Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

366 messages starting Sep 30 04 and ending Oct 30 04
Date index | Thread index | Author index

iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability customer service mailbox (Sep 30)
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Chris Paget (Sep 30)
RE: Promiscuous email printing in Canon imageRunner Jeff Bates (Sep 30)
- <Possible follow-ups>
- Re: Promiscuous email printing in Canon imageRunner Marco Ivaldi (Oct 01)
CFMX vulnerability Eric Lackey (Sep 30)
RE: Diebold Global Election Management System (GEMS) Backdoor David Schwartz (Sep 30)
[SECURITY] [DSA 553-1] New getmail packages fix root compromise Martin Schulze (Sep 30)
Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes Shawn McMahon (Sep 30)
TSLSA-2004-0051 - samba Trustix Security Advisor (Oct 01)
Multiple Vulnerabilities in AJ-Fork Ahmad Muammar (Oct 01)
SQL Injection vulnerability in bBlog 0.7.3 James McGlinn (Oct 01)
Oracle 9i Union Flaw Brandon Petty (Oct 01)
- <Possible follow-ups>
- Re: Oracle 9i Union Flaw Brandon Petty (Oct 01)
  - Re: Oracle 9i Union Flaw Peter J. Holzer (Oct 04)
EEYE: RealPlayer pnen3260.dll Heap Overflow Marc Maiffret (Oct 01)
- Re: EEYE: RealPlayer pnen3260.dll Heap Overflow Chenghuai Lu (Oct 05)
Broadcast buffer-overflow in Vypress Messenger 3.5.1 Luigi Auriemma (Oct 01)
Re: Possible GDI Exploit Vector Babar Shafiq Nazmi (Oct 01)
Re: cdrecord local root exploit Greg A. Woods (Oct 01)
- Re: cdrecord local root exploit Jason T. Miller (Oct 01)
- Message not available
  - Message not available
    - Re: cdrecord local root exploit Solar Designer (Oct 02)
Re: cdrdao local root exploit newbug Tseng (Oct 01)
MDKSA-2004:104 - Updated samba packages fix vulnerability Mandrake Linux Security Team (Oct 01)
[ GLSA 200410-01 ] sharutils: Buffer overflows in shar.c and unshar.c Thierry Carrez (Oct 01)
dbPowerAmp Buffer Overflow And Dos Vulnerabilities GulfTech Security (Oct 01)
On Polymorphic Evasion Phantasmal Phantasmagoria (Oct 02)
Security advisory - Xerces-C++ 2.5.0: Attribute blowup Amit Klein (AKsecurity) (Oct 02)
[FLSA-2004:1733] Updated squirrelmail resolves security vulnerabilities Dominic Hargreaves (Oct 02)
In-game format string in Judge Dredd vs. Death 1.01 Luigi Auriemma (Oct 02)
Re:2. Code execution in Icecast 2.0.1(exploit with shellcode) me (Oct 02)
[SECURITY] [DSA 556-1] New netkit-telnet packages fix invalid free Matt Zimmerman (Oct 04)
[FLSA-2004:1372] Updated sysstat packages fix security vulnerabilities Marc Deslauriers (Oct 04)
Buffer Overflow in Spider game Security Team (Oct 04)
- Re: Buffer Overflow in Spider game Steve Kemp (Oct 04)
  - Re: Buffer Overflow in Spider game van Helsing (Oct 05)
    - Re: Buffer Overflow in Spider game Matt Zimmerman (Oct 06)
[LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit ET LoWNOISE (Oct 04)
[SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise Martin Schulze (Oct 04)
[FLSA-2004:1325] Updated mod_python packages fix security vulnerability Dominic Hargreaves (Oct 04)
FreeBSD Security Advisory FreeBSD-SA-04:15.syscons FreeBSD Security Advisories (Oct 04)
Full path disclosure in PHP Links Nikyt0x Argentina (Oct 04)
- Re: Full path disclosure in PHP Links Scott T. Cameron (Oct 05)
[FLSA-2004:1324] Updated libxml2 resolves security vulnerability Marc Deslauriers (Oct 04)
[ GLSA 200410-02 ] Netpbm: Multiple temporary file issues Thierry Carrez (Oct 04)
Patch available for critical IBM DB2 Universal Database flaws NGSSoftware Insight Security Research (Oct 05)
[security bulletin]SSRT4826 rev.0 Mozilla Application Suite for HP Tru64 UNIX Multiple Potential Security Vulnerabilities Boren, Rich (SSRT) (Oct 05)
SUSE Security Announcement: samba (SUSE-SA:2004:035) Thomas Biege (Oct 05)
Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bug Bipin Gautam (Oct 05)
Test your windows OS Berend-Jan Wever (Oct 05)
[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board Alexander Antipov (Oct 05)
ERRATA: Potential Arbitrary File Access (CAN-2004-0815) Gerald (Jerry) Carter (Oct 05)
Re: Full path disclosure in PHP Links - more LSS Security (Oct 05)
Full path disclosure and sql injection on CubeCart 2.0.1 Pedro Sanches (Oct 06)
- <Possible follow-ups>
- Re: Full path disclosure and sql injection on CubeCart 2.0.1 sculptex (Oct 22)
[Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal Alexander Antipov (Oct 06)
GDI+ JPEG exploit albatross (Oct 06)
Multiple vulnerabilities in BlackBoard Lin Xiaofeng (Oct 06)
- <Possible follow-ups>
- Re: Multiple vulnerabilities in BlackBoard Yves Goergen (Oct 06)
Patch available for multiple high risk vulnerabilities in RealPlayer NGSSoftware Insight Security Research (Oct 06)
[SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation Martin Schulze (Oct 06)
SUSE Security Announcement: mozilla (SUSE-SA:2004:036) Sebastian Krahmer (Oct 06)
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability 3APA3A (Oct 06)
CodeCon 2005 Call for Papers Len Sassaman (Oct 06)
[ GLSA 200410-04 ] PHP: Memory disclosure and arbitrary location file upload Dan Margolis (Oct 06)
Directory traversal in Tridcomm 1.3 Luigi Auriemma (Oct 06)
Latest Apple Sec update Michael Bartosh (Oct 06)
[GoSecure Advisory] Neoteris IVE Vulnerability Jian Hui Wang (Oct 06)
MDKSA-2004:105 - Updated xine-lib packages fix multiple vulnerabilities Mandrake Linux Security Team (Oct 06)
[SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service Martin Schulze (Oct 06)
Patch available for high risk flaws in the AtHoc Toolbar NGSSoftware Insight Security Research (Oct 06)
[Gosecure Adivsory] Neoteris IVE Vulnerability Jian Hui Wang (Oct 06)
New Microsoft Security Response Center PGP Key [pgp] Microsoft Security Response Center (Oct 06)
Hi webhelp (Oct 06)
[HV-HIGH] MS Word multiple exceptions, at least one exploitable vuln (Oct 07)
HTTP Response Splitting Vulnerability in Wordpress 1.2 Chaotic Evil (Oct 07)
[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access Martin Schulze (Oct 07)
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities Martin Schulze (Oct 07)
[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities Kurt Lieber (Oct 07)
Server crash in Flash Messaging 5.2.0g Luigi Auriemma (Oct 07)
ASP.NET cannonicalization issue Evans, Arian (Oct 08)
TSLSA-2004-0053 - cyrus-sasl Trustix Security Advisor (Oct 08)
MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability Mandrake Linux Security Team (Oct 08)
Limited \secure\ buffer-overflow in some old Monolith games Luigi Auriemma (Oct 08)
[ GLSA 200410-06 ] CUPS: Leakage of sensitive information Kurt Lieber (Oct 09)
[MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board Alexander Antipov (Oct 11)
[SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities Martin Schulze (Oct 11)
[SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality Martin Schulze (Oct 11)
Multiple vulnerabilities in ZanfiCmsLite Lin Xiaofeng (Oct 11)
Micronet wireless broadband router SP916BM admin password reset when power off MrJoe (Oct 12)
MonkeyShell: using XML-RPC for access to a remote shell Abe Usher (Oct 12)
FW: problem in voip environment Walton, John Michael (John) (Oct 12)
Microsoft cabarc directory traversal Jelmer (Oct 12)
[SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution Martin Schulze (Oct 12)
Insecure Default Service DACL's in Windows 2003 Ziots, Edward (Oct 12)
- Re: Insecure Default Service DACL's in Windows 2003 Jean-Baptiste Marchand (Oct 15)
- <Possible follow-ups>
- RE: Insecure Default Service DACL's in Windows 2003 Kurt Dillard (Oct 12)
Regression in IE: Accessing remote/local content in IE (GM#009-IE) GreyMagic Security (Oct 12)
- Re: Regression in IE: Accessing remote/local content in IE (GM#009-IE) Nick FitzGerald (Oct 12)
UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service please_reply_to_security (Oct 12)
Microsoft Internet Explorer Install Engine Control Buffer Overflow NGSSoftware Insight Security Research (Oct 12)
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution Martin Schulze (Oct 12)
UnixWare 7.1.4 : Multiple Vulnerabilities in libpng please_reply_to_security (Oct 12)
CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities CORE Security Technologies Advisories (Oct 12)
- Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities wirepair (Oct 15)
Reverse Engineering the First Pocket PC Trojan kers0r (Oct 12)
[hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3. Exoduks (Oct 12)
Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS Amit Klein (AKsecurity) (Oct 12)
MS October Security bulletins albatross (Oct 12)
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution Martin Schulze (Oct 13)
XXS in fusetalk forum Matthew Oyer (Oct 13)
XXS in SCT email client Matthew Oyer (Oct 13)
[HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss vuln (Oct 13)
BindView Advisory: Memory Leak and DoS in NT4 RPC server advisory (Oct 13)
[FLSA-2004:2102] Updated samba packages fix security vulnerability Dominic Hargreaves (Oct 13)
ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer ACROS Security (Oct 13)
EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Derek Soeder (Oct 13)
[ GLSA 200410-10 ] gettext: Insecure temporary file handling Luke Macken (Oct 13)
- <Possible follow-ups>
- [ GLSA 200410-10 ] gettext: Insecure temporary file handling Luke Macken (Oct 14)
[SECURITY] [DSA 565-1] New sox packages fix buffer overflow Martin Schulze (Oct 13)
IT Underground Talks Dave Aitel (Oct 13)
Adobe acrobat / Adobe Reader 6 can read local files Jelmer (Oct 13)
- <Possible follow-ups>
- Re: Adobe acrobat / Adobe Reader 6 can read local files Nick Leoncavallo (Oct 14)
  - Re: Adobe acrobat / Adobe Reader 6 can read local files Shannon Eric Peevey (Oct 18)
[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding Thierry Carrez (Oct 13)
EEYE: Windows VDM #UD Local Privilege Escalation Derek Soeder (Oct 13)
- <Possible follow-ups>
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Jim Hatfield (Oct 18)
MSN Gaming Heartbeat Component Buffer Overflow NGSSoftware Insight Security Research (Oct 13)
[ GLSA 200410-09 ] LessTif: Integer and stack overflows in libXpm Luke Macken (Oct 13)
Format String Vulnerability in Valve's CS-Source Some One (Oct 13)
- <Possible follow-ups>
- Re: Format String Vulnerability in Valve's CS-Source Luigi Auriemma (Oct 15)
- Re: Format String Vulnerability in Valve's CS-Source Some One (Oct 18)
Buffer Overflow In Microsoft Excel Brett Moore (Oct 14)
SetWindowLong Shatter Attacks Brett Moore (Oct 14)
[CLA-2004:872] Conectiva Security Announcement - cups Conectiva Updates (Oct 14)
[ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities Luke Macken (Oct 14)
[CLA-2004:873] Conectiva Security Announcement - samba Conectiva Updates (Oct 14)
[FLSA-2004:1888] Updated mod_ssl package fixes Apache security vulnerabilities Marc Deslauriers (Oct 14)
[HV-MED] UPDATE: RIM Blackberry DoS, data loss vuln (Oct 14)
[FLSA-2004:1737] Updated httpd packages fix a mod_proxy security vulnerability Marc Deslauriers (Oct 14)
[SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm Martin Schulze (Oct 14)
[FLSA-2004:1833] Updated lha resolves security vulnerabilities Marc Deslauriers (Oct 14)
[SECURITY] [DSA 566-1] New CUPS packages fix information leak Martin Schulze (Oct 14)
[OpenPKG-SA-2004.043] OpenPKG Security Advisory (tiff) OpenPKG (Oct 14)
Buffer-overflow in ShixxNOTE 6.net Luigi Auriemma (Oct 14)
CESA-2004-006: libtiff chris (Oct 14)
3COM Wireless router (3CRADSL72) information disclosure Karb0nOxyde - (Oct 14)
- Re: 3COM Wireless router (3CRADSL72) information disclosure mccauley () gmx net (Oct 18)
New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory John Bissell (Oct 14)
- Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory SysAdminKC (Oct 18)
  - Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory Chris Norton (Oct 19)
- <Possible follow-ups>
- Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory marco correnti (Oct 18)
ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response ACROS Security (Oct 14)
ACROS Security: HTML Injection in JRun Management Console ACROS Security (Oct 14)
ACROS Security: Session Fixation in JRun Management Console ACROS Security (Oct 14)
UPDATE: Format String Vulnerability in Valve's CS-Source Some One (Oct 14)
[ GLSA 200410-13 ] BNC: Input validation flaw Thierry Carrez (Oct 15)
[FLSA-2004:2102] Updated samba packages fix security vulnerability [updated] Dominic Hargreaves (Oct 15)
TSLSA-2004-0054 - multi Trustix Security Advisor (Oct 15)
[OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl) OpenPKG (Oct 15)
a path disclosure and a posibility file inclusion and vulneability in thepeak file upload v1.3 keitel andres ortega (Oct 15)
Writing Trojans that bypass Windows XP Service Pack 2 Firewall americanidiot (Oct 15)
- <Possible follow-ups>
- RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Polazzo Justin (Oct 15)
- Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Jay Calvert (Oct 18)
- RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Simon Zuckerbraun (Oct 18)
Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Bipin Gautam (Oct 15)
Bypass of Antivirus software with GDI+ bug exploit Mutations Andrey Bayora (Oct 15)
Microsoft Windows NetDDE Service Buffer Overflow NGSSoftware Insight Security Research (Oct 15)
Multiple Cross Site Scripting Vulnerabilities in FuseTalk steven (Oct 15)
ProFTPD 1.2.x remote users enumeration bug LSS Security (Oct 15)
Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) Daniel Milisic (Oct 15)
Directory traversal in Yak! 2.1.2 Luigi Auriemma (Oct 15)
- <Possible follow-ups>
- Re: Directory traversal in Yak! 2.1.2 bil (Oct 18)
Eudora 6.2.0.7 attachment spoof Paul Szabo (Oct 15)
Clientexec Billing Software bugtraq (Oct 15)
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution Martin Schulze (Oct 15)
More details on BID 11408 (3com 3cradsl72 wireless router) Ivan Casado (Oct 15)
[IE 6 SP2] Possible URL Spoofing Andrew Hunter (Oct 15)
- Re: [IE 6 SP2] Possible URL Spoofing Paul Kurczaba (Oct 18)
- <Possible follow-ups>
- Re: [IE 6 SP2] Possible URL Spoofing http-equiv () excite com (Oct 18)
- RE: [IE 6 SP2] Possible URL Spoofing Dror Shalev (Oct 19)
Multiple Vulnerabilities in CoolPHP R00tCr4ck (Oct 18)
ms04-031 pre-auth ?? Sinan Eren (Oct 18)
Web browsers - a mini-farce Michal Zalewski (Oct 18)
- Update: Web browsers - a mini-farce (MSIE gives in) Michal Zalewski (Oct 23)
  - Re: [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in) Daniel Veditz (Oct 25)
IISShield and ASP.NET canonicalization Tiago Halm (Oct 18)
cPanel hardlink backup issue Karol Więsek (Oct 18)
cPanel hardlink chown issue Karol Więsek (Oct 18)
cPanel symlink chmod issue Karol Więsek (Oct 18)
Multiple vulnerabilities in Sage Saleslogix Carl (Oct 18)
iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability customer service mailbox (Oct 18)
Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) secure (Oct 18)
- <Possible follow-ups>
- Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) secure (Oct 20)
[SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service Martin Schulze (Oct 18)
ProFTPD 1.2.x remote users enumeration bug - correction LSS Security (Oct 18)
IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS Juan C Calderon (Oct 18)
[FLSA-2004:2072] Updated CUPS packages fix security vulnerability Marc Deslauriers (Oct 18)
[Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities Christoph Jeschke (Oct 18)
[FLSA-2004:1237] Updated gaim package resolves security issues Marc Deslauriers (Oct 18)
[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution Martin Schulze (Oct 18)
Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS Juan C Calderon (Oct 18)
[SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service Martin Schulze (Oct 18)
[ GLSA 200410-15 ] Squid: Remote DoS vulnerability Luke Macken (Oct 18)
Mutiple AntiVirus Reserved Device Name Handling Vulnerability Sowhat . (Oct 18)
apexec.pl is still vulnerable against Directory Traversal. Zero_X www . lobnan . de Team (Oct 18)
[ GLSA 200410-14 ] phpMyAdmin: Vulnerability in MIME-based transformation system Thierry Carrez (Oct 18)
[CLA-2004:875] Conectiva Security Announcement - gtk+ Conectiva Updates (Oct 18)
[FLSA-2004:1804] Updated kernel resolves security vulnerabilities Dominic Hargreaves (Oct 19)
UnixWare 7.1.4 UnixWare 7.1.3 : The error handling in the inflate and inflateBack functions in ZLib compression library allows local users to cause a denial of service please_reply_to_security (Oct 19)
avoiding stackguard vallez (Oct 19)
- Re: avoiding stackguard Crispin Cowan (Oct 22)
Multiple AntiVirus Reserved Device Name Handling Vulnerability Sowhat . (Oct 19)
Broadcast crash in Vypress Tonecast 1.3 Luigi Auriemma (Oct 19)
Google Script Insertion Exploit Jim Ley (Oct 19)
- <Possible follow-ups>
- Re: Google Script Insertion Exploit J�r�me (Oct 25)
MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities Mandrake Linux Security Team (Oct 20)
Buffer-overflow in Age of Sail II 1.04.151 Luigi Auriemma (Oct 20)
[EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow (PoC) houseofdabus HOD (Oct 20)
RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2 Thor Larholm (Oct 20)
- <Possible follow-ups>
- How to Break Windows XP SP2 + Internet Explorer 6 SP2 http-equiv () excite com (Oct 20)
- Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2 michael evanchik (Oct 25)
[SECURITY] [DSA 571-1] New libpng3 packages fix several vulnerabilities Martin Schulze (Oct 20)
[SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities Martin Schulze (Oct 20)
MDKSA-2004:108 - Updated cvs packages fix vulnerability Mandrake Linux Security Team (Oct 20)
mpg123 "getauthfromurl" buffer overflow Carlos Barros (Oct 20)
MDKSA-2004:107 - Updated mozilla packages fix vulnerabilities Mandrake Linux Security Team (Oct 20)
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution Martin Schulze (Oct 21)
Critical Vulnerability in Altiris Deployment Server architecture Brian Gallagher (Oct 21)
- Re: Critical Vulnerability in Altiris Deployment Server architecture KF_lists (Oct 21)
- <Possible follow-ups>
- RE: Critical Vulnerability in Altiris Deployment Server architecture Brooks, Shane (Oct 25)
CAN-2004-0814: Linux terminal layer races Alan Cox (Oct 21)
- Re: CAN-2004-0814: Linux terminal layer races Pavel Kankovsky (Oct 25)
SuSE Security Announcement: kernel (SUSE-SA:2004:037) Marcus Meissner (Oct 21)
NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability NSFOCUS Security Team (Oct 21)
[SECURITY] [DSA 572-1] New ecartis packages fix unauthorised access to admin interface Martin Schulze (Oct 21)
SQL Injection in UBB.threads 3.4.x Florian Rock (Oct 21)
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities Mandrake Linux Security Team (Oct 21)
Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS (Risk increased) Juan C Calderon (Oct 21)
MDKSA-2004:110 - Updated gaim packages fix vulnerabilities Mandrake Linux Security Team (Oct 21)
HTTP Response Splitting in Serendipity 0.7-beta4 Chaotic Evil (Oct 21)
MDKSA-2004:112 - Updated squid packages fix SNMP processing vulnerability Mandrake Linux Security Team (Oct 22)
[ GLSA 200410-21 ] Apache 2, mod_ssl: Bypass of SSLCipherSuite directive Kurt Lieber (Oct 22)
MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
[KDE security advisory] Multiple integer overflows in kpdf Dirk Mueller (Oct 22)
MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities Mandrake Linux Security Team (Oct 22)
[Security Bulletin] SSRT4807 HP-UX stmkfont local unauthorized privileged access Boren, Rich (SSRT) (Oct 22)
[HV-LOW] Unsafe WAV header handling can cause DoS on Windows vuln (Oct 22)
MDKSA-2004:113 - Updated xpdf packages fix vulnerabilities Mandrake Linux Security Team (Oct 22)
J2ME security vulnerabilities Adam Gowdiak (Oct 22)
[Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.] KF_lists (Oct 22)
SuSE Security Announcement: libtiff (SUSE-SA:2004:038) Marcus Meissner (Oct 22)
Windows DoS in certain pGina configurations Steven (Oct 22)
Hack Dot AE Spy Hat (Oct 22)
iDEFENSE Security Advisory XX.XX.04 - Novell SuSe Linux LibTIFF Heap Overflow Vulnerability customer service mailbox (Oct 22)
[CLA-2004:877] Conectiva Security Announcement - mozilla Conectiva Updates (Oct 22)
Is Windows up to snuff for running our world? Richard M. Smith (Oct 22)
- Re: Is Windows up to snuff for running our world? Thor (Oct 25)
AOL Journals BlogID incrementing discloses account names and e-mail Steven (Oct 22)
Norton AntiVirus 2004/2005 Script Blocking Redux Daniel Milisic (Oct 22)
Ability FTP Server 2.34 Buffer Overflow Exploit J�r�me (Oct 22)
windows 2000 server terminal server denial of service Nick Caramella (Oct 22)
dwc_articles possible sql injection Rene (Oct 23)
rssh: pizzacode security alert Derek Martin (Oct 23)
python does mangleme (with IE bugs!) ned (Oct 25)
- Re: [Full-Disclosure] python does mangleme (with IE bugs!) Berend-Jan Wever (Oct 25)
[BUGZILLA] Vulnerabilities in Bugzilla 2.16.6 and 2.18rc2 David Miller (Oct 25)
STG Security Advisory: [SSA-20041022-08] MoniWiki XSS vulnerability advisory (Oct 25)
Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Atom 'Smasher' (Oct 25)
- Re: Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Valdis . Kletnieks (Oct 26)
  - Re: Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Paul Schmehl (Oct 28)
RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 25)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Update: Web browsers - a mini-farce (MSIE gives in) gabrield89 (Oct 25)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) MCMuir (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) Chris Paget (Oct 29)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 28)
  - RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) Michael Shigorin (Oct 29)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 29)
  - RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)
  - Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 29)
    - Re: Update: Web browsers - a mini-farce (MSIE gives in) infamous41md (Oct 29)
Mozilla Firefox (tested on 0.9.3) html-code crash. ducch apple (Oct 25)
- Re: Mozilla Firefox (tested on 0.9.3) html-code crash. Crispin Cowan (Oct 28)
- Re: Mozilla Firefox (tested on 0.9.3) html-code crash. Michal Zalewski (Oct 29)
Fake RedHat - Fedora Security Patch / Trojan Source Code & Analysis K-OTiK Security (Oct 25)
[CLA-2004:878] Conectiva Security Announcement - zlib Conectiva Updates (Oct 25)
Two Vulnerabilities in OpenWFE Web Client Joxean Koret (Oct 25)
Bug in hotmail security (Oct 25)
libxml2 remote buffer overflows (not in xml parsing code though) infamous41md (Oct 26)
SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups (SUSE-SA:2004:039) Thomas Biege (Oct 26)
OpenSSL 0.9.7e released (fwd from mark () openssl org) je (Oct 26)
[ GLSA 200410-24 ] MIT krb5: Insecure temporary file use in send-pr.sh Thierry Carrez (Oct 26)
[ GLSA 200410-26 ] socat: Format string vulnerability Luke Macken (Oct 26)
inetutils tftp client, DNS resolving bofs infamous41md (Oct 26)
libgd integer overflow infamous41md (Oct 26)
- Re: libgd integer overflow Richard Dawe (Oct 29)
- <Possible follow-ups>
- RE: libgd integer overflow infamous41md (Oct 29)
MailCarrier 2.51 SMTP server Buffer Overflow [PoC included] J�r�me (Oct 26)
pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security Dragos Ruiu (Oct 26)
Hawking Technologies HAR11A router considered insecure Marcus Garvey (Oct 26)
[ GLSA 200410-25 ] Netatalk: Insecure tempfile handling in etc2ps.sh Luke Macken (Oct 26)
pppd out of bounds memory access, possible DOS infamous41md (Oct 26)
[ GLSA 200410-23 ] Gaim: Multiple vulnerabilities Matthias Geerdsen (Oct 26)
[ GLSA 200410-22 ] MySQL: Multiple vulnerabilities Thierry Carrez (Oct 26)
wvtfpd remote root heap overflow infamous41md (Oct 26)
zgv image viewing heap overflows infamous41md (Oct 26)
- Re: zgv image viewing heap overflows Chris Frey (Oct 28)
Rendering large binary file as HTML makes Mozilla Firefox stop responding Peter Kruse (Oct 27)
debian dhcpd, old format string bug infamous41md (Oct 27)
- Re: debian dhcpd, old format string bug Tarragon Allen (Oct 28)
  - Re: debian dhcpd, old format string bug infamous41md (Oct 29)
PTms04-030 pigrelax (Oct 27)
MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86 Ramon de Carvalho Valle (Oct 27)
PuTTY SSH client vulnerability Anatole Shaw (Oct 27)
[CLA-2004:879] Conectiva Security Announcement - kernel Conectiva Updates (Oct 27)
Crashs in Master of Orion III 1.2.5 Luigi Auriemma (Oct 27)
iDEFENSE Security Advisory 10.27.04 - PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability customer service mailbox (Oct 27)
[CLA-2004:880] Conectiva Security Announcement - foomatic-filters Conectiva Updates (Oct 27)
[ GLSA 200410-29 ] PuTTY: Pre-authentication buffer overflow Sune Kloppenborg Jeppesen (Oct 27)
High Risk Vulnerability in Quicktime for Windows NGSSoftware Insight Security Research (Oct 27)
EEYE: RealPlayer Zipped Skin File Buffer Overflow Marc Maiffret (Oct 27)
Multiple Vulnerabilites in Quake II Server Richard Stanway (Oct 27)
[security bulletin] SSRT3526 Serviceguard potential increase in privilege Boren, Rich (SSRT) (Oct 27)
High Risk Vulnerability in RealPlayer NGSSoftware Insight Security Research (Oct 27)
Presentation: Bypassing client application protection techniques with notepad 3APA3A (Oct 28)
[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal Martin Schulze (Oct 28)
[SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability Martin Schulze (Oct 28)
PHP4 cURL functions bypass open_basedir FraMe (Oct 28)
[USN-5-1] gettext vulnerabilities Martin Pitt (Oct 28)
[USN-4-1] Standard C library script vulnerabilities Martin Pitt (Oct 28)
[FLSA-2004:2089] Updated mozilla packages fix security vulnerabilities Dominic Hargreaves (Oct 28)
[USN-9-1] tetex-bin vulnerabilities Martin Pitt (Oct 28)
[USN-3-1] GhostScript utility script vulnerabilities Martin Pitt (Oct 28)
[ GLSA 200410-28 ] rssh: Format string vulnerability Thierry Carrez (Oct 28)
[USN-7-1] imagemagick vulnerability Martin Pitt (Oct 28)
[USN-8-1] gaim vulnerabilities Martin Pitt (Oct 28)
New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 28)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)
  - Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
    - RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer Christopher J. Pilkington (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
  - Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 30)
- <Possible follow-ups>
- Re: New URL spoofing bug in Microsoft Internet Explorer J�r�me (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Oct 30)
[ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf Thierry Carrez (Oct 28)
[USN-6-1] postgresql contributed script vulnerability Martin Pitt (Oct 28)
[SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerability Martin Schulze (Oct 29)
[SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities Martin Schulze (Oct 29)
[OpenPKG-SA-2004.047] OpenPKG Security Advisory (apache) OpenPKG (Oct 29)
[USN-11-1] libgd2 vulnerabilities Martin Pitt (Oct 29)
[ GLSA 200410-31 ] Archive::Zip: Virus detection evasion Thierry Carrez (Oct 29)
local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Larry Cashdollar (Oct 29)
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? André Malo (Oct 29)
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Michael Engert (Oct 30)
[OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql) OpenPKG (Oct 29)
[USN-12-1] ppp Denial of Service Martin Pitt (Oct 30)
[OpenPKG-SA-2004.048] OpenPKG Security Advisory (squid) OpenPKG (Oct 30)

Previous period

Next period