Bugtraq: by thread
RSS Feed
About List
All Lists
Previous period
383 messagesstarting Jan 01 05 andending Jan 31 05
Date index |Thread index |Author index
- Jacks FormMail.php remote file access vulnerabilityHack Hawk (Jan 01)
- Windows Media files allow opening any url in Internet ExplorerBerend-Jan Wever (Jan 01)
- Windows LoadImage API Heapoverflow exploitBerend-Jan Wever (Jan 01)
- 7a69Adv#17 - Internet Explorer FTP download path disclosureAlbert Puigsech Galicia (Jan 01)
- Various Vulnerabilities in OWL Intranet EngineJoxean Koret (Jan 01)
- Cross Site Scripting Vulnerabilities and Possible Code Executionin SugarCRMJoxean Koret (Jan 01)
- Two Vulnerabilities in ViewCVSJoxean Koret (Jan 01)
- [SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary filesMartin Schulze (Jan 03)
- Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parserPeter Kruse (Jan 03)
- STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoardadvisory (Jan 03)
- Multiple Vulnerabilities in FlatNukePierquinto Manco (Jan 03)
- Multiple Firewall Products Bypass VulnerabilityFerruh Mavituna (Jan 03)
- Re: Multiple Firewall Products Bypass VulnerabilityAnsgar -59cobalt- Wiechers (Jan 14)
- 3Com 3CDaemon Multiple VulnerabilitiesSowhat . (Jan 04)
- Serious Vulnerabilities In PhotoPost ReviewPostGulfTech Security (Jan 04)
- [SECURITY] [DSA 623-1] New nasm packages fix arbitrary code executionMartin Schulze (Jan 04)
- Multiple PhotoPost Pro VulnerabilitiesGulfTech Security (Jan 04)
- [KDE Security Advisory] ftp kioslave command injectionDirk Mueller (Jan 04)
- MyBB SQL Injectionscottm (Jan 04)
- Socket termination, format string and XSS in Soldner Secret Wars 30830Luigi Auriemma (Jan 04)
- QWikiwiki directory traversal vulnerabilityMadelman (Jan 04)
- [SECURITY] [DSA 624-1] New zip packages fix arbitrary code executionMartin Schulze (Jan 05)
- [ GLSA 200501-04 ] Shoutcast Server: Remote code executionLuke Macken (Jan 05)
- [CLA-2005:910] Conectiva Security Announcement - mplayerConectiva Updates (Jan 05)
- [SECURITY] [DSA 625-1] New pcal packages fix arbitrary code executionMartin Schulze (Jan 05)
- [ GLSA 200501-01 ] LinPopUp: Buffer overflow in message replyThierry Carrez (Jan 05)
- [ GLSA 200501-02 ] a2ps: Insecure temporary files handlingThierry Carrez (Jan 05)
- [ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilitiesThierry Carrez (Jan 05)
- DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability'KF (Lists) (Jan 05)
- IBM DB2 db2fmp buffer overflow (#NISR05012005A)NGSSoftware Insight Security Research (Jan 05)
- Paper: SQL Injection Attacks by ExampleSteve Friedl (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield (Jan 05)
- <Possible follow-ups>
- RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V (Jan 05)
- Re: Paper: SQL Injection Attacks by ExampleChip Andrews (Jan 05)
- Re: Paper: SQL Injection Attacks by ExampleCory Foy (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleMichael Silk (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleSergey Chernyshev (Jan 06)
- IBM DB2 libdb2.so buffer overflow (#NISR05012005B)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 call buffer overflow (#NISR05012005C)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 Windows Permission Problems (#NISR05012005F)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 XML functions overflows (#NISR05012005H)NGSSoftware Insight Security Research (Jan 05)
- IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)NGSSoftware Insight Security Research (Jan 05)
- [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srvSune Kloppenborg Jeppesen (Jan 05)
- [ GLSA 200501-06 ] tiff: New overflows in image decodingThierry Carrez (Jan 05)
- All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowRafel Ivgi, The-Insider (Jan 06)
- <Possible follow-ups>
- RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowPolazzo Justin (Jan 06)
- re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowSym Security (Jan 06)
- [SECURITY] [DSA 626-1] New tiff packages fix denial of serviceMartin Schulze (Jan 06)
- [SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerabilityMartin Schulze (Jan 06)
- [SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code executionMartin Schulze (Jan 06)
- Socket unreacheable in Amp II engineLuigi Auriemma (Jan 06)
- [USN-54-1] TIFF library tool vulnerabilityMartin Pitt (Jan 06)
- [USN-55-1] imlib2 vulnerabilitiesMartin Pitt (Jan 06)
- [ GLSA 200501-07 ] xine-lib: Multiple overflowsThierry Carrez (Jan 06)
- [CLA-2005:913] Conectiva Security Announcement - sambaConectiva Updates (Jan 06)
- MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 06)
- MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilitiesMandrake Linux Security Team (Jan 06)
- MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilitiesMandrake Linux Security Team (Jan 06)
- MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 06)
- [ GLSA 200501-08 ] phpGroupWare: Various vulnerabilitiesLuke Macken (Jan 06)
- [ GLSA 200501-09 ] xzgv: Multiple overflowsThierry Carrez (Jan 06)
- [ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerabilityThierry Carrez (Jan 06)
- WinAc AND WinHKI ZIP File Directory TransversalRafel Ivgi, The-Insider (Jan 06)
- Santy and SSLOfer Shezaf (Jan 06)
- grsecurity 2.1.0 release / 5 Linux kernel advisoriesBrad Spengler (Jan 07)
- <Possible follow-ups>
- grsecurity 2.1.0 release / 5 Linux kernel advisoriesBrad Spengler (Jan 07)
- Linux kernel sys_uselib local root vulnerabilityPaul Starzetz (Jan 07)
- Mozilla XBM Image VulnerabilityLuca Ercoli (Jan 07)
- Simple PHP Blog directory traversal vulnerabilityMadelman (Jan 07)
- [SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code executionMartin Schulze (Jan 07)
- Linux kernel uselib() privilege elevation, correctedPaul Starzetz (Jan 07)
- iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerabilitycustomer service mailbox (Jan 07)
- Troj/Winser-A malware analysisSteve Friedl (Jan 07)
- iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerabilitycustomer service mailbox (Jan 07)
- Security Advisory: Woltlab Burning Board Lite formmail.php XSSMartin Heistermann (Jan 10)
- [ GLSA 200501-12 ] TikiWiki: Arbitrary command executionMatthias Geerdsen (Jan 10)
- [SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directoryMartin Schulze (Jan 10)
- SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001)Thomas Biege (Jan 10)
- [SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code executionMartin Schulze (Jan 10)
- [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command executionMartin Schulze (Jan 10)
- SQL Injection Vulnerability in Invision Community Blogdarkhawk matrix (Jan 10)
- [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included XpdfSune Kloppenborg Jeppesen (Jan 11)
- [ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilitiesSune Kloppenborg Jeppesen (Jan 11)
- [SECURITY] [DSA 634-1] New hylafax packages fix unauthorised accessMartin Schulze (Jan 11)
- Multi-vendor AV gateway image inspection bypass vulnerabilityDarren Bounds (Jan 11)
- UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)Liu Die Yu (Jan 11)
- The Misuse of RC4 in Microsoft Word and ExcelHongjun Wu (Jan 11)
- Re: The Misuse of RC4 in Microsoft Word and ExcelBrendan Dolan-Gavitt (Jan 11)
- HylaFAX hfaxd unauthorized login vulnerabilityLee Howard (Jan 11)
- applicable exploit for winxp-sp2-uptodate Internet ExplorerLiu Die Yu (Jan 11)
- IE HHCTRL exploit still usable even after patchValentin Avram (Jan 19)
- EEYE: Windows ANI File Parsing Buffer OverflowDerek Soeder (Jan 11)
- VERITAS Backup Exec 8.x/9.x Remote Universal Exploitclass 101 (Jan 11)
- [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflowTeam SHATTER (Application Security, Inc.) (Jan 11)
- [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token ValidationTeam SHATTER (Application Security, Inc.) (Jan 11)
- Portcullis Security Advisory 05-010Paul J Docherty (Jan 11)
- Firespoofing [Firefox 1.0]mikx (Jan 11)
- Re: Firespoofing [Firefox 1.0]Pavel Kankovsky (Jan 11)
- [ GLSA 200501-18 ] KDE FTP KIOslave: Command injectionSune Kloppenborg Jeppesen (Jan 11)
- Portcullis Security Advisory 05-005Paul J Docherty (Jan 11)
- Portcullis Security Advisory 05-001Paul J Docherty (Jan 11)
- Portcullis Security Advisory 05-007Paul J Docherty (Jan 11)
- Mod_dosevasive symlink and race vulnerabilityLSS Security (Jan 11)
- Portcullis Security Advisory 05-006Paul J Docherty (Jan 11)
- Portcullis Security Advisory 05-003Paul J Docherty (Jan 11)
- [SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creationMartin Schulze (Jan 11)
- [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)OpenPKG (Jan 11)
- Portcullis Security Advisory 05-004Paul J Docherty (Jan 11)
- Metasploit Framework v2.3H D Moore (Jan 11)
- Woltlab Burning Book addentry.php SQL InjectionMartin Heistermann (Jan 11)
- Apache mod_auth_radius remote integer overflowLSS Security (Jan 11)
- [ GLSA 200501-11 ] Dillo: Format string vulnerabilityThierry Carrez (Jan 11)
- [USN-58-1] MIT Kerberos server vulnerabilityMartin Pitt (Jan 11)
- [ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerabilityThierry Carrez (Jan 11)
- Portcullis Security Advisory 05-009Paul J Docherty (Jan 11)
- Security Contact for Nokia Mobile phone softwaresrohit (Jan 11)
- [ GLSA 200501-20 ] o3read: Buffer overflow during file conversionThierry Carrez (Jan 11)
- IlohaMail Insecure Configuration Fileswang (Jan 11)
- Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1David Ahmad (Jan 11)
- Re: DSL- Router Teledat 530 DoSStefan S . (Jan 11)
- [ GLSA 200501-22 ] poppassd_pam: Unauthorized password changingThierry Carrez (Jan 11)
- Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerabilityDanny (Jan 11)
- Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerabilityDarren Bounds (Jan 11)
- [NILESA-20050101]: Denial of Service vulnerability due to the mountd bugJonglim Yun (Jan 11)
- [ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included XpdfThierry Carrez (Jan 11)
- Squirrelmail vacation v0.15 local root exploitLSS Security (Jan 11)
- [USN-59-1] mailman vulnerabilitiesMartin Pitt (Jan 11)
- WMV (Windows Media Player) trojan in wildMarc Bejarano (Jan 11)
- Portcullis Security Advisory 05-008Paul J Docherty (Jan 11)
- Linux kernel i386 SMP page fault handler privilege escalationPaul Starzetz (Jan 12)
- Arkeia Possible remote root & information leakageMaciej Bogucki (Jan 12)
- [SECURITY] [DSA 635-1] New exim packages fix arbitrary code executionMartin Schulze (Jan 12)
- Security Advisory: BiTBOARD xssMartin Heistermann (Jan 12)
- [SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary filesMartin Schulze (Jan 12)
- [ GLSA 200501-23 ] Exim: Two buffer overflowsMatthias Geerdsen (Jan 12)
- Is DEP easily evadable?John Richard Moser (Jan 12)
- Re: Is DEP easily evadable?Florian Weimer (Jan 13)
- Re: Is DEP easily evadable?John Richard Moser (Jan 13)
- Re: Is DEP easily evadable?Ben Pfaff (Jan 13)
- Re: Is DEP easily evadable?John Richard Moser (Jan 14)
- Re: Is DEP easily evadable?Ben Pfaff (Jan 14)
- Re: Is DEP easily evadable?John Richard Moser (Jan 13)
- Re: Is DEP easily evadable?Florian Weimer (Jan 13)
- Windows ANI File Parsing Proof Of Concept (MS05-002)assaf404 (Jan 12)
- [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNukeJanek Vind (Jan 12)
- [SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilitiesMartin Schulze (Jan 13)
- [CLA-2005:915] Conectiva Security Announcement - php4Conectiva Updates (Jan 13)
- [SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code executionMartin Schulze (Jan 13)
- [CLA-2005:916] Conectiva Security Announcement - etherealConectiva Updates (Jan 13)
- XSS Vulnerability in ForumKITtom cruise (Jan 13)
- [CLA-2005:917] Conectiva Security Announcement - krb5Conectiva Updates (Jan 13)
- Cross Site Scripting holes found in Horde 3.0Hyperdose Security (Jan 13)
- TSLSA-2005-0001 - multiTrustix Security Advisor (Jan 13)
- IE issue with percent 20RSnake (Jan 13)
- InternetExploiter 3.2Berend-Jan Wever (Jan 13)
- UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilitiesThierry Carrez (Jan 13)
- Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attackCIRT Advisory (Jan 13)
- <Possible follow-ups>
- Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attackHammud_Saway (Jan 13)
- MDKSA-2005:006 - Updated hylafax packages fix vulnerabilityMandrake Linux Security Team (Jan 13)
- SB2005002: pron to bypass APF checking uid(0) routinex90c (Jan 13)
- MDKSA-2005:007 - Updated imlib packages fix vulnerabilityMandrake Linux Security Team (Jan 13)
- STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilitiesadvisory (Jan 13)
- iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerabilitycustomer service mailbox (Jan 13)
- Server crash in Breed patch #1Luigi Auriemma (Jan 13)
- iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerabilitycustomer service mailbox (Jan 14)
- iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerabilitycustomer service mailbox (Jan 14)
- XSS Vulnerability in Siteman v1.1.9Pedram hayati (Jan 14)
- Internet Explorer valid JavaScript-file successfull load detection local file enumerationBerend-Jan Wever (Jan 14)
- [CLA-2005:918] Conectiva Security Announcement - twikiConectiva Updates (Jan 14)
- Paper: How to exploit overflow vulnerability under Fedora Core 2vangelis vangelis (Jan 14)
- MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerabilityMandrake Linux Security Team (Jan 14)
- new tool : the first remote PHP vulnerability scannerbad boy (Jan 14)
- [SECURITY] [DSA 639-1] New mc packages fix several vulnerabilitiesMartin Schulze (Jan 14)
- iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerabilitycustomer service mailbox (Jan 14)
- Re: rssh and scponly arbitrary command executionDerek Martin (Jan 15)
- iDefense iTunes advisory.nemo (Jan 15)
- [USN-60-0] Linux kernel vulnerabilitiesMartin Pitt (Jan 15)
- Various Vulnerabilities in SparkleBlogKovács László (Jan 15)
- RE: Various Vulnerabilities in SparkleBlogAlan W. Rateliff, II (Jan 15)
- XSS in the nested BB tag in many forumpigrelax (Jan 15)
- Apple Airport WDS DoSDylan Griffiths (Jan 15)
- exim dns_buld_reverse() proof-of-conceptRafael San Miguel Carrasco (Jan 15)
- [ GLSA 200501-25 ] Squid: Multiple vulnerabilitiesSune Kloppenborg Jeppesen (Jan 17)
- [SECURITY] [DSA 640-1] New gatos packages fix arbitrary code executionMartin Schulze (Jan 17)
- [OpenPKG-SA-2005.002] OpenPKG Security Advisory (sudo)OpenPKG (Jan 17)
- [OpenPKG-SA-2005.003] OpenPKG Security Advisory (a2ps)OpenPKG (Jan 17)
- [SECURITY] [DSA 641-1] New playmidi packages fix local root exploitMartin Schulze (Jan 17)
- [SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilitiesMartin Schulze (Jan 17)
- SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002)Ludwig Nussel (Jan 17)
- [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerabilitychewkeong (Jan 18)
- Minis directory traversal vulnerabilityMadelman (Jan 18)
- Multiple Vulnerabilities in Netgear FVS318 RouterPaul Kurczaba (Jan 18)
- phpGiftReq SQL InjectionMadelman (Jan 18)
- MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 18)
- Multiple high risk vulnerabilities in Oracle RDBMS 10g/9iNGSSoftware Insight Security Research (Jan 19)
- [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code executionMartin Schulze (Jan 19)
- [SECURITY] [DSA 643-1] New queue packages fix buffer overflowsMartin Schulze (Jan 19)
- iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerabilitycustomer service mailbox (Jan 19)
- UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison.please_reply_to_security (Jan 19)
- Novell GroupWise WebAccess error modules loadingMarc Ruef (Jan 19)
- Re: Novell GroupWise WebAccess error modules loadingJonathan Rockway (Jan 22)
- [USN-62-1] imagemagick vulnerabilityMartin Pitt (Jan 19)
- Netegrity SiteMinder smpwservicescgi.exe target specificationMarc Ruef (Jan 19)
- [USN-63-1] MySQL client vulnerabilityMartin Pitt (Jan 19)
- Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locationsRafel Ivgi, The-Insider (Jan 19)
- [USN-61-1] vim vulnerabilitiesMartin Pitt (Jan 19)
- Unrestricted I/O access vulnerability in INCA GameguardRyu Connor (Jan 19)
- <Possible follow-ups>
- Re: Unrestricted I/O access vulnerability in INCA GameguardDavid Roberts (Jan 28)
- Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting VulnerabilityRafel Ivgi, The-Insider (Jan 19)
- iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflowcustomer service mailbox (Jan 19)
- PeteFinnigan.com - Oracle security advisoryPete Finnigan (Jan 19)
- Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing SolutionsCisco Systems Product Security Incident Response Team (Jan 19)
- Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After PatchValentin Avram (Jan 20)
- RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)NGSSoftware Insight Security Research (Jan 19)
- MSN Heartbeat Control Buffer OverflowNGSSoftware Insight Security Research (Jan 19)
- RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)NGSSoftware Insight Security Research (Jan 19)
- Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)NGSSoftware Insight Security Research (Jan 19)
- Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)NGSSoftware Insight Security Research (Jan 19)
- Darwin Kernel Vulnerabilitynemo (Jan 19)
- Re: Darwin Kernel Vulnerabilityneil (Jan 20)
- RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e)NGSSoftware Insight Security Research (Jan 19)
- iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service VulnerabilitiesMichael Sutton (Jan 19)
- [SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code executionMartin Schulze (Jan 19)
- [SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code executionMartin Schulze (Jan 20)
- [SECURITY] [DSA 647-1] New mysql packages fix insecure temporary filesMartin Schulze (Jan 20)
- fkey[v0.0.2]: local/remote file accessibility exploit.Vade 79 (Jan 20)
- [SECURITY] [DSA 651-1] New squid packages fix denial of serviceMartin Schulze (Jan 20)
- [USN-64-1] xpdf, CUPS vulnerabilitiesMartin Pitt (Jan 20)
- [SECURITY] [DSA 650-1] New sword packages fix arbitrary command executionMartin Schulze (Jan 20)
- [USN-66-1] PHP vulnerabilitiesMartin Pitt (Jan 20)
- [CLA-2005:920] Conectiva Security Announcement - libtiff3Conectiva Updates (Jan 20)
- [USN-67-1] Squid vulnerabilitiesMartin Pitt (Jan 20)
- Multiple vulnerabilities in KonversationWouter Coekaerts (Jan 20)
- MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 20)
- Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle ApplicationsIntegrigy Security (Jan 20)
- MDKSA-2005:009 - Updated mpg123 packages fix vulnerabilityMandrake Linux Security Team (Jan 20)
- MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 20)
- STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerabilityadvisory (Jan 20)
- STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerabilityadvisory (Jan 20)
- [SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypassMartin Schulze (Jan 20)
- God Admin Injection Vulnerability in Siteman 1.0.xPedram hayati (Jan 20)
- OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cacheplease_reply_to_security (Jan 20)
- [ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflowSune Kloppenborg Jeppesen (Jan 20)
- [USN-65-1] Apache utility script vulnerabilityMartin Pitt (Jan 20)
- [SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilitiesMartin Schulze (Jan 21)
- UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilitiesplease_reply_to_security (Jan 21)
- iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure VulnerabilityiDefense Customer Service (Jan 21)
- [ GLSA 200501-27 ] Ethereal: Multiple vulnerabilitiesLuke Macken (Jan 21)
- SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003)Marcus Meissner (Jan 21)
- Various Buffer Overflows in Oracle 10g ToolsJoxean Koret (Jan 21)
- Re: Various Buffer Overflows in Oracle 10g ToolsDavid Litchfield (Jan 22)
- bug report comersus Back Office Lite 6.0 and 6.0.1raf somers (Jan 21)
- Mac OS X 10.3 iSync Privilege EscalationBraden Thomas (Jan 22)
- (MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems)houseofdabus HOD (Jan 22)
- Re: Advanced GuestbookStewart Souter (Jan 22)
- PHRACK #63 CALL FOR PAPERSrm (Jan 22)
- Call for DEFCON Capture the Flag Organizers.The Dark Tangent (Jan 22)
- [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerabilityLuke Macken (Jan 22)
- Arbitrary files overwriting through skins in DivX Player 2.6Luigi Auriemma (Jan 22)
- Microsoft NetDDE Service Unauthenticated Remote Buffer OverflowNGSSoftware Insight Security Research (Jan 22)
- [SECURITY] [DSA 653-1] New ethereal packages fix buffer overflowMartin Schulze (Jan 22)
- KDE Security Advisory: KOffice PDF Import Filter VulnerabilityWaldo Bastian (Jan 22)
- ASH Hashing Algorithmseasonedpaper (Jan 22)
- [SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilitiesMartin Schulze (Jan 22)
- Security Contact within RIM / BlackberryMark Litchfield (Jan 22)
- KDE Security Advisory: Multiple vulnerabilities in KonversationWaldo Bastian (Jan 22)
- [ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2Thierry Carrez (Jan 22)
- [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf codeThierry Carrez (Jan 22)
- Siteman User Database Line Insertion Vulnerabilityshoalie sefid (Jan 22)
- Internet Explorer URL obfuscation.Stewart, Graeme (Jan 22)
- Re: Internet Explorer URL obfuscation.Berend-Jan Wever (Jan 24)
- RealVNC ContactDSGM (Jan 22)
- Netscape Overflow.Carlos Ulver (Jan 22)
- [KDE Security Advisory] kpdf Buffer Overflow VulnerabilityDirk Mueller (Jan 24)
- [ GLSA 200501-33 ] MySQL: Insecure temporary file creationLuke Macken (Jan 24)
- [ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf codeSune Kloppenborg Jeppesen (Jan 24)
- SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004)Marcus Meissner (Jan 24)
- SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow3APA3A (Jan 24)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowMichael Hampton (Jan 25)
- <Possible follow-ups>
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowDavid LeBlanc (Jan 28)
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowDavid LeBlanc (Jan 29)
- Local buffer-overflow in W32Dasm 8.93Luigi Auriemma (Jan 24)
- Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password EncryptionPaul J Docherty (Jan 24)
- MDKSA-2005:012 - Updated zhcon packages fix vulnerabilityMandrake Linux Security Team (Jan 24)
- Multiple vulnerabilities in MercuryBoard 1.1.1Alberto Trivero (Jan 24)
- English-language version of K-OTik.COM launched today !K-OTiK Security (Jan 24)
- iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow VulnerabilityiDefense Customer Service (Jan 24)
- [ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helperLuke Macken (Jan 24)
- MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 24)
- [SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code executionMartin Schulze (Jan 25)
- logwatch and logrotate might create a blind spot in reportingSami Pitko (Jan 25)
- Re: logwatch and logrotate might create a blind spot in reportingThe Tibetan Traveller (Jan 26)
- [SECURITY] [DSA 656-1] New vdr packages fix insecure file accessMartin Schulze (Jan 25)
- [SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file accessMartin Schulze (Jan 25)
- Vulnerabilities in eXponent 0.95Ahmad Muammar (Jan 25)
- MDKSA-2005:015 - Updated mailman packages fix vulnerabilitiesMandrake Linux Security Team (Jan 25)
- MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 25)
- Re: ADVISORY: security hole (http response splitting) in snitz forums 2000Harold Lines (Jan 25)
- [USN-68-1] enscript vulnerabilitiesMartin Pitt (Jan 25)
- [CLA-2005:921] Conectiva Security Announcement - xpdfConectiva Updates (Jan 25)
- [USN-69-1] Evolution vulnerabilityMartin Pitt (Jan 25)
- [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilitiesThierry Carrez (Jan 25)
- Re: "Local" and "Remote" considered insufficientFrank Knobbe (Jan 25)
- [USN-70-1] Perl DBI module vulnerabilityMartin Pitt (Jan 25)
- [SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary fileMartin Schulze (Jan 25)
- phpEventCalendar HTML injectionMadelman (Jan 25)
- [ GLSA 200501-36 ] AWStats: Remote code executionLuke Macken (Jan 25)
- Re: [ GLSA 200501-36 ] AWStats: Remote code executionDelian Krustev (Jan 26)
- wifi AP + broadcoast pingMiroslav Kubik (Jan 25)
- OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevationplease_reply_to_security (Jan 26)
- OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictionsplease_reply_to_security (Jan 26)
- MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilitiesMandrake Linux Security Team (Jan 26)
- List of all admin accounts in phpBBPredrag Damnjanovic (Jan 26)
- Re: List of all admin accounts in phpBBAaron Klein (Jan 26)
- Re: List of all admin accounts in phpBBPaul Laudanski (Jan 29)
- Re: List of all admin accounts in phpBBAaron Klein (Jan 26)
- MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- DMA[2005-0125a] - 'berlios gpsd format string vulnerability'KF (Lists) (Jan 26)
- MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause ReloadCisco Systems Product Security Incident Response Team (Jan 26)
- Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes ReloadCisco Systems Product Security Incident Response Team (Jan 26)
- Cisco Security Advisory: Crafted Packet Causes Reload on Cisco RoutersCisco Systems Product Security Incident Response Team (Jan 26)
- UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijackingplease_reply_to_security (Jan 26)
- [SECURITY] [DSA 660-1] New kdebase packages fix authentication bypassMartin Schulze (Jan 26)
- iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow VulnerabilityiDefense Customer Service (Jan 26)
- Black Hat new content on-line & Registration now open for Asia and Europe.Jeff Moss (Jan 26)
- [SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilitiesMartin Schulze (Jan 26)
- MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerabilityMandrake Linux Security Team (Jan 26)
- Multiple Vulnerabilities in Pocket IEkers0r (Jan 26)
- [CLA-2005:923] Conectiva Security Announcement - squidConectiva Updates (Jan 26)
- HKLM lockingVladimir Kraljevic (Jan 27)
- NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device NameNSFOCUS Security Team (Jan 27)
- Ingate Firewall: Removed PPTP tunnels not deactivatedPer Cederqvist (Jan 27)
- DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'KF (Lists) (Jan 27)
- NOVL-2005-10096251 GroupWise WebAccess Error modules loading(report)Ed Reed (Jan 27)
- [Contact] Motorola broadband appliance team?William A. Rowe, Jr. (Jan 27)
- [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilitieschewkeong (Jan 27)
- UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIESNash Leon (Jan 27)
- Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIESpokley (Jan 28)
- [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilitiesThierry Carrez (Jan 27)
- [ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflowThierry Carrez (Jan 27)
- [SECURITY] [DSA 661-1] New f2c packages fix insecure temporary filesMartin Schulze (Jan 27)
- MDKSA-2005:024 - Updated evolution packages fix vulnerabilityMandrakelinux Security Team (Jan 27)
- WarFTPD 1.82 RC9 DoSMC.Iglo (Jan 27)
- Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2David Alonso Pérez (Jan 28)
- [ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilitiesSune Kloppenborg Jeppesen (Jan 28)
- WebWasher Classic - HTTP CONNECT weaknessOliver Karow (Jan 28)
- [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)OpenPKG (Jan 28)
- Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holesShineShadow (Jan 28)
- Winamp Exploit (POC) 5.08 Stack OverflowRojodos (Jan 28)
- <Possible follow-ups>
- Re: Winamp Exploit (POC) 5.08 Stack OverflowBlack Dot (Jan 31)
- [ GLSA 200501-40 ] ngIRCd: Buffer overflowThierry Carrez (Jan 28)
- SquirrelMail Security AdvisoryJonathan Angliss (Jan 29)
- XSS in Infinite Mobile Delivery v2.6 Webmailsteven (Jan 29)
- [ GLSA 200501-42 ] VDR: Arbitrary file overwriting issueThierry Carrez (Jan 31)
- [ GLSA 200501-43 ] f2c: Insecure temporary file creationThierry Carrez (Jan 31)
- [ GLSA 200501-44 ] ncpfs: Multiple vulnerabilitiesThierry Carrez (Jan 31)
- WASC-Articles: "The 80/20 Rule for Web Application Security"robert (Jan 31)
- Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS)Boren, Rich (SSRT) (Jan 31)
- [ GLSA 200501-41 ] TikiWiki: Arbitrary command executionSune Kloppenborg Jeppesen (Jan 31)
- drone armies C&C report - Jan/2005Gadi Evron (Jan 31)
- Broadcast crash in Xpand Rally 1.0.0.0Luigi Auriemma (Jan 31)
- [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerabilityLuke Macken (Jan 31)
- Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerabilityPaul Laudanski (Jan 31)
- [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 FinalPedram hayati (Jan 31)
- Zyxel / Netgear and probably other routers leaking information.Jens Kalvik (Jan 31)
- New Whitepaper available on security best practicesGunter Ollmann (Jan 31)
- MDKSA-2005:025 - Updated clamav packages fix vulnerabilityMandrakelinux Security Team (Jan 31)
- [ GLSA 200501-46 ] ClamAV: Multiple issuesSune Kloppenborg Jeppesen (Jan 31)