Bugtraq: by subject

(MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow (Universal Exploit + no crash shellcode)
- houseofdabus (Aug 12 2005)
22nd Chaos Communication Congress 2005: Call for Papers
- fukami (Aug 26 2005)
249bytes reverse shellcode with "nooil tricks methods"
- msuiche_at_gmail.com (Aug 14 2005)
32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities
- Williams, James K (Aug 22 2005)
[ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffer overflow
- Thierry Carrez (Jul 30 2005)
[ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code
- Stefan Cornelius (Jul 31 2005)
[ GLSA 200508-01 ] Compress::Zlib: Buffer overflow
- Sune Kloppenborg Jeppesen (Jul 31 2005)
[ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities
- Sune Kloppenborg Jeppesen (Aug 01 2005)
[ GLSA 200508-03 ] nbSMTP: Format string vulnerability
- Thierry Carrez (Aug 02 2005)
[ GLSA 200508-04 ] Netpbm: Arbitrary code execution in pstopnm
- Thierry Carrez (Aug 05 2005)
[ GLSA 200508-05 ] Heartbeat: Insecure temporary file creation
- Sune Kloppenborg Jeppesen (Aug 06 2005)
[ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code
- Sune Kloppenborg Jeppesen (Aug 14 2005)
[ GLSA 200508-07 ] AWStats: Arbitrary code execution using malicious Referrer information
- Sune Kloppenborg Jeppesen (Aug 15 2005)
[ GLSA 200508-08 ] Xpdf, Kpdf, GPdf: Denial of Service vulnerability
- Sune Kloppenborg Jeppesen (Aug 15 2005)
[ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability
- Sune Kloppenborg Jeppesen (Aug 17 2005)
[ GLSA 200508-10 ] Kismet: Multiple vulnerabilities
- Sune Kloppenborg Jeppesen (Aug 18 2005)
[ GLSA 200508-11 ] Adobe Reader: Buffer Overflow
- Thierry Carrez (Aug 19 2005)
[ GLSA 200508-12 ] Evolution: Format string vulnerabilities
- Stefan Cornelius (Aug 26 2005)
[ GLSA 200508-13 ] PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
- Thierry Carrez (Aug 24 2005)
[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability
- Sune Kloppenborg Jeppesen (Aug 24 2005)
[ GLSA 200508-16 ] Tor: Information disclosure
- Sune Kloppenborg Jeppesen (Aug 24 2005)
[ GLSA 200508-18 ] PhpWiki: Arbitrary command execution through XML-RPC
- Thierry Carrez (Aug 26 2005)
[ GLSA 200508-19 ] lm_sensors: Insecure temporary file creation
- Thierry Carrez (Aug 30 2005)
[ GLSA 200508-21 ] phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
- Sune Kloppenborg Jeppesen (Aug 31 2005)
[ GLSA 200508-22 ] pam_ldap: Authentication bypass vulnerability
- Sune Kloppenborg Jeppesen (Aug 31 2005)
[ Suresec Advisories ] - Several MacOS X vulnerabilities
- Suresec Advisories (Aug 22 2005)
[AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions
- Team SHATTER (Aug 08 2005)
[AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions
- Team SHATTER (Aug 08 2005)
[AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions
- Team SHATTER (Aug 08 2005)
[BugTraq] Peter Gutmann data deletion theaory?
- Richard Clayton (Jul 28 2005)
[cosmoshop <= 8.10.78] be the shopadmin in one step
- innate_at_gmx.de (Aug 28 2005)
[DCC SPAM] Defeating Citi-Bank Virtual Keyboard Protection
- Secure Science Corporation Bugtraq (Aug 07 2005)
[DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue
- Uwe Hermann (Aug 14 2005)
[FLSA-2005:129284] Updated spamassassin package fixes security issue
- Marc Deslauriers (Aug 10 2005)
[FLSA-2005:152889] Updated mc packages fix security issues
- Marc Deslauriers (Aug 10 2005)
[FLSA-2005:157696] Updated gzip package fixes security issues
- Marc Deslauriers (Aug 10 2005)
[FLSA-2005:157701] Updated Apache httpd packages fix security issues
- Marc Deslauriers (Aug 10 2005)
[Full-disclosure] Help put a stop to incompetent computer forensics
- Christopher Day (Aug 09 2005)
[Full-disclosure] MS05_039 Exploitation (different languages)
- ad_at_class101.org (Aug 25 2005)
[Full-disclosure] mutt buffer overflow
- Frank Denis (Jedi/Sector One) (Aug 18 2005)
[Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
- sec-list_at_nolog.org (Aug 15 2005)
- Reed Arvin (Aug 15 2005)
- NoBrain NoPain (Aug 15 2005)
[HSC Security Group] Multiple XSS in phpopenchat 3.0.2
- zinho_at_hackerscenter.com (Aug 05 2005)
[KDE Security Advisory] kpdf temp file writing DoS vulnerability
- Dirk Mueller (Aug 09 2005)
[NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection
- devfreedom_at_gmail.com (Aug 25 2005)
- ICool (Aug 08 2005)
- Patrick Morris (Aug 02 2005)
- John Cobb (Aug 02 2005)
[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities
- John Cobb (Aug 15 2005)
[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
- Matteo Beccati (Aug 17 2005)
[RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability
- julio_at_rfdslabs.com.br (Aug 24 2005)
[security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access
- security-alert_at_hp.com (Aug 30 2005)
[security bulletin] SSRT051004 rev.0 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege
- security-alert_at_hp.com (Aug 30 2005)
[security bulletin] SSRT051005 rev.0 - HP ProLiant DL585 Servers Unauthorized Remote Access
- security-alert_at_hp.com (Aug 10 2005)
[security bulletin] SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access
- Boren, Rich (HP SSRT) (Aug 26 2005)
[security bulletin] SSRT4682 rev.0 - Oracle for Openview (OfO) Critical Patch Update July 2005
- security-alert_at_hp.com (Aug 03 2005)
[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access
- Boren, Rich (HP SSRT) (Aug 25 2005)
[security bulletin] SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access
- Boren, Rich (HP SSRT) (Aug 16 2005)
[security bulletin] SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass
- security-alert_at_hp.com (Aug 01 2005)
[security bulletin] SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code
- security-alert_at_hp.com (Aug 09 2005)
[security bulletin] SSRT5957 rev.0 - HP Tru64 UNIX IPSEC Tunnel ESP Mode Remote Unauthorized Disclosure of Encrypted Data
- Security Alert (Aug 10 2005)
[security bulletin] SSRT5998 Rev.0 HP System Management Homepage (v2.0.x) Denial of Service (DoS) & XSS
- security-alert_at_hp.com (Aug 03 2005)
[security bulletin] SSRT5998 rev.1 - HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS
- security-alert_at_hp.com (Aug 10 2005)
[SECURITY] [DSA 761-2] New heartbeat packages fix insecure temporary files
- Martin Schulze (Aug 15 2005)
[SECURITY] [DSA 771-1] New pdns packages fix denial of service
- Martin Schulze (Aug 01 2005)
[SECURITY] [DSA 772-1] New apt-cacher package fixes arbitrary command execution
- Martin Schulze (Aug 02 2005)
[SECURITY] [DSA 773-1] New amd64 packages fix several bugs
- Martin Schulze (Aug 11 2005)
[SECURITY] [DSA 774-1] New fetchmail packages fix arbitrary code execution
- Martin Schulze (Aug 12 2005)
[SECURITY] [DSA 775-1] New Mozilla packages fix frame injection spoofing vulnerability
- Martin Schulze (Aug 15 2005)
[SECURITY] [DSA 776-1] New clamav packages fix several problems
- Martin Schulze (Aug 16 2005)
[SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability
- Douglas Duckworth (Aug 18 2005)
- Martin Schulze (Aug 17 2005)
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
- Martin Schulze (Aug 19 2005)
[SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities
- Martin Schulze (Aug 20 2005)
[SECURITY] [DSA 781-1] New Mozilla Thunderbird packages fix several vulnerabilities
- Martin Schulze (Aug 23 2005)
[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution
- Martin Schulze (Aug 23 2005)
[SECURITY] [DSA 783-1] New mysql packages fix insecure temporary file
- Martin Schulze (Aug 23 2005)
[SECURITY] [DSA 784-1] New courier packages fix denial of service
- Martin Schulze (Aug 25 2005)
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass
- Martin Schulze (Aug 25 2005)
[SECURITY] [DSA 786-1] New simpleproxy packages fix arbitrary code execution
- Martin Schulze (Aug 25 2005)
[SECURITY] [DSA 787-1] New backup-manager package fixes several vulnerabilities
- Martin Schulze (Aug 26 2005)
[SECURITY] [DSA 788-1] New kismet packages fix arbitrary code execution
- Martin Schulze (Aug 29 2005)
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
- Martin Schulze (Aug 29 2005)
[SECURITY] [DSA 790-1] New phpldapadmin packages fix unauthorised access
- Martin Schulze (Aug 29 2005)
[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution
- Martin Schulze (Aug 29 2005)
[SECURITY] [DSA 792-1] New pstotext packages fix arbitrary command execution
- Martin Schulze (Aug 31 2005)
[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15
- max_at_jestsuper.pl (Aug 22 2005)
[SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16
- max_at_jestsuper.pl (Aug 17 2005)
[SVadvisory#13] - SQL injection in MYFAQ 1.0
- svt_at_svt.nukleon.us (Aug 06 2005)
[SVadvisory] - SQL injection in OpenBook 1.2.2
- svt_at_svt.nukleon.us (Jul 30 2005)
[UNTRUE] Gadu-Gadu supposedly fixed the invisible detection vulnerability?
- Maciej Soltysiak (Aug 30 2005)
[USN-157-1] Mozilla Thunderbird vulnerabilities
- Martin Pitt (Aug 01 2005)
[USN-158-1] gzip utility vulnerability
- Martin Pitt (Aug 01 2005)
[USN-159-1] unzip vulnerability
- Martin Pitt (Aug 01 2005)
[USN-160-1] Apache 2 vulnerabilities
- Martin Pitt (Aug 04 2005)
[USN-161-1] bzip2 utility vulnerability
- Martin Pitt (Aug 04 2005)
[USN-162-1] ekg and Gadu library vulnerabilities
- Martin Pitt (Aug 08 2005)
[USN-163-1] xpdf vulnerability
- Martin Pitt (Aug 09 2005)
[USN-164-1] netpbm vulnerability
- Martin Pitt (Aug 11 2005)
[USN-165-1] heartbeat vulnerability
- Martin Pitt (Aug 11 2005)
[USN-166-1] Evolution vulnerabilities
- Martin Pitt (Aug 11 2005)
[USN-168-1] Gaim vulnerabilities
- Martin Pitt (Aug 12 2005)
[USN-169-1] Linux kernel vulnerabilities
- Martin Pitt (Aug 19 2005)
[USN-170-1] gnupg vulnerability
- Martin Pitt (Aug 19 2005)
[USN-171-1] PHP4 vulnerabilities
- Martin Pitt (Aug 20 2005)
[USN-172-1] lm-sensors vulnerability
- Martin Pitt (Aug 23 2005)
[USN-173-1] PCRE vulnerability
- Martin Pitt (Aug 23 2005)
[USN-173-2] PCRE vulnerability
- Martin Pitt (Aug 24 2005)
[USN-173-3] Fixed apache2 packages for USN-173-2
- Martin Pitt (Aug 30 2005)
[USN-174-1] courier vulnerability
- Martin Pitt (Aug 26 2005)
[VulnWatch] The Java applet sandbox and stateful firewalls
- Florian Weimer (Aug 01 2005)
- Dinis Cruz (Aug 01 2005)
Advisory 13/2005: Remote code execution in SysCP
- Christopher Kunz (Aug 08 2005)
Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability
- Stefan Esser (Aug 15 2005)
Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability
- Stefan Esser (Aug 15 2005)
Advisory: iTAN not as secure as claimed
- release_at_redteam-pentesting.de (Aug 25 2005)
An Illustrated Guide to IPSec
- Steve Friedl (Aug 25 2005)
Apple Safari & Javascript - KERN_INVALID_ADDRESS (0x0001)
- Patrick Webster (Aug 09 2005)
Arab Portal
- ABDUCTER_MINDS_at_YAHOO.COM (Aug 01 2005)
Arbitrary command execution through XML-RPC
- Cangrejito Playero (Aug 26 2005)
- Thierry Carrez (Aug 24 2005)
Ariba password exposure vulnerability
- gerald626_at_gmail.com (Aug 31 2005)
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness
- oliver karow (Aug 25 2005)
ATutor 1.5.1 and prior multiple XSS Vulnerabilities
- h4cky0u_at_gmail.com (Aug 18 2005)
AutoLinks Pro 2.1
- none_at_none.com (Aug 28 2005)
AWstats Path Disclosure Vulnerability
- fournaux_at_khmerdev.com (Aug 25 2005)
BBCaffe 2.0 cross site scripting poc
- retrogod_at_liceposta.it (Aug 18 2005)
Beehive Forum Multiple Vulnerabilities
- wibble_at_wobble.securityfocus.com (Aug 24 2005)
BID 14355, VERITAS NetBackup 5.1 Time Stamp Vulnerability
- secure_at_symantec.com (Aug 09 2005)
Bluetooth: Theft of Link Keys for Fun and Profit?
- KF (lists) (Aug 11 2005)
Bluez hcid popen() explained.
- KF (lists) (Aug 17 2005)
BNBT EasyTracker Remote Denial of Service Vulnerability
- Sowhat . (Aug 30 2005)
Buffer overflow in BusinessMail email server system 4.60.00
- Reed Arvin (Jul 31 2005)
Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0
- Luigi Auriemma (Aug 17 2005)
Bugs Land Down Under v800
- bl2k_at_shabgard.org (Aug 20 2005)
Bugtraq ID: 14460 : Coldfusion Fusebox V4.1.0 Vulnerability
- Adrocknaphobia (Aug 09 2005)
Bypassing the new /GS protection in VC++ 7.1
- D K (Aug 17 2005)
CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability
- Williams, James K (Aug 05 2005)
- cybertronic_at_gmx.net (Aug 03 2005)
- Williams, James K (Aug 02 2005)
Call for new mailing lists @ SecurityFocus
- Alfred Huger (Aug 31 2005)
ChurchInfo Multiple Vulnerabilities
- thegreatone2176_at_yahoo.com (Aug 01 2005)
Cisco Clean Access Agent (Perfigo) bypass
- cdmiller-bugtraq_at_adams.edu (Aug 22 2005)
- Dario Ciccarone (dciccaro) (Aug 21 2005)
- Dario Ciccarone (dciccaro) (Aug 22 2005)
- llhansen-bugtraq_at_adams.edu (Aug 19 2005)
Cisco IOS Shellcode - McAfee IPS Protection
- Darren Reed (Aug 05 2005)
- planz 235 (Aug 04 2005)
Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access
- Cisco Systems Product Security Incident Response Team (Aug 17 2005)
Cisco Security Advisory: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation
- Cisco Systems Product Security Incident Response Team (Aug 22 2005)
Cisco Security Advisory: SSL Certificate Validation Vulnerability in IDS Management Software
- Cisco Systems Product Security Incident Response Team (Aug 22 2005)
ClamAV Multiple Rem0te Buffer Overflows
- list_at_rem0te.com (Aug 03 2005)
- Steven M. Christey (Aug 03 2005)
CMS Made Simple <= 0.10 - PHP injection
- groszynskif_at_gmail.com (Aug 31 2005)
Coldfusion Fusebox V4.1.0 Vulnerability
- steven_at_lovebug.org (Aug 03 2005)
- Ian Mitchell (Aug 03 2005)
- N.N.P (Aug 03 2005)
Comdev eCommerce config.php Vulnerability
- none_at_none.com (Aug 04 2005)
Comdev eCommerce wce.download.php Download Vulnerability
- none_at_none.com (Aug 04 2005)
Compromising pictures of Microsoft Internet Explorer!
- Michal Zalewski (Aug 11 2005)
CoolWebSearch found in massive spyware ring
- Paul Laudanski (Aug 09 2005)
CORRECTION: Remote IIS 5.x and IIS 6.0 Server Name Spoof
- Mark Burnett (Aug 25 2005)
Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue
- advisories (Aug 16 2005)
Corsaire Security Advisory: HP Ignite-UX passwd file disclosure issue
- advisories (Aug 16 2005)
Creating a secret web site on IIS 5.x using Alternative Data Streams
- James C Slora Jr (Aug 09 2005)
- inge_eivind.henriksen_at_chello.no (Aug 04 2005)
Cross-site scripting vulnerability in BEA WebLogic administration console
- GomoR (Aug 24 2005)
Defeating Citi-Bank Virtual Keyboard Protection
- AsTriXs (Aug 05 2005)
- Daniel Bonekeeper (Aug 05 2005)
- Debasis Mohanty (Aug 05 2005)
Design Flaw at Microsoft's AntiSpyware
- manolisgavriil_at_hotmail.com (Aug 05 2005)
DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod)
- retrogod_at_aliceposta.it (Aug 18 2005)
DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse'
- KF (lists) (Aug 22 2005)
DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()'
- KF (lists) (Aug 26 2005)
drone armies C&C report - July/2005
- Gadi Evron (Aug 15 2005)
E107 + IPB XSS Exploit
- edward11_at_postmaster.co.uk (Aug 08 2005)
e107 0.6 forum_post.php create new topics in non-existing forums
- Marc Ruef (Aug 30 2005)
ELM < 2.5.8 Remote Exploit POC
- skulls_phantoms_1_at_securityfocus.com (Aug 22 2005)
- c0ntexb_at_gmail.com (Aug 22 2005)
Evolution multiple remote format string bugs
- sitic_at_pts.se (Aug 10 2005)
Fetchmail 6.2.5 exploit for Bugtraq ID: 14349
- bannedit_at_frontiernet.net (Aug 30 2005)
FINAL Phrack Magazine release #63 is OUT
- phrackstaff_at_phrack.org (Aug 02 2005)
FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod)
- retrogod_at_aliceposta.it (Aug 04 2005)
Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure
- retrogod_at_aliceposta.it (Aug 30 2005)
Foojan PHP Weblog Information Disclosure - Refferer Html Injection
- ali202_at_fastermail.com (Aug 24 2005)
FUD Forum < 2.7.1 PHP code injection vurnelability
- riklaunim_at_gmail.com (Aug 28 2005)
Full path disclosure in CaLogic 1.22 and possible in older versions.
- gb.network_at_gmail.com (Aug 09 2005)
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution
- colin_at_funkboard.co.uk (Aug 13 2005)
- retrogod_at_aliceposta.it (Aug 08 2005)
Fwd: Tor security advisory: DH handshake flaw
- Chris Palmer (Aug 18 2005)
GNU tar and the setuid bit
- David Watson (Aug 06 2005)
- David Watson (Aug 06 2005)
Grandstream Budge Tone 101/102 DoS Vulnerability
- Kroma Pierre (Aug 12 2005)
Gravity Board X v1.1 multiple vulnerabilities
- retrogod_at_aliceposta.it (Aug 07 2005)
HACK IN THE BOX SECURITY CONFERENCE 2005
- alphademon (Aug 01 2005)
Heap integer overflow
- Stefan Cornelius (Aug 25 2005)
Help put a stop to incompetent computer forensics
- Jason Coombs (Aug 09 2005)
High Risk Vulnerability in Novell eDirectory Server
- NGSSoftware Insight Security Research (Aug 11 2005)
Hummingbird FTP Weak Password Encryption
- nnposter_at_users.sourceforge.net (Aug 14 2005)
IBM Lotus Notes multiple disclosures of password hashes
- Shalom Carmel (Aug 19 2005)
ICMP attacks against TCP: Conclusions
- Damien Miller (Aug 30 2005)
- Dan Yefimov (Aug 30 2005)
- Fernando Gont (Jul 28 2005)
iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow
- iDEFENSE Labs (Aug 02 2005)
iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability
- iDEFENSE Labs (Aug 05 2005)
iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability
- iDEFENSE Labs (Aug 09 2005)
iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability
- iDEFENSE Labs (Aug 29 2005)
iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability
- iDEFENSE Labs (Aug 29 2005)
iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability
- iDEFENSE Labs (Aug 29 2005)
Indiatimes Messenger 6.0 Buffer Overflow (Remote)
- ViPeR (Aug 31 2005)
Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit
- Dr. Peter Bieringer (Aug 12 2005)
Internet Explorer 6 Meta Refresh Parsing Weakness
- Moritz Naumann (Aug 17 2005)
Interspire ArticleLive 2005 (php version) is vulnerable to XSS
- eddie_at_interspire.com (Aug 22 2005)
ipb Css bug(now public)
- Nicolas Gregoire (Aug 08 2005)
- mattmecham_at_gmail.com (Aug 08 2005)
- virusishacker_at_gmail.com (Aug 04 2005)
ISS vs. Cisco: Chapter 2
- Florian Weimer (Aug 11 2005)
- FX (Aug 11 2005)
JaguarControl Activex Buffer Overflow
- Tacettin Karadeniz (Aug 13 2005)
Juniper Netscreen VPN Username Enumeration Vulnerability
- Roy Hills (Aug 18 2005)
Kent's Guestbook database exploit
- security curmudgeon (Aug 05 2005)
Land Down Under
- bendeniz_avci_at_hotmail.com (Aug 28 2005)
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities
- h4cky0u.org_at_gmail.com (Aug 29 2005)
LeapFTP .lsq Buffer Overflow Vulnerability
- Damien Palmer (Aug 24 2005)
- Kaveh Razavi (Aug 25 2005)
- Kaveh Razavi (Aug 24 2005)
- Sowhat . (Aug 24 2005)
Looking Glass v20040427 arbitrary commands execution / cross site scripting
- retrogod_at_aliceposta.it (Aug 27 2005)
Low security hole affecting Mentor's ADSLFR4II router
- Tim Brown (Aug 13 2005)
LSS Security Advisory: Winamp remote buffer overflow vulnerability
- ljuranic_at_lss.hr (Jul 29 2005)
MDKSA-2005:128 - Updated mozilla packages fix multiple vulnerabilities
- Mandriva Security Team (Aug 02 2005)
MDKSA-2005:129 - Updated apache2 packages fix vulnerabilities
- Mandriva Security Team (Aug 03 2005)
MDKSA-2005:130 - Updated apache packages fix vulnerabilities
- Mandriva Security Team (Aug 03 2005)
MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities
- Mandriva Security Team (Aug 04 2005)
MDKSA-2005:132 - Updated heartbeat packages fix temporary file vulnerabilities
- Mandriva Security Team (Aug 10 2005)
MDKSA-2005:133 - Updated netpbm packages fix temporary file vulnerabilities
- Mandriva Security Team (Aug 10 2005)
MDKSA-2005:134 - Updated xpdf packages fix vulnerability
- Mandriva Security Team (Aug 11 2005)
MDKSA-2005:135 - Updated kdegraphics packages fix vulnerability
- Mandriva Security Team (Aug 11 2005)
MDKSA-2005:136 - Updated gpdf packages fix vulnerability
- Mandriva Security Team (Aug 11 2005)
MDKSA-2005:137 - Updated ucd-snmp packages fix a DoS vulnerability
- Mandriva Security Team (Aug 11 2005)
MDKSA-2005:138 - Updated cups packages fix vulnerability
- Mandriva Security Team (Aug 11 2005)
MDKSA-2005:139 - Updated gaim packages fix yet more vulnerabilities
- Mandriva Security Team (Aug 15 2005)
MDKSA-2005:140 - Updated proftpd packages fix format string vulnerabilities
- Mandriva Security Team (Aug 15 2005)
MDKSA-2005:141 - Updated evolution packages fixes format string vulnerabilities
- Mandriva Security Team (Aug 17 2005)
MDKSA-2005:142 - Updated libtiff packages fixes vulnerability
- Mandriva Security Team (Aug 17 2005)
MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability
- Mandriva Security Team (Aug 17 2005)
MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities
- Mandriva Security Team (Aug 18 2005)
MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities
- Mandriva Security Team (Aug 22 2005)
MDKSA-2005:146 - Updated php-pear packages fix more PEAR XML-RPC vulnerabilities
- Mandriva Security Team (Aug 22 2005)
MDKSA-2005:147 - Updated slocate packages fix vulnerability
- Mandriva Security Team (Aug 22 2005)
MDKSA-2005:148 - Updated vim packages fix vulnerability
- Mandriva Security Team (Aug 22 2005)
MDKSA-2005:149 - Updated lm_sensors packages fix temporary file vulnerability
- Mandriva Security Team (Aug 25 2005)
MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability
- Mandriva Security Team (Aug 25 2005)
MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability
- Mandriva Security Team (Aug 25 2005)
MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability
- Mandriva Security Team (Aug 25 2005)
MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability
- Mandriva Security Team (Aug 26 2005)
MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability
- Mandriva Security Team (Aug 26 2005)
Member.php SQL Injection in MyBB
- W7ED_at_HOTMAIL.COM (Aug 27 2005)
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users
- 3APA3A (Aug 24 2005)
- kozan_at_spyinstructors.com (Aug 23 2005)
Microsoft ActiveSync information leak and spoofing
- 3APA3A (Aug 02 2005)
Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation
- Marc Ruef (Aug 09 2005)
MS05-042 Security Update Problems
- Andrew McCullough (Aug 30 2005)
ms05038 exploit poc (down&execute)
- zwell_at_sohu.com (Aug 11 2005)
MS05_039 Exploitation (different languages)
- Fabrice MOURRON (Aug 25 2005)
- Roman Medina-Heigl Hernandez (Aug 25 2005)
MSN Messenger Password Decrypter for WinXP/2003
- ViPeR (Aug 17 2005)
Multiple CMS/Forum Vulnablilties
- pacifico\ (Aug 27 2005)
Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities
- Cedric Cochin (Aug 25 2005)
Multiple vulnerabilities
- Thierry Carrez (Aug 30 2005)
Multiple vulnerabilities in BFCommand & Control for Battlefield 1942 and Vietnam
- Luigi Auriemma (Aug 29 2005)
Multiple Vulnerabilities in Home Ftp Server 1.0.7
- Donato Ferrante (Aug 24 2005)
mutt buffer overflow
- Peter Valchev (Aug 18 2005)
My Bulletin Board RC 4 Vulnerabilities
- phuket (Aug 12 2005)
MySQL Eventum Multiple Vulnerabilities
- GulfTech Security Research (Jul 31 2005)
Nate User Password Disclosed By Anonymous
- saintlinu_at_null2root.org (Aug 04 2005)
nbSMTP v0.99 remote format string exploit
- coki_at_nosystem.com.ar (Aug 05 2005)
Nephp Publisher Enterprise 3.04 Cross Site Scripting
- bl2k_at_shabgard.org (Aug 21 2005)
New Whitepaper - The Pharming Guide
- NGSSoftware Insight Security Research (Aug 24 2005)
NOVL-2005010098073 GroupWise Password Caching
- Ed Reed (Aug 17 2005)
NSFOCUS SA2005-02 : Microsoft IE Devenum.dll COM Instantiation Remote Code Execution Vulnerability
- NSFOCUS Security Team (Aug 09 2005)
Obsidis #1 Call for Papers
- angelo_at_rosiello.org (Aug 31 2005)
On classifying attacks
- Duncan Simpson (Jul 23 2005)
- Forte Systems - Iosif Peterfi (Aug 01 2005)
- Shwaine (Aug 02 2005)
- Thierry Carrez (Aug 02 2005)
- Crispin Cowan (Aug 03 2005)
- Tim Nelson (Aug 01 2005)
- Daniel Weber (Jul 28 2005)
- Forte Systems - Iosif Peterfi (Jul 29 2005)
Oracle Password Checker
- ak_at_red-database-security.com (Aug 23 2005)
PaFileDB 3.1 - SQL-Injection
- astovidatu_at_security-project.org (Aug 24 2005)
Password Disclosure in Whisper32
- Alexey Agapov (Aug 18 2005)
Peter Gutmann data deletion theaory?
- Michael Sierchio (Jul 27 2005)
PHP-Fusion <= v6.00.107 XSS exploit
- slacker4ever_1_at_juno.com (Aug 28 2005)
PHPFreeNews V1.40 and prior Multiple Vulnerabilities
- h4cky0u_at_gmail.com (Aug 17 2005)
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,
- retrogod_at_aliceposta.it (Aug 29 2005)
PHPList Vunerability
- ziot_at_whataboutpp.com (Jul 31 2005)
PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities
- goszynskif_at_gmail.com (Aug 17 2005)
Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability
- David Litchfield (Aug 25 2005)
- Paul J Docherty (Aug 25 2005)
Privilege escalation in Linksys WLAN Monitor v2.0
- Reed Arvin (Aug 12 2005)
Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
- Reed Arvin (Aug 11 2005)
Privilege escalation in Nortel Contivity VPN Client V05_01.030
- Jeff Peadro (Aug 10 2005)
PunBB BBCode IMG Tag Script Injection Vulnerability
- Aaron Horst (Aug 29 2005)
- y3dips_at_echo.or.id (Aug 29 2005)
Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?
- nukemmeister_at_gmail.com (Aug 25 2005)
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities)
- asierillo_at_gmail.com (Aug 03 2005)
- brom0815_at_gmx.de (Aug 02 2005)
- matiteman_at_securityfocus.com, (Aug 02 2005)
Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS
- Cesar (Jul 30 2005)
remote DOS on Wyse thin client 1125SE
- Josh Zlatin-Amishav (Aug 10 2005)
Remote IIS 5.x and IIS 6.0 Server Name Spoof
- Sacha Faust (Aug 23 2005)
- 3APA3A (Aug 23 2005)
- inge_eivind.henriksen_at_chello.no (Aug 22 2005)
Remote Password Compromise of Microsoft Active Sync 3.7.1
- nospam_at_airscanner.com (Aug 03 2005)
Root exploits in Lantonix Secure Console Server
- c0ntex_at_open-security.org (Aug 05 2005)
runcms highlight.php hole
- Security Lists (Aug 17 2005)
Scanning Software Bugs
- Hugo van der Kooij (Aug 04 2005)
- KF (lists) (Aug 04 2005)
- Dan.Creed_at_thecreeds.net (Aug 02 2005)
Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow
- Secunia Research (Aug 24 2005)
Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal
- Secunia Research (Aug 19 2005)
Secunia Research: SqWebMail Attached File Script Insertion Vulnerability
- Secunia Research (Aug 24 2005)
Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability
- Secunia Research (Aug 29 2005)
secure client-side platform
- Beauford, Jason (Aug 31 2005)
- liudieyu_at_umbrella.name (Aug 31 2005)
Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
- Zow (Aug 18 2005)
- Jay D. Dyson (Aug 18 2005)
- Jason Coombs (Aug 18 2005)
Serious flaw in Linksys wireless AP password security
- Robert Thompson Jr. (Aug 16 2005)
- Steve Scherf (Aug 16 2005)
- Robert Thompson Jr. (Aug 15 2005)
- Steve Scherf (Aug 14 2005)
- Steve Scherf (Aug 15 2005)
Server crash in Ventrilo 2.3.0
- Luigi Auriemma (Aug 23 2005)
Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting
- retrogod_at_aliceposta.it (Aug 03 2005)
Silvernews 2.0.3 remote command execution exploit, proxy server support!
- tsl_at_securityfocus.com, (Aug 05 2005)
Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure
- retrogod_at_aliceposta.it (Aug 31 2005)
Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities
- Scott Dewey (Aug 25 2005)
SimplePHPBlog Arbitrary File Deletion and Sample Exploit
- 'ken'_at_FTU (Aug 29 2005)
Sophos Antivirus Library Remote Heap Overflow
- list_at_rem0te.com (Aug 28 2005)
- Dowling, Gabrielle (Aug 26 2005)
- list_at_rem0te.com (Aug 26 2005)
SQL IN Open Bulletin Board
- security curmudgeon (Aug 09 2005)
- ABDUCTER_MINDS_at_YAHOO.COM (Aug 08 2005)
SQL in PHPTB Topic Boards 2.0
- almaster_at_hotmail.com (Aug 13 2005)
SQL IN PortailPHP
- Steven M. Christey (Aug 07 2005)
- ABDUCTER_MINDS_at_YAHOO.COM (Aug 04 2005)
Sql injection and global variables poisoning in XMB Forum 1.9.1
- heintz_at_hotmail.com (Aug 09 2005)
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1
- phuket (Aug 22 2005)
SQL injection in mediabox404 v1.2
- cedric_at_securityfocus.com (Aug 16 2005)
SQL injection in Persianblog
- nummish (Aug 16 2005)
- alireza hassani (Aug 16 2005)
ssl-login-checkbox faked in Lycos webmail-frontend
- Fischer, Andreas (Aug 25 2005)
SUSE Security Announcement: Adobe Reader Plugin buffer overflow (SUSE-SA:2005:047)
- Marcus Meissner (Aug 22 2005)
SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046)
- Marcus Meissner (Aug 16 2005)
SUSE Security Announcement: Mozilla various security problems (SUSE-SA:2005:045)
- Marcus Meissner (Aug 11 2005)
SUSE Security Announcement: pcre integer overflows (SUSE-SA:2005:048)
- Marcus Meissner (Aug 30 2005)
SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049)
- Marcus Meissner (Aug 30 2005)
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:044)
- Ludwig Nussel (Aug 04 2005)
tar preserves setuid bit
- Jeremy C. Reed (Aug 09 2005)
- Sean Comeau (Aug 05 2005)
- Imran Ghory (Aug 05 2005)
- Neil McKellar (Aug 05 2005)
- Imran Ghory (Aug 04 2005)
Technical Note by Amit Klein: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Le
- Amit Klein (AKsecurity) (Aug 15 2005)
The Java applet sandbox and stateful firewalls
- Florian Weimer (Jul 30 2005)
Tool Announcement: AIRT -- the Advanced Incident Response Tool 0.4.2 released
- madsys (Aug 25 2005)
Tool for Identifying Rogue Linksys Routers
- Tony Rall (Aug 26 2005)
- Paul Halliday (Aug 26 2005)
- Mike Kershaw (Aug 26 2005)
- Volker Tanger (Aug 27 2005)
- Dave Hull (Aug 26 2005)
- Matt Mercer (Aug 25 2005)
- Graham Wilson (Aug 26 2005)
- Joshua Wright (Aug 25 2005)
- Thomas Guyot-Sionnest (Aug 25 2005)
- Mike Frantzen (Aug 26 2005)
- Martin Mkrtchian (Aug 25 2005)
ToorCon 7 Lineup Finalized & Pre-Registration Ending
- h1kari_at_toorcon.org (Aug 20 2005)
Trillian Ver 3.1 saves password's in plain Text
- Suramya Tomar (Aug 05 2005)
- patrick (Aug 04 2005)
- Technica Forensis (Aug 03 2005)
- Technica Forensis (Aug 03 2005)
- Darren Pilgrim (Aug 02 2005)
- Keith Phillips (Aug 02 2005)
- Suramya Tomar (Aug 01 2005)
- security curmudgeon (Aug 02 2005)
TSLSA-2005-0038 - multi
- Trustix Security Advisor (Aug 01 2005)
TSLSA-2005-0040 - multi
- Trustix Security Advisor (Aug 05 2005)
uguestbook exploit
- security curmudgeon (Aug 05 2005)
- Earnhart, Benjamin J (Jul 28 2005)
Unicode Buffer Overflow in WinFtp Server 1.6.8
- Donato Ferrante (Aug 17 2005)
UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed.
- please_reply_to_security_at_sco.com (Aug 18 2005)
unload event in ie/mozilla/opera
- gegegz_at_aol.com (Aug 28 2005)
- Michael Shigorin (Aug 26 2005)
- Godwin Stewart (Aug 26 2005)
- Tobias Boonstoppel (Aug 25 2005)
- Niels Bakker (Aug 24 2005)
- Stefan Kelm (Aug 25 2005)
- Early, Clint (Aug 25 2005)
- Drew Haven (Aug 25 2005)
- David Gillett (Aug 24 2005)
- Tobias Boonstoppel (Aug 23 2005)
unzip TOCTOU file-permissions vulnerability
- Imran Ghory (Aug 01 2005)
Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030
- Jeff Peadro (Aug 12 2005)
VBZoom Cross Site Scripting Vulnerabilities
- almaster_at_hotmail.com (Jul 29 2005)
Vul in MyBB
- s2b_at_hotmail.com (Aug 19 2005)
Vulnerability found in CPAINT Ajax Toolkit
- Thor Larholm (Aug 16 2005)
- wiley14_at_gmail.com (Aug 15 2005)
Vulnerability in ePing and eTrace plugins of e107
- os2a.bto_at_gmail.com (Aug 05 2005)
Vulnerability in Helpdesk software Hesk 0.92
- Thomas Kr�ger (Aug 30 2005)
- not_at_given.com (Aug 30 2005)
- s2b_at_hotmail.com (Aug 29 2005)
Vulnerability in Symantec Anti Virus Corporate Edition v9.x
- golovast_at_gmail.com (Aug 31 2005)
Vulnerability in Trendmicro Officescan
- sylvain.roger_at_solucom.fr (Jul 28 2005)
w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
- h4cky0u_at_gmail.com (Aug 18 2005)
WASC-Articles: 'Preventing Log Evasion in IIS'
- contact_at_webappsec.org (Aug 28 2005)
Win32 Port of Nessusd
- Michael Boman (Aug 17 2005)
- Tom Stracener (Aug 16 2005)
WinAce Temporary File Parsing Buffer Overflow Vulnerability
- atmaca_at_icqmail.com (Aug 19 2005)
Windows 2000 universal exploit for MS05-039
- sl0ppy_at_hush.ai (Aug 11 2005)
Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection
- admin_at_batznet.com (Aug 20 2005)
Xcon2005 papers released
- alert7 (Aug 28 2005)
Xoops 2.2.1 Full Path Disclosure
- kato (Aug 12 2005)
- none_at_none.com (Aug 12 2005)
XSS in forums CFBB v1.1.0
- stormhacker_at_hotmail.com (Aug 05 2005)
XSS in GreyMatter blog
- poizon_at_securityinfo.ru (Aug 31 2005)
XSS security hole in phpwebnotes.
- nf2 (Aug 27 2005)
Zip 2,31 bad default file-permissions vulnerability
- Imran Ghory (Aug 05 2005)
- Lupe Christoph (Aug 04 2005)
- Stephen C Woods (Aug 04 2005)
- Lupe Christoph (Aug 04 2005)
- Lupe Christoph (Aug 04 2005)
- Imran Ghory (Aug 04 2005)
- Imran Ghory (Aug 02 2005)
ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
- Nicholas Knight (Aug 26 2005)
- Nick Boyce (Aug 25 2005)
- Allen Parker (Aug 23 2005)
- kozan_at_spyinstructors.com (Aug 23 2005)
Zone Alarm Security Contact
- security curmudgeon (Aug 03 2005)
- David Cross (Aug 02 2005)
Zorum 3.5 remote code execution poc exploit
- retrogod_at_aliceposta.it (Aug 18 2005)