Bugtraq
[Prev Page][Next Page]
- MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability,
Mandrake Linux Security Team
- Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords,
Cisco Systems Product Security Incident Response Team
- php unserialize,
Martin Eiszner
- Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector,
Cisco Systems Product Security Incident Response Team
- CSS in phpBB 1.4.4,
SandI]
- STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki,
advisory
- iwebnegar is vulnerable to all kind of sql injections,
shervin khaleghjou
- Advisory 01/2004: Multiple vulnerabilities in PHP 4/5,
Stefan Esser
- [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines,
Thierry Carrez
- Security Advisory for CVS Slash,
Jamie McCarthy
- STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability,
advisory
- [OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim),
OpenPKG
- MSIE DHTML Edit Control Cross Site Scripting Vulnerability,
Paul
- 3cdaemon tftp server DOS vulnerability,
Wang Ning
- [ GLSA 200412-09 ] ncpfs: Buffer overflow in ncplogin and ncpmap,
Thierry Carrez
- Re: rpcl_icmpdos.c,
x90c
- *nix data wipe tools,
Thomas C. Greene
- Yahoo! Mail Cross-Site Scripting Vulnerability,
Rafel Ivgi
- Hotmail Cross Site Scripting Vulnerability #2,
Rafel Ivgi
- HyperTerminal - Buffer Overflow In .ht File,
Brett Moore
- Hotmail Cross-Site Scripting Vulnerability #1,
Rafel Ivgi
- Asante FM2008 10/100 Ethernet switch backdoor login,
Joe Philipps
- Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ],
GulfTech Security
- iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability,
customer service mailbox
- [USN-38-1] Linux kernel vulnerabilities,
Martin Pitt
- ASP-rider is vulnerable to sql injection attack,
shervin khaleghjou
- [Correction For]: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory,
Secure Network Operations, Inc.
- iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability,
customer service mailbox
- [ GLSA 200412-08 ] nfs-utils: Multiple remote vulnerabilities,
Luke Macken
- [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software,
Secure Computer Group
- MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability,
Mandrake Linux Security Team
- [SECURITY] [DSA 608-1] New zgv packages fix arbitrary code execution,
Martin Schulze
- Possible local root vulnerability in Roxio Toast on Mac OS X,
fintler
- STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability,
advisory
- RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability,
Hongzhen Zhou
- [CAN-2004-1022] Insecure Credential Storage on Kerio Software,
Secure Computer Group
- ASP Calendar Vulnerability <www.ashiyane.com>,
ali reza AcTiOnSpIdEr
- [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit,
Martin Schulze
- MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerability,
Mandrake Linux Security Team
- iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability,
customer service mailbox
- [ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictions,
Giovanni Delvecchio
- phpBB Attachment Mod Directory Traversal HTTP POST Injection,
Paul Laudanski
- Linux kernel scm_send local DoS,
Paul Starzetz
- Re: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory,
secure
- Linux kernel IGMP vulnerabilities,
Paul Starzetz
- What's "may have exploitable buffer overflows" mean in tcpdump?,
Dragos Ruiu
- [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability,
Thierry Carrez
- Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory,
Secure Network Operations, Inc.
- NetWare Screensaver Authentication Bypass From The Local Console,
Adam Gray
- [ GLSA 200412-07 ] file: Arbitrary code execution,
Matthias Geerdsen
- Socket unreacheable in the Lithtech engine (new protocol),
Luigi Auriemma
- Winamp 5.07 (latest version) Remote Crash + other stupid shizle,
b0f www.b0f.net
- [ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien,
Giovanni Delvecchio
- iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability,
customer service mailbox
- KDE Security Advisory: Konqueror Window Injection Vulnerability,
Waldo Bastian
- SugarSales Multiple Vulnerabilities,
Daniel Fabian
- MS IE User's Authentication Details (userid/password) Sharing Issue,
Debasis Mohanty
- Gadu-Gadu several vulnerabilities,
Jaroslaw Sajko
- Multiple vulnerabilities in phpMyAdmin,
Nicolas Gregoire
- Citadel/UX <= v6.27 Remote Format String Vulnerability,
CoKi
- Local off-by-one in mtr versions 0.55 to 0.65,
venglin
- HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !,
http-equiv@xxxxxxxxxx
- [SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities,
Martin Schulze
- In-game buffer-overflow in the Gamespy cd-key validation SDK,
Luigi Auriemma
- wget: Arbitrary file overwriting/appending/creating and other vulnerabilities,
Jan Minar
- CodeCon CFP deadline nearing,
Len Sassaman
- F-Secure Policy Manager - physical path disclosure,
oliver
- KDE Security Advisory: kfax libtiff vulnerabilities,
Dirk Mueller
- KDE Security Advisory: plain text password exposure,
Dirk Mueller
- TSLSA-2004-0064 - nfs-utils,
Trustix Security Advisor
- 7a69Adv#15 - Internet Explorer FTP command injection,
Albert Puigsech Galicia
- Address Bar Spoophing for the Pheeshies: IntotheNet Explorer 6,
http-equiv@xxxxxxxxxx
- [SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service,
Martin Schulze
- [ GLSA 200412-03 ] imlib: Buffer overflows in image decoding,
Thierry Carrez
- MDKSA-2004:144 - Updated lvm1 packages fix temporary file vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:146 - Updated nfs-utils packages fix remote DoS vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability,
Mandrake Linux Security Team
- [ GLSA 200412-04 ] Perl: Insecure temporary file creation,
Luke Macken
- MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability,
Mandrake Linux Security Team
- IE6 Vulnerability - Local File Detection,
ViPeR
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability,
Berend-Jan Wever
- MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability,
Mandrake Linux Security Team
- zone transfers, a spammer's dream?,
Lode Vermeiren
- 7a69Adv#16 - Konqueror FTP command injection,
Albert Puigsech Galicia
- Online Script Decoder,
GreyMagic Security
- Cleartext SMB passwords in Novell Desktop Linux using KDE,
Mike DeMaria
- Bypass personal firewall application protection . Again.,
offtopic
- MD5 To Be Considered Harmful Someday,
Dan Kaminsky
- Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0,
John Bissell
- Multiple Vulnerabilities in paFileDB 3.1,
Ahmad Muammar
- Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux),
madsys
- MDKSA-2004:142 - Updated gzip packages fix temporary file vulnerability,
Mandrake Linux Security Team
- Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2,
Luigi Auriemma
- [ GLSA 200412-05 ] mirrorselect: Insecure temporary file creation,
Luke Macken
- MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service,
Evgeny Demidov
- Local root exploit on Mac OS X with Adobe Version Cue,
fintler
- Web Application Security Consortium 'Guest Articles' Call for Papers,
robert
- DoS leading to crash of client in Remote Execute 2.30,
headpimp
- [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library,
Luke Macken
- Multiple vulnerabilities in w3who ISAPI DLL,
Nicolas Gregoire
- [SECURITY] [DSA 605-1] New viewcvs packages fix information leak,
Martin Schulze
- Hosting Controller,
mouse small
- Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ],
Brett Moore
- Opera 7.54 vulnerabilities again (still unfixed),
Marc Schoenefeld
- [ GLSA 200412-01 ] rssh, scponly: Unrestricted command execution,
Thierry Carrez
- [SECURITY] [DSA 604-1] New hpsockd packages fix denial of service,
Martin Schulze
- Advanced Guestbook,
Emile van Elen
- FreeBSD Security Advisory FreeBSD-SA-04:17.procfs,
FreeBSD Security Advisories
- [CLA-2004:905] Conectiva Security Announcement - squirrelmail,
Conectiva Updates
- Remote Mercury32 Imap exploit,
JohnH
- [USN-37-1] cyrus21-imapd vulnerability,
Martin Pitt
- rssh and scponly arbitrary command execution,
Jason Wies
- Official IFRAME patch - make sure it installs correctly,
Berend-Jan Wever
- Multiple vulnerabilities in Kreed 1.05,
Luigi Auriemma
- Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Blog Torrent preview 0.8 - arbitary file download,
Steve Kemp
- [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat",
Kurczaba Associates advisories
- [USN-34-1] OpenSSH information leakage,
Martin Pitt
- [CLA-2004:902] Conectiva Security Announcement - abiword,
Conectiva Updates
- [ GLSA 200411-37 ] Open DC Hub: Remote code execution,
Luke Macken
- [USN-33-1] libgd vulnerabilities,
Martin Pitt
- [SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation,
Martin Schulze
- [USN-36-1] NFS statd vulnerability,
Martin Pitt
- [USN-35-1] imagemagick vulnerabilities,
Martin Pitt
- Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.,
Reed Arvin
- [CLA-2004:904] Conectiva Security Announcement - cyrus-imapd,
Conectiva Updates
- Invision Power Board 'Allow auto login' setting override,
Hillel Himovich
- Disclosure of file system information in Mozilla Firefox and Opera Browser:,
Giovanni Delvecchio
- SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042),
Marcus Meissner
- Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4,
Luigi Auriemma
- CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability,
Hongzhen Zhou
- MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update,
Mandrake Linux Security Team
- [SHK-001]Payflow Link Default Config may lead to Hidden Field Modification,
M. Shirk
- Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004),
Luigi Auriemma
- Linux Netwosix NEPOTE Updated!,
Vincenzo Ciaglia
- TSL-2004-0063 - multi,
Trustix Security Advisor
- Password Disclosure for SMB Shares in KDE's Konqueror,
Daniel Fabian
- Privilege escalation flaw in MDaemon 7.2.,
Reed Arvin
- [SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution,
Martin Schulze
- Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038,
Liu Die Yu
- Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.,
Reed Arvin
- [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation,
Sune Kloppenborg Jeppesen
- Buffer-overflow in Orbz 2.10,
Luigi Auriemma
- [SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution,
Martin Schulze
- ncpfs buffer overflow,
Karol Więsek
- Macromedia provided wrong "Solution" in mpsb02-08,
Liu Die Yu
- [OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd),
OpenPKG
- Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability,
Paul
- Setiri + Invisible browsers != browsers,
Haroon Meer
- [ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities,
Luke Macken
- [CLA-2004:900] Conectiva Security Announcement - sun-jre,
Conectiva Updates
- [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability,
Matthias Geerdsen
- Immunity, Inc Advisor,
Nicolas Waisman
- Phpbb id: 10701 update and Attachmodule add-on Directory Traversal,
zee
- Java version downgrading proof-of-concept,
auto333584
- PnTresMailer code browser 6.03 Vulnerabilities,
John Cobb
- FluxBox crash vulnerability,
Quith
- php 4.3.7 memory limit POC exploit,
Gyan chawdhary
- Re: Atari800 - local root. (fwd),
Petr Stehlik
- phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure,
Cyrille Barthelemy
- MDKSA-2004:141 - Updated zip packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:140 - Updated a2ps packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched],
Brett Moore
- [SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution,
Martin Schulze
- [CLA-2004:899] Conectiva Security Announcement - samba,
Conectiva Updates
- Buffer Overflow in Open Dc Hub 0.7.14,
Donato Ferrante
- Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows,
icbm
- [ GLSA 200411-32 ] phpBB: Remote command execution,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution,
Martin Schulze
- Atari800 - local root.,
Adam Zabrocki
- Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory],
Jerome ATHIAS
- EZshopper is still vulnerable against Directory Traversal.,
Zero_X www.lobnan.de Team
- [USN-32-1] mysql vulnerabilities,
Martin Pitt
- [SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities,
Thierry Carrez
- FIREFOX flaws: nested array sort() loop Stack overflow exception,
Berend-Jan Wever
- MSIE flaws: nested array sort() loop Stack overflow exception,
Berend-Jan Wever
- XSS in Brazilian Insite products,
Carlos Ulver
- STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability,
advisory
- Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration,
Ralph Harvey
- [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities,
chewkeong
- [ GLSA 200411-33 ] TWiki: Arbitrary command execution,
Sune Kloppenborg Jeppesen
- Prozilla Remote Exploit,
Serkan Akpolat
- STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability,
advisory
- STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability,
advisory
- [USN-31-1] cyrus21-imapd vulnerabilities,
Martin Pitt
- [SECURITY] [DSA 595-1] New bnc packages arbitrary code execution,
Martin Schulze
- STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability,
advisory
- [SECURITY] [DSA 596-1] New sudo packages fix privilege escalation,
Martin Schulze
- [SECURITY] [DSA 596-2] New sudo packages removes debug output,
Martin Schulze
- Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11,
Luigi Auriemma
- [CLA-2004:896] Conectiva Security Announcement - bugzilla,
Conectiva Updates
- SecureCRT - Remote Command Execution,
Brett Moore
- MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities,
Mandrake Linux Security Team
- Incorrect reporting of the Bofra/The Register exploit,
matt
- Windows Mobile Pocket PC Security,
kers0r
- [CLA-2004:894] Conectiva Security Announcement - shadow-utils,
Conectiva Updates
- Sun Java Plugin arbitrary package access vulnerability,
Jouko Pynnonen
- Broadcast memory corruption in Soldier of Fortune II 1.03,
Luigi Auriemma
- Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004],
Jerome ATHIAS
- RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability,
Sherlock, Nathan
- IPFront - Release,
Hernan Racciatti
- echalk vuln,
kevin anonymous
- [ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities,
Thierry Carrez
- Winamp - Buffer Overflow In IN_CDDA.dll,
Brett Moore
- [ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf,
Thierry Carrez
- MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities,
Mandrake Linux Security Team
- Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities,
Stefan Esser
- Hardware support for XP SP2 DEP not enabled by default ?,
Nicolas RUFF
- [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration,
chewkeong
- PHPKIT SQL Injection, XSS,
Steve
- iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability,
customer service mailbox
- Router ZyXEL Prestige 650 HW http remote admin.,
José
- GFHost PHP GMail remote command execution exploit that achieves webserver id privileges,
Jerome ATHIAS
- Changes to the filesystem while find is running - comments?,
James Youngman
- Broadcast client crash in Halo 1.05,
Luigi Auriemma
- WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability,
Komrade
- CoffeeCup FTP Clients Buffer Overflow Vulnerability,
Komrade
- TSLSA-2004-0061 - multi,
Trustix Security Advisor
- [ECL] WCI TC-IDE embedded linux vulnerabilities,
ECL team
- IpbProArace 2.5.x SQL injection.,
axl daivy
- TWiki exploit (search.pm / CAN-2004-1037),
Roman Medina-Heigl Hernandez
- [ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability,
Thierry Carrez
- Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity...,
K-OTiK Security
- [ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities,
Thierry Carrez
- Addendum, recent Linux <= 2.4.27 vulnerabilities,
Paul Starzetz
- Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue,
advisories
- SecurityForest - Public Release #1,
loni
- Java Vulnerabilities in Opera 7.54,
Marc Schoenefeld
- MDKSA-2004:136 - Updated samba packages fix remote vulnerability,
Mandrake Linux Security Team
- Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues,
advisories
- Privilege escalation flaw in AClient Service for Windows (Version 5.6.181).,
Reed Arvin
- EXEC exploit in phpBB - new release,
Paul S. Owen
- Zone Labs Security Advisory: Ad-Blocking Instability,
Zone Labs Product Security
- Zone Labs Ad-Blocking Instability,
Nicolas Robillard
- SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit,
Jérôme ATHIAS
- Privilege escalation in Mailtraq Version 2.6.1.1677.,
Reed Arvin
- Inofficial updates to 758884/NISCC/DNS,
Roy Arends
- Apache 2.0.52 DoS Exploit v2,
Daniel Guido
- [CLA-2004:892] Conectiva Security Announcement - MySQL,
Conectiva Updates
- A Brief Analysis of Bofra/MyDoom.AG/AH,
Bryan Burns
- [CLA-2004:890] Conectiva Security Announcement - libxml2,
Conectiva Updates
- [USN-30-1] Linux kernel vulnerabilities,
Martin Pitt
- [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities,
Luke Macken
- [USN-29-1] samba vulnerability,
Martin Pitt
- Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions.,
Reed Arvin
- [MaxPatrol] SQL-injection in Invision Power Board 2.x,
Alexander Anisimov
- FreeBSD Security Advisory FreeBSD-SA-04:16.fetch,
FreeBSD Security Advisories
- EXEC exploit in phpBB - fix,
Paul S. Owen
- AppServ 2.5.x and Prior Exploit,
saudi linux
- Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.),
Jerome ATHIAS
- SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041),
Thomas Biege
- MDKSA-2004:133 - Updated sudo packages fix vulnerability,
Mandrake Linux Security Team
- [ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation,
Sune Kloppenborg Jeppesen
- MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include,
Mandrake Linux Security Team
- [USN-28-1] sudo vulnerability,
Martin Pitt
- RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.,
rexolab
- MDKSA-2004:132 - Updated gd packages fix integer overflows,
Mandrake Linux Security Team
- Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities,
Stefan Esser
- [USN-27-1] libxpm4 vulnerability,
Martin Pitt
- MDKSA-2004:135 - Updated apache2 packages fix request DoS,
Mandrake Linux Security Team
- [USN-26-1] bogofilter vulnerability,
Martin Pitt
- [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability,
Sune Kloppenborg Jeppesen
- [ GLSA 200411-23 ] Ruby: Denial of Service issue,
Thierry Carrez
- Airport x-ray software creating images of phantom weapons?,
Jason Coombs
- [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability,
Sune Kloppenborg Jeppesen
- TSLSA-2004-0058 - multi,
Trustix Security Advisor
- [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke],
Janek Vind
- Flaws in SP2 security features, part II,
Juergen Schmidt
- [SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution,
Martin Schulze
- Skype callto:// BoF technical details,
Berend-Jan Wever
- Google Desktop Search ignores Preferences,
Elliott Bäck
- Format string bug in Army Men RTS,
Luigi Auriemma
- SUSE Security Announcement: samba (SUSE-SA:2004:040),
Marcus Meissner
- [USN-25-1] libgd2 vulnerability,
Martin Pitt
- [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd,
Gerald (Jerry) Carter
- iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron,
customer service mailbox
- [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer,
Jérôme
- Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow,
Stefan Esser
- XSS in TheFaceBook round 2,
Alex Lanstein
- Multiple vulnerabilities in Hired Team: Trial (Shine engine),
Luigi Auriemma
- Multiple XSS holes in TheFaceBook,
Alex Lanstein
- SQL Injection in phpBT (bug.php) add project,
jessica soules
- SQL Injection in phpBT (bug.php - Add),
Jérôme
- IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command,
Jérôme
- TWiki search function allows arbitrary shell command execution,
Hans Ulrich Niedermann
- Eudora 6.2 attachment spoof,
Paul Szabo
- [ GLSA 200411-21 ] Samba: Remote Denial of Service,
Matthias Geerdsen
- [USN-24-1] openssl script vulnerability,
Martin Pitt
- phpBB Code EXEC (v2.0.10),
jessica soules
- SQL Injection in phpBT (bug.php),
jessica soules
- Crash in Secure Network Messenger 1.4.2,
Luigi Auriemma
- Sudo version 1.6.8p2 now available (fwd),
je
- [USN-23-1] apache2 vulnerability,
Martin Pitt
- Vulnerability not with vBulletin,
Kier Darby
- [SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability,
Martin Schulze
- Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems,
Gregory Duchemin
- Unofficial Internet Explorer FRAME/IFRAME fix,
Thomas Rogg
- Contact in HP related to OpenView / Coda,
Noam Rathaus
- [ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability,
Sune Kloppenborg Jeppesen
- [CLA-2004:889] Conectiva Security Announcement - sasl2,
Conectiva Updates
- [USN-22-1] samba vulnerability,
Martin Pitt
- RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response,
Daniel Milisic
- security hole (http response splitting) in phpwebsite,
Maestro De-Seguridad
- [ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption,
Matthias Geerdsen
- [USN-21-1] libgd vulnerabilities,
Martin Pitt
- [waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions],
Janek Vind
- [ GLSA 200411-19 ] Pavuk: Multiple buffer overflows,
Luke Macken
- [ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling,
Sune Kloppenborg Jeppesen
- Zone Labs IMsecure Active Link Filter Bypass,
Kurczaba Associates advisories
- Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections,
Cisco Systems Product Security Incident Response Team
- SQL injection in vBulletin forums (last10.php),
Dr. Death
- Hotfoon Ver 4.0 Highv Risk,
saudi linux
- [SquirrelMail Security Advisory] Cross Site Scripting in encoded text,
Jonathan Angliss
- Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service,
Cisco Systems Product Security Incident Response Team
- 04WebServer Three Vulnerabilities,
Jérôme
- Security Contact Info for IPSWITCH,
Tom
- Unsecure Ftpd on HP PSC 2510 Printer,
Justin Rush
- BNC 2.8.9 remote buffer overflow,
LSS Security
- Nortel Networks Contivity VPN Client information leakage vulnerability,
Network Intelligence (I) Pvt. Ltd.
- Multiple Vulnerabilities in WebCalendar,
Joxean Koret
- Linux ELF loader vulnerabilities,
Paul Starzetz
- [ GLSA 200411-16 ] zip: Path name buffer overflow,
Sune Kloppenborg Jeppesen
- [ GLSA 200411-17 ] mtink: Insecure tempfile handling,
Sune Kloppenborg Jeppesen
- EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service,
Marc Maiffret
- Vulnerabilities in JAF CMS,
[ echo|staff ]@securityfocus.com@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution,
Martin Schulze
- BoF in Windows 2000: ddeshare.exe,
Jack C
- Security Contact for T-Mobile?,
Jake Appelbaum
- [USN-20-1] Ruby CGI module vulnerability,
Martin Pitt
- [SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution,
Martin Schulze
- MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability,
Mandrake Linux Security Team
- Evidence Mounts that the Vote Was Hacked,
Atom 'Smasher'
- [CLA-2004:886] Conectiva Security Announcement - xpdf,
Conectiva Updates
- [CLA-2004:888] Conectiva Security Announcement - libtiff3,
Conectiva Updates
- Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)),
Menashe Eliezer
- [SECURITY] [DSA 586-1] New ruby packages fix denial of service,
Martin Schulze
- [HV-LOW] Symantec LiveUpdate issues may cause DoS,
vuln
- [ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow,
Luke Macken
- [SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files,
Martin Schulze
- [ GLSA 200411-12 ] zgv: Multiple buffer overflows,
Luke Macken
- up-imapproxy DoS vulnerabilities,
Timo Sirainen
- Offline WPA-PSK auditing tool (coWPAtty),
Joshua Wright
- [ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling,
Thierry Carrez
- [SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution,
Martin Schulze
- DOS against Java JNDI/DNS,
Kurt Huwig
- Microsoft Internet Explorer permits to examine the existence of local files,
Benjamin Tobias Franz
- MSIE src&name property disclosure,
Berend-Jan Wever
- [ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities,
Sune Kloppenborg Jeppesen
- [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7,
Gerald (Jerry) Carter
- [USN-19-1] squid vulnerabilities,
Martin Pitt
- [ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow,
Sune Kloppenborg Jeppesen
- Resources consumption in 602 Lan Suite 2004.0.04.0909,
Luigi Auriemma
- [ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability,
Luke Macken
- UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf,
Thierry Carrez
- UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows,
Thierry Carrez
- [SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour,
Martin Schulze
- Making distinctions between similar-looking vulnerabilities,
Steven M. Christey
- In-game format string bug in the Lithtech engine,
Luigi Auriemma
- TSLSA-2004-0056 - apache,
Trustix Security Advisor
- Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems.,
ShineShadow
- SSC Advisory TSA-053 (Ureach.com),
Secure Science Corporation Advisory Notice
- [USN-17-1] passwd vulnerability,
Martin Pitt
- FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall,
Graham, Brian
- [FLSA-2004:2076] Updated foomatic package fixes security vulnerability,
Marc Deslauriers
- [USN-18-1] zip vulnerability,
Martin Pitt
- MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:125 - Updated iptables packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities,
Mandrake Linux Security Team
- [ GLSA 200411-09 ] shadow: Unauthorized modification of account information,
Matthias Geerdsen
- [ GLSA 200411-08 ] GD: Integer overflow,
Thierry Carrez
- SSC Advisory TSA-052 (Callwave.com),
Secure Science Corporation Advisory Notice
- [SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability,
Martin Schulze
- [HV-MED] Zip/Linux long path buffer overflow,
vuln
- [CLA-2004:883] Conectiva Security Announcement - subversion,
Conectiva Updates
- [CLA-2004:884] Conectiva Security Announcement - gaim,
Conectiva Updates
- [CLA-2004:885] Conectiva Security Announcement - apache,
Conectiva Updates
- ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability,
Luke Macken
- [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability,
Thierry Carrez
- [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow,
Thierry Carrez
- [CLA-2004:882] Conectiva Security Announcement - squid,
Conectiva Updates
- [SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory,
Martin Schulze
- [ GLSA 200411-06 ] MIME-tools: Virus detection evasion,
Thierry Carrez
- [USN-16-1] perl vulnerabilities,
Martin Pitt
- [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM,
Hat-Squad Security Team
- URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004),
Benjamin Tobias Franz
- Microsoft ISA Server Authentication Bypassing,
Jérôme
- Multiple Vulnerabilities in Web Forums Server,
R00tCr4ck
- [SECURITY] [DSA 582-1] New libxml packages fix arbitrary code execution,
Martin Schulze
- Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)),
Elia Florio
- MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd),
Michal Zalewski
- MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability,
Mandrake Linux Security Team
- [ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability,
Luke Macken
- MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:120 - Updated mpg123 packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication,
Cisco Systems Product Security Incident Response Team
- MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:117 - Updated gaim packages fix vulnerability,
Mandrake Linux Security Team
- zlib 1.2.2 released,
Mark Adler
- Exploiting default exception handler to increase exploit stability on win32,
tal zeltzer
- [SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include,
Matthias Geerdsen
- Medium Risk Vulnerability in WinRAR,
NGSSoftware Insight Security Research
- [USN-15-1] lvm10 vulnerability,
Martin Pitt
- [CLA-2004:881] Conectiva Security Announcement - rsync,
Conectiva Updates
- [ GLSA 200411-02 ] Cherokee: Format string vulnerability,
Sune Kloppenborg Jeppesen
- Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities,
roozbeh afrasiabi
- Safari vulnerable to URL spoofing,
Gilbert Verdian
- [OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd),
OpenPKG
- [OpenPKG-SA-2004.050] OpenPKG Security Advisory (libxml),
OpenPKG
- [SECURITY] [DSA 580-1] New iptables packages fix modprobe failure,
Martin Schulze
- TSLSA-2004-0055 - multi,
Trustix Security Advisor
- [OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql),
OpenPKG
- [USN-10-1] XML library vulnerabilities,
Martin Pitt
- p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e,
http-equiv@xxxxxxxxxx
- [USN-14-1] xpdf vulnerabilities,
Martin Pitt
- [USN-13-1] groff utility vulnerability,
Martin Pitt
- [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability,
Luke Macken
- [SECURITY] [DSA 578-1] New mpg123 packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution,
Martin Schulze
- XDICT Buffer OverRun Vulnerability,funny :-),
Sowhat .
- New Whitepaper - "Second-order Code Injection Attacks",
Gunter Ollmann
- [OpenPKG-SA-2004.048] OpenPKG Security Advisory (squid),
OpenPKG
- [USN-12-1] ppp Denial of Service,
Martin Pitt
- [OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql),
OpenPKG
- [OpenPKG-SA-2004.047] OpenPKG Security Advisory (apache),
OpenPKG
- [USN-11-1] libgd2 vulnerabilities,
Martin Pitt
- [ GLSA 200410-31 ] Archive::Zip: Virus detection evasion,
Thierry Carrez
- local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?,
Larry Cashdollar
- [SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerability,
Martin Schulze
- [SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities,
Martin Schulze
- [USN-6-1] postgresql contributed script vulnerability,
Martin Pitt
- [USN-3-1] GhostScript utility script vulnerabilities,
Martin Pitt
- [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf,
Thierry Carrez
- New URL spoofing bug in Microsoft Internet Explorer,
0-1-2-3
- [USN-8-1] gaim vulnerabilities,
Martin Pitt
- [USN-5-1] gettext vulnerabilities,
Martin Pitt
- [USN-7-1] imagemagick vulnerability,
Martin Pitt
- [FLSA-2004:2089] Updated mozilla packages fix security vulnerabilities,
Dominic Hargreaves
- [ GLSA 200410-28 ] rssh: Format string vulnerability,
Thierry Carrez
- [USN-9-1] tetex-bin vulnerabilities,
Martin Pitt
- [USN-4-1] Standard C library script vulnerabilities,
Martin Pitt
- PHP4 cURL functions bypass open_basedir,
FraMe
- [SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability,
Martin Schulze
- [SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal,
Martin Schulze
- Presentation: Bypassing client application protection techniques with notepad,
3APA3A
- High Risk Vulnerability in RealPlayer,
NGSSoftware Insight Security Research
- [security bulletin] SSRT3526 Serviceguard potential increase in privilege,
Boren, Rich (SSRT)
- Multiple Vulnerabilites in Quake II Server,
Richard Stanway
- EEYE: RealPlayer Zipped Skin File Buffer Overflow,
Marc Maiffret
- High Risk Vulnerability in Quicktime for Windows,
NGSSoftware Insight Security Research
- [ GLSA 200410-29 ] PuTTY: Pre-authentication buffer overflow,
Sune Kloppenborg Jeppesen
- MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86,
Ramon de Carvalho Valle
- iDEFENSE Security Advisory 10.27.04 - PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability,
customer service mailbox
- [CLA-2004:880] Conectiva Security Announcement - foomatic-filters,
Conectiva Updates
- [CLA-2004:879] Conectiva Security Announcement - kernel,
Conectiva Updates
- PuTTY SSH client vulnerability,
Anatole Shaw
- Crashs in Master of Orion III 1.2.5,
Luigi Auriemma
- debian dhcpd, old format string bug,
infamous41md
- PTms04-030,
pigrelax
- Rendering large binary file as HTML makes Mozilla Firefox stop responding,
Peter Kruse
- zgv image viewing heap overflows,
infamous41md
- [ GLSA 200410-22 ] MySQL: Multiple vulnerabilities,
Thierry Carrez
- wvtfpd remote root heap overflow,
infamous41md
- [ GLSA 200410-23 ] Gaim: Multiple vulnerabilities,
Matthias Geerdsen
- [ GLSA 200410-25 ] Netatalk: Insecure tempfile handling in etc2ps.sh,
Luke Macken
- pppd out of bounds memory access, possible DOS,
infamous41md
- Hawking Technologies HAR11A router considered insecure,
Marcus Garvey
- inetutils tftp client, DNS resolving bofs,
infamous41md
- libgd integer overflow,
infamous41md
- [ GLSA 200410-26 ] socat: Format string vulnerability,
Luke Macken
- [ GLSA 200410-24 ] MIT krb5: Insecure temporary file use in send-pr.sh,
Thierry Carrez
- pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security,
Dragos Ruiu
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
