Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

553 messages starting Feb 28 05 and ending Mar 31 05
Date index | Thread index | Author index

Re: Office 10 applications & flashdrives can be used to browse restricted drives Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Feb 28)
- Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson (Feb 28)
7a69Adv#22 - UNIX unzip keep setuid and setgid files Albert Puigsech Galicia (Feb 28)
- Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files John Simpson (Feb 28)
  - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files Han Boetes (Mar 01)
    - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files devnull (Mar 01)
    - Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files exon (Mar 01)
Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Rainer Schöpf (Feb 28)
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein robert (Feb 28)
iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Labs (Feb 28)
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Labs (Feb 28)
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error Miles Beck (Feb 28)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error dveditz (Mar 01)
[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage Hat-Squad Security Team (Feb 28)
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 Maksymilian Arciemowicz (Feb 28)
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 Maksymilian Arciemowicz (Feb 28)
[SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Maksymilian Arciemowicz (Feb 28)
- Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Linux php (Mar 12)
Firefox Software Update Kai Howells (Feb 28)
- Re: Firefox Software Update Michael Hampton (Mar 01)
  - Re: Firefox Software Update Stan Bubrouski (Mar 01)
- Re: Firefox Software Update Matt Venzke (Mar 01)
- Re: Firefox Software Update Beau Henderson (Mar 01)
- Re: Firefox Software Update Adam Kane (Mar 01)
  - Re: Firefox Software Update Kai Howells (Mar 01)
    - Re: Firefox Software Update Gilles DEMARTY (Mar 02)
- Re: Firefox Software Update Kurt Seifried (Mar 01)
  - Re: Firefox Software Update Rainer Duffner (Mar 01)
Badblue HTTP Server Exploit Miguel Tarascó Acuña (Feb 28)
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] JoCaNoR SeCuRiTy TeaM (Mar 01)
- <Possible follow-ups>
- Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Maksymilian Arciemowicz (Mar 01)
- [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Jose Pedro Andres (Mar 01)
Re: BizMail 2.1 Spam Exploit Jason Frisvold (Mar 01)
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities chewkeong (Mar 01)
Kernelpanik Labs Digest 2005-2 Kernelpanik Labs - Security Lists (Mar 01)
IObjectSafety and Internet Explorer Shane Hird (Mar 01)
phpBB <= 2.0.12 UID Exploit federico gonzales (Mar 01)
- Re: phpBB <= 2.0.12 UID Exploit Nicob (Mar 02)
OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP please_reply_to_security (Mar 01)
427BB profile.php XSS vulnerability. Raven (Mar 01)
- <Possible follow-ups>
- 427BB profile.php XSS vulnerability. Raven (Mar 01)
[KDE Security Advisory] kppp Privileged fd Leak Vulnerability Dirk Mueller (Mar 01)
Software PBLang 4.63 delpm.php authentication vulnerability Raven (Mar 01)
Software PBLang 4.63 sendpm.php reply file read vulnerability Raven (Mar 01)
Forumwa search.php xss vulnerability Raven (Mar 01)
[ GLSA 200503-01 ] Qt: Untrusted library search path Sune Kloppenborg Jeppesen (Mar 01)
iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability Michael Sutton (Mar 01)
PHP News <= 1.2.4 - Remote File Inclusion (VXSfx) Filip Groszynski (Mar 01)
[ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues Sune Kloppenborg Jeppesen (Mar 01)
[ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure Thierry Carrez (Mar 01)
[ GLSA 200503-02 ] phpBB: Multiple vulnerabilities Thierry Carrez (Mar 01)
[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities Thierry Carrez (Mar 01)
[USN-89-1] XML library vulnerabilities Martin Pitt (Mar 01)
[USN-88-1] reportbug information disclosure Martin Pitt (Mar 01)
[USN-86-1] cURL vulnerability Martin Pitt (Mar 01)
[USN-87-1] Cyrus IMAP server vulnerability Martin Pitt (Mar 01)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow iDEFENSE Labs (Mar 02)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow iDEFENSE Labs (Mar 02)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow iDEFENSE Labs (Mar 02)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal iDEFENSE Labs (Mar 02)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow iDEFENSE Labs (Mar 02)
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow iDEFENSE Labs (Mar 02)
License Patches Are Now Available To Address Buffer Overflows Williams, James K (Mar 02)
[CLA-2005:926] Conectiva Security Announcement - mod_python Conectiva Updates (Mar 02)
RealOne Player / Real .WAV Heap Overflow File Format Vulnerability Mark Litchfield (Mar 02)
Foxmail server "USER" command Multiple remote buffer overflow Xin Ouyang (Mar 02)
[FLSA-2005:2314] Updated XFree86 packages fix security flaws Dominic Hargreaves (Mar 02)
Vulnerabilities in Aura CMS echo staff (Mar 02)
[ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities Thierry Carrez (Mar 02)
Golden Ftp server 1.29 Username remote Buffer Overflow Carlos Ulver (Mar 02)
Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities Kristof Philipsen (Mar 02)
iDEFENSE Labs Releases IDA Sync iDEFENSE Labs (Mar 02)
EEYE: Computer Associates License Manager Remote Vulnerabilities Karl Lynn (Mar 02)
[SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access Boren, Rich (SSRT) (Mar 02)
Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Paisterist (Mar 03)
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php vzmule (Mar 03)
- <Possible follow-ups>
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Some one (Mar 05)
[USN-90-1] Imagemagick vulnerability Martin Pitt (Mar 03)
Re: SHA-1 broken Pavel Machek (Mar 03)
Microsoft AntiSpyware Beta and Windows Scripting Host Joe Stocker (Mar 03)
- RE: Microsoft AntiSpyware Beta and Windows Scripting Host alex cottle (Mar 04)
[XSS] paBox 1.6 Rift (Mar 03)
[CLA-2005:928] Conectiva Security Announcement - clamav Conectiva Updates (Mar 03)
TYPO3 SQL Injection vunerabilitie Fabian Becker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)
  - RE: TYPO3 SQL Injection vunerabilitie GulfTech Security Research (Mar 04)
  - Re: TYPO3 SQL Injection vunerabilitie Michael Shigorin (Mar 04)
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Michael Shigorin (Mar 04)
- <Possible follow-ups>
- Re: TYPO3 SQL Injection vunerabilitie Dennis Shewmaker (Mar 03)
- Re: TYPO3 SQL Injection vunerabilitie Michael Stucki (Mar 04)
- Re: TYPO3 SQL Injection vunerabilitie Karsten Dambekalns (Mar 04)
Microsoft Antispyware Beta window docking issue Jeroen van Rijn (Mar 03)
- Re: Microsoft Antispyware Beta window docking issue Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Mar 03)
My-forum.org cookies vulnerability - data bug Black Angel (Mar 03)
[ GLSA 200503-06 ] BidWatcher: Format string vulnerability Sune Kloppenborg Jeppesen (Mar 03)
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Mar 03)
PHP News <= 1.2.4 - Remote File Inclusion Exploit mozako (Mar 03)
GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou (Mar 04)
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Frank Denis (Jedi/Sector One) (Mar 04)
- <Possible follow-ups>
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou (Mar 07)
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) Filip Groszynski (Mar 04)
PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx) Filip Groszynski (Mar 04)
-==phpBB 2.0.13 Full path disclosure==- HaCkZaTaN (Mar 04)
[ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows Thierry Carrez (Mar 04)
[ GLSA 200503-09 ] xv: Filename handling vulnerability Thierry Carrez (Mar 04)
[ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities Thierry Carrez (Mar 04)
Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora (Mar 04)
- Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Trog (Mar 07)
  - Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora (Mar 08)
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Wesley aka PPC (Mar 04)
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Matthias (Mar 07)
LOOKNMEET HTML INJECT EXPLOIT Wesley aka PPC (Mar 04)
PaX privilege elevation security bug pageexec (Mar 05)
MDKSA-2005:048 - Updated curl packages fix vulnerability Mandrakelinux Security Team (Mar 05)
MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 05)
MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities Mandrakelinux Security Team (Mar 05)
MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities Mandrakelinux Security Team (Mar 05)
MDKSA-2005:050 - Updated gftp packages fix vulnerability Mandrakelinux Security Team (Mar 05)
Windows Server 2003 and XP SP2 LAND attack vulnerability Dejan Levaja (Mar 05)
- <Possible follow-ups>
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability paul14075 (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Grndahl (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability caldcv (Mar 08)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Detection Services - IS Security (Mar 10)
  - RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Miguel Angel Rodríguez Jódar (Mar 12)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Evans, Arian (Mar 10)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Daniel Cross (Mar 12)
[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability Luke Macken (Mar 07)
[SECURITY] [DSA 691-1] New abuse packages fix local root exploit Martin Schulze (Mar 07)
Remote Command Execution Francisco Alisson (Mar 07)
- Re: Remote Command Execution BoI base (Mar 08)
- Re: Remote Command Execution BoI base (Mar 08)
[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability Thierry Carrez (Mar 07)
[ GLSA 200503-12 ] Hashcash: Format string vulnerability Thierry Carrez (Mar 07)
- <Possible follow-ups>
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability Hubert Chan (Mar 07)
[FLSA-2005:1748] Updated subversion packages fix security issues Marc Deslauriers (Mar 07)
[FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers (Mar 07)
[Hat-Squad] Computer-Associates, License Manager POC Exploit Hat-Squad Security Team (Mar 07)
Real Realplayer 10 .smil local buffer overflow POC nolimit bugtraq (Mar 07)
CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow CIRT Advisory (Mar 07)
[USN-91-1] EXIF library vulnerability Martin Pitt (Mar 07)
phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit thephuket (Mar 07)
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat (Mar 07)
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat (Mar 07)
thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
  - Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
    - Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
  - Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
- Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
  - Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
  - Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
    - Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
    - Re: Thoughts and a possible solution on homograph attacks Paul Smith (Mar 12)
    - Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 15)
    - Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks (Mar 15)
    - Re: Thoughts and a possible solution on homograph attacks khockenb (Mar 16)
    - Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 16)
- Re: Thoughts and a possible solution on homograph attacks Duncan Simpson (Mar 21)
  - Re: Thoughts and a possible solution on homograph attacks Nick FitzGerald (Mar 22)
Gene6 FTP Server Local Privilege Escalation Vulnerability Sowhat (Mar 07)
- <Possible follow-ups>
- Re: Gene6 FTP Server Local Privilege Escalation Vulnerability Matthieu (Mar 07)
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 07)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 08)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 10)
  - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)
    - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 11)
Remote Testing SocialMPN Remote File Inclusion by y3dips echo staff (Mar 07)
PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit mozako (Mar 07)
vBulletin Worm - perl.Santy variant The Prohacker (Mar 07)
phpBB 2.0.13 - user level exploit Some one (Mar 07)
PHP-FUSION 5.* XSS VULNERABILITY FireSt0rm (Mar 07)
drone armies C&C report - Feb/2005 Gadi Evron (Mar 07)
Re: phpGiftReq SQL Injection Ryan Walberg (Mar 07)
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow tal zeltzer (Mar 07)
- Argeniss - Oracle Database Server Directory transversal Cesar (Mar 07)
[CLA-2005:930] Conectiva Security Announcement - kernel Conectiva Updates (Mar 07)
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) Filip Groszynski (Mar 07)
phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) Filip Groszynski (Mar 07)
[USN-92-1] LessTif vulnerabilities Martin Pitt (Mar 07)
[ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation Sune Kloppenborg Jeppesen (Mar 07)
UnixWare 7.1.4 : Samba multiple security issues please_reply_to_security (Mar 07)
Hosting Controller Multiple Unauthenticated information disclose small mouse (Mar 07)
UnixWare 7.1.4 : squid updated package fixes several security issues please_reply_to_security (Mar 07)
iDEFENSE Labs Releases IDA RPC Enumerator iDEFENSE Labs (Mar 07)
Multiples Vulnerabilities Francisco Alisson (Mar 08)
PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.) Altrus Wollesen (Mar 08)
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability Walton, John Michael (John) (Mar 08)
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation pokley (Mar 08)
[CLA-2005:931] Conectiva Security Announcement - squid Conectiva Updates (Mar 08)
Multiple vulnerabilities in paFileDB sp3x (Mar 08)
ArGoSoft FTP Server 1.4.2.8 Buffer Overflow CorryL (Mar 08)
failles dans ProjectBB v0.4.5.1 benji (Mar 08)
[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak Martin Schulze (Mar 08)
Ethereal remote buffer overflow LSS Security (Mar 08)
- Re: Ethereal remote buffer overflow Gerald Combs (Mar 09)
- Re: Ethereal remote buffer overflow Diego Giagio (Mar 09)
[FLSA-2005:2404] Updated less package fixes security issue Marc Deslauriers (Mar 08)
[USN-93-1] Squid vulnerability Martin Pitt (Mar 08)
RE: Ethereal remote buffer overflow - addon LSS Security (Mar 09)
[USN-94-1] Perl vulnerability Martin Pitt (Mar 09)
[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS) Boren, Rich (SSRT) (Mar 09)
Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability Marc Maiffret (Mar 09)
[Updated][FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers (Mar 10)
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Bipin Gautam (Mar 10)
- <Possible follow-ups>
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. secure (Mar 11)
XCode 1.5 and distcc 2.x Exploit Ray Slakinski (Mar 10)
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability iDEFENSE Labs (Mar 10)
Wfsection 1.07 vulnerabilities kreon (Mar 10)
iDownload/iSearch responds to Spyware Critics Paul Laudanski (Mar 10)
- Re: iDownload/iSearch responds to Spyware Critics bkfsec (Mar 12)
UBB.threads 6 SQL Injection kre0n (Mar 11)
Security Masters Dojo Dragos Ruiu (Mar 11)
[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8] Maksymilian Arciemowicz (Mar 11)
[ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities Luke Macken (Mar 12)
[SECURITYREASON.COM] SQL injection and XSS in paFileDB SecurityReason (Mar 12)
PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities Igor Franchuk (Mar 12)
[badroot.org] The Includer remote commands execution exploit Federico Ozak (Mar 12)
- <Possible follow-ups>
- [badroot.org] The Includer remote commands execution exploit mozako (Mar 12)
Mysql CREATE FUNCTION mysql.func table arbitrary library injection Stefano Di Paola (Mar 12)
summercon looking for speakers louis (Mar 12)
[ GLSA 200503-15 ] X.org: libXpm vulnerability Matthias Geerdsen (Mar 12)
Mysql CREATE FUNCTION libc arbitrary code execution. Stefano Di Paola (Mar 12)
PlatinumFTP 1.0.18 remote DoS ports (Mar 12)
[SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB SecurityReason (Mar 12)
Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access Virginity Security (Mar 12)
aeNovo Database Content Disclosure Vulnerability farhad koosha (Mar 12)
KnowledgeBase Francisco Alisson (Mar 12)
Av issues Bipin Gautam (Mar 12)
- <Possible follow-ups>
- RE: Av issues David Webster (Mar 14)
  - Re: Av issues Thierry Zoller (Mar 14)
    - Re: Av issues Yves Belle-Isle (Mar 15)
- Re: Av issues bipin gautam (Mar 16)
Ethereal remote buffer overflow #2 LSS Security (Mar 12)
[ GLSA 200503-17 ] libexif: Buffer overflow vulnerability Luke Macken (Mar 12)
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression Martin Schulze (Mar 14)
[CLA-2005:933] Conectiva Security Announcement - gaim Conectiva Updates (Mar 14)
SUSE Security Announcement: openslp (SUSE-SA:2005:015) Sebastian Krahmer (Mar 14)
[SECURITY] [DSA 693-1] New luxman packages fix local root exploit Martin Schulze (Mar 14)
[HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit class 101 (Mar 14)
LimeWire Gnutella client two vulnerabilities Kevin Walsh (Mar 14)
New Version of WinBlox is Available Liu Die Yu (Mar 14)
[ZH2005-02SA] Insecure tmp file creation in Wine Giovanni Delvecchio (Mar 14)
Master RPC program number data base (/etc/rpc) Eilon Gishri (Mar 14)
SimpGB SQL Injection Vulnerability Alexander Müller (Mar 14)
[XSS] paBox 2.0 Rift (Mar 14)
...::: hotforum.nl XSS exploit :::... Rebyte Security (Mar 14)
Ethereal 0.10.9 and below remote root exploit Diego Giagio (Mar 14)
3 XSS Vulnerabilities in Phorum <= 5.0.14 Jon Oberheide (Mar 14)
Not SQL injection and XSS in paFileDB? saudi linux (Mar 14)
[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 Maksymilian Arciemowicz (Mar 14)
YaBB2 rc1 XSS alireza hassani (Mar 14)
"Drop to STARTUP Folder II" published on 2005/02/08 Liu Die Yu (Mar 14)
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow' Kevin Finisterre (Mar 14)
iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities iDEFENSE Labs (Mar 14)
html code include in phpnuke news crash IE 6 WoRmZ Web (Mar 14)
- Re: html code include in phpnuke news crash IE 6 Berend-Jan Wever (Mar 14)
Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 14)
- Message not available
  - Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 15)
- <Possible follow-ups>
- Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Thierry Zoller (Mar 15)
PlantinumFTP server <= 1.0.18 Remote DOS exploit Exoduks (Mar 14)
- Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit Gary H. Jones II (Mar 15)
phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit bad boy (Mar 14)
phpbb cookie admin access pureone (Mar 14)
SAV9 Functionality Hole - misses virus files me3 (Mar 15)
- Re: SAV9 Functionality Hole - misses virus files Harry Hoffman (Mar 15)
- Re: SAV9 Functionality Hole - misses virus files Ben Blakely (Mar 15)
- RE: SAV9 Functionality Hole - misses virus files batchelornpe (Mar 16)
- <Possible follow-ups>
- RE: SAV9 Functionality Hole - misses virus files Polazzo Justin (Mar 15)
- RE: SAV9 Functionality Hole - misses virus files Dewyngaert Brian Contr ANG/C4 (Mar 15)
- SAV9 Functionality Hole - misses virus files secure (Mar 16)
- Re: SAV9 Functionality Hole - misses virus files patrickwm71 (Mar 18)
- Re: SAV9 Functionality Hole - misses virus files secure (Mar 18)
Few remote bugs in zPanel Mik- (Mar 15)
- <Possible follow-ups>
- Re: Few remote bugs in zPanel Kris Anderson (Mar 21)
Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access Virginity Security (Mar 15)
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability Francisco Amato (Mar 15)
[ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability Francisco Amato (Mar 15)
[ISR] Insecure communication and Reproduce the Session authentication Francisco Amato (Mar 15)
Denial of Service Vulnerability in MySQL Server for Windows Luca Ercoli (Mar 15)
- <Possible follow-ups>
- RE: Denial of Service Vulnerability in MySQL Server for Windows BugTrap (Mar 16)
[ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability Luke Macken (Mar 15)
[USN-95-1] Linux kernel vulnerabilities Martin Pitt (Mar 15)
UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities Thierry Carrez (Mar 15)
[ISR] - Novell iChain Mini FTP Server Bruteforce Problem Francisco Amato (Mar 15)
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 15)
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 15)
  - Message not available
    - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 16)
    - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Tomasz Papszun (Mar 17)
- <Possible follow-ups>
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning bipin gautam (Mar 15)
GoodTech Telnet Server Buffer Overflow Vulnerability Komrade (Mar 15)
MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 16)
MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability Mandrakelinux Security Team (Mar 16)
MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 16)
ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability Piotr Bania (Mar 16)
Multiple KDE Security Advisories (2005-03-16) Waldo Bastian (Mar 16)
PlatinumFTPserver format string vulnerability ( IHSTeam ) c0d3r (Mar 16)
- Re: PlatinumFTPserver format string vulnerability ( IHSTeam ) Gary H. Jones II (Mar 17)
MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (Mar 16)
SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016) Marcus Meissner (Mar 16)
MDKSA-2005:057 - Updated gnupg packages fix vulnerability Mandrakelinux Security Team (Mar 16)
[CLA-2005:934] Conectiva Security Announcement - kdenetwork Conectiva Updates (Mar 16)
[USN-97-1] libxpm vulnerability Martin Pitt (Mar 16)
Servers Alive: Local Privilege Escalation Michael Starks (Mar 16)
ASPjar Tell-a-Friend farhad koosha (Mar 16)
[ GLSA 200503-20 ] curl: NTLM response buffer overflow Sune Kloppenborg Jeppesen (Mar 16)
[ GLSA 200503-19 ] MySQL: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Mar 16)
[USN-96-1] mySQL vulnerabilities Martin Pitt (Mar 16)
Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT] cybertronic (Mar 16)
LLSSRV Clarifications <Immunity> Dave Aitel (Mar 17)
MDKSA-2005:059 - Updated evolution packages fix crasher Mandrakelinux Security Team (Mar 17)
[ GLSA 200503-21 ] Grip: CDDB response overflow Luke Macken (Mar 17)
See-security Advisory: Format string vulnerability in MailEnable 1.8 a a (Mar 17)
[CLA-2005:937] Conectiva Security Announcement - cyrus-imapd Conectiva Updates (Mar 17)
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability Hongzhen Zhou (Mar 17)
XSS in ACS blog farhad koosha (Mar 17)
PHP mcNews arbitrary file inclusion Jonathan Whiteley (Mar 17)
MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 17)
Another includer.cgi problem? cout (Mar 17)
[USN-98-1] OpenSLP vulnerabilities Martin Pitt (Mar 17)
LLSSRV Redux Dave Aitel (Mar 17)
Kevin Walsh: LimeWire Gnutella client two vulnerabilities Ill will (Mar 17)
Linux ISO9660 handling flaws Michal Zalewski (Mar 17)
- Re: Linux ISO9660 handling flaws Dan Yefimov (Mar 18)
Cain & Abel PSK Sniffer Heap overflow Gary O'leary-Steele (Mar 18)
Re: Windows Security Checklists - 10 Parts Paul Laudanski (Mar 18)
Security Contact at RSA? Gary O'leary-Steele (Mar 18)
[PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability PersianHacker Team (Mar 18)
myPHP Forum v1, 2 & 3 Terencentanio Enache (Mar 18)
Social Engineering: You Have Been A Victim Paul Laudanski (Mar 18)
- Re: [Full-disclosure] Social Engineering: You Have Been A Victim Ron DuFresne (Mar 18)
possible SQL injection in Subdreamer GHC team (Mar 18)
[USN-99-1] PHP4 vulnerabilities Martin Pitt (Mar 18)
runcms installation path Majid NT (Mar 18)
runcms highlight.php hole Majid NT (Mar 18)
PHP-Post Exploit Terencentanio Enache (Mar 18)
Java Web Start argument injection vulnerability Jouko Pynnonen (Mar 18)
- RE: Java Web Start argument injection vulnerability James C Slora Jr (Mar 23)
[phpbb <= 2.0.13 full path disclosure & directory listing] JoCaNoR SeCuRiTy TeaM (Mar 18)
- RE: [phpbb <= 2.0.13 full path disclosure & directory listing] Paul S. Owen (Mar 18)
IceCast up to v2.20 multiple vulnerabilities Patrick (Mar 18)
[ GLSA 200503-22 ] KDE: Local Denial of Service Sune Kloppenborg Jeppesen (Mar 19)
Ciamos Installation path(IHS) Majid NT (Mar 19)
Ciamos Highlight.php Security Hole(IHS) Majid NT (Mar 19)
[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability PersianHacker Team (Mar 19)
- <Possible follow-ups>
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
- Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
OllyDbg long process Module debug Vulnerability ATmaCA ATmaCA (Mar 19)
[ GLSA 200503-23 ] rxvt-unicode: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
[ GLSA 200503-24 ] LTris: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 21)
- <Possible follow-ups>
- Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off BoneMachine (Mar 22)
- Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 22)
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Scrimsher, John P (Mar 23)
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 28)
[ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow Luke Macken (Mar 21)
-==CoolForum Path Disclosure & Possible SQL Injection==- HaCkZaTaN (Mar 21)
[CLA-2005:940] Conectiva Security Announcement - curl Conectiva Updates (Mar 21)
2 vulnerabilities in BetaParticle farhad koosha (Mar 21)
TSL-2005-0009 - multi Trustix Security Advisor (Mar 21)
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities Martin Schulze (Mar 21)
-==PVDasm Long Name Debug Vulnerability==- HaCkZaTaN (Mar 21)
phpMyFamily 1.4.0 SQL vulnerabilities kreon (Mar 21)
- <Possible follow-ups>
- phpMyFamily 1.4.0 SQL vulnerabilities kre0n (Mar 21)
[ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows Thierry Carrez (Mar 21)
[ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities Thierry Carrez (Mar 21)
Details of Sybase ASE bugs withheld NGSSoftware Insight Security Research (Mar 21)
- Re: [VulnWatch] Details of Sybase ASE bugs withheld Halvar Flake (Mar 21)
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld David Litchfield (Mar 21)
    - Re: [VulnWatch] Details of Sybase ASE bugs withheld sean (Mar 21)
- <Possible follow-ups>
- RE: Details of Sybase ASE bugs withheld Evans, Arian (Mar 23)
New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann (NGS) (Mar 21)
- Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity) (Mar 22)
  - Re: New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann (Mar 23)
    - Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity) (Mar 25)
- Re: New Whitepaper: Anti Brute Force Resource Metering Peter J. Holzer (Mar 23)
- <Possible follow-ups>
- Re: New Whitepaper: Anti Brute Force Resource Metering Jason W (Mar 24)
  - Re: New Whitepaper: Anti Brute Force Resource Metering Joachim Schipper (Mar 25)
  - Re: New Whitepaper: Anti Brute Force Resource Metering Luca Berra (Mar 26)
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability iDefense Customer Service (Mar 21)
SecurityForest Exploitation Framework Beta has been released! Alon Swartz (Mar 21)
Re: [ISN] How To Save The Internet Jason Coombs (Mar 21)
- RE: [ISN] How To Save The Internet David Gillett (Mar 22)
- <Possible follow-ups>
- Re: [ISN] How To Save The Internet Jason Coombs (Mar 22)
  - Re: [ISN] How To Save The Internet Thor (Hammer of God) (Mar 23)
- RE: [ISN] How To Save The Internet Arndt . WA (Mar 23)
  - Re: [ISN] How To Save The Internet Derek Martin (Mar 23)
MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 22)
Kayako eSupport Cross Site Scripting GulfTech Security Research (Mar 22)
Mac OSX[CF_CHARSET_PATH]: local root exploit. Vade 79 (Mar 22)
Nortel VPN Client Issue: Clear-text password stored in memory Roy Hills (Mar 22)
RUXCON 2005 Call for Papers RUXCON Call for Papers (Mar 22)
[SECURITY] [DSA 696-1] New perl packages fix privilege escalation Martin Schulze (Mar 22)
Possible windows+python bug liquid (Mar 22)
- Re: Possible windows+python bug Neil Schemenauer (Mar 22)
- <Possible follow-ups>
- Re: Possible windows+python bug azurIt (Mar 22)
  - Re: Possible windows+python bug Kinnell (Mar 23)
  - RE: Possible windows+python bug Peter Oswald (Mar 23)
- Re: Possible windows+python bug liquid (Mar 23)
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability Alexander Anisimov (Mar 22)
Black Hat Briefings & Trainings: Registration now open! Jeff Moss (Mar 22)
- <Possible follow-ups>
- Black Hat Briefings & Trainings: Registration now open! Jeff Moss (Mar 24)
osCommerce File Manager Directory Traversal Vulnerability Megasky (Mar 22)
- Re: osCommerce File Manager Directory Traversal Vulnerability Aikanáro Calaelen (Mar 23)
RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom (Mar 22)
- Re: [VulnWatch] Details of Sybase ASE bugs withheld sean (Mar 22)
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld Peter J. Holzer (Mar 23)
- RE: [VulnWatch] Details of Sybase ASE bugs withheld Chris Wysopal (Mar 22)
- <Possible follow-ups>
- RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom (Mar 22)
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld Simple Nomad (Mar 23)
    - Re: Details of Sybase ASE bugs withheld Jay Libove (Mar 23)
- RE: [VulnWatch] Details of Sybase ASE bugs withheld http-equiv () excite com (Mar 23)
root-equivalent groups psz (Mar 22)
Security Development Lifecycle Whitepaper Available Michael Howard (Mar 22)
[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities chewkeong (Mar 23)
Backdoors in AS/400 emulations allow the server to attack connected PC workstations Shalom Carmel (Mar 23)
SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017) Marcus Meissner (Mar 23)
Notacon: Apr. 8-10, 2005 in Cleveland, OH Froggy (Mar 23)
Interspire ArticleLive 2005 (php version) is vulnerable to XSS mircia mircia (Mar 23)
Vortex Portal Francisco Alisson (Mar 23)
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Maksymilian Arciemowicz (Mar 23)
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB Alberto Trivero (Mar 24)
Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering) Peter J. Holzer (Mar 24)
Oracle Reports Server 10g Vulnerable to XSS Paolo Paolo (Mar 24)
Firescrolling 2 [Firefox 1.0.1] mikx (Mar 24)
- Re: Firescrolling 2 [Firefox 1.0.1] John Madden (Mar 24)
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018) Marcus Meissner (Mar 24)
SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019) Marcus Meissner (Mar 24)
[USN-100-1] cdrecord vulnerability Martin Pitt (Mar 24)
[USN-99-2] Fixed php4 packages for USN-99-1 Martin Pitt (Mar 24)
Secure Science issues preview of their upcoming block cipher BugTraq (Mar 24)
- Re: Secure Science issues preview of their upcoming block cipher Adam Shostack (Mar 25)
  - Re: Secure Science issues preview of their upcoming block cipher Jerrold Leichter (Mar 25)
    - Re: Secure Science issues preview of their upcoming block cipher Ralf-Philipp Weinmann (Mar 25)
  - Re: Secure Science issues preview of their upcoming block cipher David Covin (Mar 25)
  - Re: Secure Science issues preview of their upcoming block cipher devnull (Mar 26)
[ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack Thierry Carrez (Mar 24)
[ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability Thierry Carrez (Mar 24)
LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1 Matt Hargett (Mar 24)
Which anti-spyware cleaner is the best? Paul Laudanski (Mar 24)
Security Flaw with Digital signatures in Microsoft Outlook Roberto Franceschetti (Mar 25)
- RE: Security Flaw with Digital signatures in Microsoft Outlook Adrian Floarea (Mar 25)
- Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Erwann ABALEA (Mar 25)
  - RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Lyal Collins (Mar 26)
- Re: Security Flaw with Digital signatures in Microsoft Outlook Anthony G. Atkielski (Mar 26)
- <Possible follow-ups>
- Re: Security Flaw with Digital signatures in Microsoft Outlook dori (Mar 29)
phpMyDirectory 10.1.3-rel Cross site scripting mircia mircia (Mar 25)
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit rexolab (Mar 25)
smail remote and local root holes sean (Mar 25)
Netcomm 1300NB DSL Modem Denial of Service Chris Rock (Mar 25)
[FLSA-2005:2155] Updated sharutils package fixes security issues Marc Deslauriers (Mar 25)
[FLSA-2005:2129] Updated mysql packages fix security issues Marc Deslauriers (Mar 25)
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev (Mar 25)
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev (Mar 25)
[FLSA-2005:2268] Updated spamassassin package fixes security issues Marc Deslauriers (Mar 25)
[ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez (Mar 25)
[ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service Matthias Geerdsen (Mar 25)
TCP timestamp & advanced fingerprinting Erwan Arzur (Mar 25)
- <Possible follow-ups>
- RE: TCP timestamp & advanced fingerprinting Bruce Klein (Mar 26)
  - Re: TCP timestamp & advanced fingerprinting Erwan Arzur (Mar 29)
phpbb 2.0.13 Exploit (bug) tOnk3r (Mar 25)
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Gerardo Astharot Di Giacomo (Mar 26)
- Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Paul Laudanski (Mar 28)
AS/400 LDAP user accounts disclosure Shalom Carmel (Mar 26)
QuickTime malformed JPEG buffer overflow liquid (Mar 26)
File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition dcrab (Mar 26)
Re: smail remote and local root holes (no, not really ;-) Greg A. Woods (Mar 26)
- Re: smail remote and local root holes (no, really ;-) sean (Mar 26)
- Re: smail remote and local root holes (really, it is exploitable) sean (Mar 28)
Brute-Force scanning the entire 32-bit IP space using Javascript. cyber_flash (Mar 26)
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet FreeBSD Security Advisories (Mar 28)
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability iDEFENSE Labs (Mar 28)
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability iDEFENSE Labs (Mar 28)
- Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Solar Designer (Mar 28)
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Tavis Ormandy (Mar 29)
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Gaël Delalleau (Mar 29)
[CLA-2005:942] Conectiva Security Announcement - ethereal Conectiva Updates (Mar 28)
[ GLSA 200503-34 ] mpg321: Format string vulnerability Sune Kloppenborg Jeppesen (Mar 28)
Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others) Luigi Auriemma (Mar 28)
Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 dcrab (Mar 28)
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab (Mar 28)
- RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. GulfTech Security Research (Mar 29)
- <Possible follow-ups>
- Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab (Mar 30)
local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 advisories (Mar 28)
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab (Mar 28)
- <Possible follow-ups>
- Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab (Mar 29)
[USN-101-1] telnet vulnerabilities Martin Pitt (Mar 28)
Multiple XSS vulnerabilities in ACS Blog Dan Crowley (Mar 28)
- <Possible follow-ups>
- Multiple XSS vulnerabilities in ACS Blog Dan Crowley (Mar 29)
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software dcrab (Mar 28)
Multiple XSS issues in Sun AnswerBook2 B00B00 (Mar 28)
phishing sites report - March/2005 Gadi Evron (Mar 28)
- Re: phishing sites report - March/2005 Paul Laudanski (Mar 29)
  - Re: phishing sites report - March/2005 Gadi Evron (Mar 29)
DoS of LAN via D-Link switches Frank Bures (Mar 29)
- RE: DoS of LAN via D-Link switches David Gillett (Mar 29)
  - Re: DoS of LAN via D-Link switches Tarmo Mamers (Mar 29)
    - Re: DoS of LAN via D-Link switches Neil Watson (Mar 30)
    - Re: DoS of LAN via D-Link switches Joel Maslak (Mar 31)
    - Re: DoS of LAN via D-Link switches Scott Nelson (Mar 31)
[SECURITY] [DSA 698-1] New mc packages fix buffer overflow Martin Schulze (Mar 29)
THai's Shoutbox XSS (Spoofing URL) BUG CorryL (Mar 29)
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution Martin Schulze (Mar 29)
[USN-102-1] shar vulnerabilities Martin Pitt (Mar 29)
Multiple sql injection, and xss vulnerabilities in AspApp dcrab (Mar 29)
MITKRB5-SA-2005-001: buffer overflows in telnet client Tom Yu (Mar 29)
directory traversal in FastStone 4in1 Browser 1.2 Donato Ferrante (Mar 29)
Invision Power Board v2.0.3 XSS vulnerabilities hoang yen (Mar 29)
- RE: Invision Power Board v2.0.3 XSS vulnerabilities alex (Mar 31)
Multiple sql injection, and xss vulnerabilities in PortalApp dcrab (Mar 29)
Code insertion in Blogger comments Antone Roundy (Mar 29)
- <Possible follow-ups>
- Code insertion in Blogger comments Antone Roundy (Mar 29)
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution Martin Schulze (Mar 29)
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities PersianHacker Team (Mar 29)
abuse & security issues > Israel Gadi Evron (Mar 29)
Multiple phpCoin Vulnerabilities GulfTech Security Research (Mar 29)
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities PersianHacker Team (Mar 29)
Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 29)
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Kurt Seifried (Mar 30)
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Chris Paget (Mar 31)
- <Possible follow-ups>
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 30)
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 31)
MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability Mandrakelinux Security Team (Mar 30)
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack Cisco Systems Product Security Incident Response Team (Mar 30)
[ GLSA 200503-35 ] Smarty: Template vulnerability Thierry Carrez (Mar 30)
[SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability Martin Schulze (Mar 30)
Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Diabolic Crab (Mar 30)
PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability dcrab (Mar 30)
[CLA-2005:945] Conectiva Security Announcement - kernel Conectiva Updates (Mar 31)
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution Martin Schulze (Mar 31)
bzip2 TOCTOU file-permissions vulnerability Imran Ghory (Mar 31)
cPanel/WHM demo account problems Richard Stanway (Mar 31)
- Re: cPanel/WHM demo account problems Beau Henderson (Mar 31)
Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System Paul J Docherty (Mar 31)
[ GLSA 200503-36 ] netkit-telnetd: Buffer overflow Thierry Carrez (Mar 31)
MDKSA-2005:064 - Updated libexif packages fix vulnerability Mandrakelinux Security Team (Mar 31)
[ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information Thierry Carrez (Mar 31)
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities dcrab (Mar 31)
MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability Mandrakelinux Security Team (Mar 31)
MDKSA-2005:063 - Updated htdig packages fix vulnerability Mandrakelinux Security Team (Mar 31)
Bay Technical Associates telnet server logon bypass nolimit bugtraq (Mar 31)
- Re: Bay Technical Associates telnet server logon bypass Michael Brennen (Mar 31)
RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole Rager, Anton (Anton) (Mar 31)
WindowsXP malformed .wmf files DoS liquid (Mar 31)

Previous period

Next period