Bugtraq: by thread

Bugtraq: by thread

421 messages starting Aug 02 04 and ending Aug 31 04
Date index | Thread index | Author index

Re: Citadel/UX Remote DoS Vulnerability IO ERROR (Aug 02)
[ GLSA 200408-01 ] MPlayer: GUI filename handling overflow Thierry Carrez (Aug 02)
SoX Exploiter by Rosiello Security Angelo Rosiello (Aug 02)
Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Justin Polazzo (Aug 02)
- Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 03)
- Message not available
  - Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Barry Fitzgerald (Aug 03)
RE: Sonicwall diag tool includes VPN credentlials Eric McCarty (Aug 02)
- <Possible follow-ups>
- Re: Sonicwall diag tool includes VPN credentlials neil gardner (Aug 02)
- RE: Sonicwall diag tool includes VPN credentlials Stephan Sachweh (Aug 02)
  - RE: Sonicwall diag tool includes VPN credentlials Jody McCluggage (Aug 02)
RE: New possible scam method : forged websites using XUL (Firefox) Thomas T. Evans, III (Aug 02)
- <Possible follow-ups>
- Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 02)
  - Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 03)
    - Re: New possible scam method : forged websites using XUL (Firefox) Kim Scarborough (Aug 03)
    - Re: New possible scam method : forged websites using XUL (Firefox) Michael Reilly (Aug 03)
- Re: New possible scam method : forged websites using XUL (Firefox) Nicholas Knight (Aug 02)
  - Re: New possible scam method : forged websites using XUL (Firefox) Marc (Aug 02)
Re[2]: Aladdin response regarding eSafe 3APA3A (Aug 02)
Security contact for RSA Security Amit Klein (Aug 02)
7a69Adv#13 - USRobotics AP Wireless Denial of Service Albert Puigsech Galicia (Aug 02)
SA-20040802 GnuTLS certificate chain verification bug Patrik Hornik (Aug 02)
DOS () MEHTTPS CoolICE (Aug 02)
- RE: [Full-Disclosure] DOS () MEHTTPS Peter Fregon (Aug 09)
Comersus 5.098 XSS Vulnerable Abdul Azis (Aug 02)
SideFind aborg (Aug 02)
- <Possible follow-ups>
- RE: SideFind Polazzo Justin (Aug 02)
OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform) Juan Manuel Pascual (Aug 02)
EXPLOIT for Re: [VSA0402] OpenFTPD format string vulnerability infamous41md (Aug 03)
DoS in Webbsyte Chat 0.9.0 Donato Ferrante (Aug 03)
[SECURITY] [DSA 535-1] New squirrelmail packages fix multiple vulnerabilities Matt Zimmerman (Aug 03)
CDE libDtHelp and dtlogin vulnerabilities on IRIX SGI Security Coordinator (Aug 03)
SUSE Security Announcement: libpng (SUSE-SA:2004:023) Thomas Biege (Aug 04)
[ GLSA 200408-02 ] Courier: Cross-site scripting vulnerability in SqWebMail Thierry Carrez (Aug 04)
[OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) OpenPKG (Aug 04)
Bug () thttpd CoolICE (Aug 04)
Clear text password exposure in Datakey's tokens and smartcards vuln (Aug 04)
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lionel Ferette (Aug 04)
  - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Toomas Soome (Aug 04)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (Aug 05)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Seth Breidbart (Aug 06)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lee Dilkie (Aug 05)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (Aug 06)
vulnerabilities in JetboxOne CMS ahmad muammar (Aug 04)
New MyDoom variant albatross (Aug 04)
- Re: New MyDoom variant Paul Kurczaba (Aug 04)
  - Re: New MyDoom variant Bryan Burns (Aug 04)
    - Re: New MyDoom variant James C. Slora Jr. (Aug 05)
    - Re: New MyDoom variant Thor (Aug 05)
    - Re: New MyDoom variant Mary Landesman (Aug 05)
  - Re: New MyDoom variant Elliott C. Bäck (Aug 04)
    - Re: New MyDoom variant Marc Hultquist (Aug 05)
    - Re: New MyDoom variant Purple Pony (Aug 05)
  - RE: New MyDoom variant Security Guy (Aug 05)
GoScript Remote Command Execution Francisco Alisson (Aug 04)
Multiple vulnerabilities in eNdonesia CMS ahmad muammar (Aug 04)
CESA-2004-001: libpng chris (Aug 04)
Linux kernel file offset pointer races Paul Starzetz (Aug 04)
Multiple Vulnerabilities in Free Web Chat Donato Ferrante (Aug 04)
Re: CVS woes: .cvspass Greg A. Woods (Aug 04)
- Re: CVS woes: .cvspass Delian Krustev (Aug 05)
  - Re: CVS woes: .cvspass Greg A. Woods (Aug 05)
    - Re: CVS woes: .cvspass Delian Krustev (Aug 06)
    - Re: CVS woes: .cvspass Greg A. Woods (Aug 07)
    - Re: CVS woes: .cvspass Tilman Schmidt (Aug 06)
  - Re: CVS woes: .cvspass Andy Dustman (Aug 06)
- Re: CVS woes: .cvspass Robin Rosenberg (Aug 07)
- Re: CVS woes: .cvspass Robin Rosenberg (Aug 07)
MDKSA-2004:079 - Updated libpng packages fix multiple vulnerabilities Mandrake Linux Security Team (Aug 04)
CORE-2004-0705: Vulnerabilities in PuTTY and PSCP CORE Security Technologies Advisories (Aug 05)
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities Matt Zimmerman (Aug 05)
[ GLSA 200408-03 ] libpng: Numerous vulnerabilities Sune Kloppenborg Jeppesen (Aug 05)
[ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution Sune Kloppenborg Jeppesen (Aug 05)
Opera: Location, Location, Location GreyMagic Software (Aug 05)
TSLSA-2004-0040 - libpng Trustix Security Advisor (Aug 05)
International DNS compromise? Zhen Shi (Aug 05)
- Re: International DNS compromise? john (Aug 05)
- Re: International DNS compromise? John Kinsella (Aug 05)
- <Possible follow-ups>
- Re: International DNS compromise? Troy (Aug 05)
  - Re: International DNS compromise? Rio Martin. (Aug 06)
  - Re: International DNS compromise? Danny (Aug 06)
  - Re: International DNS compromise? John F. Waymouth (Aug 06)
- RE: International DNS compromise? travis . alexander (Aug 05)
  - RE: International DNS compromise? Troy Monaghen (Aug 06)
- Re: International DNS compromise? bill (Aug 06)
- RE: International DNS compromise? Mike Clark (Aug 06)
- RE: International DNS compromise? Johan Nilsson (Aug 06)
- Re: International DNS compromise? Troy (Aug 06)
MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 05)
local denial of Service, Yellowdog linux to 3.0.1 pmoses (Aug 05)
CVStrac Remote Arbitrary Code Execution exploit Richard Ngo (Aug 05)
- <Possible follow-ups>
- Re: CVStrac Remote Arbitrary Code Execution exploit Richard Hipp (Aug 06)
Microsoft Internet Explorer 6 Protocol Handler Vulnerability Robillard, Nicolas (Aug 05)
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Uday Moorjani (Aug 06)
- <Possible follow-ups>
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Jouko Pynnonen (Aug 06)
[ GLSA 200408-05 ] Opera: Multiple new vulnerabilities Thierry Carrez (Aug 06)
[CLA-2004:857] Conectiva Security Announcement - apache Conectiva Updates (Aug 06)
[CLA-2004:856] Conectiva Security Announcement - libpng Conectiva Updates (Aug 06)
Opera: Location, Location, Location (GM#008-OP) GreyMagic Software (Aug 06)
[security bulletin] SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access Boren, Rich (SSRT) (Aug 06)
[security bulletin] SSRT4777 HP-UX Apache, PHP remote code execution, Denial of Service Boren, Rich (SSRT) (Aug 06)
[security bulletin] SSRTSSRT4778 Rev.0 Mozilla Application Suite for HP Tru64 UNIX libpng Potential Overflows Boren, Rich (SSRT) (Aug 06)
GNU/Linux 'info Buffer Overflow Josh Martin (Aug 06)
- Re: GNU/Linux 'info Buffer Overflow Valdis . Kletnieks (Aug 06)
- Re: GNU/Linux 'info Buffer Overflow Niels Bakker (Aug 06)
  - Re: GNU/Linux 'info Buffer Overflow Janusz A. Urbanowicz (Aug 07)
- Re: GNU/Linux 'info Buffer Overflow Roman Werpachowski (Aug 07)
RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Bart . Lansing (Aug 06)
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Dana Hudes (Aug 06)
[OpenPKG-SA-2004.036] OpenPKG Security Advisory (cvstrac) OpenPKG (Aug 06)
Remote Command Execution Francisco Alisson (Aug 06)
- <Possible follow-ups>
- Remote Command Execution Francisco Alisson (Aug 09)
Anyone know IBM's security address? Michael Scheidell (Aug 06)
- Re: Anyone know IBM's security address? Jedi/Sector One (Aug 06)
xss in moodle (post.php) Javier Ubilla Brenni (Aug 06)
Re: Remote crash in tcpdump from OpenBSD Balaram Amgoth (Aug 06)
- Re: Remote crash in tcpdump from OpenBSD Otto Moerbeek (Aug 07)
Winmx Software making calls to Port 25 Retro Granny (Aug 06)
- Re: Winmx Software making calls to Port 25 Radoslav Dejanović (Aug 09)
- <Possible follow-ups>
- Re: Winmx Software making calls to Port 25 Retro Granny (Aug 07)
SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Jordan Pilat (Aug 06)
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Stefan Seifert (Aug 07)
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Radoslav Dejanović (Aug 09)
  - Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Matthias Leisi (Aug 09)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (Aug 06)
Type xxs root (Aug 07)
[PHP Bug] How to hide a HTTP request in the apache logs Anthony Debhian (Aug 07)
- Re: [PHP Bug] How to hide a HTTP request in the apache logs Steve Brown (Aug 09)
- Re: [PHP Bug] How to hide a HTTP request in the apache logs Max Valdez (Aug 09)
Airpwn & libpng holes Matt Venzke (Aug 07)
EXPLOIT Re: Pavuk Digest Authentication Buffer Overflow infamous41md (Aug 07)
SUSE Security Announcement: kernel (SUSE-SA:2004:024) Thomas Biege (Aug 09)
Java XSLT security advisory addendum Marc Schoenefeld (Aug 09)
TSLSA-2004-0041 - kernel Trustix Security Advisor (Aug 09)
Windows doesn't verify digital signature of CRL files Faro Poplar (Aug 09)
- Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (Aug 10)
  - Re: Windows doesn't verify digital signature of CRL files Neil Gierman (Aug 10)
    - Re: Windows doesn't verify digital signature of CRL files Jack Lloyd (Aug 10)
    - Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (Aug 11)
    - Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (Aug 10)
  - Re: Windows doesn't verify digital signature of CRL files Valdis . Kletnieks (Aug 10)
- <Possible follow-ups>
- Windows doesn't verify digital signature of CRL files Michael Howard (Aug 11)
[ GLSA 200408-06 ] SpamAssassin: Denial of Service vulnerability Sune Kloppenborg Jeppesen (Aug 09)
CORE-2004-0714: Cfengine RSA Authentication Heap Corruption CORE Security Technologies Advisories (Aug 09)
First symbian OS trojan discovered in the wild kers0r (Aug 09)
MDKSA-2004:080 - Updated shorewall packages fix temporary file vulnerabilities Mandrake Linux Security Team (Aug 10)
[ GLSA 200408-07 ] Horde-IMP: Input validation vulnerability for Internet Explorer users Kurt Lieber (Aug 10)
[security bulletin] SSRT4788 rev. 0 HP-UX Apache Remote arbitrary code execution Boren, Rich (SSRT) (Aug 10)
[security bulletin] SSRT4785 rev. 0 HP-UX Process Resource Manager (PRM) potential data corruption Boren, Rich (SSRT) (Aug 10)
Corsaire Security Advisory - Port80 Software ServerMask inconsistencies advisories (Aug 10)
Corsaire Security Advisory - Sygate Secure Enterprise replay issue advisories (Aug 10)
Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue advisories (Aug 10)
spamcop.net allows everyone to grab mail addresses and reset passwords Henning Schmiedehausen (Aug 10)
Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue advisories (Aug 10)
AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability homicidal (Aug 10)
- <Possible follow-ups>
- RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability Thor Larholm (Aug 12)
  - Re: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability High Pressure (Aug 12)
Driver for display goes to a infinite loop by viewing a html! Bipin Gautam (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Conor Byrne (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Jack C (Aug 11)
  - Re: Driver for display goes to a infinite loop by viewing a html! Christopher X. Candreva (Aug 11)
    - Re: Driver for display goes to a infinite loop by viewing a html! Mike Pumford (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Anthony Petito (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Steven Leikeim (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Eddie Block (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! 3APA3A (Aug 12)
- <Possible follow-ups>
- RE: Driver for display goes to a infinite loop by viewing a html! Eggers, Bill A [LTD] (Aug 11)
- Re: Driver for display goes to a infinite loop by viewing a html! Frank Nospam (Aug 12)
- RE: Driver for display goes to a infinite loop by viewing a html! Christopher Wagner (Aug 20)
BlackICE unprivileged local user attack Paul Craig - Pimp Industries (Aug 11)
ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows Pentest Security Advisories (Aug 11)
HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5 Amit Klein (Aug 11)
EXPLOIT libpng infamous41md (Aug 11)
Clearswift Mimesweeper Path Traversal Vulnerability Kroma Pierre (Aug 11)
- <Possible follow-ups>
- Re: Clearswift Mimesweeper Path Traversal Vulnerability Pete Simpson (Aug 11)
NGSEC's response to Idefense overflow protections whitepaper. lists (Aug 11)
- <Possible follow-ups>
- RE: NGSEC's response to Idefense overflow protections whitepaper. Richard Johnson (Aug 12)
KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities Waldo Bastian (Aug 11)
[ GLSA 200408-09 ] Roundup filesystem access vulnerability Kurt Lieber (Aug 11)
SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Secure Science Corporation Advisory Notice (Aug 12)
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Joe Eversole (Aug 12)
  - Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Lance James (Aug 13)
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Brad Herbert (Aug 12)
ISS BlackIce Server Protect Unprivileged User Attack Thomas Ryan (Aug 12)
Metasploit Framework v2.2 H D Moore (Aug 12)
[ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability Sune Kloppenborg Jeppesen (Aug 12)
[ GLSA 200408-10 ] gv: Exploitable Buffer Overflow Sune Kloppenborg Jeppesen (Aug 12)
- Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow infamous41md (Aug 12)
- Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow Dan Margolis (Aug 14)
[CLA-2004:858] Conectiva Security Announcement - squirrelmail Conectiva Updates (Aug 12)
SUSE Security Announcement: gaim (SUSE-SA:2004:025) Thomas Biege (Aug 12)
JS/Zerolin T.H. Haymore (Aug 12)
- Re: JS/Zerolin Nicolas Gregoire (Aug 13)
  - Re: JS/Zerolin T.H. Haymore (Aug 13)
- <Possible follow-ups>
- Re: JS/Zerolin K-OTiK Security (Aug 13)
- RE: JS/Zerolin Thor Larholm (Aug 14)
NETGEAR DG834G SPECIAL FEATURES thanasonic (Aug 12)
- Re: NETGEAR DG834G SPECIAL FEATURES Uday Moorjani (Aug 13)
- <Possible follow-ups>
- RE: NETGEAR DG834G SPECIAL FEATURES Andre Lorbach (Aug 13)
- Re: NETGEAR DG834G SPECIAL FEATURES thanasonic (Aug 13)
  - Re: NETGEAR DG834G SPECIAL FEATURES Dave Paris (Aug 13)
- Re: NETGEAR DG834G SPECIAL FEATURES Paul James (Aug 25)
  - Re: NETGEAR DG834G SPECIAL FEATURES Rodrigo Barbosa (Aug 27)
    - RE: NETGEAR DG834G SPECIAL FEATURES prj (Aug 27)
  - Re: NETGEAR DG834G SPECIAL FEATURES Luca Berra (Aug 31)
[ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issues Sune Kloppenborg Jeppesen (Aug 12)
[ GLSA 200408-12 ] Gaim: MSN protocol parsing function buffer overflow Sune Kloppenborg Jeppesen (Aug 12)
NGSEC's response to Idefense overflow protections whitepaper. (PART II) lists (Aug 13)
New Paper: Microsoft Windows, a lower Total Cost of Ownership Dave Aitel (Aug 13)
MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities Mandrake Linux Security Team (Aug 13)
recent gaim advisory infamous41md (Aug 13)
MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities Mandrake Linux Security Team (Aug 13)
Advanced usage of system() function. Adam Zabrocki (Aug 13)
Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues advisories (Aug 13)
QuiXplorer directory traversal Cyrille Barthelemy (Aug 14)
SGI Advanced Linux Environment 2.4 security update #24 SGI Security Coordinator (Aug 14)
SpecificMAIL Technical Brief Nick D. (Aug 14)
- Re: SpecificMAIL Technical Brief Skip Carter (Aug 16)
SGI Advanced Linux Environment 3 Security Update #9 SGI Security Coordinator (Aug 14)
Posible security bug in phpMyWebhosting Matias Neiff (Aug 14)
- <Possible follow-ups>
- Re: Posible security bug in phpMyWebhosting M�ller (Aug 20)
  - Re: Posible security bug in phpMyWebhosting Daniel Souza (Aug 20)
    - Re: Posible security bug in phpMyWebhosting Udo Mueller (Aug 20)
- Re: Fwd: Re: Posible security bug in phpMyWebhosting Matias Neiff (Aug 23)
[ GLSA 200408-15 ] Tomcat: Insecure Installation Sune Kloppenborg Jeppesen (Aug 16)
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management Martin Schulze (Aug 16)
SUSE Security Announcement: rsync (SUSE-SA:2004:026) Thomas Biege (Aug 16)
gv buffer overflows: here, there, and everywhere infamous41md (Aug 16)
NullyFake - Site Spoofing in MSIE Liu Die Yu (Aug 16)
[ GLSA 200408-14 ] acroread: UUDecode filename buffer overflow Sune Kloppenborg Jeppesen (Aug 16)
pscript.de PFORUM XSS Vulnerability Christoph Jeschke (Aug 16)
TSSA-2004-020-ES - rsync tinysofa Security Team (Aug 16)
IpSwitch IMail Server <= ver 8.1 User Password Decryption Adik (Aug 17)
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption Dave Warren (Aug 17)
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption David E. Smith (Aug 21)
- <Possible follow-ups>
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption J�r�me (Aug 18)
First vulnerabilities in the SP2 - XP ?... J�r�me (Aug 17)
- Re: First vulnerabilities in the SP2 - XP ?... Colin Alston (Aug 17)
- Re: First vulnerabilities in the SP2 - XP ?... Oliver Schneider (Aug 17)
  - RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 19)
- Re: First vulnerabilities in the SP2 - XP ?... Radoslav Dejanović (Aug 18)
- Re: First vulnerabilities in the SP2 - XP ?... Robert Decker (Aug 20)
- <Possible follow-ups>
- RE: First vulnerabilities in the SP2 - XP ?... Thor Larholm (Aug 20)
- Re: First vulnerabilities in the SP2 - XP ?... Matthew Roberts (Aug 20)
  - RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 23)
SQL Injection in CACTI Fernando Quintero (Aug 17)
- Re: SQL Injection in CACTI Thomas Chiverton (Aug 17)
  - Re: SQL Injection in CACTI Cedric Blancher (Aug 19)
- Re: SQL Injection in CACTI Andy Markert (Aug 19)
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access Martin Schulze (Aug 17)
[ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Kurt Lieber (Aug 17)
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Jim Paris (Aug 21)
  - Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Solar Designer (Aug 21)
[SECURITY] [DSA 539-1] New kdelibs packages fix denial of service Martin Schulze (Aug 17)
TSLSA-2004-0042 - rsync Trustix Security Advisor (Aug 17)
[ GLSA 200408-17 ] rsync: Potential information leakage Kurt Lieber (Aug 17)
vpopmail <= 5.4.2 (sybase vulnerability) J�r�me (Aug 17)
- [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability) bugtraq (Aug 20)
Opera Local File/Directory Detection (GM#009-OP) GreyMagic Software (Aug 17)
[NGSEC-2004-6] IPD, local system denial of service. labs (Aug 17)
LNSA-#2004-0017: rsync (Aug, 17 2004) Vincenzo Ciaglia (Aug 17)
[ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow Kurt Lieber (Aug 17)
Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Abu Lafy (Aug 17)
- Re: Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Anthony Petito (Aug 20)
RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password Decryption Bill Roemhild (Aug 17)
Vulnerabilities in Merak Webmail Server. Criolabs (Aug 18)
MDKSA-2004:083 - Updated rsync packages fix remotely-exploitable vulnerability Mandrake Linux Security Team (Aug 18)
Open Security Group Advisory #6 c0ntex (Aug 18)
[SECURITY] [DSA 540-1] New mysql packages fix insecure temporary file creation Martin Schulze (Aug 18)
Multiple vulnerabilities in PHP-FUSION Ahmad Muammar (Aug 18)
SHA-0 Broken, MD5 Rumored Broken J�r�me (Aug 18)
- Re: SHA-0 Broken, MD5 Rumored Broken Anthony Nemmer (Aug 20)
  - Re: SHA-0 Broken, MD5 Rumored Broken stanislav shalunov (Aug 21)
Breaking windows LM hashes using the Time-Memory Trade-Off : Optimization & new tool J�r�me (Aug 18)
recent iDefense advisories not being posted to bugtraq includes CVS information disclosure bug (CAN-2004-0778) Marc Bejarano (Aug 19)
[security bulletin] SSRT3460 rev.3 HP-UX Network traffic can cause programs to fail Boren, Rich (SSRT) (Aug 19)
Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection Rohit Dube (Aug 19)
- Re: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection George Capehart (Aug 21)
  - RE: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection Rohit Dube (Aug 24)
MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability Mandrake Linux Security Team (Aug 19)
- Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??) Joel D. Kinard (Aug 24)
  - Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??) Gabriel Kihlman (Aug 25)
MDKSA-2004:085 - Updated qt3 packages fix multiple vulnerabilities Mandrake Linux Security Team (Aug 19)
CESA-2004-004: qt chris (Aug 19)
Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload Cisco Systems Product Security Incident Response Team (Aug 19)
Immunity, Inc. Release: libdisassemble dave (Aug 20)
Security aspects of time synchronization infrastructure 3APA3A (Aug 20)
- RE: [Full-Disclosure] Security aspects of time synchronization infrastructure joe (Aug 21)
  - Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure 3APA3A (Aug 20)
    - RE: Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure joe (Aug 21)
SUSE Security Announcement: qt3 (SUSE-SA:2004:027) Thomas Biege (Aug 20)
Microsoft Windows XP SP2 http-equiv () excite com (Aug 20)
Xines_Mine.c Open Security Group Advisory c0ntex (Aug 20)
[ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability Joshua J. Berry (Aug 20)
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability infamous41md (Aug 21)
- <Possible follow-ups>
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability ktha (Aug 24)
NetBSD Security Advisory 2004-009: ftpd root escalation NetBSD Security-Officer (Aug 20)
XV multiple buffer overflows, exploit included infamous41md (Aug 20)
Unsecure file permission of ZoneAlarm pro. Bipin Gautam (Aug 20)
- <Possible follow-ups>
- RE: Unsecure file permission of ZoneAlarm pro. Simon Zuckerbraun (Aug 25)
- Re: Unsecure file permission of ZoneAlarm pro. Bipin Gautam (Aug 26)
What A Drag II XP SP2 http-equiv () excite com (Aug 20)
- <Possible follow-ups>
- What A Drag II XP SP2 http-equiv () excite com (Aug 21)
Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer Audun Larsen (Aug 21)
Buffer overflow in sarad Matthias Bethke (Aug 21)
[Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)] Myron Davis (Aug 21)
BadBlue Webserver v2.5 Denial Of Service Vulnerability GulfTech Security (Aug 21)
MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities Mandrake Linux Security Team (Aug 21)
Multiple Vulnerabilities in Mantis Bugtracker Jose Antonio (Aug 21)
EXPLOIT: Qt bmp heap overflow infamous41md (Aug 21)
Cross Site Scripting Vulnerability in Sympa Jose Antonio (Aug 21)
Mantis Bugtracker Remote PHP Code Execution Vulnerability Jose Antonio (Aug 22)
Multiple vulnerabilities in MyDMS Jose Antonio (Aug 22)
[ GLSA 200408-20 ] Qt: Image loader overflows Joshua J. Berry (Aug 23)
JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks Dr Ponidi (Aug 23)
ERRATA: [ GLSA 200406-14 ] aspell: Buffer overflow in word-list-compress Kurt Lieber (Aug 23)
ERRATA: [ GLSA 200408-21 ] Cacti: SQL injection vulnerability Sune Kloppenborg Jeppesen (Aug 23)
[ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities Kurt Lieber (Aug 23)
KDE Security Advisory: Konqueror Cross-Domain Cookie Injection Waldo Bastian (Aug 23)
Multiple Cross Site Scripting Vulnerabilities in eGroupWare Joxean Koret (Aug 23)
[ GLSA 200408-21 ] Cacti: SQL injection vulnerability Kurt Lieber (Aug 23)
DoS in Bird Chat 1.61 Donato Ferrante (Aug 23)
IE, Firefox, Opera DoS exploits (Aug 23)
- Re: IE, Firefox, Opera DoS Dan Pixley (Aug 24)
  - RE: IE, Firefox, Opera DoS GulfTech Security (Aug 26)
    - RE: IE, Firefox, Opera DoS (*not* a DoS, not even close) Steve R (Aug 28)
Bugs fixed in Version 1.4.3 Joxean Koret (Aug 23)
[PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (Aug 23)
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers morning_wood (Aug 23)
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (Aug 26)
MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit Tal0n (Aug 23)
New google's top query? J�r�me (Aug 23)
- Re: New google's top query? Luke Burton (Aug 25)
- Re: New google's top query? Alex Keller (Aug 26)
  - Re: New google's top query? Justin Wheeler (Aug 27)
Yahoo! E-mail Service Vulnerability Dror Shalev (Aug 23)
Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (Aug 23)
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Jan Minar (Aug 24)
  - Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (Aug 26)
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Rodrigo Barbosa (Aug 24)
  - Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (Aug 26)
CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition I)ruid (Aug 23)
A word of caution on the use of suphp Steven Van Acker (Aug 23)
Running renamed executables with CMD.EXE Geoff Vass (Aug 23)
- <Possible follow-ups>
- RE: Running renamed executables with CMD.EXE Michael Wojcik (Aug 25)
Window Washer 5.5: False Sense of Security First Last (Aug 24)
What A Drag! -revisited- mikx (Aug 24)
WebAPP directory traversal and ability to retrieve the DES encrypted password hash J�r�me (Aug 24)
Hastymail security update Jason Munro (Aug 24)
Internet Explorer Local File/Directory Detection Rynho Zeros Web (Aug 24)
Microsoft updates documentation on Windows time synchronization 3APA3A (Aug 24)
Possible Security Issues In LiveWorld Products GulfTech Security (Aug 24)
[SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting Martin Schulze (Aug 25)
[ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability Joshua J. Berry (Aug 25)
Limited buffer overflow in Painkiller 1.31 Luigi Auriemma (Aug 25)
PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities Nikyt0x Argentina (Aug 25)
Easy File Sharing Webserver v1.25 Vulnerabilities GulfTech Security (Aug 25)
bug found Mathieu Lacroix (Aug 25)
ANNOUNCE: VulnDisco RADIUS protocol testsuite v1.0 Evgeny Demidov (Aug 25)
Vulnerability: OpenBSD 3.5 Kernel Panic. Vafa Izadinia (Aug 25)
A new website to search & submit win exploits Dav1d (Aug 25)
[NGSEC-2004-7] NtRegmon, local system denial of service. labs (Aug 25)
IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service Advisories (Aug 25)
Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Steve (Aug 25)
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Kyle Maxwell (Aug 26)
- RE: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Andreas Freyvogel (Aug 27)
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Jay D. Dyson (Aug 27)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Systems Product Security Incident Response Team (Aug 25)
RealVNC 4.0 DoS Allan Zhang (Aug 25)
Squirrelmail chpasswd local root bruteforce exploit J�r�me (Aug 25)
Computer Network Defence Vulnerability Alert State Andy Cuff (Aug 25)
Anonymous Surfing Via Gmail Login Window - Poor Sanitization Punabi MC (Aug 25)
- Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization Markus Ackermann (Aug 26)
CDE libDtHelp LOGNAME Buffer Overflow Vulnerability J�r�me (Aug 25)
- <Possible follow-ups>
- RE: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability Thor Larholm (Aug 31)
Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability - [Full-Disclosure] iDEFENSE Security Advisory 08.25.04 J�r�me (Aug 26)
Dynix Webpac Input Validation Wil Allsopp (Aug 26)
multiple vulnerabilities in lukemftpd/tnftpd venglin (Aug 26)
Re: Images being pulled in Outlook 2003 even though don't download pictures is set? Jason Coombs PivX Solutions (Aug 26)
[security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow Boren, Rich (SSRT) (Aug 26)
Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (Aug 26)
[OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib) OpenPKG (Aug 26)
[ GLSA 200408-25 ] MoinMoin: Group ACL bypass Joshua J. Berry (Aug 26)
TSL-2004-0043 - multi Trustix Security Advisor (Aug 26)
MS XP SP2 Windows Security Center allows spoofing J�r�me (Aug 26)
Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) john . courcoul (Aug 26)
- Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) Rishi Khan (Aug 27)
- Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) john . courcoul (Aug 29)
[ GLSA 200408-24 ] Linux Kernel: Multiple information leaks Tim Yamin (Aug 26)
Keene Digital Media Server Directory Traversal GulfTech Security (Aug 26)
0day critical vulnerability/exploit targets Winamp users in the wild K-OTiK Security (Aug 27)
Broadcast forced exit in Ground Control II 1.0.0.7 Luigi Auriemma (Aug 27)
Alpha Phising [IE 6 WinXP SP2] mikx (Aug 27)
Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow J�r�me (Aug 27)
Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability" Zone Labs Product Security (Aug 27)
MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (Aug 27)
SGI ProPack 3: Kernel Update #3 - Security and other fixes SGI Security Coordinator (Aug 27)
Gaucho v1.4 Build 145 Buffer Overflow J�r�me (Aug 27)
Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 27)
[ GLSA 200408-26 ] zlib: Denial of service vulnerability Sune Kloppenborg Jeppesen (Aug 27)
[ GLSA 200408-27 ] Gaim: New vulnerabilities Sune Kloppenborg Jeppesen (Aug 27)
Re: 0day critical vulnerability/exploit targets Winamp users in the wild K-OTiK Security (Aug 28)
[vulnwatch] WS_FTP Server Denial of Service Vulnerability lion (Aug 30)
CuteNews News.txt writable to world e0r (Aug 30)
DoS in Chat Anywhere 2.72a Donato Ferrante (Aug 31)
[SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service Martin Schulze (Aug 31)
Multiple Vulnerabilities In Xedus Webserver GulfTech Security (Aug 31)
Cross Site Scripting in XOOPS Version 2.x Dictionary module CyruxNET (Aug 31)
[vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability lion (Aug 31)
[vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability lion (Aug 31)
Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable) Steven Van Acker (Aug 31)
D-Link DCS-900 IP camera remote exploit that change the IP J�r�me (Aug 31)
Linux OpenExchange - cleartext rootpw in swap Rene (Aug 31)
- Re: Linux OpenExchange - cleartext rootpw in swap Rainer Duffner (Aug 31)
Security Center and Windows XP clients in domain albatross (Aug 31)
DOS () TFS CoolICE (Aug 31)
[SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow Martin Schulze (Aug 31)
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities Martin Schulze (Aug 31)
MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service Tom Yu (Aug 31)
UPDATED OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities please_reply_to_security (Aug 31)
OpenServer 5.0.6 OpenServer 5.0.7 : squid %-encoded characters in a URL please_reply_to_security (Aug 31)
Multiple Vulnerabilities in phpScheduleIt Joxean Koret (Aug 31)

Previous period

Next period