Home page logo
/

532 messages starting Feb 01 05 and ending Feb 26 05
Date index | Thread index | Author index

Tuesday, 01 February

SAME LADY, DIFFERENT HAT: REELY http-equiv () excite com
[ Security Bulletin] SSRT5900 rev.0 HP-UX TGA daemon remote Denial of Service (DoS) Boren, Rich (SSRT)
[USN-71-1] PostgreSQL vulnerability Martin Pitt
[SECURITY] [DSA 663-1] New prozilla packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities Martin Schulze
[ GLSA 200502-01 ] FireHOL: Insecure temporary file creation Matthias Geerdsen
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Trog
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Dack

Wednesday, 02 February

Re:WinAmp POC: How to get 900+ shellcodespace!? lists
[SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions Martin Schulze
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Darren Bounds
MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities Mandrakelinux Security Team
SQL injection in EveryDNS.net Service Calum Power
MDKSA-2005:026 - Updated imap packages fix authentication vulnerability Mandrakelinux Security Team
MDKSA-2005:027 - Updated chbg packages fix vulnerability Mandrakelinux Security Team
Limited buffer-overflow in Painkiller 1.35 Luigi Auriemma
7a69Adv#19 - ZipGenius unpack path disclosure Albert Puigsech Galicia
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Trog
[USN-72-1] Perl vulnerabilities Martin Pitt
[ GLSA 200502-03 ] enscript: Multiple vulnerabilities Thierry Carrez
[FLSA-2005:2255] Updated zip package fixes security issue Marc Deslauriers
[FLSA-2005:2272] Updated unarj package fixes security issue Marc Deslauriers
[ GLSA 200502-02 ] UW IMAP: CRAM-MD5 authentication bypass Sune Kloppenborg Jeppesen
7a69Adv#20 - ZipGenius unpack one-folder path disclosure Albert Puigsech Galicia
7a69Adv#21 - WinRAR unpack one-folder path disclosure Albert Puigsech Galicia
[SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities chewkeong
[FLSA-2005:2187] Updated freeradius packages fix security flaws Marc Deslauriers
Portcullis Advisory 05-005 Update, Webseries Payment Application Paul J Docherty
Portcullis Advisory 05-001 Update, Webseries Payment Application Paul J Docherty
Portcullis Advisory 05-006 Update, Webseries Payment Application Paul J Docherty
Portcullis Advisory 05-007 Update, Webseries Payment Application Paul J Docherty
Portcullis Advisory 05-008 Update, Webseries Payment Application Paul J Docherty
Gallery is still vulnerable to Cross-site Scripting attacks Jon Keating

Thursday, 03 February

Re: [Full-Disclosure] [ GLSA 200501-40 ] ngIRCd: Buffer overflow qobaiashi
Windows Security Checklists - 10 Parts Paul Laudanski
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues exon
Portcullis Advisory 05-009 Update, Webseries Payment Application Paul J Docherty
Re[2]: WinAmp POC: How to get 900+ shellcodespace!? Viktor E Larionov
Google getting smarter ?!?! John Madden
[ GLSA 200502-04 ] Squid: Multiple vulnerabilities Sune Kloppenborg Jeppesen
SV: Zyxel / Netgear and probably other routers leaking information. Jens Kalvik
[ GLSA 200502-05 ] Newspost: Buffer overflow vulnerability Luke Macken
MDKSA-2005:029 - Updated vim packages fix vulnerabilities Mandrakelinux Security Team
New presentation: Advanced SQL Injection in Oracle databases Esteban Martínez Fayó
RE: Google getting smarter ?!?! Scott Jacobson
RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT] cybertronic
ngIRCd <= v0.8.2 Format String Vulnerability CoKi
Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py Guido van Rossum
DoS in LANChat Pro Revival 1.666c Donato Ferrante
[Linux kernel ipv6_setsockopt integer overflow] qobaiashi
[USN-73-1] Python vulnerability Martin Pitt
[ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 laurent oudot
Re: [Linux kernel ipv6_setsockopt integer overflow] Dan Yefimov

Friday, 04 February

Wireless networks/Default Admin username security problem in Croatia Radoslav Dejanović
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access Martin Schulze
Exploit For Savant Web Server 3.1 (tested on win2003) CorryL

Saturday, 05 February

[SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading Martin Schulze
Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 Denis Jedig
Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 Jonathan Rockway
Re: Squirrelmail vacation v0.15 local root exploit p dont think
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities Martin Schulze
Webroot Software Resigns from COAST Paul Laudanski
Re: Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 Nicolas Gregoire
Re: Wireless networks/Default Admin username security problem in Croatia Denis Jedig
Foxmail Server Remote Buffer Overflow Vulnerability Xin Ouyang
directory traversal in RaidenHTTPD 1.1.27 Donato Ferrante
[PersianHacker.NET 200502-05] WWWoard passwd Pedram Hayati
[USN-74-1] Postfix vulnerability Martin Pitt
[USN-75-1] cpio vulnerability Martin Pitt
[USN-74-2] Fixed Postfix packages for USN-74-1 Martin Pitt

Monday, 07 February

Re: [USN-74-1] Postfix vulnerability Wietse Venema
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities Martin Schulze
XSS Vulnerability at thefacebook.com Jonathan Rockway
VOIPSEC VoIP Security Aliance
New version of ike-scan (IPsec IKE scanner) available - v1.7 Roy Hills
[OSX Finder] DS_Store arbitrary file overwrite vulnerability. Vade 79
DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation' KF (lists)
Vulnerability in 3Com 3CServer v1.1 mandragore
DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow' KF (lists)
[USN-76-1] Emacs vulnerability Martin Pitt
[ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm Thierry Carrez
[USN-77-1] Squid vulnerabilities Martin Pitt
Re: [Contact] Motorola broadband appliance team? Grzegorz Cegielski
[ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm Thierry Carrez
[Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS) Boren, Rich (SSRT)
iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability iDefense Customer Service
[ GLSA 200502-08 ] PostgreSQL: Local privilege escalation Luke Macken
OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack please_reply_to_security
Firedragging [Firefox 1.0] mikx
Fireflashing [Firefox 1.0] mikx
Firetabbing [Firefox 1.0] mikx
[SePro Bugtraq] SQL-Injection in PerlDesk 1.x deluxe
GMail / Google Groups ESMTP software b0f Michal Zalewski

Tuesday, 08 February

UnixWare 7.1.4 : racoon multilple security issues please_reply_to_security
International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Brandon Kovacs
CodeCon Reminder Len Sassaman
UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack please_reply_to_security
iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability iDefense Customer Service
php-fusion 4.x vuln thegreatone2176

Wednesday, 09 February

UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands please_reply_to_security
RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN) Scovetta, Michael V
AppleFileServer Denial of Service. nemo
OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows please_reply_to_security
CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability CORE Security Technologies Advisories
iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability iDefense Customer Service
[SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution Martin Schulze
[PersianHacker.NET 200502-05] WWWoard passwd Andrew guess
mailman email harvester Bernhard Kuemel
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Jerome ATHIAS
SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory Roy Hills
EEYE: Windows SMB Client Transaction Response Handling Vulnerability Marc Maiffret
Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 Luigi Auriemma
[SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories chewkeong
[SCL-2005.002] - IDN Feature Workaround via proxy.pac Scovetta, Michael V
GREENAPPLE Release Dave Aitel
Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability Rafel Ivgi
MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit ATmaCA ATmaCA
Internet Explorer zone spoofing with encoded URLs Jouko Pynnonen
MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities Mandrakelinux Security Team
[SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities chewkeong
[Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access Boren, Rich (SSRT)
Mercuryboard <= 1.1.1 Working Sql Injection Zeelock
[ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer Thierry Carrez
[ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf Matthias Geerdsen
Several SQL injection bugs in myPHP Forum v.1.0 foster GHC
Some details about MS05-007 security bulletin Jean-Baptiste Marchand
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter

Thursday, 10 February

RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN) R Dicaire
RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Randal, Phil
Patch available for high risk IBM DB2 Universal Database flaw NGSSoftware Insight Security Research
CFP for SyScAN'05 organiser () syscan org
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Simon Østengaard
Re: GMail / Google Groups ESMTP software b0f Heather Adkins
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Will Kamishlian
[SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution Martin Schulze
SQL injection in Chipmunk forums foster GHC
Paper: Solution to Red Hat PIE Protection Zarul Shahrin
CMS Core SQL injection foster GHC
yet another DSL modem backdoor - Mentor (Conexant) Adam Laurie
[Security Bulletin] SSRT4861 rev.0 - HP-UX BIND9.2.0 remote Denial of Service (DoS) Boren, Rich (SSRT)
SUSE Security Announcement: squid (SUSE-SA:2005:006) Thomas Biege
Re: yet another DSL modem backdoor - Mentor (Conexant) Philip Barnham
[SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities Martin Schulze
iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability iDefense Customer Service
Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Marcin Sochacki
[SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root Martin Schulze
iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability iDefense Customer Service
Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders. Sean Sosik-Hamor
iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability iDefense Customer Service
Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability Shiva Persaud
[ GLSA 200502-11 ] Mailman: Directory traversal vulnerability Sune Kloppenborg Jeppesen
Re: iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability Shiva Persaud
[USN-78-1] Mailman vulnerability Martin Pitt
[FLSA-2005:1943] Updated libpng resolves security vulnerabilities Dominic Hargreaves
[FLSA-2005:1906] Updated abiword packages fix security issue Dominic Hargreaves
[USN-79-1] PostgreSQL vulnerabilities Martin Pitt
[SECURITY] [DSA 675-1] New hztty packages fix local utmp exploit Martin Schulze
secure-roster script to address mailman email harvester Neal McBurnett
Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability Derek Martin
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Thor Larholm
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Color Inc.
Re: iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability Shiva Persaud
Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability Shiva Persaud

Friday, 11 February

HACKING WITH JAVASCRIPT hictor ertd
Symantec UPX Parsing Engine Heap Overflow Neil Watson
ASPjar guestbook (Injection in login page) farhad koosha
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter
iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow iDefense Customer Service
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Peter J. Holzer
Re:iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability Shiva Persaud
Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0 Luigi Auriemma
UPDATE: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Luke Macken
TSLSA-2005-0003 - multi Trustix Security Advisor
[SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service Martin Schulze
MDKSA-2005:032 - Updated cpio packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities Mandrakelinux Security Team
MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities Mandrakelinux Security Team
MDKSA-2005:035 - Updated python packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability Mandrakelinux Security Team
Remotely Controlling XSS Attacks - Announcing XSS-Proxy Rager, Anton (Anton)
[SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities Martin Schulze
insecure temporary file creation in kdelibs 3.3.2 Davide Madrisan
Re: Symantec UPX Parsing Engine Heap Overflow James Riden
[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root Martin Schulze
[SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution Martin Schulze
[FLSA-2005:2188] Updated gaim package resolves security issues Marc Deslauriers
[USN-81-1] iptables vulnerability Martin Pitt
[USN-80-1] mod_python vulnerability Martin Pitt
[FLSA-2005:2352] Updated Xpdf package fixes security issues Marc Deslauriers
[FLSA-2005:2252] Updated iptables packages resolve security issues Marc Deslauriers
[FLSA-2005:2353] Updated gpdf package fixes security issues Marc Deslauriers
BrightStor ARCserve Backup buffer overflow PoC cybertronic
Re: HACKING WITH JAVASCRIPT Cleiton Martins
Re: HACKING WITH JAVASCRIPT Jim Halfpenny
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford
Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability Zone Labs Product Security
SYM05-003 Symantec UPX Parsing Engine Heap Overflow secure
[ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper Thierry Carrez

Saturday, 12 February

[ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package Thierry Carrez
iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability iDefense Customer Service
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Neil W Rickert
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford
MDKSA-2005:032-1 - Updated cpio packages fix vulnerability Mandrakelinux Security Team
Symantec UPX issue solution Roger A. Grimes
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz
Re: [Full-Disclosure] Fireflashing [Firefox 1.0] Jelmer Kuperus
Re: Advanced Guestbook 2.2 -- SQL Injection Exploit mary
Infostring crash and shutdown in the Quake 3 engine Luigi Auriemma
exim auth_spa_server() PoC exploit Yuri Gushin
Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore

Monday, 14 February

[CLA-2005:924] Conectiva Security Announcement - XFree86 Conectiva Updates
[SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files Martin Schulze
[SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability Martin Schulze
[ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability Sune Kloppenborg Jeppesen
RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Michael Wojcik
Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore
[ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability Luke Macken
[ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability Matthias Geerdsen
AWStats <= 6.4 Multiple vulnerabilities GHC
[SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access Martin Schulze
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
Credit Card Phishing with executable download Gandalf The White
eBay Account Phishing with eBay Redirect Steven
vbulletin 3.0.x PHP code execution AL3NDALEEB
Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 James Lay
[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities John Cobb
Re: eBay Account Phishing with eBay Redirect Josh Tolley
[ GLSA 200502-17 ] Opera: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL parser Sune Kloppenborg Jeppesen

Tuesday, 15 February

[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution Martin Schulze
ASPjar Guestbook login.asp not official patch CorryL
Re: AWStats <= 6.4 Multiple vulnerabilities Ondra Holecek
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution Martin Schulze
Re: eBay Account Phishing with eBay Redirect Nick FitzGerald
Re: vbulletin 3.0.x PHP code execution pokley
MDKSA-2005:037 - Updated mailman packages fix directory traversal vulnerability Mandrakelinux Security Team
Re: eBay Account Phishing with eBay Redirect Jonathan Rockway
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jamie Pratt
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God)
IE6 SP1 - Click N Crash ViPeR
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Sebastian
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Herman Sheremetyev
RE: eBay Account Phishing with eBay Redirect Thomas T. Evans, III
Re: eBay Account Phishing with eBay Redirect Jay Calvert
Re: IE6 SP1 - Click N Crash is old news Berend-Jan Wever
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Ondra Holecek
Scottrader Application Exploit Ben Efros
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction James Lay
Scottsave.com Trade History Exploit Ben Efros
[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability John Cobb
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Ondra Holecek

Wednesday, 16 February

Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jeffrey Wilkinson
RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? William Pratt
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 Threlkeld, Richard
RE: eBay Account Phishing with eBay Redirect Israel Torres
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? twebster
RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185 Randal, Phil
XSS in MySpace.com RuWeb.net and Primus.com Chris
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jamie Pratt
[Full Disclosure] Using DHTML XSS to launch HHCTRL exploit Valentin Avram
[CLA-2005:925] Conectiva Security Announcement - evolution Conectiva Updates
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Thom Craver
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God)
Re: vbulletin 3.0.x PHP code execution AL3NDALEEB .
Re: BrightStor ARCserve Backup buffer overflow PoC Williams, James K
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. George Capehart
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? K-OTiK Security
MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability Mandrakelinux Security Team
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi Dirk Mueller
[hackgen-2005-#003] - SQL injection bugs in DCP-Portal Exoduks
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi Dirk Mueller
[ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability Matthias Geerdsen
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr
xprobe2 v0.2.2 released Ofir Arkin
[ GLSA 200502-23 ] KStars: Buffer overflow in fliccd Sune Kloppenborg Jeppesen
UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution Thierry Carrez
[ GLSA 200502-18 ] VMware Workstation: Untrusted library search path Thierry Carrez
Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software Maximillian Dornseif
Blind Sql-Injection in MySQL Databases Zeelock
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
[USN-82-1] Linux kernel vulnerabilities Martin Pitt
[ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail Thierry Carrez
[ GLSA 200502-21 ] lighttpd: Script source disclosure Thierry Carrez
[SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution Martin Schulze
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction Joe Granto
Re: vbulletin 3.0.x PHP code execution pokley
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
[USN-83-1] LessTif 2 vulnerabilities Martin Pitt
SHA-1 broken Gadi Evron
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Bill Brown
Update Your Bookmarks Amit Klein (AKsecurity)

Thursday, 17 February

Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Micah Brandon
Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 Thor (Hammer of God)
[Security Bulletin] SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow Boren, Rich (SSRT)
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. lyal.collins
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction Threlkeld, Richard
[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability PersianHacker Team
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Seth Breidbart
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ TAC
Re: SHA-1 broken Kent Borg
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Benjamin Franz
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta
RE: BrightStor ARCserve Backup buffer overflow PoC (fix available) Williams, James K
Re: SHA-1 broken Michael Cordover
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Nick FitzGerald
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
Re: SHA-1 broken Robert Sussland
Re: SHA-1 broken Steve Friedl
XSS vulnerabilty in ASP.Net [with details] Andir Andir
RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Michael Scheidell
MDKSA-2005:039 - Updated rwho packages fix vulnerability Mandrakelinux Security Team
Re: xprobe2 v0.2.2 released Stan Bubrouski
RECON 2005 CFP [Montreal, Canada] dataworm
[ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Invision Power Boards 1.3.1 FINAL XSS Exploit Daniel A .
Dangers of discarding duplicated messages Adrian Bunk
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Matt Wilder
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available) Williams, James K
[ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie Scovetta Labs
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Ron DuFresne

Friday, 18 February

Re: Permission problem in Skype BETA for linux Peter Conrad
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God)
Remote Windows Kernel Exploitation - Step Into the Ring 0 Marc Maiffret
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Tosoni
[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection PersianHacker Team
Possible phpBB <=2.0.11 bug or sql injection? jtm297
[SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution Martin Schulze
Advisory: Multiple Vulnerabilities in BibORB Patrick Hof
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Re: SHA-1 broken Jonathan G. Lampe
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability Martin Schulze
hpm_guestbook.cgi JavaScript-Injection Christoph Burchert
iDEFENSE Labs Website Launch iDEFENSE Labs
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
Re: IE6 SP1 - Click N Crash Robert ONeal
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec
Phishing hole found in IE and OE Jay Calvert
RE: SHA-1 broken Scovetta, Michael V
[USN-78-2] Fixed mailman packages for USN-78-1 Martin Pitt
[USN-66-2] PHP vulnerability Martin Pitt
Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ Vade 79

Saturday, 19 February

Re: SHA-1 broken dullien
Re: SHA-1 broken dullien
Re: Possible phpBB <=2.0.11 bug or sql injection? Exoduks
Re: Dangers of discarding duplicated messages Maciej Soltysiak
BizMail 2.1 Spam Exploit Jason Frisvold
MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team
RE: SHA-1 broken Michael Silk
MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team
[SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability Martin Schulze
[ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability Sune Kloppenborg Jeppesen
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Rainer Duffner
3com 3CDaemon FTP "USER" Remote BOverflow POC Hat-Squad Security Team
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Riccardo Murri
Re: Phishing hole found in IE and OE Greg Merideth
Re: SHA-1 broken D.J. Capelis
RE: Possible phpBB <=2.0.11 bug or sql injection? Miguel Angel Rodríguez Jódar
Re: Phishing hole found in IE and OE David Nichols
Combining Hashes Kent Borg
MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities Mandrakelinux Security Team
Adobe Reader invalid root page node Count value DOS Hongzhen Zhou
Multiple vulnerabilities in TrackerCam 5.12 Luigi Auriemma
Re: SHA-1 broken Michael Silk
Re: SHA-1 broken Dan Harkless
MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? newbug Tseng
[ GLSA 200502-25 ] Squid: Denial of Service through DNS responses Sune Kloppenborg Jeppesen
Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins headpimp
MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team
MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities Mandrakelinux Security Team
Joint encryption? John Richard Moser
Re: SHA-1 broken dullien
Re: SHA-1 broken Darren Reed

Sunday, 20 February

Multiples vulnerability in ZeroBoard, albanian haxorz
Re: Joint encryption? John Richard Moser
[ GLSA 200502-27 ] gFTP: Directory traversal vulnerability Matthias Geerdsen
Re: Joint encryption? Damian Menscher
exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit yan feng
[FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities Dominic Hargreaves
Re: Phishing hole found in IE and OE cyberpixl
Re: SHA-1 broken Tollef Fog Heen
[Hat-Squad] Findjmp2 Tool Hat-Squad Security Team
Thomson TCW690 POST Password Validation Vulnerability MurDoK
3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow class 101
webfsd fun. opensource is god .lol windows yan feng
cfengine rsa heap remote exploit: part of PTjob project yan feng
Re: Joint encryption? Casper . Dik
Re: Joint encryption? devnull
Re: Possible phpBB <=2.0.11 bug or sql injection? kaosone+[ONE]+
Re: Combining Hashes unmanarc
Re: [lists] Combining Hashes Elliott Bäck
Re: Joint encryption? John Richard Moser
Re: Joint encryption? John Richard Moser
Re: SHA-1 broken Michael Silk
Re: SHA-1 broken Anatole Shaw
Re: SHA-1 broken securityfocus
Knox Arkeia remote root/system exploit John Doe
Re: Combining Hashes Felix Cuello
Re: Dangers of discarding duplicated messages Jon Keating
Re: SHA-1 broken exon
Re: SHA-1 broken Brian May
Re: Dangers of discarding duplicated messages Gene Rackow
Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability Andres Tarasco
Re: Possible phpBB <=2.0.11 bug or sql injection? Giacomo Rizzo
Re: Dangers of discarding duplicated messages David F. Skoll
Re: SHA-1 broken Michael Cordover
Re: Combining Hashes exon

Monday, 21 February

[SECURITY] [DSA 674-3] New mailman packages really fix several vulnerabilities Martin Schulze
Arkeia Network Backup Client Remote Access H D Moore
Re: Knox Arkeia remote root/system exploit H D Moore
Re: Combining Hashes Ivan Krstic
Gigafast/CompUSA router (model EE400-R) vulnerabilities Gary H. Jones II
Re: SHA-1 broken Michael Silk
Re: Joint encryption? Robert C. Helling
ADP Elite System Max 9000 Series Login Vulnerability rootfiend
Windows Firewall Has A Backdoor Jay Calvert
Re: SHA-1 broken exon
[USN-84-1] Squid vulnerabilities Martin Pitt
[FLSA-2005:2058] Updated cdrtools packages fix a security issue Marc Deslauriers
[FLSA-2005:1945] Updated sox packages fix buffer overflows Marc Deslauriers
[FLSA-2005:1944] GNOME VFS updates address extfs vulnerability Marc Deslauriers
Re: Combining Hashes Frank Knobbe
RE: SHA-1 broken Frank Knobbe
Re: Joint encryption? Gandalf The White
RE: Joint encryption? David Schwartz
Re: Joint encryption? John Richard Moser
Re: SHA-1 broken peeon+securityfocus
Re: Joint encryption? Valdis . Kletnieks
Re: SHA-1 broken Denis Jedig
Re: Joint encryption? peter zulu
Re: Joint encryption? Ruud H.G. van Tol
Re: Windows Firewall Has A Backdoor Chris Wysopal
Re: SHA-1 broken Damian Menscher
Re: Joint encryption? John Richard Moser
Re: SHA-1 broken Paul Johnston
[ GLSA 200502-28 ] PuTTY: Remote code execution Luke Macken
RE: Windows Firewall Has A Backdoor Chris Goodwin
iDEFENSE Security Advisory 02.21.05: Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities iDEFENSE Labs
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability iDEFENSE Labs
Re: SHA-1 broken Peter J. Holzer
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability iDEFENSE Labs

Tuesday, 22 February

Re: SHA-1 broken Peter Jeremy
phpBB 2.0.12 released Snapdragon
Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability m123303
Re: Arkeia Network Backup Client Remote Access Vincent Archer
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability iDEFENSE Labs
Re: Arkeia Network Backup Client Remote Access H D Moore
Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability grutz
SD Server 4.0.70 Directory Traversal Bug CorryL
[NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection John Cobb
Re: Windows Firewall Has A Backdoor Thor (Hammer of God)
RE: Windows Firewall Has A Backdoor Thor Larholm
Re: Combining Hashes Joel Maslak
The WebConnect 6.4.4 and 6.5 contains several vulnerabilities CIRT Advisory
[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection pokley
paNews v2.0b4 - PHP Injection tjomka
Cross Site Scripting exploitation via malformed files Jerome ATHIAS
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability iDEFENSE Labs

Wednesday, 23 February

Software PBLang 4.65 search.php XSS vulnerability Raven
Software PBLang 4.65 pmpshow.php XSS vulnerability Raven
Software PBLang 4.65 pm.php XSS vulnerability Raven
Re: Arkeia Network Backup Client Remote Access Arnaud Spicht
Re: Knox Arkeia remote root/system exploit Arnaud Spicht
Re: Cross Site Scripting exploitation via malformed files http-equiv () excite com
Re: phpBB 2.0.12 released bcl
[SECURITY] [DSA 688-1] New squid packages fix denial of service Martin Schulze
[SECURITY] [DSA 689-1] New mod_python packages fix information leak Martin Schulze
Incorrect Classification of iDownload's Product as Spyware... Paul Laudanski
[ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities Matthias Geerdsen
Robustness patch for TWiki, vulnerability in ImageGalleryPlugin Florian Weimer
Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594] Arnaud Spicht
[Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue] Maciej Bogucki
Office 10 applications & flashdrives can be used to browse restricted drives Discini, Sonny

Thursday, 24 February

RE: Incorrect Classification of iDownload's Product as Spyware... Roger A. Grimes
Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com Josh884
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability Walton, John Michael (John)
iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability iDEFENSE Labs
Re: phpBB 2.0.12 released bcl
Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities Cisco Systems Product Security Incident Response Team
[Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access Boren, Rich (SSRT)
In-game cl_guid crash in Soldier of Fortune II 1.03 Luigi Auriemma
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability PASTOR ADRIAN
Multiple vulns in punBB John Gumbel
MDKSA-2005:047 - Updated squid packages fix vulnerability Mandrakelinux Security Team
[FLSA-2005:2043] Updated zlib package fixes security issues Marc Deslauriers
MDKSA-2005:046 - Updated uim packages fix vulnerability Mandrakelinux Security Team
[FLSA-2005:2343] Updated vim packages fix security issues Marc Deslauriers
phpWebSite-0.10.0_exploit tjomka

Friday, 25 February

[FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws Marc Deslauriers
[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Maksymilian Arciemowicz
phpWebSite 0.10.0 Full Path disclosure HaCkZaTaN .
phpWebSite 0.10.0 Full Path disclosure HaCkZaTaN
Firescrolling [Firefox 1.0] mikx
[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution Martin Schulze
Announce: RSBAC v1.2.4 released Amon Ott
CFP: WORM 2005 David Moore
AW: phpWebSite-0.10.0_exploit webmaster
Re: Office 10 applications & flashdrives can be used to browse restricted drives Denis Jedig
[FLSA-2005:2336] Updated kernel packages fix security issues Marc Deslauriers
[USN-85-1] Gaim vulnerabilities Martin Pitt
RE: Firescrolling [Firefox 1.0] Beauford, Jason
iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability iDEFENSE Labs
RE: Firescrolling [Firefox 1.0] Eric McCarty
CIS WebServer Directory Traversal Bug CorryL
Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Stan Bubrouski

Saturday, 26 February

Re: Firescrolling [Firefox 1.0] btrq
-==phpBB 2.0.12 Full path disclosure==- HaCkZaTaN
Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion Calum Power
Knet <= 1.04c Buffer Overflow Bug CorryL
Re: Office 10 applications & flashdrives can be used to browse restricted drives Paul
Mozilla Firefox 1.0.1 Javascript Images are Draggable Paul
[ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability Thierry Carrez
Re: Firescrolling [Firefox 1.0] Stan Bubrouski
Re: Mozilla Firefox 1.0.1 Javascript Images are Draggable Jay D. Dyson
Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]