability, iDEFENSE Labs
Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, m123303
- Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, grutz
phpBB 2.0.12 released, Snapdragon
- Re: phpBB 2.0.12 released, bcl
  - Re: phpBB 2.0.12 released, bcl
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 02.21.05: Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities, iDEFENSE Labs
[ GLSA 200502-28 ] PuTTY: Remote code execution, Luke Macken
[FLSA-2005:1944] GNOME VFS updates address extfs vulnerability, Marc Deslauriers
[FLSA-2005:1945] Updated sox packages fix buffer overflows, Marc Deslauriers
[FLSA-2005:2058] Updated cdrtools packages fix a security issue, Marc Deslauriers
[USN-84-1] Squid vulnerabilities, Martin Pitt
Windows Firewall Has A Backdoor, Jay Calvert
- Re: Windows Firewall Has A Backdoor, Chris Wysopal
- RE: Windows Firewall Has A Backdoor, Chris Goodwin
- Re: Windows Firewall Has A Backdoor, Thor (Hammer of God)
- <Possible follow-ups>
- RE: Windows Firewall Has A Backdoor, Thor Larholm
ADP Elite System Max 9000 Series Login Vulnerability, rootfiend
Gigafast/CompUSA router (model EE400-R) vulnerabilities, Gary H. Jones II
Arkeia Network Backup Client Remote Access, H D Moore
- Re: Arkeia Network Backup Client Remote Access, Vincent Archer
- Re: Arkeia Network Backup Client Remote Access, H D Moore
- <Possible follow-ups>
- Re: Arkeia Network Backup Client Remote Access, Arnaud Spicht
[SECURITY] [DSA 674-3] New mailman packages really fix several vulnerabilities, Martin Schulze
Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability, Andres Tarasco
Knox Arkeia remote root/system exploit, John Doe
- Re: Knox Arkeia remote root/system exploit, H D Moore
- <Possible follow-ups>
- Re: Knox Arkeia remote root/system exploit, Arnaud Spicht
3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow, class 101
Thomson TCW690 POST Password Validation Vulnerability, MurDoK
cfengine rsa heap remote exploit: part of PTjob project, yan feng
[FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities, Dominic Hargreaves
webfsd fun. opensource is god .lol windows, yan feng
[Hat-Squad] Findjmp2 Tool, Hat-Squad Security Team
exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit, yan feng
[ GLSA 200502-27 ] gFTP: Directory traversal vulnerability, Matthias Geerdsen
Multiples vulnerability in ZeroBoard,, albanian haxorz
Joint encryption?, John Richard Moser
- Re: Joint encryption?, Damian Menscher
  - Re: Joint encryption?, John Richard Moser
- Re: Joint encryption?, Casper . Dik
  - Re: Joint encryption?, John Richard Moser
    - Re: Joint encryption?, Robert C. Helling
- Re: Joint encryption?, devnull
  - Re: Joint encryption?, John Richard Moser
    - Re: Joint encryption?, peter zulu
- Re: Joint encryption?, Gandalf The White
- RE: Joint encryption?, David Schwartz
  - Re: Joint encryption?, John Richard Moser
- Re: Joint encryption?, Valdis . Kletnieks
  - Re: Joint encryption?, John Richard Moser
- Re: Joint encryption?, Ruud H.G. van Tol
Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins, headpimp
MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities, Mandrakelinux Security Team
[ GLSA 200502-25 ] Squid: Denial of Service through DNS responses, Sune Kloppenborg Jeppesen
MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
Multiple vulnerabilities in TrackerCam 5.12, Luigi Auriemma
Adobe Reader invalid root page node Count value DOS, Hongzhen Zhou
Combining Hashes, Kent Borg
- Re: Combining Hashes, unmanarc
  - Re: Combining Hashes, Ivan Krstic
  - Re: Combining Hashes, Frank Knobbe
- Re: [lists] Combining Hashes, Elliott Bäck
- Re: Combining Hashes, Felix Cuello
  - Re: Combining Hashes, Joel Maslak
- Re: Combining Hashes, exon
MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities, Mandrakelinux Security Team
3com 3CDaemon FTP "USER" Remote BOverflow POC, Hat-Squad Security Team
[ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability, Sune Kloppenborg Jeppesen
MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
[SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability, Martin Schulze
MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
BizMail 2.1 Spam Exploit, Jason Frisvold
- Re: BizMail 2.1 Spam Exploit, Jason Frisvold
Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+, Vade 79
[USN-66-2] PHP vulnerability, Martin Pitt
[USN-78-2] Fixed mailman packages for USN-78-1, Martin Pitt
Phishing hole found in IE and OE, Jay Calvert
- Re: Phishing hole found in IE and OE, Greg Merideth
- Re: Phishing hole found in IE and OE, David Nichols
  - Re: Phishing hole found in IE and OE, cyberpixl
iDEFENSE Labs Website Launch, iDEFENSE Labs
hpm_guestbook.cgi JavaScript-Injection, Christoph Burchert
[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability, Martin Schulze
Advisory: Multiple Vulnerabilities in BibORB, Patrick Hof
[SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution, Martin Schulze
Possible phpBB <=2.0.11 bug or sql injection?, jtm297
- RE: Possible phpBB <=2.0.11 bug or sql injection?, Miguel Angel Rodríguez Jódar
- Re: Possible phpBB <=2.0.11 bug or sql injection?, kaosone+[ONE]+
- Re: Possible phpBB <=2.0.11 bug or sql injection?, Giacomo Rizzo
- <Possible follow-ups>
- Re: Possible phpBB <=2.0.11 bug or sql injection?, Exoduks
[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection, PersianHacker Team
Remote Windows Kernel Exploitation - Step Into the Ring 0, Marc Maiffret
[ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie, Scovetta Labs
RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available), Williams, James K
Dangers of discarding duplicated messages, Adrian Bunk
- Re: Dangers of discarding duplicated messages, Maciej Soltysiak
  - Re: Dangers of discarding duplicated messages, Jon Keating
  - Re: Dangers of discarding duplicated messages, Gene Rackow
  - Re: Dangers of discarding duplicated messages, David F. Skoll
Invision Power Boards 1.3.1 FINAL XSS Exploit, Daniel A.
[ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
RECON 2005 CFP [Montreal, Canada], dataworm
MDKSA-2005:039 - Updated rwho packages fix vulnerability, Mandrakelinux Security Team
XSS vulnerabilty in ASP.Net [with details], Andir Andir
- <Possible follow-ups>
- Re: XSS vulnerabilty in ASP.Net [with details], m . rajeshpawar
RE: BrightStor ARCserve Backup buffer overflow PoC (fix available), Williams, James K
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+, TAC
[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability, PersianHacker Team
[USN-83-1] LessTif 2 vulnerabilities, Martin Pitt
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, Threlkeld, Richard
[Security Bulletin] SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow, Boren, Rich (SSRT)
SHA-1 broken, Gadi Evron
- Re: SHA-1 broken, Kent Borg
- Re: SHA-1 broken, Michael Cordover
  - Re: SHA-1 broken, dullien
  - Re: SHA-1 broken, D.J. Capelis
    - Re: SHA-1 broken, Michael Cordover
  - Re: SHA-1 broken, Dan Harkless
- Re: SHA-1 broken, Robert Sussland
  - Re: SHA-1 broken, dullien
    - Re: SHA-1 broken, Darren Reed
      - Re: SHA-1 broken, dullien
    - Re: SHA-1 broken, Tollef Fog Heen
      - Re: SHA-1 broken, Denis Jedig
- Re: SHA-1 broken, Steve Friedl
- Re: SHA-1 broken, Jonathan G. Lampe
- <Possible follow-ups>
- RE: SHA-1 broken, Scovetta, Michael V
  - RE: SHA-1 broken, Frank Knobbe
- RE: SHA-1 broken, Michael Silk
  - Re: SHA-1 broken, Brian May
  - Re: SHA-1 broken, exon
    - Re: SHA-1 broken, Peter J. Holzer
- Re: SHA-1 broken, Michael Silk
  - Re: SHA-1 broken, Anatole Shaw
    - Re: SHA-1 broken, Michael Silk
    - Re: SHA-1 broken, peeon+securityfocus
    - Re: SHA-1 broken, Peter Jeremy
- Re: SHA-1 broken, securityfocus
  - Re: SHA-1 broken, Damian Menscher
  - Re: SHA-1 broken, Paul Johnston
  - Re: SHA-1 broken, Pavel Machek
- Re: SHA-1 broken, Michael Silk
  - Re: SHA-1 broken, exon
Update Your Bookmarks, Amit Klein (AKsecurity)
- <Possible follow-ups>
- Update Your Bookmarks, Valentin Vorovenci
[SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution, Martin Schulze
[ GLSA 200502-21 ] lighttpd: Script source disclosure, Thierry Carrez
[ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail, Thierry Carrez
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
  - RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
    - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Vincent Archer
      - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Rainer Duffner
    - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
      - RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
  - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God)
    - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Nick FitzGerald
- <Possible follow-ups>
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Bill Brown
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., lyal.collins
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Tosoni
  - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Riccardo Murri
[USN-82-1] Linux kernel vulnerabilities, Martin Pitt
Blind Sql-Injection in MySQL Databases, Zeelock
Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software, Maximillian Dornseif
[ GLSA 200502-18 ] VMware Workstation: Untrusted library search path, Thierry Carrez
UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution, Thierry Carrez
[ GLSA 200502-23 ] KStars: Buffer overflow in fliccd, Sune Kloppenborg Jeppesen
xprobe2 v0.2.2 released, Ofir Arkin
- Re: xprobe2 v0.2.2 released, Stan Bubrouski
[ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability, Matthias Geerdsen
[hackgen-2005-#003] - SQL injection bugs in DCP-Portal, Exoduks
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi, Dirk Mueller
- <Possible follow-ups>
- [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi, Dirk Mueller
MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability, Mandrakelinux Security Team
[CLA-2005:925] Conectiva Security Announcement - evolution, Conectiva Updates
[Full Disclosure] Using DHTML XSS to launch HHCTRL exploit, Valentin Avram
RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185, Randal, Phil
- Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Thor (Hammer of God)
XSS in MySpace.com RuWeb.net and Primus.com, Chris
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Threlkeld, Richard
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jeffrey Wilkinson
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, James Lay
- RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, Joe Granto
RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, William Pratt
- <Possible follow-ups>
- Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, K-OTiK Security
- RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Michael Scheidell
- Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, newbug Tseng
[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability, John Cobb
Scottsave.com Trade History Exploit, Ben Efros
Scottrader Application Exploit, Ben Efros
IE6 SP1 - Click N Crash, ViPeR
- Re: IE6 SP1 - Click N Crash is old news, Berend-Jan Wever
- <Possible follow-ups>
- Re: IE6 SP1 - Click N Crash, Robert ONeal
MDKSA-2005:037 - Updated mailman packages fix directory traversal vulnerability, Mandrakelinux Security Team
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution, Martin Schulze
ASPjar Guestbook login.asp not official patch, CorryL
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution, Martin Schulze
[ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL parser, Sune Kloppenborg Jeppesen
[ GLSA 200502-17 ] Opera: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities, John Cobb
Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185, James Lay
[ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability, Sune Kloppenborg Jeppesen
vbulletin 3.0.x PHP code execution, AL3NDALEEB
- Re: vbulletin 3.0.x PHP code execution, pokley
- Re: vbulletin 3.0.x PHP code execution, pokley
- <Possible follow-ups>
- Re: vbulletin 3.0.x PHP code execution, AL3NDALEEB.
eBay Account Phishing with eBay Redirect, Steven
- Re: eBay Account Phishing with eBay Redirect, Josh Tolley
  - Re: eBay Account Phishing with eBay Redirect, Nick FitzGerald
  - Re: eBay Account Phishing with eBay Redirect, Jonathan Rockway
    - RE: eBay Account Phishing with eBay Redirect, Thomas T. Evans, III
- <Possible follow-ups>
- Re: eBay Account Phishing with eBay Redirect, Jay Calvert
- RE: eBay Account Phishing with eBay Redirect, Israel Torres
[SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access, Martin Schulze
Credit Card Phishing with executable download, Gandalf The White
AWStats <= 6.4 Multiple vulnerabilities, [ru]@securityfocus.com@xxxxxxxxxxxxxxxxxxxxx
- Re: AWStats <= 6.4 Multiple vulnerabilities, Ondra Holecek
  - Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jamie Pratt
    - Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Ondra Holecek
      - Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Herman Sheremetyev
        
        Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jamie Pratt
        
        Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Thom Craver
        
        Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Micah Brandon
        
        Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Matt Wilder
      - Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Ondra Holecek
    - Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, twebster
- <Possible follow-ups>
- Re: AWStats <= 6.4 Multiple vulnerabilities, Laurent Destailleur
[ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability, Matthias Geerdsen
[ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability, Luke Macken
[SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability, Martin Schulze
[SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files, Martin Schulze
[CLA-2005:924] Conectiva Security Announcement - XFree86, Conectiva Updates
exim auth_spa_server() PoC exploit, Yuri Gushin
Infostring crash and shutdown in the Quake 3 engine, Luigi Auriemma
Symantec UPX issue solution, Roger A. Grimes
MDKSA-2005:032-1 - Updated cpio packages fix vulnerability, Mandrakelinux Security Team
iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability, iDefense Customer Service
[ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package, Thierry Carrez
Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability, Zone Labs Product Security
[ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper, Thierry Carrez
SYM05-003 Symantec UPX Parsing Engine Heap Overflow, secure
BrightStor ARCserve Backup buffer overflow PoC, cybertronic
- Re: BrightStor ARCserve Backup buffer overflow PoC, H D Moore
- Re: BrightStor ARCserve Backup buffer overflow PoC, H D Moore
- <Possible follow-ups>
- Re: BrightStor ARCserve Backup buffer overflow PoC, Williams, James K
[FLSA-2005:2353] Updated gpdf package fixes security issues, Marc Deslauriers
[FLSA-2005:2252] Updated iptables packages resolve security issues, Marc Deslauriers
[FLSA-2005:2352] Updated Xpdf package fixes security issues, Marc Deslauriers
[USN-80-1] mod_python vulnerability, Martin Pitt
[USN-81-1] iptables vulnerability, Martin Pitt
[FLSA-2005:2188] Updated gaim package resolves security issues, Marc Deslauriers
[SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution, Martin Schulze
[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root, Martin Schulze
insecure temporary file creation in kdelibs 3.3.2, Davide Madrisan
[SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities, Martin Schulze
Remotely Controlling XSS Attacks - Announcing XSS-Proxy, Rager, Anton (Anton)
MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability, Mandrakelinux Security Team
MDKSA-2005:035 - Updated python packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:032 - Updated cpio packages fix vulnerability, Mandrakelinux Security Team
[SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service, Martin Schulze
TSLSA-2005-0003 - multi, Trustix Security Advisor
UPDATE: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Luke Macken
Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0, Luigi Auriemma
iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow, iDefense Customer Service
ASPjar guestbook (Injection in login page), farhad koosha
Symantec UPX Parsing Engine Heap Overflow, Neil Watson
- Re: Symantec UPX Parsing Engine Heap Overflow, James Riden
HACKING WITH JAVASCRIPT, hictor ertd
- Re: HACKING WITH JAVASCRIPT, Cleiton Martins
- Re: HACKING WITH JAVASCRIPT, Jim Halfpenny
iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability, iDefense Customer Service
- Re:iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability, Shiva Persaud
[SECURITY] [DSA 675-1] New hztty packages fix local utmp exploit, Martin Schulze
[ GLSA 200502-11 ] Mailman: Directory traversal vulnerability, Sune Kloppenborg Jeppesen
[USN-79-1] PostgreSQL vulnerabilities, Martin Pitt
[FLSA-2005:1906] Updated abiword packages fix security issue, Dominic Hargreaves
[FLSA-2005:1943] Updated libpng resolves security vulnerabilities, Dominic Hargreaves
iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability, iDefense Customer Service
- Re: iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability, Shiva Persaud
[USN-78-1] Mailman vulnerability, Martin Pitt
Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders., Sean Sosik-Hamor
iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability, iDefense Customer Service
- Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability, Shiva Persaud
[SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root, Martin Schulze
[SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities, Martin Schulze
SUSE Security Announcement: squid (SUSE-SA:2005:006), Thomas Biege
[Security Bulletin] SSRT4861 rev.0 - HP-UX BIND9.2.0 remote Denial of Service (DoS), Boren, Rich (SSRT)
yet another DSL modem backdoor - Mentor (Conexant), Adam Laurie
- Re: yet another DSL modem backdoor - Mentor (Conexant), Philip Barnham
CMS Core SQL injection, foster GHC
SQL injection in Chipmunk forums, foster GHC
Paper: Solution to Red Hat PIE Protection, Zarul Shahrin
[SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution, Martin Schulze
CFP for SyScAN'05, organiser@xxxxxxxxxx
RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Randal, Phil
- Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Marcin Sochacki
- <Possible follow-ups>
- RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Michael Wojcik
[ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf, Matthias Geerdsen
Some details about MS05-007 security bulletin, Jean-Baptiste Marchand
[ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer, Thierry Carrez
Several SQL injection bugs in myPHP Forum v.1.0, foster GHC
MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities, Mandrakelinux Security Team
Mercuryboard <= 1.1.1 Working Sql Injection, Zeelock
[Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access, Boren, Rich (SSRT)
[SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities, chewkeong
Internet Explorer zone spoofing with encoded URLs, Jouko Pynnonen
MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, ATmaCA ATmaCA
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Andrew Hunter
  - RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Color Inc.
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Andrew Hunter
- <Possible follow-ups>
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Thor Larholm
GREENAPPLE Release, Dave Aitel
Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Rafel Ivgi
- Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Derek Martin
[SCL-2005.002] - IDN Feature Workaround via proxy.pac, Scovetta, Michael V
[SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories, chewkeong
Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994, Luigi Auriemma
EEYE: Windows SMB Client Transaction Response Handling Vulnerability, Marc Maiffret
[SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution, Martin Schulze
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Jerome ATHIAS
[SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution, Martin Schulze
SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory, Roy Hills
mailman email harvester, Bernhard Kuemel
- secure-roster script to address mailman email harvester, Neal McBurnett
CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability, CORE Security Technologies Advisories
AppleFileServer Denial of Service., nemo
iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability, iDefense Customer Service
- Re: iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability, Shiva Persaud
RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN), Scovetta, Michael V
- RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN), R Dicaire
OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows, please_reply_to_security
UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands, please_reply_to_security
php-fusion 4.x vuln, thegreatone2176
iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability, iDefense Customer Service
- Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability, Shiva Persaud
UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack, please_reply_to_security
CodeCon Reminder, Len Sassaman
International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Brandon Kovacs
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Simon Østengaard
- Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Will Kamishlian
  - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Peter J. Holzer
    - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Scott Gifford
      - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Neil W Rickert
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Scott Gifford
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Ron DuFresne
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Seth Breidbart
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., George Capehart
        
        RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Vincent Archer
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God)
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God)
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Stefan Paletta
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Sebastian
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Stefan Paletta
        
        RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
        
        RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Benjamin Franz
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
        
        RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec
      - Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Janusz A. Urbanowicz
        
        Message not available
        
        Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Janusz A. Urbanowicz
UnixWare 7.1.4 : racoon multilple security issues, please_reply_to_security
[SePro Bugtraq] SQL-Injection in PerlDesk 1.x, deluxe
GMail / Google Groups ESMTP software b0f, Michal Zalewski
- <Possible follow-ups>
- Re: GMail / Google Groups ESMTP software b0f, Heather Adkins
Firetabbing [Firefox 1.0], mikx
OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack, please_reply_to_security
[ GLSA 200502-08 ] PostgreSQL: Local privilege escalation, Luke Macken
Fireflashing [Firefox 1.0], mikx
- Re: [Full-Disclosure] Fireflashing [Firefox 1.0], Jelmer Kuperus
iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability, iDefense Customer Service
Firedragging [Firefox 1.0], mikx
[Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS), Boren, Rich (SSRT)
[ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm, Thierry Carrez
[USN-77-1] Squid vulnerabilities, Martin Pitt
[ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm, Thierry Carrez
[USN-76-1] Emacs vulnerability, Martin Pitt
DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow', KF (lists)
Vulnerability in 3Com 3CServer v1.1, mandragore
DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation', KF (lists)
[OSX Finder] DS_Store arbitrary file overwrite vulnerability., Vade 79
New version of ike-scan (IPsec IKE scanner) available - v1.7, Roy Hills
VOIPSEC, VoIP Security Aliance
XSS Vulnerability at thefacebook.com, Jonathan Rockway
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities, Martin Schulze
[USN-74-2] Fixed Postfix packages for USN-74-1, Martin Pitt
[USN-75-1] cpio vulnerability, Martin Pitt
[USN-74-1] Postfix vulnerability, Martin Pitt
- Re: [USN-74-1] Postfix vulnerability, Wietse Venema
[PersianHacker.NET 200502-05] WWWoard passwd, Pedram Hayati
- <Possible follow-ups>
- [PersianHacker.NET 200502-05] WWWoard passwd, Andrew guess
directory traversal in RaidenHTTPD 1.1.27, Donato Ferrante
Foxmail Server Remote Buffer Overflow Vulnerability, Xin Ouyang
Webroot Software Resigns from COAST, Paul Laudanski
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities, Martin Schulze
Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12, Jonathan Rockway
- Re: Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12, Nicolas Gregoire
[SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading, Martin Schulze
Wireless networks/Default Admin username security problem in Croatia, Radoslav Dejanović
- Re: Wireless networks/Default Admin username security problem in Croatia, Denis Jedig
Exploit For Savant Web Server 3.1 (tested on win2003), CorryL
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access, Martin Schulze
[ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4, laurent oudot
- Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4, Denis Jedig
[USN-73-1] Python vulnerability, Martin Pitt
[Linux kernel ipv6_setsockopt integer overflow], qobaiashi
- Re: [Linux kernel ipv6_setsockopt integer overflow], Dan Yefimov
DoS in LANChat Pro Revival 1.666c, Donato Ferrante
Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py, Guido van Rossum
ngIRCd <= v0.8.2 Format String Vulnerability, CoKi
RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT], cybertronic
New presentation: Advanced SQL Injection in Oracle databases, Esteban Martínez Fayó
MDKSA-2005:029 - Updated vim packages fix vulnerabilities, Mandrakelinux Security Team
[ GLSA 200502-05 ] Newspost: Buffer overflow vulnerability, Luke Macken
[ GLSA 200502-04 ] Squid: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Google getting smarter ?!?!, John Madden
- RE: Google getting smarter ?!?!, Scott Jacobson
Portcullis Advisory 05-009 Update, Webseries Payment Application, Paul J Docherty
Windows Security Checklists - 10 Parts, Paul Laudanski
- Re: Windows Security Checklists - 10 Parts, Paul Laudanski
Gallery is still vulnerable to Cross-site Scripting attacks, Jon Keating
Portcullis Advisory 05-008 Update, Webseries Payment Application, Paul J Docherty
Portcullis Advisory 05-007 Update, Webseries Payment Application, Paul J Docherty
Portcullis Advisory 05-006 Update, Webseries Payment Application, Paul J Docherty
Portcullis Advisory 05-001 Update, Webseries Payment Application, Paul J Docherty
Portcullis Advisory 05-005 Update, Webseries Payment Application, Paul J Docherty
[FLSA-2005:2187] Updated freeradius packages fix security flaws, Marc Deslauriers
[SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities, chewkeong
7a69Adv#21 - WinRAR unpack one-folder path disclosure, Albert Puigsech Galicia
7a69Adv#20 - ZipGenius unpack one-folder path disclosure, Albert Puigsech Galicia
[ GLSA 200502-02 ] UW IMAP: CRAM-MD5 authentication bypass, Sune Kloppenborg Jeppesen
[FLSA-2005:2272] Updated unarj package fixes security issue, Marc Deslauriers
[FLSA-2005:2255] Updated zip package fixes security issue, Marc Deslauriers
[ GLSA 200502-03 ] enscript: Multiple vulnerabilities, Thierry Carrez
[USN-72-1] Perl vulnerabilities, Martin Pitt
7a69Adv#19 - ZipGenius unpack path disclosure, Albert Puigsech Galicia
MDKSA-2005:026 - Updated imap packages fix authentication vulnerability, Mandrakelinux Security Team
Limited buffer-overflow in Painkiller 1.35, Luigi Auriemma
MDKSA-2005:027 - Updated chbg packages fix vulnerability, Mandrakelinux Security Team
SQL injection in EveryDNS.net Service, Calum Power
MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities, Mandrakelinux Security Team
[SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions, Martin Schulze
Re:WinAmp POC: How to get 900+ shellcodespace!?, lists
- Re[2]: WinAmp POC: How to get 900+ shellcodespace!?, Viktor E Larionov
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities, Martin Schulze
[ GLSA 200502-01 ] FireHOL: Insecure temporary file creation, Matthias Geerdsen
[SECURITY] [DSA 663-1] New prozilla packages fix arbitrary code execution, Martin Schulze

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]