Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
383 messagesstarting Jan 01 05 andending Jan 31 05
Date index |Thread index |Author index
Saturday, 01 January
Jacks FormMail.php remote file access vulnerabilityHack Hawk
Windows Media files allow opening any url in Internet ExplorerBerend-Jan Wever
Windows LoadImage API Heapoverflow exploitBerend-Jan Wever
7a69Adv#17 - Internet Explorer FTP download path disclosureAlbert Puigsech Galicia
Various Vulnerabilities in OWL Intranet EngineJoxean Koret
Cross Site Scripting Vulnerabilities and Possible Code Executionin SugarCRMJoxean Koret
Two Vulnerabilities in ViewCVSJoxean Koret
Monday, 03 January
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary filesMartin Schulze
Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parserPeter Kruse
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoardadvisory
Multiple Vulnerabilities in FlatNukePierquinto Manco
Multiple Firewall Products Bypass VulnerabilityFerruh Mavituna
Tuesday, 04 January
3Com 3CDaemon Multiple VulnerabilitiesSowhat .
Serious Vulnerabilities In PhotoPost ReviewPostGulfTech Security
[SECURITY] [DSA 623-1] New nasm packages fix arbitrary code executionMartin Schulze
Multiple PhotoPost Pro VulnerabilitiesGulfTech Security
[KDE Security Advisory] ftp kioslave command injectionDirk Mueller
MyBB SQL Injectionscottm
Socket termination, format string and XSS in Soldner Secret Wars 30830Luigi Auriemma
QWikiwiki directory traversal vulnerabilityMadelman
Wednesday, 05 January
[SECURITY] [DSA 624-1] New zip packages fix arbitrary code executionMartin Schulze
[ GLSA 200501-04 ] Shoutcast Server: Remote code executionLuke Macken
[CLA-2005:910] Conectiva Security Announcement - mplayerConectiva Updates
[SECURITY] [DSA 625-1] New pcal packages fix arbitrary code executionMartin Schulze
[ GLSA 200501-01 ] LinPopUp: Buffer overflow in message replyThierry Carrez
[ GLSA 200501-02 ] a2ps: Insecure temporary files handlingThierry Carrez
[ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilitiesThierry Carrez
DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability'KF (Lists)
IBM DB2 db2fmp buffer overflow (#NISR05012005A)NGSSoftware Insight Security Research
Paper: SQL Injection Attacks by ExampleSteve Friedl
IBM DB2 libdb2.so buffer overflow (#NISR05012005B)NGSSoftware Insight Security Research
IBM DB2 call buffer overflow (#NISR05012005C)NGSSoftware Insight Security Research
IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)NGSSoftware Insight Security Research
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E)NGSSoftware Insight Security Research
IBM DB2 Windows Permission Problems (#NISR05012005F)NGSSoftware Insight Security Research
IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)NGSSoftware Insight Security Research
RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield
IBM DB2 XML functions overflows (#NISR05012005H)NGSSoftware Insight Security Research
IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)NGSSoftware Insight Security Research
RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V
Re: Paper: SQL Injection Attacks by ExampleChip Andrews
RE: Paper: SQL Injection Attacks by ExampleMichael Silk
Re: Paper: SQL Injection Attacks by ExampleCory Foy
RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield
[ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srvSune Kloppenborg Jeppesen
[ GLSA 200501-06 ] tiff: New overflows in image decodingThierry Carrez
RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V
Thursday, 06 January
All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowRafel Ivgi, The-Insider
RE: Paper: SQL Injection Attacks by ExampleSergey Chernyshev
[SECURITY] [DSA 626-1] New tiff packages fix denial of serviceMartin Schulze
[SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerabilityMartin Schulze
[SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code executionMartin Schulze
RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowPolazzo Justin
Socket unreacheable in Amp II engineLuigi Auriemma
[USN-54-1] TIFF library tool vulnerabilityMartin Pitt
[USN-55-1] imlib2 vulnerabilitiesMartin Pitt
[ GLSA 200501-07 ] xine-lib: Multiple overflowsThierry Carrez
[CLA-2005:913] Conectiva Security Announcement - sambaConectiva Updates
MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilitiesMandrake Linux Security Team
re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer OverflowSym Security
MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilitiesMandrake Linux Security Team
MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilitiesMandrake Linux Security Team
MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerabilityMandrake Linux Security Team
[ GLSA 200501-08 ] phpGroupWare: Various vulnerabilitiesLuke Macken
[ GLSA 200501-09 ] xzgv: Multiple overflowsThierry Carrez
[ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerabilityThierry Carrez
WinAc AND WinHKI ZIP File Directory TransversalRafel Ivgi, The-Insider
Santy and SSLOfer Shezaf
Friday, 07 January
grsecurity 2.1.0 release / 5 Linux kernel advisoriesBrad Spengler
grsecurity 2.1.0 release / 5 Linux kernel advisoriesBrad Spengler
Linux kernel sys_uselib local root vulnerabilityPaul Starzetz
Mozilla XBM Image VulnerabilityLuca Ercoli
Simple PHP Blog directory traversal vulnerabilityMadelman
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code executionMartin Schulze
Linux kernel uselib() privilege elevation, correctedPaul Starzetz
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerabilitycustomer service mailbox
Troj/Winser-A malware analysisSteve Friedl
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerabilitycustomer service mailbox
Monday, 10 January
Security Advisory: Woltlab Burning Board Lite formmail.php XSSMartin Heistermann
[ GLSA 200501-12 ] TikiWiki: Arbitrary command executionMatthias Geerdsen
[SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directoryMartin Schulze
SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001)Thomas Biege
[SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code executionMartin Schulze
[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command executionMartin Schulze
SQL Injection Vulnerability in Invision Community Blogdarkhawk matrix
Tuesday, 11 January
[ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included XpdfSune Kloppenborg Jeppesen
[ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilitiesSune Kloppenborg Jeppesen
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised accessMartin Schulze
Multi-vendor AV gateway image inspection bypass vulnerabilityDarren Bounds
UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)Liu Die Yu
The Misuse of RC4 in Microsoft Word and ExcelHongjun Wu
HylaFAX hfaxd unauthorized login vulnerabilityLee Howard
applicable exploit for winxp-sp2-uptodate Internet ExplorerLiu Die Yu
EEYE: Windows ANI File Parsing Buffer OverflowDerek Soeder
VERITAS Backup Exec 8.x/9.x Remote Universal Exploitclass 101
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflowTeam SHATTER (Application Security, Inc.)
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token ValidationTeam SHATTER (Application Security, Inc.)
Portcullis Security Advisory 05-010Paul J Docherty
Firespoofing [Firefox 1.0]mikx
[ GLSA 200501-18 ] KDE FTP KIOslave: Command injectionSune Kloppenborg Jeppesen
Portcullis Security Advisory 05-005Paul J Docherty
Portcullis Security Advisory 05-001Paul J Docherty
Portcullis Security Advisory 05-007Paul J Docherty
Mod_dosevasive symlink and race vulnerabilityLSS Security
Portcullis Security Advisory 05-006Paul J Docherty
Portcullis Security Advisory 05-003Paul J Docherty
[SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creationMartin Schulze
[OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)OpenPKG
Portcullis Security Advisory 05-004Paul J Docherty
Metasploit Framework v2.3H D Moore
Woltlab Burning Book addentry.php SQL InjectionMartin Heistermann
Apache mod_auth_radius remote integer overflowLSS Security
[ GLSA 200501-11 ] Dillo: Format string vulnerabilityThierry Carrez
[USN-58-1] MIT Kerberos server vulnerabilityMartin Pitt
[ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerabilityThierry Carrez
Portcullis Security Advisory 05-009Paul J Docherty
Security Contact for Nokia Mobile phone softwaresrohit
[ GLSA 200501-20 ] o3read: Buffer overflow during file conversionThierry Carrez
IlohaMail Insecure Configuration Fileswang
Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1David Ahmad
Re: Firespoofing [Firefox 1.0]Pavel Kankovsky
Re: DSL- Router Teledat 530 DoSStefan S .
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerabilityDarren Bounds
[ GLSA 200501-22 ] poppassd_pam: Unauthorized password changingThierry Carrez
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerabilityDanny
[NILESA-20050101]: Denial of Service vulnerability due to the mountd bugJonglim Yun
Re: The Misuse of RC4 in Microsoft Word and ExcelBrendan Dolan-Gavitt
[ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included XpdfThierry Carrez
Squirrelmail vacation v0.15 local root exploitLSS Security
[USN-59-1] mailman vulnerabilitiesMartin Pitt
WMV (Windows Media Player) trojan in wildMarc Bejarano
Portcullis Security Advisory 05-008Paul J Docherty
Wednesday, 12 January
Linux kernel i386 SMP page fault handler privilege escalationPaul Starzetz
Arkeia Possible remote root & information leakageMaciej Bogucki
[SECURITY] [DSA 635-1] New exim packages fix arbitrary code executionMartin Schulze
Security Advisory: BiTBOARD xssMartin Heistermann
[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary filesMartin Schulze
[ GLSA 200501-23 ] Exim: Two buffer overflowsMatthias Geerdsen
Is DEP easily evadable?John Richard Moser
Windows ANI File Parsing Proof Of Concept (MS05-002)assaf404
[waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNukeJanek Vind
Thursday, 13 January
[SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilitiesMartin Schulze
[CLA-2005:915] Conectiva Security Announcement - php4Conectiva Updates
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code executionMartin Schulze
[CLA-2005:916] Conectiva Security Announcement - etherealConectiva Updates
XSS Vulnerability in ForumKITtom cruise
Re: Is DEP easily evadable?Florian Weimer
[CLA-2005:917] Conectiva Security Announcement - krb5Conectiva Updates
Cross Site Scripting holes found in Horde 3.0Hyperdose Security
TSLSA-2005-0001 - multiTrustix Security Advisor
IE issue with percent 20RSnake
InternetExploiter 3.2Berend-Jan Wever
UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilitiesThierry Carrez
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attackCIRT Advisory
MDKSA-2005:006 - Updated hylafax packages fix vulnerabilityMandrake Linux Security Team
Re: Is DEP easily evadable?John Richard Moser
Re: Is DEP easily evadable?Ben Pfaff
SB2005002: pron to bypass APF checking uid(0) routinex90c
MDKSA-2005:007 - Updated imlib packages fix vulnerabilityMandrake Linux Security Team
STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilitiesadvisory
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attackHammud_Saway
iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerabilitycustomer service mailbox
Server crash in Breed patch #1Luigi Auriemma
Friday, 14 January
iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerabilitycustomer service mailbox
iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerabilitycustomer service mailbox
XSS Vulnerability in Siteman v1.1.9Pedram hayati
Internet Explorer valid JavaScript-file successfull load detection local file enumerationBerend-Jan Wever
[CLA-2005:918] Conectiva Security Announcement - twikiConectiva Updates
Re: Is DEP easily evadable?John Richard Moser
Paper: How to exploit overflow vulnerability under Fedora Core 2vangelis vangelis
Re: Is DEP easily evadable?Ben Pfaff
MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerabilityMandrake Linux Security Team
new tool : the first remote PHP vulnerability scannerbad boy
Re: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attackshadown
Re: Multiple Firewall Products Bypass VulnerabilityAnsgar -59cobalt- Wiechers
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilitiesMartin Schulze
iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerabilitycustomer service mailbox
Saturday, 15 January
Re: rssh and scponly arbitrary command executionDerek Martin
iDefense iTunes advisory.nemo
[USN-60-0] Linux kernel vulnerabilitiesMartin Pitt
Various Vulnerabilities in SparkleBlogKovács László
XSS in the nested BB tag in many forumpigrelax
Apple Airport WDS DoSDylan Griffiths
RE: Various Vulnerabilities in SparkleBlogAlan W. Rateliff, II
exim dns_buld_reverse() proof-of-conceptRafael San Miguel Carrasco
Monday, 17 January
[ GLSA 200501-25 ] Squid: Multiple vulnerabilitiesSune Kloppenborg Jeppesen
[SECURITY] [DSA 640-1] New gatos packages fix arbitrary code executionMartin Schulze
[OpenPKG-SA-2005.002] OpenPKG Security Advisory (sudo)OpenPKG
[OpenPKG-SA-2005.003] OpenPKG Security Advisory (a2ps)OpenPKG
[SECURITY] [DSA 641-1] New playmidi packages fix local root exploitMartin Schulze
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilitiesMartin Schulze
SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002)Ludwig Nussel
Tuesday, 18 January
[SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerabilitychewkeong
Minis directory traversal vulnerabilityMadelman
Multiple Vulnerabilities in Netgear FVS318 RouterPaul Kurczaba
phpGiftReq SQL InjectionMadelman
MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilitiesMandrake Linux Security Team
Wednesday, 19 January
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9iNGSSoftware Insight Security Research
[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code executionMartin Schulze
[SECURITY] [DSA 643-1] New queue packages fix buffer overflowsMartin Schulze
IE HHCTRL exploit still usable even after patchValentin Avram
iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerabilitycustomer service mailbox
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison.please_reply_to_security
Novell GroupWise WebAccess error modules loadingMarc Ruef
[USN-62-1] imagemagick vulnerabilityMartin Pitt
Netegrity SiteMinder smpwservicescgi.exe target specificationMarc Ruef
[USN-63-1] MySQL client vulnerabilityMartin Pitt
Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locationsRafel Ivgi, The-Insider
[USN-61-1] vim vulnerabilitiesMartin Pitt
Unrestricted I/O access vulnerability in INCA GameguardRyu Connor
Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting VulnerabilityRafel Ivgi, The-Insider
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflowcustomer service mailbox
PeteFinnigan.com - Oracle security advisoryPete Finnigan
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locationsBerend-Jan Wever
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locationsMarkus Kern
Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing SolutionsCisco Systems Product Security Incident Response Team
RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)NGSSoftware Insight Security Research
MSN Heartbeat Control Buffer OverflowNGSSoftware Insight Security Research
RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)NGSSoftware Insight Security Research
Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)NGSSoftware Insight Security Research
Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)NGSSoftware Insight Security Research
Darwin Kernel Vulnerabilitynemo
RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e)NGSSoftware Insight Security Research
iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service VulnerabilitiesMichael Sutton
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code executionMartin Schulze
Thursday, 20 January
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locationsMarkus Kern
[SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code executionMartin Schulze
[SECURITY] [DSA 647-1] New mysql packages fix insecure temporary filesMartin Schulze
Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After PatchValentin Avram
fkey[v0.0.2]: local/remote file accessibility exploit.Vade 79
[SECURITY] [DSA 651-1] New squid packages fix denial of serviceMartin Schulze
[USN-64-1] xpdf, CUPS vulnerabilitiesMartin Pitt
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command executionMartin Schulze
[USN-66-1] PHP vulnerabilitiesMartin Pitt
[CLA-2005:920] Conectiva Security Announcement - libtiff3Conectiva Updates
[USN-67-1] Squid vulnerabilitiesMartin Pitt
Multiple vulnerabilities in KonversationWouter Coekaerts
MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilitiesMandrake Linux Security Team
Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle ApplicationsIntegrigy Security
Re: Darwin Kernel Vulnerabilityneil
MDKSA-2005:009 - Updated mpg123 packages fix vulnerabilityMandrake Linux Security Team
MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerabilityMandrake Linux Security Team
STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerabilityadvisory
STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerabilityadvisory
[SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypassMartin Schulze
God Admin Injection Vulnerability in Siteman 1.0.xPedram hayati
OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cacheplease_reply_to_security
[ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflowSune Kloppenborg Jeppesen
[USN-65-1] Apache utility script vulnerabilityMartin Pitt
Friday, 21 January
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilitiesMartin Schulze
UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilitiesplease_reply_to_security
iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure VulnerabilityiDefense Customer Service
[ GLSA 200501-27 ] Ethereal: Multiple vulnerabilitiesLuke Macken
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003)Marcus Meissner
Various Buffer Overflows in Oracle 10g ToolsJoxean Koret
bug report comersus Back Office Lite 6.0 and 6.0.1raf somers
Saturday, 22 January
Mac OS X 10.3 iSync Privilege EscalationBraden Thomas
(MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems)houseofdabus HOD
Re: Advanced GuestbookStewart Souter
PHRACK #63 CALL FOR PAPERSrm
Call for DEFCON Capture the Flag Organizers.The Dark Tangent
Re: Various Buffer Overflows in Oracle 10g ToolsDavid Litchfield
[ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerabilityLuke Macken
Arbitrary files overwriting through skins in DivX Player 2.6Luigi Auriemma
Microsoft NetDDE Service Unauthenticated Remote Buffer OverflowNGSSoftware Insight Security Research
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflowMartin Schulze
KDE Security Advisory: KOffice PDF Import Filter VulnerabilityWaldo Bastian
ASH Hashing Algorithmseasonedpaper
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilitiesMartin Schulze
Security Contact within RIM / BlackberryMark Litchfield
KDE Security Advisory: Multiple vulnerabilities in KonversationWaldo Bastian
[ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2Thierry Carrez
[ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf codeThierry Carrez
Siteman User Database Line Insertion Vulnerabilityshoalie sefid
Internet Explorer URL obfuscation.Stewart, Graeme
RealVNC ContactDSGM
Re: Novell GroupWise WebAccess error modules loadingJonathan Rockway
Netscape Overflow.Carlos Ulver
Monday, 24 January
[KDE Security Advisory] kpdf Buffer Overflow VulnerabilityDirk Mueller
[ GLSA 200501-33 ] MySQL: Insecure temporary file creationLuke Macken
[ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf codeSune Kloppenborg Jeppesen
Re: Internet Explorer URL obfuscation.Berend-Jan Wever
SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004)Marcus Meissner
SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow3APA3A
Local buffer-overflow in W32Dasm 8.93Luigi Auriemma
Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password EncryptionPaul J Docherty
MDKSA-2005:012 - Updated zhcon packages fix vulnerabilityMandrake Linux Security Team
Multiple vulnerabilities in MercuryBoard 1.1.1Alberto Trivero
English-language version of K-OTik.COM launched today !K-OTiK Security
iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow VulnerabilityiDefense Customer Service
[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helperLuke Macken
MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilitiesMandrake Linux Security Team
Tuesday, 25 January
[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code executionMartin Schulze
logwatch and logrotate might create a blind spot in reportingSami Pitko
[SECURITY] [DSA 656-1] New vdr packages fix insecure file accessMartin Schulze
[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file accessMartin Schulze
Vulnerabilities in eXponent 0.95Ahmad Muammar
MDKSA-2005:015 - Updated mailman packages fix vulnerabilitiesMandrake Linux Security Team
MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilitiesMandrake Linux Security Team
Re: ADVISORY: security hole (http response splitting) in snitz forums 2000Harold Lines
[USN-68-1] enscript vulnerabilitiesMartin Pitt
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowMichael Hampton
[CLA-2005:921] Conectiva Security Announcement - xpdfConectiva Updates
[USN-69-1] Evolution vulnerabilityMartin Pitt
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilitiesThierry Carrez
Re: "Local" and "Remote" considered insufficientFrank Knobbe
[USN-70-1] Perl DBI module vulnerabilityMartin Pitt
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary fileMartin Schulze
phpEventCalendar HTML injectionMadelman
[ GLSA 200501-36 ] AWStats: Remote code executionLuke Macken
wifi AP + broadcoast pingMiroslav Kubik
Wednesday, 26 January
OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevationplease_reply_to_security
OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictionsplease_reply_to_security
MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilitiesMandrake Linux Security Team
List of all admin accounts in phpBBPredrag Damnjanovic
MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerabilityMandrake Linux Security Team
DMA[2005-0125a] - 'berlios gpsd format string vulnerability'KF (Lists)
MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team
Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause ReloadCisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes ReloadCisco Systems Product Security Incident Response Team
Cisco Security Advisory: Crafted Packet Causes Reload on Cisco RoutersCisco Systems Product Security Incident Response Team
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijackingplease_reply_to_security
[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypassMartin Schulze
Re: [ GLSA 200501-36 ] AWStats: Remote code executionDelian Krustev
iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow VulnerabilityiDefense Customer Service
Black Hat new content on-line & Registration now open for Asia and Europe.Jeff Moss
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilitiesMartin Schulze
MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerabilityMandrake Linux Security Team
MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerabilityMandrake Linux Security Team
MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerabilityMandrake Linux Security Team
MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerabilityMandrake Linux Security Team
Multiple Vulnerabilities in Pocket IEkers0r
Re: List of all admin accounts in phpBBAaron Klein
[CLA-2005:923] Conectiva Security Announcement - squidConectiva Updates
Re: logwatch and logrotate might create a blind spot in reportingThe Tibetan Traveller
Thursday, 27 January
HKLM lockingVladimir Kraljevic
NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device NameNSFOCUS Security Team
Ingate Firewall: Removed PPTP tunnels not deactivatedPer Cederqvist
DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'KF (Lists)
NOVL-2005-10096251 GroupWise WebAccess Error modules loading(report)Ed Reed
[Contact] Motorola broadband appliance team?William A. Rowe, Jr.
[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilitieschewkeong
UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIESNash Leon
[ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilitiesThierry Carrez
[ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflowThierry Carrez
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary filesMartin Schulze
MDKSA-2005:024 - Updated evolution packages fix vulnerabilityMandrakelinux Security Team
WarFTPD 1.82 RC9 DoSMC.Iglo
Friday, 28 January
Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2David Alonso Pérez
[ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilitiesSune Kloppenborg Jeppesen
WebWasher Classic - HTTP CONNECT weaknessOliver Karow
[OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)OpenPKG
Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIESpokley
Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holesShineShadow
Winamp Exploit (POC) 5.08 Stack OverflowRojodos
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowDavid LeBlanc
Re: Unrestricted I/O access vulnerability in INCA GameguardDavid Roberts
[ GLSA 200501-40 ] ngIRCd: Buffer overflowThierry Carrez
Saturday, 29 January
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowDamien Miller
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowDavid LeBlanc
SquirrelMail Security AdvisoryJonathan Angliss
Re: List of all admin accounts in phpBBPaul Laudanski
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowLee Dilkie
XSS in Infinite Mobile Delivery v2.6 Webmailsteven
Monday, 31 January
[ GLSA 200501-42 ] VDR: Arbitrary file overwriting issueThierry Carrez
[ GLSA 200501-43 ] f2c: Insecure temporary file creationThierry Carrez
[ GLSA 200501-44 ] ncpfs: Multiple vulnerabilitiesThierry Carrez
WASC-Articles: "The 80/20 Rule for Web Application Security"robert
Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS)Boren, Rich (SSRT)
[ GLSA 200501-41 ] TikiWiki: Arbitrary command executionSune Kloppenborg Jeppesen
drone armies C&C report - Jan/2005Gadi Evron
Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow3APA3A
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflowCasper . Dik
Broadcast crash in Xpand Rally 1.0.0.0Luigi Auriemma
[ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerabilityLuke Macken
Re: Winamp Exploit (POC) 5.08 Stack OverflowBlack Dot
Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerabilitydila
[PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 FinalPedram hayati
Zyxel / Netgear and probably other routers leaking information.Jens Kalvik
New Whitepaper available on security best practicesGunter Ollmann
Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerabilityPaul Laudanski
MDKSA-2005:025 - Updated clamav packages fix vulnerabilityMandrakelinux Security Team
[ GLSA 200501-46 ] ClamAV: Multiple issuesSune Kloppenborg Jeppesen