Bugtraq: by thread

Bugtraq: by thread

383 messages starting Jan 01 05 and ending Jan 31 05
Date index | Thread index | Author index

Jacks FormMail.php remote file access vulnerability Hack Hawk (Jan 01)
Windows Media files allow opening any url in Internet Explorer Berend-Jan Wever (Jan 01)
Windows LoadImage API Heapoverflow exploit Berend-Jan Wever (Jan 01)
7a69Adv#17 - Internet Explorer FTP download path disclosure Albert Puigsech Galicia (Jan 01)
Various Vulnerabilities in OWL Intranet Engine Joxean Koret (Jan 01)
Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM Joxean Koret (Jan 01)
Two Vulnerabilities in ViewCVS Joxean Koret (Jan 01)
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files Martin Schulze (Jan 03)
Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser Peter Kruse (Jan 03)
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard advisory (Jan 03)
Multiple Vulnerabilities in FlatNuke Pierquinto Manco (Jan 03)
Multiple Firewall Products Bypass Vulnerability Ferruh Mavituna (Jan 03)
- Re: Multiple Firewall Products Bypass Vulnerability Ansgar -59cobalt- Wiechers (Jan 14)
3Com 3CDaemon Multiple Vulnerabilities Sowhat . (Jan 04)
Serious Vulnerabilities In PhotoPost ReviewPost GulfTech Security (Jan 04)
[SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution Martin Schulze (Jan 04)
Multiple PhotoPost Pro Vulnerabilities GulfTech Security (Jan 04)
[KDE Security Advisory] ftp kioslave command injection Dirk Mueller (Jan 04)
MyBB SQL Injection scottm (Jan 04)
Socket termination, format string and XSS in Soldner Secret Wars 30830 Luigi Auriemma (Jan 04)
QWikiwiki directory traversal vulnerability Madelman (Jan 04)
[SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution Martin Schulze (Jan 05)
[ GLSA 200501-04 ] Shoutcast Server: Remote code execution Luke Macken (Jan 05)
[CLA-2005:910] Conectiva Security Announcement - mplayer Conectiva Updates (Jan 05)
[SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution Martin Schulze (Jan 05)
[ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply Thierry Carrez (Jan 05)
[ GLSA 200501-02 ] a2ps: Insecure temporary files handling Thierry Carrez (Jan 05)
[ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities Thierry Carrez (Jan 05)
DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability' KF (Lists) (Jan 05)
IBM DB2 db2fmp buffer overflow (#NISR05012005A) NGSSoftware Insight Security Research (Jan 05)
Paper: SQL Injection Attacks by Example Steve Friedl (Jan 05)
- RE: Paper: SQL Injection Attacks by Example David Litchfield (Jan 05)
- <Possible follow-ups>
- RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V (Jan 05)
  - Re: Paper: SQL Injection Attacks by Example Chip Andrews (Jan 05)
  - Re: Paper: SQL Injection Attacks by Example Cory Foy (Jan 05)
  - RE: Paper: SQL Injection Attacks by Example David Litchfield (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Michael Silk (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Sergey Chernyshev (Jan 06)
IBM DB2 libdb2.so buffer overflow (#NISR05012005B) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 call buffer overflow (#NISR05012005C) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 Windows Permission Problems (#NISR05012005F) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 XML functions overflows (#NISR05012005H) NGSSoftware Insight Security Research (Jan 05)
IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I) NGSSoftware Insight Security Research (Jan 05)
[ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv Sune Kloppenborg Jeppesen (Jan 05)
[ GLSA 200501-06 ] tiff: New overflows in image decoding Thierry Carrez (Jan 05)
All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Rafel Ivgi, The-Insider (Jan 06)
- <Possible follow-ups>
- RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Polazzo Justin (Jan 06)
- re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Sym Security (Jan 06)
[SECURITY] [DSA 626-1] New tiff packages fix denial of service Martin Schulze (Jan 06)
[SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerability Martin Schulze (Jan 06)
[SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code execution Martin Schulze (Jan 06)
Socket unreacheable in Amp II engine Luigi Auriemma (Jan 06)
[USN-54-1] TIFF library tool vulnerability Martin Pitt (Jan 06)
[USN-55-1] imlib2 vulnerabilities Martin Pitt (Jan 06)
[ GLSA 200501-07 ] xine-lib: Multiple overflows Thierry Carrez (Jan 06)
[CLA-2005:913] Conectiva Security Announcement - samba Conectiva Updates (Jan 06)
MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 06)
MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities Mandrake Linux Security Team (Jan 06)
MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities Mandrake Linux Security Team (Jan 06)
MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 06)
[ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities Luke Macken (Jan 06)
[ GLSA 200501-09 ] xzgv: Multiple overflows Thierry Carrez (Jan 06)
[ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerability Thierry Carrez (Jan 06)
WinAc AND WinHKI ZIP File Directory Transversal Rafel Ivgi, The-Insider (Jan 06)
Santy and SSL Ofer Shezaf (Jan 06)
grsecurity 2.1.0 release / 5 Linux kernel advisories Brad Spengler (Jan 07)
- <Possible follow-ups>
- grsecurity 2.1.0 release / 5 Linux kernel advisories Brad Spengler (Jan 07)
Linux kernel sys_uselib local root vulnerability Paul Starzetz (Jan 07)
Mozilla XBM Image Vulnerability Luca Ercoli (Jan 07)
Simple PHP Blog directory traversal vulnerability Madelman (Jan 07)
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution Martin Schulze (Jan 07)
Linux kernel uselib() privilege elevation, corrected Paul Starzetz (Jan 07)
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability customer service mailbox (Jan 07)
Troj/Winser-A malware analysis Steve Friedl (Jan 07)
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability customer service mailbox (Jan 08)
Security Advisory: Woltlab Burning Board Lite formmail.php XSS Martin Heistermann (Jan 10)
[ GLSA 200501-12 ] TikiWiki: Arbitrary command execution Matthias Geerdsen (Jan 10)
[SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directory Martin Schulze (Jan 10)
SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001) Thomas Biege (Jan 10)
[SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code execution Martin Schulze (Jan 10)
[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution Martin Schulze (Jan 10)
SQL Injection Vulnerability in Invision Community Blog darkhawk matrix (Jan 10)
[ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf Sune Kloppenborg Jeppesen (Jan 11)
[ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities Sune Kloppenborg Jeppesen (Jan 11)
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access Martin Schulze (Jan 11)
Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds (Jan 11)
UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG) Liu Die Yu (Jan 11)
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu (Jan 11)
- Re: The Misuse of RC4 in Microsoft Word and Excel Brendan Dolan-Gavitt (Jan 12)
HylaFAX hfaxd unauthorized login vulnerability Lee Howard (Jan 11)
applicable exploit for winxp-sp2-uptodate Internet Explorer Liu Die Yu (Jan 11)
- IE HHCTRL exploit still usable even after patch Valentin Avram (Jan 19)
EEYE: Windows ANI File Parsing Buffer Overflow Derek Soeder (Jan 11)
VERITAS Backup Exec 8.x/9.x Remote Universal Exploit class 101 (Jan 11)
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow Team SHATTER (Application Security, Inc.) (Jan 11)
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation Team SHATTER (Application Security, Inc.) (Jan 11)
Portcullis Security Advisory 05-010 Paul J Docherty (Jan 11)
Firespoofing [Firefox 1.0] mikx (Jan 11)
- Re: Firespoofing [Firefox 1.0] Pavel Kankovsky (Jan 11)
[ GLSA 200501-18 ] KDE FTP KIOslave: Command injection Sune Kloppenborg Jeppesen (Jan 11)
Portcullis Security Advisory 05-005 Paul J Docherty (Jan 11)
Portcullis Security Advisory 05-001 Paul J Docherty (Jan 11)
Portcullis Security Advisory 05-007 Paul J Docherty (Jan 11)
Mod_dosevasive symlink and race vulnerability LSS Security (Jan 11)
Portcullis Security Advisory 05-006 Paul J Docherty (Jan 11)
Portcullis Security Advisory 05-003 Paul J Docherty (Jan 11)
[SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation Martin Schulze (Jan 11)
[OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl) OpenPKG (Jan 11)
Portcullis Security Advisory 05-004 Paul J Docherty (Jan 11)
Metasploit Framework v2.3 H D Moore (Jan 11)
Woltlab Burning Book addentry.php SQL Injection Martin Heistermann (Jan 11)
Apache mod_auth_radius remote integer overflow LSS Security (Jan 11)
[ GLSA 200501-11 ] Dillo: Format string vulnerability Thierry Carrez (Jan 11)
[USN-58-1] MIT Kerberos server vulnerability Martin Pitt (Jan 11)
[ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerability Thierry Carrez (Jan 11)
Portcullis Security Advisory 05-009 Paul J Docherty (Jan 11)
Security Contact for Nokia Mobile phone softwares rohit (Jan 11)
[ GLSA 200501-20 ] o3read: Buffer overflow during file conversion Thierry Carrez (Jan 11)
IlohaMail Insecure Configuration Files wang (Jan 11)
Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1 David Ahmad (Jan 11)
Re: DSL- Router Teledat 530 DoS Stefan S . (Jan 11)
[ GLSA 200501-22 ] poppassd_pam: Unauthorized password changing Thierry Carrez (Jan 11)
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability Danny (Jan 11)
- Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds (Jan 11)
[NILESA-20050101]: Denial of Service vulnerability due to the mountd bug Jonglim Yun (Jan 11)
[ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included Xpdf Thierry Carrez (Jan 12)
Squirrelmail vacation v0.15 local root exploit LSS Security (Jan 12)
[USN-59-1] mailman vulnerabilities Martin Pitt (Jan 12)
WMV (Windows Media Player) trojan in wild Marc Bejarano (Jan 12)
Portcullis Security Advisory 05-008 Paul J Docherty (Jan 12)
Linux kernel i386 SMP page fault handler privilege escalation Paul Starzetz (Jan 12)
Arkeia Possible remote root & information leakage Maciej Bogucki (Jan 12)
[SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution Martin Schulze (Jan 12)
Security Advisory: BiTBOARD xss Martin Heistermann (Jan 12)
[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files Martin Schulze (Jan 12)
[ GLSA 200501-23 ] Exim: Two buffer overflows Matthias Geerdsen (Jan 12)
Is DEP easily evadable? John Richard Moser (Jan 12)
- Re: Is DEP easily evadable? Florian Weimer (Jan 13)
  - Re: Is DEP easily evadable? John Richard Moser (Jan 13)
    - Re: Is DEP easily evadable? Ben Pfaff (Jan 13)
    - Re: Is DEP easily evadable? John Richard Moser (Jan 14)
    - Re: Is DEP easily evadable? Ben Pfaff (Jan 14)
Windows ANI File Parsing Proof Of Concept (MS05-002) assaf404 (Jan 12)
[waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke Janek Vind (Jan 12)
[SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities Martin Schulze (Jan 13)
[CLA-2005:915] Conectiva Security Announcement - php4 Conectiva Updates (Jan 13)
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution Martin Schulze (Jan 13)
[CLA-2005:916] Conectiva Security Announcement - ethereal Conectiva Updates (Jan 13)
XSS Vulnerability in ForumKIT tom cruise (Jan 13)
[CLA-2005:917] Conectiva Security Announcement - krb5 Conectiva Updates (Jan 13)
Cross Site Scripting holes found in Horde 3.0 Hyperdose Security (Jan 13)
TSLSA-2005-0001 - multi Trustix Security Advisor (Jan 13)
IE issue with percent 20 RSnake (Jan 13)
InternetExploiter 3.2 Berend-Jan Wever (Jan 13)
UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities Thierry Carrez (Jan 13)
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack CIRT Advisory (Jan 13)
- <Possible follow-ups>
- Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack Hammud_Saway (Jan 13)
  - Re: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack shadown (Jan 14)
MDKSA-2005:006 - Updated hylafax packages fix vulnerability Mandrake Linux Security Team (Jan 13)
SB2005002: pron to bypass APF checking uid(0) routine x90c (Jan 13)
MDKSA-2005:007 - Updated imlib packages fix vulnerability Mandrake Linux Security Team (Jan 13)
STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities advisory (Jan 13)
iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability customer service mailbox (Jan 13)
Server crash in Breed patch #1 Luigi Auriemma (Jan 13)
iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability customer service mailbox (Jan 14)
iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability customer service mailbox (Jan 14)
XSS Vulnerability in Siteman v1.1.9 Pedram hayati (Jan 14)
Internet Explorer valid JavaScript-file successfull load detection local file enumeration Berend-Jan Wever (Jan 14)
[CLA-2005:918] Conectiva Security Announcement - twiki Conectiva Updates (Jan 14)
Paper: How to exploit overflow vulnerability under Fedora Core 2 vangelis vangelis (Jan 14)
MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerability Mandrake Linux Security Team (Jan 14)
new tool : the first remote PHP vulnerability scanner bad boy (Jan 14)
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities Martin Schulze (Jan 14)
iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability customer service mailbox (Jan 14)
Re: rssh and scponly arbitrary command execution Derek Martin (Jan 15)
iDefense iTunes advisory. nemo (Jan 15)
[USN-60-0] Linux kernel vulnerabilities Martin Pitt (Jan 15)
Various Vulnerabilities in SparkleBlog Kovács László (Jan 15)
- RE: Various Vulnerabilities in SparkleBlog Alan W. Rateliff, II (Jan 15)
XSS in the nested BB tag in many forum pigrelax (Jan 15)
Apple Airport WDS DoS Dylan Griffiths (Jan 15)
exim dns_buld_reverse() proof-of-concept Rafael San Miguel Carrasco (Jan 15)
[ GLSA 200501-25 ] Squid: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jan 17)
[SECURITY] [DSA 640-1] New gatos packages fix arbitrary code execution Martin Schulze (Jan 17)
[OpenPKG-SA-2005.002] OpenPKG Security Advisory (sudo) OpenPKG (Jan 17)
[OpenPKG-SA-2005.003] OpenPKG Security Advisory (a2ps) OpenPKG (Jan 17)
[SECURITY] [DSA 641-1] New playmidi packages fix local root exploit Martin Schulze (Jan 17)
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities Martin Schulze (Jan 17)
SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002) Ludwig Nussel (Jan 17)
[SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability chewkeong (Jan 18)
Minis directory traversal vulnerability Madelman (Jan 18)
Multiple Vulnerabilities in Netgear FVS318 Router Paul Kurczaba (Jan 18)
phpGiftReq SQL Injection Madelman (Jan 18)
MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 19)
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i NGSSoftware Insight Security Research (Jan 19)
[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution Martin Schulze (Jan 19)
[SECURITY] [DSA 643-1] New queue packages fix buffer overflows Martin Schulze (Jan 19)
iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability customer service mailbox (Jan 19)
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison. please_reply_to_security (Jan 19)
Novell GroupWise WebAccess error modules loading Marc Ruef (Jan 19)
- Re: Novell GroupWise WebAccess error modules loading Jonathan Rockway (Jan 22)
[USN-62-1] imagemagick vulnerability Martin Pitt (Jan 19)
Netegrity SiteMinder smpwservicescgi.exe target specification Marc Ruef (Jan 19)
[USN-63-1] MySQL client vulnerability Martin Pitt (Jan 19)
Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Rafel Ivgi, The-Insider (Jan 19)
- Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Berend-Jan Wever (Jan 19)
- Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Markus Kern (Jan 19)
  - Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Markus Kern (Jan 20)
[USN-61-1] vim vulnerabilities Martin Pitt (Jan 19)
Unrestricted I/O access vulnerability in INCA Gameguard Ryu Connor (Jan 19)
- <Possible follow-ups>
- Re: Unrestricted I/O access vulnerability in INCA Gameguard David Roberts (Jan 28)
Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability Rafel Ivgi, The-Insider (Jan 19)
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow customer service mailbox (Jan 19)
PeteFinnigan.com - Oracle security advisory Pete Finnigan (Jan 19)
Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions Cisco Systems Product Security Incident Response Team (Jan 20)
- Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After Patch Valentin Avram (Jan 20)
RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f) NGSSoftware Insight Security Research (Jan 20)
MSN Heartbeat Control Buffer Overflow NGSSoftware Insight Security Research (Jan 20)
RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g) NGSSoftware Insight Security Research (Jan 20)
Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c) NGSSoftware Insight Security Research (Jan 20)
Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a) NGSSoftware Insight Security Research (Jan 20)
Darwin Kernel Vulnerability nemo (Jan 20)
- Re: Darwin Kernel Vulnerability neil (Jan 21)
RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e) NGSSoftware Insight Security Research (Jan 20)
iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities Michael Sutton (Jan 20)
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution Martin Schulze (Jan 20)
[SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code execution Martin Schulze (Jan 20)
[SECURITY] [DSA 647-1] New mysql packages fix insecure temporary files Martin Schulze (Jan 20)
fkey[v0.0.2]: local/remote file accessibility exploit. Vade 79 (Jan 20)
[SECURITY] [DSA 651-1] New squid packages fix denial of service Martin Schulze (Jan 20)
[USN-64-1] xpdf, CUPS vulnerabilities Martin Pitt (Jan 20)
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution Martin Schulze (Jan 20)
[USN-66-1] PHP vulnerabilities Martin Pitt (Jan 20)
[CLA-2005:920] Conectiva Security Announcement - libtiff3 Conectiva Updates (Jan 20)
[USN-67-1] Squid vulnerabilities Martin Pitt (Jan 20)
Multiple vulnerabilities in Konversation Wouter Coekaerts (Jan 20)
MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 21)
Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications Integrigy Security (Jan 21)
MDKSA-2005:009 - Updated mpg123 packages fix vulnerability Mandrake Linux Security Team (Jan 21)
MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 21)
STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerability advisory (Jan 21)
STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerability advisory (Jan 21)
[SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypass Martin Schulze (Jan 21)
God Admin Injection Vulnerability in Siteman 1.0.x Pedram hayati (Jan 21)
OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cache please_reply_to_security (Jan 21)
[ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow Sune Kloppenborg Jeppesen (Jan 21)
[USN-65-1] Apache utility script vulnerability Martin Pitt (Jan 21)
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities Martin Schulze (Jan 21)
UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities please_reply_to_security (Jan 21)
iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability iDefense Customer Service (Jan 21)
[ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities Luke Macken (Jan 21)
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003) Marcus Meissner (Jan 22)
Various Buffer Overflows in Oracle 10g Tools Joxean Koret (Jan 22)
- Re: Various Buffer Overflows in Oracle 10g Tools David Litchfield (Jan 22)
bug report comersus Back Office Lite 6.0 and 6.0.1 raf somers (Jan 22)
Mac OS X 10.3 iSync Privilege Escalation Braden Thomas (Jan 22)
(MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems) houseofdabus HOD (Jan 22)
Re: Advanced Guestbook Stewart Souter (Jan 22)
PHRACK #63 CALL FOR PAPERS rm (Jan 22)
Call for DEFCON Capture the Flag Organizers. The Dark Tangent (Jan 22)
[ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability Luke Macken (Jan 22)
Arbitrary files overwriting through skins in DivX Player 2.6 Luigi Auriemma (Jan 22)
Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow NGSSoftware Insight Security Research (Jan 22)
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow Martin Schulze (Jan 22)
KDE Security Advisory: KOffice PDF Import Filter Vulnerability Waldo Bastian (Jan 22)
ASH Hashing Algorithm seasonedpaper (Jan 22)
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities Martin Schulze (Jan 22)
Security Contact within RIM / Blackberry Mark Litchfield (Jan 22)
KDE Security Advisory: Multiple vulnerabilities in Konversation Waldo Bastian (Jan 22)
[ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 Thierry Carrez (Jan 22)
[ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf code Thierry Carrez (Jan 22)
Siteman User Database Line Insertion Vulnerability shoalie sefid (Jan 22)
Internet Explorer URL obfuscation. Stewart, Graeme (Jan 22)
- Re: Internet Explorer URL obfuscation. Berend-Jan Wever (Jan 24)
RealVNC Contact DSGM (Jan 22)
Netscape Overflow. Carlos Ulver (Jan 22)
[KDE Security Advisory] kpdf Buffer Overflow Vulnerability Dirk Mueller (Jan 24)
[ GLSA 200501-33 ] MySQL: Insecure temporary file creation Luke Macken (Jan 24)
[ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code Sune Kloppenborg Jeppesen (Jan 24)
SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004) Marcus Meissner (Jan 24)
SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A (Jan 24)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Michael Hampton (Jan 25)
- <Possible follow-ups>
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc (Jan 28)
  - Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Damien Miller (Jan 29)
  - Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A (Jan 31)
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc (Jan 29)
  - Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Lee Dilkie (Jan 29)
    - Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Casper . Dik (Jan 31)
Local buffer-overflow in W32Dasm 8.93 Luigi Auriemma (Jan 25)
Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption Paul J Docherty (Jan 25)
MDKSA-2005:012 - Updated zhcon packages fix vulnerability Mandrake Linux Security Team (Jan 25)
Multiple vulnerabilities in MercuryBoard 1.1.1 Alberto Trivero (Jan 25)
English-language version of K-OTik.COM launched today ! K-OTiK Security (Jan 25)
iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability iDefense Customer Service (Jan 25)
- Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability dila (Jan 31)
[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper Luke Macken (Jan 25)
MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 25)
[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution Martin Schulze (Jan 25)
logwatch and logrotate might create a blind spot in reporting Sami Pitko (Jan 25)
- Re: logwatch and logrotate might create a blind spot in reporting The Tibetan Traveller (Jan 27)
[SECURITY] [DSA 656-1] New vdr packages fix insecure file access Martin Schulze (Jan 25)
[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access Martin Schulze (Jan 25)
Vulnerabilities in eXponent 0.95 Ahmad Muammar (Jan 25)
MDKSA-2005:015 - Updated mailman packages fix vulnerabilities Mandrake Linux Security Team (Jan 25)
MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 25)
Re: ADVISORY: security hole (http response splitting) in snitz forums 2000 Harold Lines (Jan 25)
[USN-68-1] enscript vulnerabilities Martin Pitt (Jan 25)
[CLA-2005:921] Conectiva Security Announcement - xpdf Conectiva Updates (Jan 25)
[USN-69-1] Evolution vulnerability Martin Pitt (Jan 25)
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities Thierry Carrez (Jan 25)
Re: "Local" and "Remote" considered insufficient Frank Knobbe (Jan 25)
[USN-70-1] Perl DBI module vulnerability Martin Pitt (Jan 25)
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file Martin Schulze (Jan 25)
phpEventCalendar HTML injection Madelman (Jan 25)
[ GLSA 200501-36 ] AWStats: Remote code execution Luke Macken (Jan 25)
- Re: [ GLSA 200501-36 ] AWStats: Remote code execution Delian Krustev (Jan 27)
wifi AP + broadcoast ping Miroslav Kubik (Jan 25)
OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation please_reply_to_security (Jan 26)
OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions please_reply_to_security (Jan 26)
MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities Mandrake Linux Security Team (Jan 26)
List of all admin accounts in phpBB Predrag Damnjanovic (Jan 26)
- Re: List of all admin accounts in phpBB Aaron Klein (Jan 27)
  - Re: List of all admin accounts in phpBB Paul Laudanski (Jan 29)
MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 26)
DMA[2005-0125a] - 'berlios gpsd format string vulnerability' KF (Lists) (Jan 26)
MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 26)
Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload Cisco Systems Product Security Incident Response Team (Jan 26)
Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes Reload Cisco Systems Product Security Incident Response Team (Jan 26)
Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers Cisco Systems Product Security Incident Response Team (Jan 27)
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking please_reply_to_security (Jan 27)
[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass Martin Schulze (Jan 27)
iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability iDefense Customer Service (Jan 27)
Black Hat new content on-line & Registration now open for Asia and Europe. Jeff Moss (Jan 27)
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities Martin Schulze (Jan 27)
MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 27)
MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 27)
MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 27)
MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability Mandrake Linux Security Team (Jan 27)
Multiple Vulnerabilities in Pocket IE kers0r (Jan 27)
[CLA-2005:923] Conectiva Security Announcement - squid Conectiva Updates (Jan 27)
HKLM locking Vladimir Kraljevic (Jan 27)
NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name NSFOCUS Security Team (Jan 27)
Ingate Firewall: Removed PPTP tunnels not deactivated Per Cederqvist (Jan 27)
DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid' KF (Lists) (Jan 27)
NOVL-2005-10096251 GroupWise WebAccess Error modules loading (report) Ed Reed (Jan 27)
[Contact] Motorola broadband appliance team? William A. Rowe, Jr. (Jan 27)
[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities chewkeong (Jan 27)
UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES Nash Leon (Jan 27)
- Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES pokley (Jan 28)
[ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities Thierry Carrez (Jan 27)
[ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflow Thierry Carrez (Jan 27)
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files Martin Schulze (Jan 27)
MDKSA-2005:024 - Updated evolution packages fix vulnerability Mandrakelinux Security Team (Jan 27)
WarFTPD 1.82 RC9 DoS MC.Iglo (Jan 27)
Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2 David Alonso Pérez (Jan 28)
[ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Jan 28)
WebWasher Classic - HTTP CONNECT weakness Oliver Karow (Jan 28)
[OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) OpenPKG (Jan 28)
Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes ShineShadow (Jan 28)
Winamp Exploit (POC) 5.08 Stack Overflow Rojodos (Jan 28)
- <Possible follow-ups>
- Re: Winamp Exploit (POC) 5.08 Stack Overflow Black Dot (Jan 31)
[ GLSA 200501-40 ] ngIRCd: Buffer overflow Thierry Carrez (Jan 28)
SquirrelMail Security Advisory Jonathan Angliss (Jan 29)
XSS in Infinite Mobile Delivery v2.6 Webmail steven (Jan 29)
[ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue Thierry Carrez (Jan 31)
[ GLSA 200501-43 ] f2c: Insecure temporary file creation Thierry Carrez (Jan 31)
[ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities Thierry Carrez (Jan 31)
WASC-Articles: "The 80/20 Rule for Web Application Security" robert (Jan 31)
Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS) Boren, Rich (SSRT) (Jan 31)
[ GLSA 200501-41 ] TikiWiki: Arbitrary command execution Sune Kloppenborg Jeppesen (Jan 31)
drone armies C&C report - Jan/2005 Gadi Evron (Jan 31)
Broadcast crash in Xpand Rally 1.0.0.0 Luigi Auriemma (Jan 31)
[ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Luke Macken (Jan 31)
- Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Paul Laudanski (Jan 31)
[PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final Pedram hayati (Jan 31)
Zyxel / Netgear and probably other routers leaking information. Jens Kalvik (Jan 31)
New Whitepaper available on security best practices Gunter Ollmann (Jan 31)
MDKSA-2005:025 - Updated clamav packages fix vulnerability Mandrakelinux Security Team (Jan 31)
[ GLSA 200501-46 ] ClamAV: Multiple issues Sune Kloppenborg Jeppesen (Jan 31)

Previous period

Next period