Bugtraq
[Prev Page][Next Page]
- OpenSSL 0.9.7e released (fwd from mark@xxxxxxxxxxx),
je
- MailCarrier 2.51 SMTP server Buffer Overflow [PoC included],
Jérôme
- libxml2 remote buffer overflows (not in xml parsing code though),
infamous41md
- SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups (SUSE-SA:2004:039),
Thomas Biege
- Two Vulnerabilities in OpenWFE Web Client,
Joxean Koret
- [CLA-2004:878] Conectiva Security Announcement - zlib,
Conectiva Updates
- Bug in hotmail,
security
- Fake RedHat - Fedora Security Patch / Trojan Source Code & Analysis,
K-OTiK Security
- Mozilla Firefox (tested on 0.9.3) html-code crash.,
ducch apple
- RE: Update: Web browsers - a mini-farce (MSIE gives in),
David Brodbeck
- Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd),
Atom 'Smasher'
- STG Security Advisory: [SSA-20041022-08] MoniWiki XSS vulnerability,
advisory
- [BUGZILLA] Vulnerabilities in Bugzilla 2.16.6 and 2.18rc2,
David Miller
- python does mangleme (with IE bugs!),
ned
rssh: pizzacode security alert,
Derek Martin
dwc_articles possible sql injection,
Rene
windows 2000 server terminal server denial of service,
Nick Caramella
Ability FTP Server 2.34 Buffer Overflow Exploit,
Jérôme
Norton AntiVirus 2004/2005 Script Blocking Redux,
Daniel Milisic
Windows DoS in certain pGina configurations,
Steven
AOL Journals BlogID incrementing discloses account names and e-mail,
Steven
Is Windows up to snuff for running our world?,
Richard M. Smith
Hack Dot AE,
Spy Hat
[CLA-2004:877] Conectiva Security Announcement - mozilla,
Conectiva Updates
iDEFENSE Security Advisory XX.XX.04 - Novell SuSe Linux LibTIFF Heap Overflow Vulnerability,
customer service mailbox
MDKSA-2004:113 - Updated xpdf packages fix vulnerabilities,
Mandrake Linux Security Team
MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities,
Mandrake Linux Security Team
MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability,
Mandrake Linux Security Team
SuSE Security Announcement: libtiff (SUSE-SA:2004:038),
Marcus Meissner
[HV-LOW] Unsafe WAV header handling can cause DoS on Windows,
vuln
[Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.],
KF_lists
J2ME security vulnerabilities,
Adam Gowdiak
MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability,
Mandrake Linux Security Team
[Security Bulletin] SSRT4807 HP-UX stmkfont local unauthorized privileged access,
Boren, Rich (SSRT)
[KDE security advisory] Multiple integer overflows in kpdf,
Dirk Mueller
[ GLSA 200410-21 ] Apache 2, mod_ssl: Bypass of SSLCipherSuite directive,
Kurt Lieber
MDKSA-2004:112 - Updated squid packages fix SNMP processing vulnerability,
Mandrake Linux Security Team
Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS (Risk increased),
Juan C Calderon
HTTP Response Splitting in Serendipity 0.7-beta4,
Chaotic Evil
MDKSA-2004:110 - Updated gaim packages fix vulnerabilities,
Mandrake Linux Security Team
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities,
Mandrake Linux Security Team
SQL Injection in UBB.threads 3.4.x,
Florian Rock
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 572-1] New ecartis packages fix unauthorised access to admin interface,
Martin Schulze
SuSE Security Announcement: kernel (SUSE-SA:2004:037),
Marcus Meissner
Critical Vulnerability in Altiris Deployment Server architecture,
Brian Gallagher
NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability,
NSFOCUS Security Team
CAN-2004-0814: Linux terminal layer races,
Alan Cox
MDKSA-2004:107 - Updated mozilla packages fix vulnerabilities,
Mandrake Linux Security Team
mpg123 "getauthfromurl" buffer overflow,
Carlos Barros
MDKSA-2004:108 - Updated cvs packages fix vulnerability,
Mandrake Linux Security Team
[SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities,
Martin Schulze
[SECURITY] [DSA 571-1] New libpng3 packages fix several vulnerabilities,
Martin Schulze
RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2,
Thor Larholm
MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities,
Mandrake Linux Security Team
[EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow (PoC),
houseofdabus HOD
Buffer-overflow in Age of Sail II 1.04.151,
Luigi Auriemma
Broadcast crash in Vypress Tonecast 1.3,
Luigi Auriemma
Multiple AntiVirus Reserved Device Name Handling Vulnerability,
Sowhat .
Google Script Insertion Exploit,
Jim Ley
avoiding stackguard,
vallez
UnixWare 7.1.4 UnixWare 7.1.3 : The error handling in the inflate and inflateBack functions in ZLib compression library allows local users to cause a denial of service,
please_reply_to_security
[FLSA-2004:1804] Updated kernel resolves security vulnerabilities,
Dominic Hargreaves
[CLA-2004:875] Conectiva Security Announcement - gtk+,
Conectiva Updates
[ GLSA 200410-14 ] phpMyAdmin: Vulnerability in MIME-based transformation system,
Thierry Carrez
apexec.pl is still vulnerable against Directory Traversal.,
Zero_X www.lobnan.de Team
Mutiple AntiVirus Reserved Device Name Handling Vulnerability,
Sowhat .
[ GLSA 200410-15 ] Squid: Remote DoS vulnerability,
Luke Macken
[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service,
Martin Schulze
ProFTPD 1.2.x remote users enumeration bug - correction,
LSS Security
Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS,
Juan C Calderon
[Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities,
Christoph Jeschke
IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS,
Juan C Calderon
[FLSA-2004:1237] Updated gaim package resolves security issues,
Marc Deslauriers
[FLSA-2004:2072] Updated CUPS packages fix security vulnerability,
Marc Deslauriers
[SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service,
Martin Schulze
Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant),
secure
iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability,
customer service mailbox
Multiple vulnerabilities in Sage Saleslogix,
Carl
cPanel symlink chmod issue,
Karol Więsek
cPanel hardlink chown issue,
Karol Więsek
IISShield and ASP.NET canonicalization,
Tiago Halm
cPanel hardlink backup issue,
Karol Więsek
Web browsers - a mini-farce,
Michal Zalewski
Multiple Vulnerabilities in CoolPHP,
R00tCr4ck
ms04-031 pre-auth ??,
Sinan Eren
[IE 6 SP2] Possible URL Spoofing,
Andrew Hunter
More details on BID 11408 (3com 3cradsl72 wireless router),
Ivan Casado
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution,
Martin Schulze
Clientexec Billing Software,
bugtraq
Eudora 6.2.0.7 attachment spoof,
Paul Szabo
Directory traversal in Yak! 2.1.2,
Luigi Auriemma
Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant),
Daniel Milisic
Microsoft Windows NetDDE Service Buffer Overflow,
NGSSoftware Insight Security Research
ProFTPD 1.2.x remote users enumeration bug,
LSS Security
Multiple Cross Site Scripting Vulnerabilities in FuseTalk,
steven
a path disclosure and a posibility file inclusion and vulneability in thepeak file upload v1.3,
keitel andres ortega
Bypass of Antivirus software with GDI+ bug exploit Mutations,
Andrey Bayora
Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability,
Bipin Gautam
TSLSA-2004-0054 - multi,
Trustix Security Advisor
Writing Trojans that bypass Windows XP Service Pack 2 Firewall,
americanidiot
[OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl),
OpenPKG
[FLSA-2004:2102] Updated samba packages fix security vulnerability [updated],
Dominic Hargreaves
[ GLSA 200410-13 ] BNC: Input validation flaw,
Thierry Carrez
Format String Vulnerability in Valve's CS-Source,
Some One
[OpenPKG-SA-2004.043] OpenPKG Security Advisory (tiff),
OpenPKG
UPDATE: Format String Vulnerability in Valve's CS-Source,
Some One
ACROS Security: Session Fixation in JRun Management Console,
ACROS Security
ACROS Security: HTML Injection in JRun Management Console,
ACROS Security
ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response,
ACROS Security
New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory,
John Bissell
3COM Wireless router (3CRADSL72) information disclosure,
Karb0nOxyde -
CESA-2004-006: libtiff,
chris
[FLSA-2004:1737] Updated httpd packages fix a mod_proxy security vulnerability,
Marc Deslauriers
Buffer-overflow in ShixxNOTE 6.net,
Luigi Auriemma
[FLSA-2004:1888] Updated mod_ssl package fixes Apache security vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA 566-1] New CUPS packages fix information leak,
Martin Schulze
[HV-MED] UPDATE: RIM Blackberry DoS, data loss,
vuln
[ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities,
Luke Macken
[SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm,
Martin Schulze
[FLSA-2004:1833] Updated lha resolves security vulnerabilities,
Marc Deslauriers
[CLA-2004:873] Conectiva Security Announcement - samba,
Conectiva Updates
[CLA-2004:872] Conectiva Security Announcement - cups,
Conectiva Updates
SetWindowLong Shatter Attacks,
Brett Moore
Buffer Overflow In Microsoft Excel,
Brett Moore
[ GLSA 200410-09 ] LessTif: Integer and stack overflows in libXpm,
Luke Macken
MSN Gaming Heartbeat Component Buffer Overflow,
NGSSoftware Insight Security Research
[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding,
Thierry Carrez
EEYE: Windows VDM #UD Local Privilege Escalation,
Derek Soeder
[ GLSA 200410-10 ] gettext: Insecure temporary file handling,
Luke Macken
Adobe acrobat / Adobe Reader 6 can read local files,
Jelmer
IT Underground Talks,
Dave Aitel
EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability,
Derek Soeder
[SECURITY] [DSA 565-1] New sox packages fix buffer overflow,
Martin Schulze
ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer,
ACROS Security
BindView Advisory: Memory Leak and DoS in NT4 RPC server,
advisory
[FLSA-2004:2102] Updated samba packages fix security vulnerability,
Dominic Hargreaves
[HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss,
vuln
XXS in SCT email client,
Matthew Oyer
XXS in fusetalk forum,
Matthew Oyer
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution,
Martin Schulze
[hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3.,
Exoduks
[SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution,
Martin Schulze
Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS,
Amit Klein (AKsecurity)
MS October Security bulletins,
albatross
Reverse Engineering the First Pocket PC Trojan,
kers0r
CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities,
CORE Security Technologies Advisories
Insecure Default Service DACL's in Windows 2003,
Ziots, Edward
UnixWare 7.1.4 : Multiple Vulnerabilities in libpng,
please_reply_to_security
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution,
Martin Schulze
Micronet wireless broadband router SP916BM admin password reset when power off,
MrJoe
Microsoft Internet Explorer Install Engine Control Buffer Overflow,
NGSSoftware Insight Security Research
UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service,
please_reply_to_security
Regression in IE: Accessing remote/local content in IE (GM#009-IE),
GreyMagic Security
MonkeyShell: using XML-RPC for access to a remote shell,
Abe Usher
Microsoft cabarc directory traversal,
Jelmer
[SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality,
Martin Schulze
Multiple vulnerabilities in ZanfiCmsLite,
Lin Xiaofeng
[SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities,
Martin Schulze
[MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board,
Alexander Antipov
[ GLSA 200410-06 ] CUPS: Leakage of sensitive information,
Kurt Lieber
Limited \secure\ buffer-overflow in some old Monolith games,
Luigi Auriemma
ASP.NET cannonicalization issue,
Evans, Arian
MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability,
Mandrake Linux Security Team
TSLSA-2004-0053 - cyrus-sasl,
Trustix Security Advisor
Server crash in Flash Messaging 5.2.0g,
Luigi Auriemma
[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities,
Kurt Lieber
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities,
Martin Schulze
[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access,
Martin Schulze
HTTP Response Splitting Vulnerability in Wordpress 1.2,
Chaotic Evil
[HV-HIGH] MS Word multiple exceptions, at least one exploitable,
vuln
Full path disclosure and sql injection on CubeCart 2.0.1,
Pedro Sanches
New Microsoft Security Response Center PGP Key [pgp],
Microsoft Security Response Center
[Gosecure Adivsory] Neoteris IVE Vulnerability,
Jian Hui Wang
Patch available for high risk flaws in the AtHoc Toolbar,
NGSSoftware Insight Security Research
[SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service,
Martin Schulze
MDKSA-2004:105 - Updated xine-lib packages fix multiple vulnerabilities,
Mandrake Linux Security Team
[GoSecure Advisory] Neoteris IVE Vulnerability,
Jian Hui Wang
CodeCon 2005 Call for Papers,
Len Sassaman
[Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal,
Alexander Antipov
Directory traversal in Tridcomm 1.3,
Luigi Auriemma
[ GLSA 200410-04 ] PHP: Memory disclosure and arbitrary location file upload,
Dan Margolis
[SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation,
Martin Schulze
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability,
3APA3A
SUSE Security Announcement: mozilla (SUSE-SA:2004:036),
Sebastian Krahmer
GDI+ JPEG exploit,
albatross
Patch available for multiple high risk vulnerabilities in RealPlayer,
NGSSoftware Insight Security Research
Multiple vulnerabilities in BlackBoard,
Lin Xiaofeng
Re: Full path disclosure in PHP Links - more,
LSS Security
ERRATA: Potential Arbitrary File Access (CAN-2004-0815),
Gerald (Jerry) Carter
[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board,
Alexander Antipov
Test your windows OS,
Berend-Jan Wever
Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bug,
Bipin Gautam
SUSE Security Announcement: samba (SUSE-SA:2004:035),
Thomas Biege
[security bulletin]SSRT4826 rev.0 Mozilla Application Suite for HP Tru64 UNIX Multiple Potential Security Vulnerabilities,
Boren, Rich (SSRT)
Patch available for critical IBM DB2 Universal Database flaws,
NGSSoftware Insight Security Research
[ GLSA 200410-02 ] Netpbm: Multiple temporary file issues,
Thierry Carrez
[FLSA-2004:1324] Updated libxml2 resolves security vulnerability,
Marc Deslauriers
Full path disclosure in PHP Links,
Nikyt0x Argentina
FreeBSD Security Advisory FreeBSD-SA-04:15.syscons,
FreeBSD Security Advisories
[FLSA-2004:1372] Updated sysstat packages fix security vulnerabilities,
Marc Deslauriers
[FLSA-2004:1325] Updated mod_python packages fix security vulnerability,
Dominic Hargreaves
[SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise,
Martin Schulze
[LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit,
ET LoWNOISE
Buffer Overflow in Spider game,
Security Team
[SECURITY] [DSA 556-1] New netkit-telnet packages fix invalid free,
Matt Zimmerman
Re:2. Code execution in Icecast 2.0.1(exploit with shellcode),
me
In-game format string in Judge Dredd vs. Death 1.01,
Luigi Auriemma
[FLSA-2004:1733] Updated squirrelmail resolves security vulnerabilities,
Dominic Hargreaves
Security advisory - Xerces-C++ 2.5.0: Attribute blowup,
Amit Klein (AKsecurity)
On Polymorphic Evasion,
Phantasmal Phantasmagoria
dbPowerAmp Buffer Overflow And Dos Vulnerabilities,
GulfTech Security
[ GLSA 200410-01 ] sharutils: Buffer overflows in shar.c and unshar.c,
Thierry Carrez
Oracle 9i Union Flaw,
Brandon Petty
MDKSA-2004:104 - Updated samba packages fix vulnerability,
Mandrake Linux Security Team
Broadcast buffer-overflow in Vypress Messenger 3.5.1,
Luigi Auriemma
EEYE: RealPlayer pnen3260.dll Heap Overflow,
Marc Maiffret
SQL Injection vulnerability in bBlog 0.7.3,
James McGlinn
Multiple Vulnerabilities in AJ-Fork,
Ahmad Muammar
TSLSA-2004-0051 - samba,
Trustix Security Advisor
CFMX vulnerability,
Eric Lackey
[SECURITY] [DSA 553-1] New getmail packages fix root compromise,
Martin Schulze
iDEFENSE Security Advisory 09.30.04 - Samba Arbitrary File Access Vulnerability,
customer service mailbox
iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability,
customer service mailbox
RE: Diebold Global Election Management System (GEMS) Backdoor,
Geoff Vass
Re:[4] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue,
advisories
Samba Security Announcement -- Potential Arbitrary File Access,
Gerald (Jerry) Carter
Unicornscan 0.4.2,
robert
Multiple Vulnerabilities in Silent Storm Portal,
R00tCr4ck
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes,
David Brodbeck
TSL-2004-0050 - multi,
Trustix Security Advisor
[SECURITY] [DSA 555-1] New frenet6 packages fix potential information leak,
Martin Schulze
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Nick Knouf
Multiple vulnerabilities in w-agora forum,
Alexander Antipov
[FLSA-2004:1468] Updated tcpdump packages that fix multiple security vulnerabilities,
Dominic Hargreaves
@lex Guestbook (PHP) Include file,
Himeur Nourredine
[ GLSA 200409-35 ] Subversion: Metadata information leak,
Sune Kloppenborg Jeppesen
Crash in Alpha Black Zero 1.04,
Luigi Auriemma
Re: Default username/password pairs in ON Command CCM 5.x database backend, Sep 20 2004 2:24PM,
Sym Security
MSSQL 7.0 DoS,
securma
MyWebServer 1.0.3,
nekd0
[FLSA-2004:1552] Updated cadaver packages that fix security vulnerabilities,
Dominic Hargreaves
Possible GDI Exploit Vector,
james_love
[CLA-2004:870] Conectiva Security Announcement - imlib,
Conectiva Updates
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to,
Gareth Humphries
Php RFC1867 Upload Vuln. POC Released,
Stefano Di Paola
directory traversal in ParaChat Server 5.5,
Donato Ferrante
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes,
Jeremy Epstein
[security bulletin] SSRT4794 rev.0 HPStorageWorks Command View XP access restriction bypass,
Boren, Rich (SSRT)
[ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm,
Thierry Carrez
Re: iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved D,
Lise Moorveld
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes,
David Brodbeck
Yahoo! Store Security Advisory,
Stuart Moore
MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs.,
Mandrake Linux Security Team
Multiple XSS Vulnerabilities in Wordpress 1.2,
Thomas Waldegger
Vignette Application Portal Unauthenticated Diagnostics,
Advisories
MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities,
Mandrake Linux Security Team
Code execution in Icecast 2.0.1,
Luigi Auriemma
[SECURITY] [DSA 554-1] New sendmail packages fix potential open relay,
Martin Schulze
GDI Virus in the wild.,
Ben
iDEFENSE Security Advisory 09.27.04 - IBM AIX ctstrtcasd Local File Corruption Vulnerability,
customer service mailbox
Broadcast crash in Chatman 1.5.1 RC1,
Luigi Auriemma
SQL injection in BroadBoard Instant ASP Message Board,
pigrelax
[Hat-Squad] Remote Buffer overflow Vulnerability in YahooPOPS,
Hat-Squad Security Team
[CLA-2004:869] Conectiva Security Announcement - kernel,
Conectiva Updates
Re: HTTP Response Splitting and SQL injection in megabbs forum,
PD9 Software
RE: New whitepaper "The Phishing Guide",
Dehner, Benjamin T.
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Jeremy Epstein
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Yoav Nir
<Possible follow-ups>
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Reed, Phillip C. (LNG-DAY)
Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue,
advisories
New XSS vulnerabilities in paFileDB 3.1 final,
alireza hassani
Motorola Wireless Router WR850G Authentication Circumvention,
Daniel Fabian
[ GLSA 200409-29 ] FreeRADIUS: Multiple Denial of Service vulnerabilities,
Sune Kloppenborg Jeppesen
NEW GDI+ JPEG Remote Exploit,
John Bissell
New Macromedia Security Zone Bulletins Postede,
Macromedia Security Zone
[ GLSA 200409-31 ] jabberd 1.x: Denial of Service vulnerability,
Sune Kloppenborg Jeppesen
Buffer overflow in Zinf 2.2.1 for Win32,
Luigi Auriemma
TSLSA-2004-0049 - apache,
Trustix Security Advisor
aspWebCalendar /aspWebAlbum: SQL injection,
Pedro Sanches
Re: Microsoft's GDI Detetection Tool faults,
John Bissell
[ GLSA 200409-32 ] getmail: Filesystem overwrite vulnerability,
Sune Kloppenborg Jeppesen
Promiscuous email printing in Canon imageRunner,
Andrew Daviel
Example of JPG Exploit & Shellcode,
javier falbo
MDKSA-2004:101 - Updated webmin packages fix vulnerabilities,
Mandrake Linux Security Team
Remote buffer overflow in MDaemon IMAP and SMTP server,
pigrelax
Macromedia Products Not Affected by MS JPEG/GDIPlus Issue,
Macromedia Security Zone
Pinnacle ShowCenter Skin Denial of Service,
Marc Ruef
MDKSA-2004:102 - Updated ImageMagick packages fix arbitray code execution vulnerabilities,
Mandrake Linux Security Team
Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues,
Sym Security
Multiple vulnerabilities in ActivePost Standard 3.1,
Luigi Auriemma
[CLA-2004:868] Conectiva Security Announcement - apache,
Conectiva Updates
MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities,
Mandrake Linux Security Team
[ GLSA 200409-30 ] xine-lib: Multiple vulnerabilities,
Thierry Carrez
[CLA-2004:866] Conectiva Security Announcement - qt3,
Conectiva Updates
And More Advanced SQL Injection...,
Stefano Di Paola
Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0,
Matthias Wimmer
New whitepaper "The Phishing Guide",
Gunter Ollmann (NGS)
iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved Device Name Handling Vulnerability,
customer service mailbox
[SECURITY] [DSA 552-1] New imlib2 packages fix potential arbitrary code execution,
Martin Schulze
Pinnacle ShowCenter 1.51 possible DoS,
Jérôme
[ GLSA 200409-28 ] GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities,
Thierry Carrez
[CLA-2004:867] Conectiva Security Announcement - spamassassin,
Conectiva Updates
Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products,
Mike Sues
[ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability,
Thierry Carrez
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
pressinfo
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Jaeson Schultz
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Jay Hennigan
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Homer
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Rainer Duffner
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Craig Paterson
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Mike Ely
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Marvin Bellamy
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Atom 'Smasher'
- <Possible follow-ups>
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Polazzo Justin
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Polazzo Justin
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Polazzo Justin
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes,
Polazzo Justin
Netscape NSS Library Vulnerability Affects Sun Java Enterprise System,
Jérôme
ICMP spoofed source tunneling,
Max Tulyev
Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004),
Luigi Auriemma
[SECURITY] [DSA 551-1] New lukemftpd packages fix arbitrary code execution,
Martin Schulze
CA UniCenter Management Portal Username Enumeration Vulnerability,
thomas adams
Multiple Vulnerabilities In EmuLive Server4,
GulfTech Security
[ GLSA 200409-24 ] Foomatic: Arbitrary command execution in foomatic-rip filter,
Joshua J. Berry
Local root compromise possible with getmail,
David Watson
[SECURITY] [DSA 550-1] New wv packages fix arbitrary command execution,
Martin Schulze
Multiple Full Disclosure Path in postnuke 0.750 phoenix,
Jérôme
FreeBSD Security Advisory FreeBSD-SA-04:14.cvs,
FreeBSD Security Advisories
Default username/password pairs in ON Command CCM 5.x database backend,
Jonas Olsson
Vulnerabilities in TUTOS,
Joxean Koret
[ GLSA 200409-26 ] Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities,
Thierry Carrez
Serious Security Issue in Windows XP SP2's Firewall,
Andreas Marx
CoD United Offensive boom boom,
Luigi Auriemma
[ GLSA 200409-25 ] CUPS: Denial of service vulnerability,
Thierry Carrez
glFTPd local stack buffer overflow,
CoKi
Debian netkit telnetd vulnerability,
Michal Zalewski
Tool announcement: fakebust,
Michal Zalewski
AOL Groups/AIM Information Disclosure,
Link Linkovich
Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue,
advisories
ADVISORY: security hole (http response splitting) in snitz forums 2000,
Maestro De-Seguridad
GoogleToolbar:About -- Allows Script Injection,
ViPeR
MDKSA-2004:097 - Updated cups packages fix DoS vulnerability,
Mandrake Linux Security Team
Php Vulnerability N. 2,
Stefano Di Paola
Important message to Bugtraq Subscribers!,
Daniel Bertrand
Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code),
kers0r
Freeze in Pigeon Server 3.02.0143,
Luigi Auriemma
Sudo Exploit by Rosiello Security,
Angelo Rosiello
Corsaire Security Advisory - Multiple vendor MIME field whitespace issue,
advisories
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.,
khoaimi
RhinoSoft DNS4ME HTTP Server Vulnerabilities,
GulfTech Security
Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue,
advisories
MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities,
Mandrake Linux Security Team
[exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit,
admin
RsyncX vulnerabilities,
Matt Johnston
Microsoft WordPerfect 5.x Converter Heap Overflow,
NGSSoftware Insight Security Research
FreeBSD kernel buffer overflow,
gerarra
iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability,
customer service mailbox
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities,
Paul Johnston
iDEFENSE Security Advisory 09.16.04: Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability,
customer service mailbox
[ GLSA 200409-19 ] Heimdal: ftpd root escalation,
Sune Kloppenborg Jeppesen
CESA-2004-004: libXpm,
chris
[sudo-announce] Sudo version 1.6.8p1 now available (fwd),
je
MDKSA-2004:098 - Updated libxpm4 packages fix libXpm overflow vulnerabilities,
Mandrake Linux Security Team
JPEG Processing BOF Proof Of Concept,
GulfTech Security
Fwd: Theo's presentation on exploit prevention,
Bas Alberts
XSA-2004-4: multiple string overflows,
Michael Roitzsch
XSA-2004-5: heap overflow in DVD subpicture decoder,
Michael Roitzsch
www.proboards.com / YaBB XSS Vuln,
admin
TSLSA-2004-0047 - multi,
Trustix Security Advisor
[SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution,
Martin Schulze
[SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities,
Martin Schulze
PHP Vulnerability N. 1,
Stefano Di Paola
MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities,
Mandrake Linux Security Team
Re: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE],
bashis
[SECURITY] [DSA 545-1] New cupsys packages fix denial of service,
Martin Schulze
[RLSA_04-2004] QNX crrtrap possible race condition vulnerability,
Julio Cesar Fort
Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access,
Michael Scheidell
SUSE Security Announcement: cups (SUSE-SA:2004:031),
Sebastian Krahmer
Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow,
Nick D.
SA04-002 - Apache config file env variable buffer overflow,
jonas . thambert
CESA-2004-005: gtk+ XPM decoder,
chris
[ANNOUNCE] Apache HTTP Server 2.0.51 Released,
Sander Striker
MDKSA-2004:095 - Updated gdk-pixbuf packages fix image loading vulnerabilities,
Mandrake Linux Security Team
[OpenPKG-SA-2004.042] OpenPKG Security Advisory (aspell),
OpenPKG
[OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba),
OpenPKG
McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE],
Jérôme
MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic,
Mandrake Linux Security Team
SUSE Security Announcement: apache2 (SUSE-SA:2004:032),
Ludwig Nussel
MDKSA-2004:093 - Updated squid packages fix DoS vulnerability,
Mandrake Linux Security Team
New Mozilla, Firefox and Thunderbird releases fix critical security issues,
Gaël Delalleau
SMC7004VWBR / SMC7008ABR "spoofing" vulnerability.,
Jimmy Scott
ADVISORY: http response splitting in snipsnap,
Maestro De-Seguridad
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution [MS04-028],
Jérôme
Corsaire Security Advisory - Multiple vendor MIME field quoting issue,
advisories
Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue,
advisories
Rainbow tables for LM/NTLMv1 authentication,
Hidenobu Seki
[ GLSA 200409-18 ] cdrtools: Local root vulnerability in cdrecord if set SUID root,
Sune Kloppenborg Jeppesen
Correction to latest Colsaire advisories,
3APA3A
Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability,
Jérôme
Inkra 1504GX DoS vulnerability in conducting IP protocol,
felix zhou
[RLSA_02-2004] QNX Photon multiple buffer overflows,
Julio Cesar Fort
[ GLSA 200409-17 ] SUS: Local root vulnerability,
Sune Kloppenborg Jeppesen
Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue,
advisories
Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue,
advisories
[RLSA_03-2004] QNX ftp client format string bug,
Julio Cesar Fort
[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug,
bima tampan
[SECURITY] [DSA 544-1] New webmin packages fix insecure temporary directory,
Martin Schulze
SUS 2.0.2 local root vulnerability,
LSS Security
Corsaire Security Advisory - Multiple vendor MIME separator issue,
advisories
QNX crrtrap possible race condition vulnerability,
Jérôme
Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue,
advisories
Zyxel Prestige 681 SDSL router information leak,
Przemyslaw Frasunek
The ArpSucker is b0rn! Be yourself, be the net.,
Alpt
Insecure file permissions in the Firefox browser for Linux >= v0.9,
Max
MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities,
Mandrake Linux Security Team
@stake advisory: Pingtel Xpressa Denial of Service,
Advisories
TSL-2004-0046 - multi,
Trustix Security Advisor
@stake advisory: Lexar JumpDrive Secure Password Extraction,
Chris Wysopal
Samba nmbd Invalid Length Denial of Service Vulnerability [iDEFENSE],
Jérôme
[ GLSA 200409-16 ] Samba: Denial of Service vulnerabilities,
Sune Kloppenborg Jeppesen
[CLA-2004:865] Conectiva Security Announcement - zlib,
Conectiva Updates
[OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos),
OpenPKG
[CLA-2004:864] Conectiva Security Announcement - kde,
Conectiva Updates
problem in voip environment,
Pasquiet Loic (M.)
Posible Inclusion File in Perl Desk,
Nikyt0x Argentina
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808),
Gerald (Jerry) Carter
Directory Traversal Vulnerability in TwinFTP Server allows overwriting,
Jérôme
RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service,
Wolfpaw - Dale Corse
[ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin,
Dan Margolis
Gadu-Gadu (all versions with image-send feature) Heap Overflow,
Sec-Labs Team
F-Secure Internet Gatekeeper Content Scanning Server Denial of Service [iDEFENSE],
Jérôme
Off-by-one bug in Halo 1.04,
Luigi Auriemma
SQL-Injection in Subjects 2.0 for Postnuke,
Criolabs
Serv-U up to 5.2 Denial of Service,
Patrick
cdrecord local root exploit,
newbug Tseng
Remote buffer overflow in Apache mod_ssl when reverse proxying SSL,
Jérôme
CAU-EX-2004-0002: cdrecord-suidshell.sh,
I)ruid
Multiple vulnerabilities in Icewarp Web Mail 5.2.7,
ShineShadow
ERRATA: [ GLSA 200409-14 ] Samba: Remote printing non-vulnerability,
Sune Kloppenborg Jeppesen
Axis Network Camera and Video Server Security Advisory,
product-security
New Data Wipe Tools,
Thomas C. Greene
[CLA-2004:860] Conectiva Security Announcement - krb5,
Conectiva Updates
BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included],
Jérôme
OpenOffice World-Readable Temporary Files Disclose Files to Local Users,
Jérôme
[CLA-2004:863] Conectiva Security Announcement - wv,
Conectiva Updates
serverview 3.0 - insecure file permissions,
Rene
[ GLSA 200409-12 ] ImageMagick, imlib, imlib2: BMP decoding buffer overflows,
Thierry Carrez
[ GLSA 200409-14 ] Samba: Remote printing vulnerability,
Sune Kloppenborg Jeppesen
Multiple vulnerabilities 1n BBS E-Market Professional,
Ahmad Muammar
MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability,
Mandrake Linux Security Team
[ GLSA 200409-13 ] LHa: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability,
Mandrake Linux Security Team
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
