
Bugtraq: by thread
366 messagesstarting Sep 01 05 andending Sep 30 05
Date index |Thread index |Author index
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x]secure (Sep 01)
- <Possible follow-ups>
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x]Steven M. Christey (Sep 02)
- [USN-173-4] PCRE vulnerabilitiesMartin Pitt (Sep 01)
- RE: Vulnerability in Symantec Anti Virus Corporate Edition v9.xJames C Slora Jr (Sep 01)
- <Possible follow-ups>
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.xColin (Sep 01)
- SimplePHPBlog Arbitrary File Deletion and Sample Exploit'ken'@FTU (Sep 01)
- Adobe Version Cue exploits.v9 (Sep 01)
- [ GLSA 200509-01 ] MPlayer: Heap overflow in ad_pcm.cThierry Carrez (Sep 01)
- UMN gopher[v3.0.9+] multiple(2) client buffer overflows.v9 (Sep 01)
- RE: Ariba password exposure vulnerabilityCraig Kennedy (Sep 01)
- [SecuriWeb.2005.1] - Barracuda SPAM firewall advisoryFrancois Harvey (Sep 01)
- Re: secure client-side platformliudieyu (Sep 01)
- Re: secure client-side platformKeith Oxenrider (Sep 01)
- Re: secure client-side platformdevnull (Sep 01)
- <Possible follow-ups>
- RE: Re: secure client-side platformMark Senior (Sep 01)
- File aribitary read access in froxun4m31 (Sep 01)
- [SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scriptingMartin Schulze (Sep 01)
- silc server and toolkit insecure temporary file creationEric Romang / ZATAZ.com (Sep 01)
- re: Ariba Spend Management Systemgerald626 (Sep 01)
- [SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilitiesMartin Schulze (Sep 01)
- [security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote AccessBoren, Rich (HP SSRT) (Sep 01)
- SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050)Marcus Meissner (Sep 01)
- iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal VulnerabilityiDEFENSE Labs (Sep 01)
- iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap OverflowiDEFENSE Labs (Sep 01)
- [SECURITY] [DSA 794-1] New polygen packages fix denial of serviceMartin Schulze (Sep 01)
- CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection VulnerabilityMariano Nuñez Di Croce (Sep 01)
- [SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code executionMartin Schulze (Sep 02)
- [SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilitiesMartin Schulze (Sep 02)
- [SECURITY] [DSA 799-1] New webcalendar packages fix remote code executionMichael Stone (Sep 02)
- CodePimps e-zine #0x07 was releasedcodepimps (Sep 02)
- FileZilla weakly-encrypted password vulnerability: advisory + PoC[#*at*#] (Sep 03)
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoCNick Boyce (Sep 06)
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoCNicholas Knight (Sep 06)
- <Possible follow-ups>
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoCmedhead (Sep 06)
- RE: FileZilla weakly-encrypted password vulnerability: advisory + PoCMacIntyre, Lawrence Paul (Sep 07)
- RE: FileZilla weakly-encrypted password vulnerability: advisory + PoCMark Senior (Sep 07)
- MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosureretrogod (Sep 06)
- [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple VulnerabilitiesJohn Cobb (Sep 06)
- <Possible follow-ups>
- Re: [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities[at] (Sep 07)
- I have discovered small xss error in open webmail 2.41s3cure (Sep 06)
- IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAVinge . henriksen (Sep 06)
- <Possible follow-ups>
- Re: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAVinge . henriksen (Sep 30)
- [KDE Security Advisory] kcheckpass local root vulnerabilityDirk Mueller (Sep 06)
- Microsoft Windows keybd_event validation vulnerabilityFrederic Charpentier (Sep 06)
- Re: [Full-disclosure] Microsoft Windows keybd_event validationvulnerabilityJerome Athias (Sep 06)
- Re: Microsoft Windows keybd_event validation vulnerabilityAnsgar -59cobalt- Wiechers (Sep 07)
- <Possible follow-ups>
- Re: Microsoft Windows keybd_event validation vulnerabilitygalacticjello (Sep 07)
- [OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd)OpenPKG (Sep 06)
- [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE libraryThierry Carrez (Sep 06)
- [OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl)OpenPKG (Sep 06)
- [ GLSA 200509-04 ] phpLDAPadmin: Authentication bypassThierry Carrez (Sep 06)
- SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051)Marcus Meissner (Sep 06)
- [USN-145-2] wget bug fixMartin Pitt (Sep 06)
- [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilitiesStefan Cornelius (Sep 06)
- Re: CMS Made Simple <= 0.10 - PHP injectiongaraged (Sep 06)
- Multiple vulnerabilities in FreeBSD 'urban'Shaun Colley (Sep 06)
- [ GLSA 200509-05 ] Net-SNMP: Insecure RPATHThierry Carrez (Sep 06)
- Land Down Under 'events.php' Cross Site Scripting Vulnerabilityconor . e . buckley (Sep 06)
- PHP-Nukebhfh (Sep 06)
- UNB 1.5.3 cross site scriptingretrogod (Sep 06)
- Re: FileZilla weakly-encrypted password vulnerabilityLuigi Auriemma (Sep 06)
- [NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability4Degrees (Sep 06)
- [SECURITY] [DSA 801-1] New ntp packages fix group id confusionMartin Schulze (Sep 06)
- phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scriptingretrogod (Sep 06)
- Revised paper on "ICMP attacks against TCP"Fernando Gont (Sep 06)
- [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh)OpenPKG (Sep 06)
- [OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre)OpenPKG (Sep 06)
- USB Lock Auto-Protect v1.5 - Local Password Encryption Weaknessunsecure (Sep 06)
- [security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Accesssecurity-alert (Sep 06)
- Update: Realchat user impersonation - BSA 200506110001Andreas Beck (Sep 06)
- [SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerabilityMichael Stone (Sep 06)
- Secunia Research: SqWebMail Conditional Comments Script InsertionVulnerabilitySecunia Research (Sep 06)
- (Annex A) ADSL Road Runner Exploit Description & Theorygp32boy (Sep 06)
- Vulnerability in myBloggie 2.1.3-beta and prioros2a . bto (Sep 06)
- [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilitiesSune Kloppenborg Jeppesen (Sep 07)
- FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbugFreeBSD Security Advisories (Sep 07)
- Vulnerability In SecureOL VE2 v1.05.1008maxim (Sep 07)
- SQL Injection[2] In MyBB PR2stranger-killer (Sep 07)
- [SECURITY] [DSA 802-1] New cvs packages fix insecure temporary filesMartin Schulze (Sep 07)
- MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerabilityMandriva Security Team (Sep 07)
- MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerabilityMandriva Security Team (Sep 07)
- PBLang 4.65 (possibly prior versions) remote code executionretrogod (Sep 07)
- WebArchiveX - Unsafe Methods VulnerabilityBrett Moore (Sep 07)
- MDKSA-2005:158 - Updated mplayer packages fix vulnerabilitiesMandriva Security Team (Sep 07)
- MDKSA-2005:157 - Updated smb4k packages fix vulnerabilitiesMandriva Security Team (Sep 07)
- [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilitiesr . verton (Sep 07)
- MDKSA-2005:156 - Updated ntp packages fix small security-related issue.Mandriva Security Team (Sep 07)
- Rule bypassing in CheckPoint NGX R60fitz (Sep 07)
- [ Suresec Advisories ] - Kcheckpass file creation vulnerabilitySuresec Advisories (Sep 07)
- USN-160-2: Apache vulnerabilityMartin Pitt (Sep 07)
- [USN-177-1] Apache 2 vulnerabilitiesMartin Pitt (Sep 07)
- [USN-176-1] kcheckpass vulnerabilityMartin Pitt (Sep 07)
- Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer OverflowCisco Systems Product Security Incident Response Team (Sep 07)
- anti Windows XP SP2 firewall trickcrusoe (Sep 07)
- Re: anti Windows XP SP2 firewall trickAnsgar -59cobalt- Wiechers (Sep 13)
- [SECURITY] [DSA 803-1] New Apache packages fix HTTP request smugglingMartin Schulze (Sep 08)
- [SECURITY] [DSA 804-1] New kdelibs packages fix backup file information leakMartin Schulze (Sep 08)
- Secunia Research: ALZip ACE Archive Handling Buffer OverflowSecunia Research (Sep 08)
- Secunia Research: NOD32 Anti-Virus ARJ Archive Handling BufferOverflowSecunia Research (Sep 08)
- [SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilitiesMartin Schulze (Sep 08)
- MDKSA-2005:161 - Updated apache2 packages to address multiple vulnerabilitiesMandriva Security Team (Sep 08)
- [SECURITY] [DSA 806-1] New cvs packages fix insecure temporary filesMartin Schulze (Sep 09)
- TSLSA-2005-0047 - multiTrustix Security Advisor (Sep 09)
- iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String VulnerabilityiDEFENSE Labs (Sep 09)
- KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow IssuefRoGGz (Sep 09)
- <Possible follow-ups>
- KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow IssuefRoGGz (Sep 09)
- Cj Desing Three Aplications One Bugpsymera (Sep 09)
- Zebedee DoS VulnerabilityShiraishi.M (Sep 09)
- class-1 Forum Software v 0.24.4 Remote code executionretrogod (Sep 09)
- [USN-178-1] Linux kernel vulnerabilitiesMartin Pitt (Sep 09)
- (TOOL) TAPiON (Polymorphic Decryptor Generator) EnginePiotr Bania (Sep 09)
- Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) EngineAlejandro Barrera (Sep 12)
- [USN-179-1] openssl weak default configurationMartin Pitt (Sep 09)
- FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug [REVISED]FreeBSD Security Advisories (Sep 09)
- [SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypassMartin Schulze (Sep 12)
- Sawmill XSS vulnMark Terry (Sep 12)
- Security Flaw in pam_per_user ModuleMark D. Roth (Sep 12)
- SUSE Security Announcement: apache2 (SUSE-SA:2005:051)Thomas Biege (Sep 12)
- PHP Nuke <= 7.8 Multiple SQL Injectionsr . verton (Sep 12)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsPaul Laudanski (Sep 15)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsMatthias Jim Knopf (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsPaul Laudanski (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsDaniel Bonekeeper (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsPaul Laudanski (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL Injectionshans (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsMatthias Jim Knopf (Sep 16)
- <Possible follow-ups>
- Re: PHP Nuke <= 7.8 Multiple SQL Injectionsevaders99 (Sep 15)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsPaul Laudanski (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL InjectionsPaul Laudanski (Sep 15)
- [SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request ForgeryMartin Schulze (Sep 12)
- Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) EnginePiotr Bania (Sep 12)
- Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) EngineAlejandro Barrera (Sep 12)
- [OpenPKG-SA-2005.021] OpenPKG Security Advisory (squid)OpenPKG (Sep 12)
- util-linux: unintentional grant of privileges by umountDavid Watson (Sep 12)
- [ GLSA 200509-08 ] Python: Heap overflow in the included PCRE libraryThierry Carrez (Sep 12)
- [ GLSA 200509-07 ] X.Org: Heap overflow in pixmap allocationThierry Carrez (Sep 12)
- [USN-83-2] LessTif 1 vulnerabilitiesMartin Pitt (Sep 12)
- [USN-181-1] Mozilla products vulnerabilityMartin Pitt (Sep 12)
- [SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilitiesMartin Schulze (Sep 13)
- AzDGDatingLite V 2.1.3 remote code executionretrogod (Sep 13)
- Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerabilityh4cky0u (Sep 13)
- <Possible follow-ups>
- Re: Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerabilityplease_use_support_form (Sep 21)
- [SECURITY] [DSA 809-1] New squid packages fix several vulnerabilitiesMartin Schulze (Sep 13)
- MDKSA-2005:162 - Updated squid packages fix vulnerabilitiesMandriva Security Team (Sep 13)
- MDKSA-2005:163 - Updated MySQL packages fix vulnerabilityMandriva Security Team (Sep 13)
- Serious Security issue with broken - Microsoft's .Net XML Serialization APIRohit (Sep 13)
- Re: Serious Security issue with broken - Microsoft's .Net XML Serialization APIRohit (Sep 13)
- <Possible follow-ups>
- Re: Re: Serious Security issue with broken - Microsoft's .Net XML Serialization APIdarkangel . stt (Sep 15)
- iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration Fixed Encryption Key VulnerabilityiDEFENSE Labs (Sep 13)
- iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error VulnerabilityiDEFENSE Labs (Sep 13)
- iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Management Interface DoS VulnerabilityiDEFENSE Labs (Sep 13)
- iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error VulnerabilityiDEFENSE Labs (Sep 13)
- iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow VulnerabilityiDEFENSE Labs (Sep 13)
- Re: [Snort-users] Snort DoS FallaciesMartin Roesch (Sep 13)
- Mozilla / Mozilla Firefox authentication weakness3APA3A (Sep 14)
- Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weaknessDaniel Veditz (Sep 15)
- Secunia Research: AVIRA Antivirus ACE Archive Handling BufferOverflowSecunia Research (Sep 14)
- ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code executionretrogod (Sep 14)
- [SECURITY] [DSA 814-1] New lm-sensors packages fix insecure temporary fileMartin Schulze (Sep 15)
- Secunia Research: Ahnlab V3 Antivirus Multiple VulnerabilitiesSecunia Research (Sep 15)
- Digital Scribe v1.4 Login Bypass / SQL injection / remote code executionretrogod (Sep 15)
- [SECURITY] [DSA 813-1] New centericq packages fix several vulnerabilitiesMartin Schulze (Sep 15)
- [SECURITY] [DSA 812-1] New turqstat packages fix buffer overflowMartin Schulze (Sep 15)
- Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerabilitycontact (Sep 15)
- Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerabilitycontact (Sep 15)
- DriverStudio Remote Control Authentication Bypass Vulnerabilitycocoruder (Sep 15)
- Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerabilitycontact (Sep 15)
- TWiki Remote Command Execution VulnerabilitySap . (Sep 15)
- SQL injection & XSS in phpoutsourcing Noah's classifiedsalireza hassani (Sep 15)
- Avocent CCM: Port Access Control Bypass Vulnerabilityspam (Sep 15)
- Character Manipulation in Online Systems.hackology (Sep 15)
- gtkdiskfree insecure temporary file creationZATAZ Audits (Sep 15)
- Is netcraft publishing URL of your intranet sites?Saqib Ali (Sep 15)
- Remote File Inclusion in MyGuestbookrod hedor (Sep 15)
- Re: Remote File Inclusion in MyGuestbooksecurity curmudgeon (Sep 23)
- Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weaknessJuha-Matti Laurio (Sep 15)
- 404 error XSSJosh Zlatin-Amishav (Sep 15)
- CastleCops ramps up fight against CoolWebSearch/HomeSearchPaul Laudanski (Sep 15)
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearchTimes Enemy (Sep 16)
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearchPaul Laudanski (Sep 16)
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearchTimes Enemy (Sep 16)
- Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerabilityalexsrb (Sep 15)
- Oracle Reports: Generic SQL Injection Vulnerability via Lexical Referencesak (Sep 15)
- Re: AWstats Path Disclosure VulnerabilityFournaux (Sep 15)
- Re: AWstats Path Disclosure Vulnerabilitycwh01 (Sep 15)
- Re: AWstats Path Disclosure VulnerabilityMartin Pitt (Sep 15)
- RE: [Snort-devel] Re: [Snort-users] Snort DoS FallaciesSteven Sturges (Sep 15)
- <Possible follow-ups>
- RE: [Snort-devel] Re: [Snort-users] Snort DoS FallaciesFerguson, Justin (IARC) (Sep 15)
- Anti Arp Poisoning Daemon (OpenAAPD) PS: Link correctedAndrea Di Pasquale (Sep 15)
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFoxPeter Kruse (Sep 15)
- <Possible follow-ups>
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFoxJuha-Matti Laurio (Sep 16)
- [SECURITY] [DSA 811-1] New common-lisp-controller packages fix arbitrary code injectionMartin Schulze (Sep 15)
- MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerabilityMandriva Security Team (Sep 15)
- XSS Vulnerability in MIVA Merchant 5 - Includes Fixadmin (Sep 15)
- Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosurecontact (Sep 15)
- PTL Advisory 050825 - HP LaserJet Network Username and Information EnumerationPinion Lab (Sep 15)
- [FLSA-2005:160202] Updated mozilla packages fix security issuesMarc Deslauriers (Sep 15)
- [FLSA-2005:162680] Updated Zlib packagea fix security issuesMarc Deslauriers (Sep 15)
- [FLSA-2005:163047] Updated squirrelmail package fixes security issuesMarc Deslauriers (Sep 15)
- [FLSA-2005:163274] Updated CUPS packages fix security issueMarc Deslauriers (Sep 16)
- FF IDN buffer overflow workaround works in Netscape tooJuha-Matti Laurio (Sep 16)
- worring about YaST in SuSE 9.3 and maybe lowerinnate (Sep 16)
- Re: worring about YaST in SuSE 9.3 and maybe lowerMarcus Meissner (Sep 16)
- arc insecure temporary file creationZATAZ Audits (Sep 16)
- SUSE Security Announcement: squid (SUSE-SA:2005:053)Thomas Biege (Sep 16)
- ncompress insecure temporary file creationZATAZ Audits (Sep 16)
- SUSE Security Announcement: evolution (SUSE-SA:2005:054)Ludwig Nussel (Sep 16)
- PHP SESSION MODIFICATIONunknow (Sep 16)
- Re: PHP SESSION MODIFICATIONDavid N Murray (Sep 16)
- gwcc insecure temporary file creationZATAZ Audits (Sep 16)
- [SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerabilityMartin Schulze (Sep 16)
- (TOOL) TAPiON ver 0.1cPiotr Bania (Sep 16)
- [FLSA-2005:152919] Updated grip package fixes security issueMarc Deslauriers (Sep 16)
- TSLSA-2005-0049 - multiTrustix Security Advisor (Sep 16)
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFoxJuha-Matti Laurio (Sep 16)
- <Possible follow-ups>
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFoxmilw0rm Inc. (Sep 16)
- Greyhats Security back onlinepvnick (Sep 16)
- CDMA1X Securitypen-test (Sep 16)
- Cisco IOS hacked?ciscoioshehehe (Sep 19)
- Re: [Full-disclosure] Cisco IOS hacked?Andrei Mikhailovsky (Sep 19)
- [ GLSA 200509-10 ] Mailutils: Format string vulnerability in imap4dThierry Carrez (Sep 19)
- CuteNews 1.4.0 remote code executionretrogod (Sep 19)
- <Possible follow-ups>
- CuteNews 1.4.0 remote code executionretrogod (Sep 19)
- [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflowThierry Carrez (Sep 19)
- Antigen 8.0 for Exchange/SMTP Rule VulnerabilityAlan Monaghan (Sep 19)
- ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypassThierry Carrez (Sep 19)
- router worms and International Infrastructure [was: Re: IOS exploit]Gadi Evron (Sep 19)
- <Possible follow-ups>
- RE: router worms and International Infrastructure [was: Re: IOS exploit]martin (Sep 22)
- [ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilitiesThierry Carrez (Sep 19)
- [Full-disclosure] killbits? should have named them kibbles and bitsIll will (Sep 19)
- Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerabilityh4cky0u (Sep 19)
- <Possible follow-ups>
- Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerabilityh4cky0u (Sep 19)
- Web Application Security Analyzer for PHP-Nuke/phpBB CMSPaul Laudanski (Sep 19)
- Dumb QuestionSean Warnock (Sep 19)
- [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9bugtraq (Sep 19)
- Possible memory corruption problems in Apple SafariJonathan Rockway (Sep 19)
- [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python codeThierry Carrez (Sep 19)
- [USN-184-1] umount vulnerabilityMartin Pitt (Sep 19)
- @System Security ConferenceGiorgio Zoppi (Sep 19)
- Whitepaper - Writing small shellcodeDafydd Stuttard (Sep 19)
- [ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilitiesThierry Carrez (Sep 19)
- [security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofingsecurity-alert (Sep 20)
- [security bulletin] SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS)security-alert (Sep 20)
- Debian Security Host Bandwidth SaturationMartin Schulze (Sep 20)
- MDKSA-2005:165 - Updated cups packages fix vulnerabilityMandriva Security Team (Sep 20)
- bacula insecure temporary file creationEric Romang / ZATAZ.com (Sep 20)
- phpBB 2.0.17 remote avatar size bugSmOk3 (Sep 20)
- RE: phpBB 2.0.17 remote avatar size bugSean Sullivan (Sep 20)
- Re: phpBB 2.0.17 remote avatar size bugPeter Kieser (Sep 21)
- Secunia Research: Opera Mail Client Attachment Spoofing and ScriptInsertionSecunia Research (Sep 20)
- Hesk Session ID Validation Vulnerabilityos2a . bto (Sep 20)
- MDKSA-2005:138-1 - Updated cups packages fix vulnerabilityMandriva Security Team (Sep 20)
- [USN-185-1] CUPS vulnerabilityMartin Pitt (Sep 20)
- mercury imap4 remote BOF exploit ( IHSTeam )c0d3r (Sep 20)
- [ GLSA 200509-14 ] Zebedee: Denial of Service vulnerabilityThierry Carrez (Sep 20)
- [ GLSA 200509-15 ] util-linux: umount command validation errorThierry Carrez (Sep 20)
- Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational RiskKenneth F. Belva (Sep 21)
- <Possible follow-ups>
- Re: Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Riskhodejo1 (Sep 21)
- MDKSA-2005:168 - Updated masqmail packages fix vulnerabilitiesMandriva Security Team (Sep 21)
- PocketPC exploitationJose Morales (Sep 21)
- <Possible follow-ups>
- Re: PocketPC exploitationJose Morales (Sep 28)
- AV == parasites? (was: PocketPC exploitation)Michael Shigorin (Sep 29)
- Re: PocketPC exploitationDenis Jedig (Sep 30)
- Re: PocketPC exploitationJoel Maslak (Sep 30)
- MDKSA-2005:166 - Updated clamv packages fix vulnerabilitiesMandriva Security Team (Sep 21)
- MDKSA-2005:167 - Updated util-linux packages fix umount vulnerabilityMandriva Security Team (Sep 21)
- Upcoming Black Hat events announcementJeff Moss (Sep 21)
- [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7bugtraq (Sep 21)
- [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerabilitysnsadv (Sep 21)
- UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code execplease_reply_to_security (Sep 21)
- [security bulletin] SSRT5988 rev.1 - HP Tru64 Unix libXpm Remote Denial of Service (DoS) or Execute Privileged Codesecurity-alert (Sep 21)
- FireFox exploit updatedBerend-Jan Wever (Sep 22)
- Protty v.01A (beta) - shellcode execution protection library for Windows NT based systemsPiotr Bania (Sep 22)
- OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilitiesplease_reply_to_security (Sep 22)
- [SECURITY] [DSA 818-1] New kdeedu packages fix insecure temporary filesMartin Schulze (Sep 22)
- Platinum Secure smartcard security bypassacidemon (Sep 22)
- HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon)Amit Klein (AKsecurity) (Sep 22)
- [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code executionMartin Schulze (Sep 22)
- <Possible follow-ups>
- [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code executionjoey (Sep 24)
- My Little Forum 1.5 / 1.6beta SQL Injectionretrogod (Sep 22)
- <Possible follow-ups>
- My Little Forum 1.5 / 1.6beta SQL Injectionretrogod (Sep 24)
- Hack Dot AE v2SpyHat (Sep 22)
- [security bulletin] SSRT5998 Rev.2 HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSSsecurity-alert (Sep 22)
- [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scriptingMarc Ruef (Sep 22)
- Secunia Research: PowerArchiver ACE/ARJ Archive Handling BufferOverflowSecunia Research (Sep 23)
- Sql injection in jPortal version 2.3.1 (module download)krasza (Sep 23)
- TSLSA-2005-0051 - clamavTrustix Security Advisor (Sep 23)
- [SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code executionMartin Schulze (Sep 23)
- Secunia Research: 7-Zip ARJ Archive Handling Buffer OverflowSecunia Research (Sep 23)
- PhpMyFAQ 1.5.1 multiple vulnerabilitiesretrogod (Sep 23)
- Rita Scams Call to Arms - UpdateGadi Evron (Sep 23)
- AlstraSoft E-Friends Remote Command Exucetionkhc (Sep 24)
- MailGust 1.9 SQL Injectionretrogod (Sep 24)
- "Exploiting the XmlHttpRequest object in IE" - paper by Amit KleinAmit Klein (AKsecurity) (Sep 24)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit KleinYutaka OIWA (Sep 27)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit KleinAmit Klein (AKsecurity) (Sep 28)
- <Possible follow-ups>
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Kleinanonymous (Sep 27)
- RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit KleinSergey V. Gordeychik (Sep 30)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit KleinYutaka OIWA (Sep 27)
- Hijacking Bluetooth Headsets for Fun and Profit?KF (lists) (Sep 24)
- [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authenticationThierry Carrez (Sep 24)
- [SECURITY] [DSA 820-1] New courier packages fix cross-site scriptingMartin Schulze (Sep 24)
- [USN-186-1] Mozilla and Firefox vulnerabilitiesMartin Pitt (Sep 24)
- [ GLSA 200509-16 ] Mantis: XSS and SQL injection vulnerabilitiesThierry Carrez (Sep 24)
- Server crash and motd deletion in MultiTheftAuto 0.5 patch 1Luigi Auriemma (Sep 26)
- FL Studio 5 (.flp file processing) Heap Overflowvarunuppal (Sep 26)
- SUSE Security Announcement: XFree86-server,xorg-x11-server (SUSE-SA:2005:056)Thomas Biege (Sep 26)
- [ GLSA 200509-18 ] Qt: Buffer overflow in the included zlib librarySune Kloppenborg Jeppesen (Sep 26)
- [USN-186-2] Ubuntu 4.10 packages for USN-186-1 Firefox security updateMartin Pitt (Sep 26)
- [USN-187-1] Linux kernel vulnerabilitiesMartin Pitt (Sep 26)
- [ISR] - Novell GroupWise Client Integer OverflowFrancisco Amato (Sep 27)
- Re: [ISR] - Novell GroupWise Client Integer OverflowCrist J. Clark (Sep 27)
- MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilitiesMandriva Security Team (Sep 27)
- Announce: RSBAC v1.2.5 releasedAmon Ott (Sep 27)
- lucidCMS 1.0.11 is susceptible to a cross site scripting attackx1ngbox (Sep 27)
- ElseNot projectlayne (Sep 27)
- SEO borad: SQL injectionghc (Sep 27)
- Nokia 7610, 3210 denial of service in OBEX.A. Ramos (Sep 27)
- FreeBSD GNU Mailutils 0.6 imap4d exploitangelo (Sep 27)
- CMS Made Simple 0.10 is susceptible to a cross site scripting attack.X1ngBox (Sep 27)
- RealPlayer && HelixPlayer Remote Format String Exploitc0ntexb (Sep 27)
- PacSec 05Dragos Ruiu (Sep 27)
- MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilitiesMandriva Security Team (Sep 27)
- [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC librariesThierry Carrez (Sep 27)
- Mantis Bugtracker - Remote Database Scanner and XSS VulnerabilitiesJoxean Guay del Paraguay (Sep 27)
- Is the Bottom Line Impacted by Security Breaches?Kenneth F. Belva (Sep 28)
- [SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code executionMartin Schulze (Sep 28)
- Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPCDebasis Mohanty (Sep 28)
- <Possible follow-ups>
- Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPCwarl0ck (Sep 29)
- Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPCPaul Laudanski (Sep 30)
- PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosureretrogod (Sep 28)
- Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosurePetko Petkov (Sep 29)
- Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosuresecurity curmudgeon (Sep 30)
- Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosurePetko Petkov (Sep 29)
- OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerabilityplease_reply_to_security (Sep 28)
- [SECURITY] [DSA 824-1] New ClamAV packages fix denial of serviceMartin Schulze (Sep 29)
- [SECURITY] [DSA 797-2] Updated zsync i386 packages fix build errorMichael Stone (Sep 29)
- Serendipity: Account Hijacking / CSRF Vulnerabilityenji (Sep 29)
- Re: Serendipity: Account Hijacking / CSRF Vulnerabilitykreon (Sep 30)
- SquirrelMail Address Add Plugin XSSMoritz Naumann (Sep 29)
- [SECURITY] [DSA 823-1] New util-linux packages fix privilege escalationMartin Schulze (Sep 29)
- [SECURITY] [DSA 825-1] New loop-aes-utils packages fix privilege escalationMartin Schulze (Sep 29)
- [SECURITY] [DSA 822-1] New gtkdiskfree packages fix insecure temporary fileMartin Schulze (Sep 29)
- [USN-188-1] AbiWord vulnerabilityMartin Pitt (Sep 29)
- [USN-189-1] cpio vulnerabilitiesMartin Pitt (Sep 29)
- [USN-190-1] SNMP vulnerabilityMartin Pitt (Sep 29)
- [USN-191-1] unzip vulnerabilityMartin Pitt (Sep 29)
- Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code executionretrogod (Sep 29)
- Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC"Zone Labs Security Team (Sep 30)
- [SECURITY] [DSA 832-1] New gopher packages fix several buffer overflowsMartin Schulze (Sep 30)
- apachetop insecure temporary file creationZATAZ Audits (Sep 30)
- [SECURITY] [DSA 830-1] New ntlmaps packages fix information leakMartin Schulze (Sep 30)
- Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1ss_contacts (Sep 30)
- [ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats scriptThierry Carrez (Sep 30)
- [SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilitiesMichael Stone (Sep 30)
- Citrix Metaframe Presentation Server bypassing policiesgustavog (Sep 30)
- TSLSA-2005-0053 - unzipTrustix Security Advisor (Sep 30)
- [SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code executionMartin Schulze (Sep 30)
- [USN-192-1] Squid vulnerabilityMartin Pitt (Sep 30)
- Announce: Bluetooth mailing list - BluetraqAdam Laurie (Sep 30)
- Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100Luigi Auriemma (Sep 30)
- iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String VulnerabilityiDEFENSE Labs (Sep 30)
- BID #14752 updateJosh Zlatin-Amishav (Sep 30)
- UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilitiesThierry Carrez (Sep 30)
- [SECURITY] [DSA 809-2] New squid packages fix denial of serviceMartin Schulze (Sep 30)
- [SECURITY] [DSA 829-1] New mysql packages fix arbitrary code executionMartin Schulze (Sep 30)
- [ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflowThierry Carrez (Sep 30)
- [SECURITY] [DSA 827-1] New backupninja packages fix insecure temporary fileMichael Stone (Sep 30)
- [SECURITY] [DSA 828-1] New squid packages fix denial of serviceMartin Schulze (Sep 30)
